Also worth checking out the excellent ABC (Australia) multimedia feature on China's "social credit" system:
Social credit is like a personal scorecard for each of China’s 1.4 billion citizens.
In one pilot program already in place, each citizen has been assigned a score out of 800. In other programs it’s 900.
Those, like Dandan, with top “citizen scores” get VIP treatment at hotels and airports, cheap loans and a fast track to the best universities and jobs.
“It will allow the trustworthy to roam freely under heaven while making it hard for the discredited to take a single step.”
Those at the bottom can be locked out of society and banned from travel, or barred from getting credit or government jobs.
The system will be enforced by the latest in high-tech surveillance systems as China pushes to become the world leader in artificial intelligence.
Surveillance cameras will be equipped with facial recognition, body scanning and geo-tracking to cast a constant gaze over every citizen.
> ... with top “citizen scores” get VIP treatment at hotels and airports, cheap loans and a fast track to the best universities and jobs.
Like, come on. There is no possible way this won't be gamed to death. I can't conceive of this system ever working for more than 7 years, max. And then having people in the algorithmic underclass? Jesus. This is pretty much forcing a revolution to happen. Once you end up at the bottom, what do you have to loose? Unless there is a 'bankruptcy' mechanism, this is obviously doomed to failure.
Can we stop with argumentative and ultimately pointless comparison between the US and China.
For me what's astounding is:
"Lastly, nothing is transmitted from the individuals device to the receiving server over HTTPS — all in plaintext via HTTP — and updates are unsigned.
This means all the data the app collects is transmitted to the unknown entity on the receiving end in a way that allows someone with a trivial amount of technical knowledge to intercept and potentially manipulate" [0]
Is there any reason besides incompetence why the apps developers would do this?
It could be that further up the network they are dropping HTTPS packets, or that they plan to in future. It isn't unheard of to simply deny encrypted protocols at the ISP level for a period of time and I could see China doing this in some areas while simultaneously forcing common sites and apps to have functional unencrypted versions to minimise commercial disruption.
The EU found a way around that with "content filters" - basically anything you upload will be sent to a government controlled body for inspection. This works fine with encryption and there is no need to ban math.
Is there any good reason why they wouldn’t do this? All the traffic is going over networks under control of their government. If some lone wolf spies on a few people or owns their phones, it doesn’t really matter to the developers.
I'm guessing that when you start snooping on the everyday mobile activity of 1.3 billion citizens you hit the kind of scaling problems that usually only Facebook and Google see.
TLS isn't the only option, though. You could use TLS on setup to share a pre-computed secret between the device and the remote server, then bin the TLS connection. After that, encrypt and forward over HTTP.
>Is there any reason besides incompetence why the apps developers would do this?
Well... cheap shot maybe, but it's Android. People are always hating on Apple for having security checks and rules. Android, on the other hand... how did Sundar Pichai put it? "We prioritize openness over security," something like that.
Openness does sound good but positioning it as a tradeoff with security bothers me. Having both would be good.
I'm wondering how this is or will be handled on the Apple platform. When that information comes out, I'm not expecting it will make Apple look good, since they have said they will follow the law (no matter how bad the law is!) wherever they sell their devices. If following the law means allowing a spyware app into the App Store, and they do this, I'll have to reevaluate my expectations of privacy for using Apple devices.
Yes. I can write and install any shitty program I want on my Apple device. No problems there.
But when it comes to other people's devices, those other people probably want a say in who the device is open to and when, and for what purpose. Apple helps make it possible for them to have a say.
While I am free to install astoundingly shitty software on my own iPhone/iPad/Mac, Apple makes it difficult for me to install shitty programs on other people's Apple devices without their knowledge or consent.
Seems like a reasonable way of doing things. Open for your own device, and others get to decide for themselves what they are open to for their devices.
How are you free to install software on your own iPhone or iPad when you need a developer account to get a signing certificate to install your app on your own phone?
I would prefer not to say as, after some difficulty, I was able to reach someone at Google, provide necessary details and get approved to resubmit -- but the app name is now locked so I need a new one
I wouldn’t say very. Didn’t Fortnight bypass the play store by using a direct/side-load install? Those things can only be done with design level decisions being made in a product.
Definitely, I meant that they were only able to circumvent the Play store because of the settings/admin/root access etc intentionally left open by the core product team.
To clarify, the article doesn't mention that they were stopping iPhone users to install the app, only Android. I'm not too familiar with the method/tech though. If by design, Android had a more closed ecosystem, they couldn't force it so casually. I'm personally not a fan of that approach, but could see the benefits when under this type of government.
> Yeah, let's pretend there's no point in opposing an authoritarian surveillance state and simultaneously express dismay that this invasive software is poorly designed.
Are you describing China or America? Maybe Russia?
Reading stuff like these always makes me so sad about Chinese people. Guys just like me, who like fiddling with computers and just want to be happy have to live in this totalitarian nightmare. I know it sounds silly to care about this stuff when probably there are much worse things happening in China, executions and stuff. But from my ignorant POV, tech is the one thing I can relate to.
At the same time it makes me feel lonely. I would love to be able to help them in some way, but I can't.
Muslim minority (but majority in Xinjiang, more or less resisting forced assimilation). Regular Han people don't really have much sympathy for them, and since China is nowadays an ethnostate, the state won't care either.
They would not currently attempt to do this in Han cities.
What are the benefits & liabilities to both installing and to circumvention?
What I mean is that China is known to jail political dissidents (and or lower their social score which has negative implications, like limiting travel), so you have to weigh the risks of being viewed negatively via the spyware's information leakage with the risk of getting caught circumventing. For example one could only be a lower social score, while the other could literally be jail or "disappearing."
I might sound like a immoral question, but you really have to weigh the potential risks of doing what that thread asks. I won't give people advice on circumvention not because I agree with the Chinese government (I don't!) but because I don't want to be partly responsible for a Chinese dissident getting caught and "punished" for the attempted circumvention.
In my view, there is a case for civil disobedience. However, if you are going that route, then you should be prepared (and possibly even welcome) the consequences. Your goal should be to draw attention to the problem and put pressure on the government to change its laws.
This tactic is very good if the government is likely to respond to that kind of pressure. Gandhi and his followers risked death for their actions. Gandhi referred to them as "soldiers" because, even though their battlefield was political, the consequences were the same. Through the horrific deaths of the disobedient, the British government was forced out of India. Before you engage in an act of civil disobedience, you need to understand the playing field. For India, Gandhi surmised (and was correct) that the result would be as inevitable as the losses, and people willingly sacrificed themselves for the cause. This will not always be the case (and I would be very much surprised if it is the case in China because there is very little pressure that can be effectively applied to the Chinese government, whether inside or outside of the country).
So if civil disobedience is not the goal, what is the point of trying to work around the spyware? Obviously to avoid being spied upon. But it's important to understand that it is breaking the law. It makes you a criminal -- with all the downsides that can bring. It doesn't matter whether it is moral or not. Being punished for breaking the law is an incredibly wasteful thing to do from the perspective of trying to make the country a better place, if you are not going the civil disobedience route (and hence using your punishment as a strategic weapon against the government).
So what can you do? Possibly nothing except wait. Fighting and losing may be valiant and courageous, but it's also ineffective. Wait until you can make a difference. Prepare, and plan and store all your energy for the one time where you can succeed. If it doesn't come in your lifetime, then prepare the next generation to wait. Nothing is forever.
And if you want to know how to communicate: never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway. As the top reply on SE currently points out, make your cellphone squeaky clean and ensure that there is a lot of normal data on it (i.e. use it like a normal person). Communicate secret things in a different manner.
what you're advising is literally almost impossible to do today and will just get harder to do as time goes on. all it takes is one person on your social graph texting/emailing/sending you the wrong thing and you'll be flagged.
if a panopticon exists, the only way to live a normal life is to avoid it by bypassing it. there is no other option unless you refuse to interact with suspicious people who don't follow your "different techniques". in which case the government succeeds anyways in their efforts to chill disobedience
This just makes it obvious what smart phones are in a world where people pretend otherwise because they're so damn useful.
They are tracking and spying devices. It's implicit in the idea of a 'cell'. When you carry a cell phone you are being tracked. No matter what is going on in the software side of the phone you have ostensible control over you don't control the baseband modem and certainly not the basestations doing multilateration with their super precise clocks. And it's going to get worse with the proliferation of micro and nano cell basestations as well as massive MIMO beamforming at regular ones.
How to minimize impact? Not possible. Once the device is compromised, there is no going back, it is time to stop using the phone for any "questionable" behavior you do not wish Big Brother to record. The only real solution is to live in a place where police do not force you to install spyware.
And do not name your phone "tiananmen square massacre 1989"
Fire
Torch
Oil lamp
Candle flame
Blood
Democracy
Autonomous
Twitter
Six four
Eight nine
Eight eight
Tank
May 35
35
Six Four
64
June
Jun+4
Thirty-five
Twenty-four
Six+four
Six 4
6 four
I'm curious what happens if you use a phone that's incompatible with the app. Do you get a free pass, or is China going to only allow the use of compatible devices?
I thank my lucky stars everyday that Samsung has still yet to figure out how to port their security rootkit to OSX. Getting into and out of Digital City is already horrendous enough as it as, I dont need software spying on me forever until I format my machine.
If you want to get into most any Samsung building in the world and especially their global HQ in Suwoon they make you install their security shit on any Windows laptops you've got. It blocks USB ports, prevents you from connecting to anything but corporate wifi, and disables any cameras amongst other things.
Once your business with samsung is done you can email someone (And I think it's literally only 1 guy for all of global samsung) and in a couple weeks they'll email you a one time code tied to some kinda hardware ID that you can use to uninstall the software from your machine.
I've got no reason to believe that Samsung is in kahoots with a nation state for any nefarious spying, I just resent being treated as a would be criminal.
That being said if you visit a Samsung office in China, just bring burner tech and throw it away before coming back.
>Once your business with samsung is done you can email someone (And I think it's literally only 1 guy for all of global samsung) and in a couple weeks they'll email you a one time code tied to some kinda hardware ID that you can use to uninstall the software from your machine
...or restore a full disk backup? actually, come to think of it, what's preventing you from playing along and installing their security rootkit, then reimage/reinstall os/swap hdd/switch boot partition once you get in? unless they can overwrite your computer's firmware and prevent it fro. being modified, its trivial to remove the rootkit.
Literally nothing, it's all 100% security theater for anyone thats takes a minute to think through attack vectors.
The only technology they make you declare while entering into the building/campus is the technology you want to take out.
So to exfiltrate data all you'd need to do is buy a burner phone, not declare it when entering, acquire whatever data you're stealing, use the burner to email it to to yourself or w/e, then just ditch the phone before you go back out through security.
There are body scanners and x-ray machines checking people, but only going out, not in.
If rootkits stay on HDDs, yes. But they don’t. There are hundreds of firmware locations on a machine. Many of them are known to be hackable. So it isn’t unthinkable that a wipe of a HDD will not be sufficient to thwart a state level actor.
I came to a Samsung office in Suwong with a MacBook. Wasn’t forced to install anything, but, in order to use their network and 3rd party exchange site, I did have to install that tool on my Win VM. Should have just made a snapshot of VM image before doing that, and then it’d be easy to roll back.
I was more shocked by airport-style scanning security at the entrance and exit, forcing everyone to seal usb drives and phone cameras.
They also run active countermeasures, like deauthing any SSID that isnt one of their own, so no hotspoting. Gotta do it over Bluetooth or a USB cable.
If you find yourself there again make sure to ask whoever is hosting you for VIP status. Supposed to only be Director and above, but it's an absolute game changer as far as the hassle getting in and out every day and I've managed to get it a time or two.
If that works, then it should work to have a different Android profile or use an environment isolation app such as Island or Google's Test DPC. I think there's another new one in the F-Droid store, too, now.
I'd suggest extracting their binary and seeing how it works. It quite possibly is badly written, with no code update. May be fixed functionality, unable to detect rootkits etc.
It's likely that all dumb phone traffic is already monitored in China (so be careful in phone conversations / text messages), but yeah, if you want your personal files kept personal don't carry them on a mobile or otherwise internet connected device.
Oh dear oh dear oh dear. I can't imagine the Chinese government is going to be terribly happy when they find out about that post. I do hope the poster ends up ok.
This makes me wonder, if there was a question about how to break US law, whether that post would be allowed to stand?
I suppose if it was informational, then it might be OK. But seeing how the government has gone after Backpage and other similar sites, I think anything that aids and abets it would be shut down.
I think there's questions about how to deal with US border security, given how they have special laws that apply to them allowing them to hold you into custody until you give up e.g. encryption keys to your hard drive. They don't advise on how to break the law, they advise to not bring personal data across the border and use a VPN to retrieve it from wherever you're coming from.
This doesn't seem like a problem with a technical solution. If he slips up and gets caught, that alone might be enough to send him into a Xinjiang concentration camp.
Some of my libertarian tech friends like the idea of more encryption and decentralisation to resist what they perceive as increasingly oppressive governments, but I'm confident that this tech-first approach can never work. A truly oppressive government can easily outlaw these things and identify the users, and they'll be the first to disappear.
There's already laws popping up left and right that you get x years in jail (or are just detained indefinitely) if you don't unlock your digital devices or hard drives. The logic being if you have nothing to hide, etc. It's a direct violation of the self-incriminating constitution thing, but there's lots of attempts to talk around that one.
Iphones are very expensive, so most people are not buying them. They can still read everything you post, every SMS, youe location, and everything you send to an informant or someone using an older Android. Most comms are blocked -- no signal or whatsapp, just Weibo. It's nbd.
If you require the services of a private investigator, I'd recommended Chuck to you. He is a reliable, tested and legitimate IT expert who specialize in proliferating any systems or network operation known and unknown. Write to : Wyvernchuck on g-mail.
He specializes in the following services:
Spy on Cheating Partners
Identification of Cheating Partner or Employee, Mole in a system.
Hack into Bank, Company and Security Agents Websites
Hack Bank Accounts, BTC top up, BTC investment, ETH investment etc
Contact : WYVERNCHUCK at gmail come +1667-308-3018
When I read the question (and almost answered, but the answer would have been too similar to another one), I was so surprised that anyone can suggest anything beyond "Do. Not. Do. It".
Having as the adversary a state is a game changer and there are a few purple who have the knowledge to imagine a strategy. Suggesting anything to someone who has no idea about security is simply unethical, given what is at stake.
But that only scratches the surface of a deeper problem within. I think China is just a case of policies easily influenced by lobbyists, and gets executed very efficiently
This contributes much to China's economical success, as well as its (possible) demise.
It usually isn’t bad unless you live there. As a tourist, you’ll hardly feel like you are in a police state (quite the opposite, it can be quite chaotic and free wheeling as long as you don’t go near politics). Ya, the internet will suck while you are there, but the food is great and there is a lot to see. IMHO, you would feel more repressed in a place like Singapore than the PRC.
If you are going to Xinjiang or Tibet, things start to get weird. Both are really nice places to go, but the logistics are complicated and you’ll feel much more repressed. I went to northern XJ in 2006 before the 2008 riots, it was absolutely stunning and a great place to tour. I also visited the Tibetan part of Sichuan and Yunnan, equally awesome, you are really missing out if you never see it! The Tibetan areas outside of Tibet are easier to get into for foreigners, well at least they were back in 2004. China is getting more closed than it used to be before the olympics, that’s for sure.
> As a tourist, you’ll hardly feel like you are in a police state
Especially if you can't read the propaganda posters.
> Ya, the internet will suck while you are there
Protip: bring a phone with a foreign international data plan. The packets will be routed over the phone network to your home country and bypass the Great Firewall.
Even if you can read the propaganda banners (posters are rare, banners with slogans are more common), it comes off as weird and novel rather than personally oppressive.
I thought that only applies to HK phones, but I have never tried!
Not sure why you’re being downvoted, but that’s exactly what I’d say too. In terms of day to day life, it feels more free in many ways. Alcohol is sold freely, small merchants set up on the sidewalk, traffic laws might as well not exist, and nobody will hassle you for spitting on the ground. Of course, you have to spend hours screwing around with VPN software just to read the New York Times, and some of this freedom for other people ends up curtailing your own, like when people burn a shitload of dirty coal with no filters and make it hard to breathe outside. But you certainly don’t feel oppressed as a visitor when you’re not online.
Don't consider a mobile phone to be a secure device.
Only if you completely "own", manage, and trust all suppliers can you say that you even know the scope of trust to associate with your phone. This is not possible on even a "rooted" phone without the software due to the baseband being non-free and non-audited.
And then what do you do when you have the wrong ROM running and you get grabbed by the police with no opportunity to reboot your phone? There are mitigations but getting this right requires a high amount of vigilance.
Welcome to the developing world, where the average monthly salary in major cities is lower than $1,500/mo and in minor cities is often sub-$400/mo and a $100 phone is an incredible luxury out of reach of many.
I see your point. There's a subtle assumption in what I said that was probably unclear, so I'll try to explain.
Generic discussions, especially generic flamewars, lead to the same things being said over and over. These topics are important and people feel very strongly about them, and because their passions are so engaged, they stride into the threads with tried-and-true weapons (talking points, prepared statements, and so on) to smite their enemies with. The enemy responds in kind, and off into battle we go.
In addition to being violent by internet standards, such discussions are also predictable. That's where the point about off-topicness comes in. Predictability is what this site exists to avoid; its core value is intellectual curiosity (see https://news.ycombinator.com/newsguidelines.html), and that lives at the opposite end of the topic spectrum. So when I say that an argument like this is off topic, I mean it's off topic for Hacker News as a whole, even if it's related to the story at hand.
I really blame China for the shift away from libertarian thinking and toward both right and left authoritarianism.
The old argument from libertarians was that freedom and modern prosperity are a package deal. Take away freedom and you get poverty, corruption, and stagnation.
That seemed mostly true until the Chinese "miracle." China seems to be proving that you can have prosperity without freedom or human rights. You can allow some amount of freedom in certain select areas, and that's all it takes.
That has in turn opened the door for a whole host of fundamental challenges to freedom and human rights in the West.
I tend to agree, but I’m not optimistic. Historically, the sort of liberal, open society we see in “the west” is an aberration. If there is a causal factor between liberal, open societies and prosperity, it doesn’t seem to be particularly critical. People like to point to the fall of the USSR and the endurance of its former enemies as evidence that these societies are inherently more likely to succeed, but looking farther back in history, I’m inclined to think that was an anomaly.
I like to remind people of shit like this when they claim that the United States government is an "oppressive" presence on the Internet. Yes, the five eyes nations are actively trying to backdoor crypto, and there is a lot of bullshit going on, but you don't need a license in North America to operate an http daemon. In China you do. The GFW is no joke, and they are seriously trying to bifurcate the Internet.
This sentiment trivially reduces to, "everything the US does is fine until it's the most oppressive presence on the internet", which probably isn't what you mean.
The US flexes a lot of political muscle to enforce copyright restrictions, maintain secrets, and expand surveillance around the world. That may not be as oppressive as China, but on a scale from "free" to "China", it's still in the "China" half.
"This sentiment trivially reduces to, "everything the US does is fine until it's the most oppressive presence on the internet", "
No, it doesn't. It means that people who think the US (or the West or whatever) is somehow uniquely evil have an incorrect view of the world and will have incorrect actions in the future as a result. That the US is screwing up doesn't mean that other places aren't screwing up worse. It also means that it isn't only the US screwing up, so if you start arranging your protests and rhetoric and such based on that theory you're going to get played by people who will quite happily play the part of "good guy" for you right up until they close the trap. It also means you may miss allies in the fight, like this guy. There is no way in which incorrectly thinking that the US is the worst or uniquely bad is a good idea.
I believe the US is worse than the HN gestalt thinks it is... but China is absolutely worse. It's a preview of where we're headed if we allow people to convince that we are obligated to hand more and more control over to the government to solve every last possible problem, up to and including hurt feelings.
I like to remind people of shit like this when they claim that the United States government is an "oppressive" presence on the Internet.
Not “uniquely evil.” I think if he’d said what you’re shifting the goalposts to, it would have been an unremarkable comment with few if any replies. He didn’t say that though, and what he did say was very clear and didn’t leave wiggle room for the hyperbole you’re trying to inject.
The actual quote the person you’re responding to was addressing justifies what they said, insofar as it ...trivially reduces to, "everything the US does is fine until it's the most oppressive presence on the internet". That’s a fair summation of using China as a diversion when people claim that the US is *...An oppressive presence on the internet.” Responding to people who claim that it’s worse than China, or “uniquely evil” is an entirely different conversation no one here was having.
It's not fair to say that the US is close to China in this regard. There are no private or encrypted chat apps available in China. Everybody uses WeChat, which is actively surveilled. It's not uncommon for "private" group chats to be shut down if they talk about sensitive topics. You need a license to run a website inside China. If HN ran inside China, our accounts would be linked to our identities, and we wouldn't be having this conversation.
Consider also the bigger picture. There is no rule of law in China. That guy who is being forced to install spyware on his phone is probably in Xinjiang, where hundreds of thousands (and maybe over a million) people have been detained without charge and on no legal basis. Conviction rates are extremely high because trials aren't fair. Lawyers and activists disappear. Torture and forced confessions are common.
This is the one sentence that everyone on HN must remember when we get into debates about who is better/worse/trump/xi/etc.
In China, you have no rights. There is no recourse. There are no promises made by the state to protect you. This is because of China’s situation where it needs a strong central state to maintain control of the distant provinces and keep from fragmenting, but that is another debate in and of itself.
The US has screwed up horribly many times, for sure, and is not perfect. But here and in many other countries you are innocent until proven guilty and have the ability to take the state to court to fight a decision you disagree with or feel is unfair.
Not only that, but there are significant parts of US jurisprudence that impact people's lives every single day that are the explicit result of citizens winning against the state in court.
Yes, in terms of implementing secrets & National Security-related spying there is overall parity, with the US probably a bit ahead of China & Russia.
But in terms of being an average citizen, it is night and day. At least for now, the US is an active open democracy, with a large majority of citizens actively engaged in maintaining the governmental and extra-governmental institutions the maintain democracy, e.g., independent judiciary, co-equal branches of govt, elections, independent journalism, free speech, etc. Even though these are imperfectly implemented and under threat by the current administration (w/increasing evidence of significant compromise by Russia), the US remains overly in the OPEN and FREE column.
In contrast, China is a straight-up autocracy, and it is openly working to ensure it's citizens do not even know their own history (e.g., Tiananmen, Tibet) or current news (e.g., Uyghurs), and have no capability to independently either obtain accurate information, or to organize to respond appropriately if they can somehow get it. And of course the spyware topic of this article, where ordinary citizens can get stopped on the street for failure to install.
This is little different than "May I see your papers please".
Russia is not far behind.
To falsely equate these regimes and their surveillance & interference levels is tantamount to propaganda.
There are interesting discussions to be had about the similarities and differences between China and the US, but saying that "the US is an oppressive presence on the internet" is not without merit. All that is left is disagreement on the relative impacts.
The reasonable people who make that argument are also the important vocal watchdogs who provide the friction against further abuses of power. They shouldn't be casually dismissed just because there are worse governments in the world.
NatSec ops constrained by a robust constitution implemented by an elected govt, with different co-equal branches, including a court system with centuries of experience & tradition of protecting privacy of citizens from the beginning -- one of the principles on which is was founded (see 2nd, 3rd, 4th, Ammendments for starters), and a vigorous tradition of free speech and free press is one side.
The other is an unelected totalitarian govt with a tradition of actively murdering it's own citizens to consolidate single-party political power, decades (China) or centuries (Russia) of manipulating information to the people, zero free press with active suppression, and active programs in both the civilian and military heirarchy to restrict information and spy on the people.
To even remotely equate these systems and the threat they pose to the people is to either
1) deliberately grossly misrepresent the situation, or
2) display profound ignorance of the issues.
If you want to recognize that there is a vast difference of type and then go on to discuss how the US might be better about what they do, that can be a fine discussion. But the land of 'they're all the same just different degree' is so far from reality as to render discussion useless.
> NatSec ops constrained by a robust constitution implemented by an elected govt, with different co-equal branches, including a court system with centuries of experience & tradition of protecting privacy of citizens from the beginning -- one of the principles on which is was founded (see 2nd, 3rd, 4th, Ammendments for starters), and a vigorous tradition of free speech and free press is one side.
When I think of the FISA court I don’t exactly think of “different co-equal branches, including a court system with centuries of experience & tradition of protecting privacy of citizens from the beginning”. The FISA court is literally a non-adversarial court.
I think the US court system is one of the best designed in the world. But please don’t pretend that the well-developed standard court system is anything like the secret and unaccountable national security court system.
Perhaps you don't think of FISA as a system that protects citizens, but that does not mean it is not so.
You might notice that you're already off in the weeds of international National Security issues and nowhere near the problems of what Russia, China, Iran, etc. are doing. So our system is already fundamentally different.
Then, you might notice that you are completely erroneous about FISA accountability. It is accountable to both higher judges and to Congress -- see the original authorizing act and H.R.2586 in the 113th congress on increasing FISA accountability.
Yes, the FISA courts which deal with national security level secrets are different from open courts, and the accountability has been lax. But if there is any "pretending" here, it is that somehow because FISA courts exist, we're somehow on the same plane as totalitarian and criminal states.
For starters, the FISA courts EXISTS, and does turn down requests. Here, there EXISTS a court system requiring evidence, arguments, and warrants.
It may be imperfect, but there is no such structure whatsoever in Russia, China, Iran etc. -- if they want to spy on someone, foreign or domestic, they just do it.
Again, there's a basis for discussion of how the US, EU, and FVEY countries could do it better.
But there is no basis for discussion with a simplistic and/or propagandistic false equivalence of the open liberal democratic countries and totalitarian regimes.
> Even though these are imperfectly implemented and under threat by the current administration
The current administration is providing one of the greatest demonstrations in US history of just how different the US is from the Russias and Chinas of the world.
Freedom of expression, freedom of speech, freedom of press, is working well given the intensity of the atmosphere in question.
There are routine demonstrations against the administration all over the country, they're not being broken up by thousands of government thugs with clubs and guns, which is what you see in Russia, China and Iran.
A solid 90% of all media is entirely stacked against the administration. Celebrities are openly calling for the President to be coup'd, killed, or otherwise just 'taken out.' Even the media has joined in on that at times. The so called deep state (a collection of entrenched, powerful bureaucracies within the government) have been openly acting against the administration at every turn. And come the post mid-terms - which clearly the Democrats are going to retake the house in - there are going to be approximately a thousand investigations.
Despite the cynics proclamations, and the current cultural insanity (we've seen it before, the late 1960s and 1970s were far worse), the US system is functioning amazingly well. The current administration has accomplished almost nothing of what it would like to do, and will be a lame duck in a few months. In 2 or 6 years, there will be another administration, and that's that. Life will go on, just as it did after LBJ, Nixon or Bush.
There's nothing even remotely comparable to this in Russia or China, and there never has been.
> A solid 90% of all media is entirely stacked against the administration.
No, it's not. The leading dedicated TV news network with about 45% of they audience of that media form is completely and unabashedly cheerleading for the Administration, and not even trying to pretend otherwise, as are major outlets in every other form of media. The idea that 90% of the media is hostile to, or even just not overtly shilling for, the Administration would be amusing if it didn't derive directly from the persecution-complex reinforcing propaganda those same media shills use to keep people locked into their propaganda bubble.
In fact it is true. Even the liberal media outlets openly acknowledge this is the case, they're not hiding their bias in any manner, they're openly "resisting." The well-known Pew study in the first year of his administration showed that the negative media coverage was 3x that vs the Obama Admin. The positive coverage was 1/5 that of what the Obama Admin saw. It has only gotten worse since then.
"News Coverage Of Trump More Negative Than For Other Presidents"
MSNBC, CBS News, NBC News, ABC News, CNN, NY Times, Washington Post, Bloomberg, NPR, all talk-show hosts, nearly all journalists (roughly 9 out of 10 vote Democrat to begin with), nearly all celebrities, essentially all of Hollywood - these groups are all as close to universally against Trump as you can get. It's not subtle, it's nearly all-encompassing. Estimating that 90% of media is stacked against the Trump Administration is an understatement.
That looks like you want presidents to be graded on a curve. Maybe more negative articles have been written about Trump because he's governing in a negative, divisive, chaotic manner and there are countless of examples where he lies or behaves badly that warrant negative coverage.
It's always sad on the Let's Encrypt forum when someone fails to get a cert and the reason turns out to be that the hosting provider has blocked all inbound HTTP connections because the user's web site wasn't licensed. This is a regular event, most recently reported this past weekend.
It's worth keeping a sense of perspective, but, at the same time, I don't think pointing out X is unambiguously more oppressive than Y does anything to address the original assertion that X is oppressive. That'd be like responding to someone claiming that Seattle is rainy by lecturing them about Bangladesh's climate.
The concern is the western countries taking actions to become more like China rather than less like China. It's natural to worry about convergence because eventually these things just become run away systems that are too entrenched to change.
Think about how we used to differentiate ourselves from the totalitarian regimes of the world in the post war communist fighting era. This pool of attributes is shrinking. Indefinite imprisonment without trail, national security letters, labelling the media as traitors, labelling companies that enable encryption as traitors, an omnipresent eavesdropping apparatus, etc...
US is not perfect too (but nowhere near China). For example, it is incredibly difficult to become an independent president candidate: you need to get ballot access in all states, and every state has its own rules.
The challenge of filing presidential candidate paperwork in the US versus the challenges of having a contrarian political opinion in China are nowhere near each other in level of hardship.
The obvious and rational response to what you’re saying is that the US government is an oppressive force on the internet (and elsewhere), just not as much as China, which is the most oppressive except for North Korea. Then I’d ask if being so low on the spectrum is acceptable, when the best that can be said is that it’s better than China and North Korea. Yemen for example, can happily boast that they have fewer guns per capita than the US, by an order of magnitude too! But um... how many people would leave the US for Yemen? Just comparing two countries in a narrow metric while ignoring context is unwise at best, deceptive at worst.
Moreover it does nothing to dispel concerns held by people who feel the US is an oppressive force online. They might for example, point out that while China oppresses their own citizens, the US has more of a global impact as a result of their foreign policy and massive corporations. If they then pointed out that you’re essentially comparing apples and oranges, and asked you why you thought that was an appropriate response to their concerns, you would say...?
I agree. I was living in Italy during the Berlusconi years, every time there was a new law designed to limit personal rights or freedoms, someone would reply "then what about XYZ" where XYZ was invariably what Freedom House would describe as a non-free or partially-free country. No one ever tried to compare Italy to, say, Sweden or Denmark. Once the 'race to the bottom' mentality becomes mainstream, it can do a lot of damage.
And I equally support bringing the US/Five Eyes SIGINT activities to the attention of as many people as possible, and calling out bullshit like the australian government trying to backdoor crypto:
The counterpoint to your claim of whataboutism is that it is possible to simultaneously denounce both the Chinese government's activities and the US, while at the same time critically and rationally examining their differences in methodology. And documenting where they are the same (NSA/CIA hoards zero-days, Chinese intelligence does the same, etc).
Many of the laws that govern internet usage in China are considered state secrets, hardly open! The list of websites blocked by the GFW is a state secret, for example. Not only that, but regulations are enforced arbitrarily and often even retroactively. To top it off, the Chinese constitution garauntees freedom of speech, press, religion, but is just an ignored document.
In a country where rule by law is more prominent than rule of law, this shouldn’t be weird.
Doing something bad openly is better than doing it, but trying to hide the fact that you do it, while pretending in public to be innocent or worse, encouraging condemnation of others who do the same thing openly.
Forget about state organizations, Google itself is already malware-as-a-service as far as the Android ecosystem is concerned. Regardless of whether or not the user expects it, the fact is most Android phones ship with Google play and this is uninstallable without taking extreme measures like rooting/bootloader unlocking (if even possible). You can pay hundreds of dollars for a device you then own but still have no control over the software and your data.
Lets look at what the linked post claims:
> It basically sends the IMEI and other phone metadata
Google services do this to some degree. Location data, everything. And isn't the IMEI broadcast by the baseband itself?
> as well as file hashes, to a server
Google checksums and uploads files on both mobile and PC as part of their supposed malware heuristics and prevention.
> It also monitors messages sent via otherwise secure apps
This is somewhat malicious, and I'm honestly not sure to what degree Google services are able to intercept or "monitor" app communications.
> I don't know whether it includes sophisticated anti-tempering features or not
Google services certainly do, so much so that projects like MicroG require "signature spoofing" to function. Indirectly, Google has replaced open frameworks with proprietary ones, increasing the reliance of userspace Android on Google services. Google does not want you having freedom and tampering in any way with their ecosystem.
To my mind, the state of consumer technology in the West, and the more aggressive measures like China is taking, are two sides of the same coin. But somehow one fosters complacency despite being just as invasive.
Google can't put you into an internment camp, strip you of all human rights, effectively torture and or oppress your family and everyone you know, as China is doing to 13 million Muslims in Xinjiang.
The difference between what a private sector corporation in the US can do to you, and what the Chinese Government can do to you in China, could hardly be greater. It's an absurdity to pretend they're comparable things.
While Google cannot put you in jail, Google can give your data to government (that can put you in jail). There is no big difference between large private company having the data or the government.
Of course Western surveillance on the Internet cannot be even remotely compared to what happens in China.
>Google can't put you into an internment camp, strip you of all human rights, effectively torture and or oppress your family and everyone you know, as China is doing to 13 million Muslims in Xinjiang
The entire population of Xinjiang is 23 million, you're several orders of magnitude off there.
You're entirely correct that it isn't even comparable. However, I was responding to the specific surveillance practices linked in the OP, and the comment I replied to was discussing the "presence on the Internet", not as broad a topic as the entirety of China's regime.
Perhaps, but the parent was talking about enormous amounts of people being detained without charge in China. Falun Gong seem to be a very egregious (organ harvesting and tortured to death!) example of this.
It appears that they are treated horrifically by the Chinese Communist Party. Falun Gong was founded in the 1990s as a Buddhist sect, and it grew rapidly. The CCP doesn't tolerate ideological rivals or power structures it doesn't control, so it banned them and propagandised them as an evil and dangerous cult, which is how they're widely seen in China today. Hundreds of thousands have been detained, and thousands have died in custody. There are reports of widespread organ harvesting:
Lavee describes how his attitude changed dramatically when a patient told him he was travelling to China for a scheduled heart transplant. This idea was shocking to Lavee, because the circumstances of death that allow heart donation cannot be predicted.
Wow, tough to read but thank you for bringing this to my attention.
It’s really awful Western countries just put up with it because they’re afraid of offending China. Not even the Soviets thought to make such use of the millions of people they executed.
It's disgusting that you'd offer such a comment in response to credible reports about forced organ donation. That the victims' leader holds silly beliefs in no way justifies, excuses, or even explains their murder by the authorities in the slightest. All it can be is a distraction from a deliberate horror.
If the US was jailing and murdering Scientologists for their organs, I’d be pretty mad. This is awful, the Falun Gong are human, and this should be condemned, regardless of what they believe.
Some things are cliche because they’re so often repeated, and sometimes they’re repeated so often because they’re often apt. Are we really not allowed to call a spade a spade? I can understand that just saying, “whataboutism” and nothing more would be low effort shitppsting, but in the context of a reasoned argument pointing out how something truly is just whataboutism, we’re not supposed to point that out?
The comment that set this all off was short and made a single point that can be accurately described by a cliche. There was nothing else to it. I an understand not wanting people to dismiss real arguments with cliches, but I don’t think that’s what happened here. When someone brags about using a straw man to deflect reasonable criticism, it merits a response.
> When someone brags about using a straw man to deflect reasonable criticism, it merits a response.
Maybe, but that response shouldn't just classify the argument as an instance of the cliche, since that would be low-effort shitposting, as you point out. HN already has the downvote arrow to express that kind of disagreement.
I’ve published apps on the Play Store. There seem to be multiple people who rip off these apps, stuff them with adware and who knows what else, and upload them to dubious third-party stores. As far as I can tell (but I admit I haven’t investigated deeply) this mostly originates in Russia and China. So China is very relevant to me as an app developer, and to my users, as a significant threat.
I am curious, does people uploading pirated versions of your app to third party stores really impact you? I imagine most of your users would only be on the Play Store. From my understanding, piracy isn't a much of a problem so long as it's not happening on main platform. Is there something I am missing?
Right -- I gave up trying to fix the problem, for example via some kind of copy protection, as I can’t think of a good non-risky solution and figured the sales impact was small. But I hate that potential users are put at risk just by googling for free copies.
I guess adding “legit” mobile ads might help, but I don’t like that as I think mobile ads are a completely miserable experience. And people would probably still rip it off and install their own ads anyway.
You simply can’t trust any APKs you find by googling. (Obvious to most people on HN, of course.)
Brand damage is a good point, but I believe that most genuine customers will not go to strange websites or obscure app stores to download your app, and those who do probably aren't the sort of "customers" you'd want. Hence, I couldn't see why it's much of a problem. The genuine user will more than likely just download it on Google Play. If there were people ripping off your app and putting it on Google Play, that would be different and worth worrying about.
I'm curious why my original question was downvoted. I thought it was a valid question.
One thing I want to add is, many people around the world (for example many in India and China) don’t have access to Google Play. People with Amazon devices don’t have Google Play (although it doesn’t seem like there a lot of them).
It’s difficult for a small team to deliver a good product to all those different groups of people, and it’s frustrating that they’re instead serviced by the black market.
The average Hackernews now seems to believe that Chinese goods are "safe" because China doesn't have surveillance treaties with the U.S.
You know, because China would NEVER attempt to spy on, influence, or blackmail foreign programmers, business people, scientists, or other professionals.
The sarcasm is noted, but don't ignore the fact that an increasingly powerful collection of voices view China as safe and the US as an oligarchy bordering on fascism. While I personally don't agree, if we ignore those voices, they'll keep getting louder until it's all anyone hears.
Yeah, back in the 70s an increasingly powerful collection of voices thought Pol Pot's killing fields were fabrications of American propaganda, and that if genocide happened in Cambodia, it was at American hands. They had to backpedal hard when the truth came out.
The internet is a globally interconnected system, one nation-state messing with a part of it is not whataboutism. Civil rights violations and abuses in other parts of the world are also an issue that nobody should ignore.
China publishes a report every year on human rights abuses in the USA that has a number of valid criticisms (incarceration rate of black males, police shootings, etc), but that doesn't make the US Department of State's report on Chinese human rights abuses any less valid.
I think the distinction is that the United States treats "spying on online activities" as a signals intelligence/passive gathering system and methodology. The US government doesn't arbitrarily regulate BGP4 tables and IX points, run a GFW like system on all international submarine cables (though traffic may be passively tapped by the NSA), require licenses for http daemons, or forcibly install spyware on citizens' phones.
The active measures taken by the Chinese government are pretty much the opposite of the US/Five Eyes' SIGINT approach to things.
I do not agree with either, and think that both should be highly publicized, and awareness raised. However I think that the Chinese method of police state social control is on a whole other magnitude of "fucking with the Internet" than what is possible in the US with constitutionally/bill of rights protected freedoms.
Again, everything you've said may be true.. is true, and yet your comment is still a perfect example of whataboutism. I mean, just read it:
> I like to remind people of shit like this when they claim that the United States government is an "oppressive" presence on the Internet.
Why do you feel the need to bring up China when someone talks about the US govt spying on their online activities?
China is an order of magnitude times worse than the US. I'm not sure why you feel the need to keep arguing that point when I already agreed. But none of that is relevant when someone is complaining that they don't like their own US govt spying on them, "passive" or otherwise. For you to bring up China in that context is whataboutism.
"Everything you've said may be true, and yet your comment is still a perfect example of whataboutism."
The initial topic of this thread is China, not the US, so it seems to me that criticizing China cannot, by definition, be whataboutism in this particular context.
I'm not personally inclined to dismiss things as "whataboutism" as though it were an automatic debate ender, but if you do, then you have to restrict your discussion to China's sins in this thread.
I'm not talking about this thread or the discussion in this thread, I'm talking about this:
> I like to remind people of shit like this when they claim that the United States government is an "oppressive" presence on the Internet.
In January, the US Senate passed a bill to renew the NSA’s warrantless internet surveillance program for six years with minimal changes. If walrus01's friends had brought up that topic at the time, it sounds like he'd have defended the program because China is worse. Whataboutism.
Unless any of us on here are personally representing nation states at a diplomatic level with roughly similar levels of violent shenanigans as each other, whataboutism really does not apply.
I've seen it referred to as the hypocrites favourite meme, and I am inclined to agree.
Also, China is hardly irrelevant, least of all here, a discussion thread about the technical issues surrounding state surveillance in China.
Meta-whataboutism - use "whataboutism" in a discussion to block others from pointing hypocrisy :-) It's a nifty trick, I use it once in a while as well.
But to be serious, I don't see how China is irrelevant to the average Westerner.
It seems like a pretty safe assumption that google will just play along with the Chinese government and force spyware into phones via play or some update mechanism, if they aren't already working on this.
Stopping people at random on the street to make sure an app is installed seems quite inefficient.
This shows why it’s actually quite efficient. The bad PR is part of the whole effect. They don’t want to silently monitor these people, they want to control them, and making it known that they can be stopped at any time and forced to submit is part of the deal.
There's very little "playing along" between Google and China, far less than Apple. Search is the only product that has a chance of working there right now, Play Store is just dead weight there, and most companies that ship Android in China will bundle their own app store. Apple iOS bundles a spyware system module on the other hand (for China only).
ETA: Apparently some tourists are being forced to install it as well: https://www.reddit.com/r/security/comments/8ofiiw/chinese_bo...
Also worth checking out the excellent ABC (Australia) multimedia feature on China's "social credit" system:
Social credit is like a personal scorecard for each of China’s 1.4 billion citizens.
In one pilot program already in place, each citizen has been assigned a score out of 800. In other programs it’s 900.
Those, like Dandan, with top “citizen scores” get VIP treatment at hotels and airports, cheap loans and a fast track to the best universities and jobs.
“It will allow the trustworthy to roam freely under heaven while making it hard for the discredited to take a single step.”
Those at the bottom can be locked out of society and banned from travel, or barred from getting credit or government jobs.
The system will be enforced by the latest in high-tech surveillance systems as China pushes to become the world leader in artificial intelligence.
Surveillance cameras will be equipped with facial recognition, body scanning and geo-tracking to cast a constant gaze over every citizen.
http://mobile.abc.net.au/news/2018-09-18/china-social-credit...