On Tue, Oct 08, 2013 at 08:20:32AM -0400, Scott McEachern wrote:
I didn't want to bring this up before, but it might be an
interesting discussion, even though off-topic. Feel free to ignore
this part of the thread.
After reading Theo's post, I wondered what effect an IX had on what
we now know about NSA surveillance. I don't know anything about it,
but I suspect it won't make any difference.
I have a colocated server in the same data center that the IX is being
installed in. I live in Calgary and also have a home internet connection
with a major ISP here, Shaw Cable.
Traceroutes from my home to the data centre are pretty normal, enmax
envision is a local commercial fibre carrier:
traceroute to getaddrinfo.net (216.171.227.98), 64 hops max, 40 byte packets
1 192.168.1.1 (192.168.1.1) 6.809 ms 2.461 ms 14.730 ms
2 * * *
3 64.59.132.169 (64.59.132.169) 14.543 ms 10.710 ms 13.220 ms
4 66.163.71.102 (66.163.71.102) 13.731 ms ra2so-tge2-1.cg.shawcable.net
(66.163.71.98) 14.216 ms 13.916 ms
5 rx0so-enmax.cg.bigpipeinc.com (66.244.207.158) 13.478 ms 10.950 ms
14.982 ms
6 a72-29-245-70.enmaxenvison.net (72.29.245.70) 12.979 ms 33.446 ms 9.483
ms
7 a72-29-245-66.enmaxenvison.net (72.29.245.66) 14.227 ms 13.917 ms 16.484
ms
8 216-171-224-253.datahive.ca (216.171.224.253) 9.981 ms 14.946 ms 25.484
ms
9 216-171-224-5.datahive.ca (216.171.224.5) 46.234 ms 29.974 ms 35.703 ms
10 216-171-227-98.datahive.ca (216.171.227.98) 36.741 ms 40.197 ms 41.490 ms
Now here is where things get interesting, from the data centre to my
home:
traceroute to krwm.net (184.64.152.209), 64 hops max, 40 byte packets
1 216-171-227-97.datahive.ca (216.171.227.97) 0.636 ms 0.622 ms 0.411 ms
2 216-171-224-246.datahive.ca (216.171.224.246) 0.409 ms 0.505 ms 0.561 ms
3 gige-g2-7.core1.yyc1.he.net (72.52.101.149) 6.267 ms 0.823 ms 0.557 ms
4 10gigabitethernet3-2.core1.yvr1.he.net (184.105.223.218) 17.967 ms 11.860
ms 16.505 ms
5 10gigabitethernet12-3.core1.sea1.he.net (184.105.222.1) 35.960 ms 14.592
ms 20.456 ms
6 rc1wt-ge4-1.wa.shawcable.net (206.81.80.54) 27.318 ms 23.863 ms 23.819 ms
7 66.163.70.209 (66.163.70.209) 19.439 ms 20.140 ms 19.439 ms
8 dx6no-g1.cg.shawcable.net (64.59.132.170) 24.978 ms 20.165 ms 19.573 ms
9 krwm.net (184.64.152.209) 139.806 ms 33.179 ms 27.907 ms
Take a look at the 5th and 6th hops, they are in the US. The data
goes from Calgary to Vancouver down into the US to Seattle and then all
the way back to Calgary.
So long winded answer to your question: Canadian internet traffic will
stay in Canada and won't make these ridiculous loops.
I guess if the NSA has coerced with CSIS or whatever the Canadian
equivalent is then there might be cause for worry there (quite likely as
we parrot almost everything the US does).
Some of Snowden's leaked documents detail how the NSA has the
private keys for various US corporations, and they set up various
computers on the backbone links. Basically, the NSA can
imperceptibly vacuum up all data. Scary shit, really.
A few people have suggested they are vacuuming /everything/, not
just foreigners, while others counter that there's just too much
data, and it's infeasible for them to store it.
I propose that not only is it possible, but quite likely. When
google mysteriously went offline for about 5 minutes a while back,
it was said that Internet traffic dropped by 40%. A shitload of
that is going to be YouTube, which the NSA can easily ignore. I've
also heard that something like 40% of Internet traffic is porn, so
they can ignore that, too. Another big chunk goes to people
downloading movies/TV by NetFlix, torrent or from the cable-type
companies themselves. Again, the actual content can be ignored, but
the metadata can be kept. Duplicate data can be ignored as well.
There's no need for the NSA to keep 10,000 copies of the same shit
Fox or CNN spews to 10,000 daily visitors. Just keep the metadata.
No need to keep advertisements, cool graphics/CSS stuff, or HTML.
That can all be stripped away.
Whether those 40% numbers are accurate or not -- and I doubt they
are -- isn't the point. The point is that a metric shitload of
content can be safely ignored. It wouldn't surprise me in the least
if it were to be revealed that all the NSA actually traps is maybe
5% of total Internet traffic. Not because of a lack of capacity,
but a lack of interest in crap. Now go look at the two big data
centres under construction. Everyone knows about the Utah data
centre, but there's another, slightly smaller one, under
construction on the East coast. (Sorry, I can't remember exactly
where.)
But that's not the scariest thing.
The scariest thing is when a friend of mine talked about how cool
his smartphone is. I replied with the standard stuff: You're
being watched and recorded (etc). He said he doesn't care. He
just doesn't care if the
