Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Microsoft was an early adopter of PRISM:

https://en.wikipedia.org/wiki/File:Prism_slide_5.jpg

> same thing to Google

So what? The claim was about not using Microsoft's products.



Microsoft weren't an adopter at all, that isn't what PRISM is. PRISM is the theft of unencrypted data on dedicated lines between data centers.

> So what? The claim was about not using Microsoft's products.

No, the claim was that Snowden revealed some Windows issue. That hasn't been shown. PRISM has absolutely nothing to do with Windows at all.

Where is this Snowden-Windows smoking gun? I haven't seen it.

PS - I find it odd that you'd link to that image instead of the main article which tells you exactly what PRISM is: https://en.wikipedia.org/wiki/PRISM_(surveillance_program)


> I find it odd that you'd link to that image

Did you not see the evidence in the bottom left corner?

    (  Microsoft 9/11/07 )
> Microsoft weren't an adopter at all

They were compared to the other businesses listed on that lide.

> PRISM is the theft of unencrypted data on dedicated lines between data centers.

This is as common misunderstanding. There are quite a few NSA programs that tap lines, which serve as inputs to XKEYSCORE. Some of these taps are line taps or Tailored Access based attacks, but those are not PRISM.

PRISM is the "polite" way the NSA gets their data, using FISA warrants and the cooperation of the business. They ask for a tap, and the business accommodates them. IF a business decides to not be part of prism, that's when the NSA simply takes the data via other means. The entire point of PRISM as a program is that it involves asking private business to participate.

> PRISM has absolutely nothing to do with Windows at all.

When windows 10 decides to make all those network connections, where are they going? They're writing to some sort of database at Microsoft. Now that windows has made the network part of the OS, the situation at the remote data center becomes relevant.


The key here is the tap. People are under some delusion the NSA/FBI presents a list of actual suspects to said companies (regardless if they have "cleared" employees or not).


from user "ionised" above,

July 31, 2012

Microsoft (MS) began encrypting web-based chat with the introduction of the new outlook.com service. This new Secure Socket Layer (SSL) encryption effectively cut off collection of the new service for FAA 702 and likely 12333 (to some degree) for the Intelligence Community (IC). MS, working with the FBI, developed a surveillance capability to deal with the new SSL. These solutions were successfully tested and went live 12 Dec 2012.

From; https://search.edwardsnowden.com/


OP's point is that the whole Snowden thing was about datacenters, which happened to all biggest players so not using Windows is not going to mitigate that fact.


Even if that were true (as another commenter pointed out, Snowden's leaks are about far more than just datacenter snooping), that still puts Windows users at a lot of risk; when basically your whole computer is being continuously synchronized with Microsoft's servers, your whole computer is now vulnerable to such datacenter attacks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: