[eks391]

In case someone is unaware, 641A and Utah and both references to the US mass surveillance systems in this context. Specifically interceptors that a company wouldn't be able to prevent from saving your data for the few seconds they need to process and delete it

[miki123211]

I might be misremembering, but AFAIK, that kind of surveillance mostly worked because many companies didn't bother encrypting datacenter-to-datacenter traffic, thinking that those networks are trusted. That mistake has since been rectified though.

With almost everything going over TLS these days and HTTPS being the norm, even for server-to-server APIs, it's much harder to snoop on traffic without the collaboration of one of the endpoints, and the more companies you ask for that kind of collaboration, the higher your risk of an unhappy employee becoming a whistleblower.

[hinata08]

That's also about US companies that can't refuse or can't bother to challenge that a dragnet is set up in their process.

ISPs themselves didn't save any data. However, they gave interception rooms to the NSA (which is indeed technically not them).

Nowadays ISPs aren't the right scale to do it for the reasons you mentioned. But the USA lowkey moved the dragnet to the main datacenters with prism, then made it mandatory for all with the CLOUD act.

And if the threat is not coming from the USA, but some other country starts to ask Discord to BCC them the IDs of their citizens, we can do the odds on whether Discord will challenge it or not.

Now I want to ask Discord who is their third party provider ? Why don't they process IDs themselves ?

[hinata08]

edit : I didn't expect for links between that third party provider and Palantir to be exposed within a week

I lost all trust in discord

[cluckindan]

> it's much harder to snoop on traffic

Unless you have a master key which decrypts all traffic.

[ronsor]

That is not possible with modern TLS 1.3, which mandates perfect forward secrecy.

[Groxx]

Unless you use Cloudflare (or roughly any other DDOS protection system), in which case you're letting those companies MITM all requests on purpose. Protected between you and Cloudflare by PFS and any other acronym you like.

I think the odds that Cloudflare hasn't been forced into data snooping by the government are approximately zero. It's the by far the biggest, juiciest target.