Hacker News new | ask | show | jobs
by throw10920 382 days ago
I'm hoping that this will be yet another shot in the war to convice corporations and government agencies that they need to have on-prem data hosting that isn't accessible to the company running the service. I don't think you can do full E2E between individual employees in a corporate setting, but at the very least if all of the organization's data is only accessible to the organization, that'll help with a lot of these third-party data beaches.

(it won't help when the organization is beached, which unfortunately still seems to be the main way that user data gets leaked)

Ultimately, though, until there starts to be federal law mandating chain of custody for user data and harsh penalties on it being leaked, I think that this will continue for a long time...

Update: I should have read the article - did not realize TeleMessage was supposed to be E2E. I guess now the lesson is that you shouldn't be using normal devices for national security information (classified or not), and otherwise it's still not good to use a sketchy service that doesn't have Moxie-grade crypto implementations.
1 comments
AtlasBarfed 382 days ago
If a company knows something about you, so does the government(s).

This is exactly the state of affairs the government prefers.

Privacy and consumer protection long died on the altar of turnkey totalitarian universal monitoring.

By having corps do the creepiest data collection, whatever all political opposition to the complete surveillance state is bypassed

link
reactordev 382 days ago
Just so long as every once in a while, they convince some junior senator to hold a hearing to throw some executive at them that will use it as a way of earning clout within the company and no one cares about the outcome. The junior senator will lament about their political opponents, the committee will pat itself on the back for doing their job, the corporate crony will report back to the board that they delivered the talking points, and it will go right back to business as usual.
link
layer8 382 days ago
To the extent that this is the case, or more importantly, can become the case, that is why the concept of data parsimony is important: https://martinfowler.com/bliki/Datensparsamkeit.html

https://news.ycombinator.com/item?id=23710925

link
throw10920 382 days ago
This is a beautiful word for a useful concept, thank you!
link
JumpCrisscross 382 days ago
> if a company knows something about you, so does the government(s)

The constant litigation between the government and private companies over records requests should put this hypothesis to bed.

link
AtlasBarfed 382 days ago
The black box rooms in the telecom forms two decades ago beg to differ

What you are talking about is small fry law enforcement.

If you don't think the new has total access to the databases of the thousands of social network and advertising/data collection firms, I don't know what to tell you.

Maybe something totally encrypted, but even then there is hardware backdoors, and the NSA can simply pay an employee to legally let them in.

link
globie 382 days ago
They only need to pay off or install a single employee to get total or near-total access. Consider this chart from 2013 showing when various tech companies were added to PRISM:

https://upload.wikimedia.org/wikipedia/commons/c/c7/Prism_sl...

A lot of the companies embattled in the "constant litigation" mentioned by the GP are featured in this very chart.

link
JumpCrisscross 382 days ago
> lot of the companies embattled in the "constant litigation" mentioned by the GP are featured in this very chart

Yup. A great first step towards understanding these systems is to disaggregate the monoliths of these enterprises and the U.S. government into their power centres.

link
globie 382 days ago
Do you believe the disaggregation of those monoliths helps to put the "hypothesis to bed"? It sure seems like you were listing "constant litigation" over "records request" as counterevidence of the claim that "if a company knows something about you, so does the government(s)".

If anyone in the U.S. government is extracting data from companies in a manner which is unlawful or should be (and they sure are), I see that as strong evidence of the hypothesis. Pointing out that local agencies may have to fight for their access in court doesn't change that it "is exactly the state of affairs the government prefers".

link
throw10920 382 days ago
This is pretty significantly off-topic, but I'll respond anyway:

(a) That's one of the reasons why it's important to restrict corporate data collection in addition to state data collection; and

(b) In the vast majority of cases, the US government at least, has to obtain a warrant to collect data on US citizens, so those two sets are not the same

I agree with the idea that most governments around the world have far more access to corporate data than they should, but I wouldn't go as far as to say that they have complete access (with caveats - the US has more protections than most of the rest of the world, for instance, and China has far less).

link
globie 382 days ago
>In the vast majority of cases, the US government at least, has to obtain a warrant to collect data on US citizens, so those two sets are not the same

If only that were true[0][1][2][3].

[0] (2022): https://fedscoop.com/dhs-buying-personal-data-from-govt-cont...

[1] (2023): https://www.congress.gov/118/meeting/house/116192/documents/...

[2] (2024): https://www.cnn.com/2024/01/26/tech/the-nsa-buys-americans-i...

[3] (2025): https://theintercept.com/2025/05/22/intel-agencies-buying-da...

link