Attached: 1 image
Basically, a good way to never trust "it's okay, the data is anonymized" again is simply knowing what the "Hemisphere Program" is.
https://www.eff.org/cases/hemisphere
In short, the US government got access to number from, number to, datetime, length and sometimes location information for every call passing through AT&T's network from 1987 to today.
Then they ran an algorithm to de-anonymize every burner phone based on behavior. They did this because maybe some of those burners were used by drug dealers.
I feel like it being founded by ex CIA people is really not important. They aren’t actively working for the CIA and chances are they know the threat they face. Best to just ignore that part and focus on the technical details. At the end of the day any server you don’t control shouldn’t be trusted.
I feel like it’s very important in terms of understanding the potential goals and motivations of people working on a particular piece of technology. Just because they say they’re ex-CIA absolutely does not mean they’re not actively working for them. While technical issues are obvious here, that’s not always the case. For example, there’s a famous case where NSA suggested using a particular configuration that made SSH vulnerable. There was nothing that would jump out at anybody as being nefarious because you had to already know that a particular exploit existed to notice it. However, questioning the intentions of the NSA in this scenario would’ve helped avoid the exploit.
I feel like it being founded by ex CIA people is really not important. They aren’t actively working for the CIA and chances are they know the threat they face. Best to just ignore that part and focus on the technical details. At the end of the day any server you don’t control shouldn’t be trusted.
I feel like it’s very important in terms of understanding the potential goals and motivations of people working on a particular piece of technology. Just because they say they’re ex-CIA absolutely does not mean they’re not actively working for them. While technical issues are obvious here, that’s not always the case. For example, there’s a famous case where NSA suggested using a particular configuration that made SSH vulnerable. There was nothing that would jump out at anybody as being nefarious because you had to already know that a particular exploit existed to notice it. However, questioning the intentions of the NSA in this scenario would’ve helped avoid the exploit.
https://thehackernews.com/2015/10/nsa-crack-encryption.html