Hacker News new | ask | show | jobs
by Flenser 4014 days ago
They spied on unencrypted data as it was transferred between data-centers. They can't decrypt or MITM anything because they don't have google's keys, and chrome using HSTS cert-pinning means that the cert is fixed and can't be faked with one for google from another top-level CA.
2 comments
sneak 4014 days ago
> They can't decrypt or MITM anything because they don't have google's keys

Hard to prove a negative.

link
mynameisvlad 4014 days ago
Then show an example that proves the NSA has Google's keys. If you want to do proofs, how about you put your money where your mouth is?
link
zxcvcxz 4014 days ago
This isn't proof that the NSA has googles keys, but it outlines how the NSA uses stolen keys to decrypt information. I'd imagine google would be one of their main targets.

http://www.newyorker.com/tech/elements/how-the-n-s-a-cracked...

link
ackalker 4014 days ago
> ... they don't have google's keys

Assumptions, assumptions.

link
ceejayoz 4014 days ago
Yeah. Spies have regularly provided data, for free or minimal compensation, to nation-state actors. Sometimes, this is information they know will result in the deaths of others. Often, the very act of doing it may result in the death of the perpetrator if caught.

Appeal to patriotism, a few million bucks, and immunity from prosecution? Surely someone highly placed at AppGoogAzonSoft is susceptible to that.

link