XKeyscore

Original Article ↗ Hacker News Discussion ↗

Current NSA Capabilities vs. Pre-Snowden

  • One side argues the NSA’s collection capability is “greatly degraded”: most traffic is now encrypted, so they can no longer passively read vast amounts of content as they did pre-Snowden.
  • Opponents say that while content interception has changed, overall capabilities are still enormous: they can still “push a button” on specific people, and budget, mission, and authorities have not meaningfully shrunk.

Bulk Collection vs. Targeted Access

  • There is broad agreement that bulk, full-take content collection from backbone taps is far less useful now because TLS, E2EE, and encrypted metadata (e.g., via big platforms) are widespread.
  • Disagreement focuses on whether this is merely an inconvenience or a “massive loss” of a unique ability: keyword search over everyone’s plaintext content to discover new targets.

Encryption, CAs, and Cloudflare/Google

  • Several comments emphasize that modern encryption is not “magically broken” by NSA; attacks must target endpoints, keys, or intermediaries.
  • Certificate Transparency and key rotation are cited as reasons why large-scale MITM via bogus certificates (including hypothetical Let’s Encrypt compromise) would be noisy and quickly detectable.
  • Some speculate that US intermediaries like Cloudflare (terminating a large fraction of TLS) or big providers (Google, Microsoft, Apple) could be compelled or infiltrated, but others stress:
    • No known legal mechanism to demand “everything” from such companies.
    • Huge political and commercial risk for companies if such cooperation became known.

TAO, Zero-Days, and Circumventing Encryption

  • Many note that NSA’s Tailored Access Operations (and similar units) focus on endpoint compromise: zero-days, implants, hardware interception, OS-level backdoors, mobile spyware comparable to Pegasus, etc.
  • Consensus: targeted hacking of “almost anyone” is feasible; doing this at Internet scale without detection is not.

Metadata, AI, and “Store Now, Decrypt Later”

  • Metadata is repeatedly described as extremely valuable: who talks to whom, when, over what services, patterns of life, even with Tor/VPNs.
  • Some argue dragnet metadata plus ML/AI enables target discovery and selection without decrypting everything.
  • “Store now, decrypt later” with future quantum attacks is mentioned but treated as speculative; if that happens the whole landscape changes.

Domestic Use, Parallel Construction, and Cases

  • A side-thread discusses “parallel construction” in high-profile criminal cases, asserting that intelligence-derived leads are laundered into seemingly ordinary evidence.
  • Specific cases are floated, but others find them weak examples or note that DOJ policy on such use is not binding.

Aims and Target Sets

  • One perspective: NSA is primarily focused on foreign governments and terrorism, not random domestic users of Signal/Tails.
  • Counterpoint: if someone already associated with foreign threats is using such tools (even in the US), they become legitimate targets, and metadata is enough to flag them.

Second Leaker and Shadow Brokers

  • Some links argue XKeyscore details did not all come from Snowden and may instead be from a “second source,” possibly the same entity behind the Shadow Brokers leaks.
  • Others note this remains conjecture, albeit grounded in overlap of timeframes and internal NSA locations of the leaked materials.

Encryption, Obfuscation, and Net Neutrality

  • One branch advocates fully encrypted, obfuscated traffic (no cleartext SNI, app-pinned keys, Telegram/WeChat-style protocols) to frustrate surveillance and traffic discrimination.
  • A reply questions the net neutrality angle: hiding your traffic doesn’t stop ISPs from prioritizing traffic they can identify and favor; the effect would matter only if everyone encrypted/obfuscated similarly.

Classification and Wikipedia Editing

  • A meta-thread nitpicks Wikipedia’s use of “secret” vs. “classified,” noting that the program is reportedly Top Secret and that technically information, not systems, are classified.
  • Attempts to edit the article wording are blocked by automated anti-vandalism, prompting mild frustration.

Storage and Scaling

  • Past claims about “20 TB/day” XKeyscore intake are contrasted with modern hardware improvements and massive growth in global data volume.
  • Commenters assume NSA can store far more now, but likely faces a worse ratio of storable content to total global traffic, especially with so much of it encrypted.