* Video webpage
http://mediathek.daserste.de/sendungen_a-z/3304234_ard-sondersendung/19295624_edward-snowden-interview-in-english
* Direct download
http://media.ndr.de/progressive_geo/2014/0127/TV-20140127-1338-2142.hq.mp4
* Transscript
http://www.ndr.de/ratgeber/netzwelt/snowden277.html
Most interesting I found:
> You could read anyone’s email in the world. Anybody you’ve got email
> address for, any website you can watch traffic to and from it, any
> computer that an individual sits at you can watch it, any laptop that
> you’re tracking you can follow it as it moves from place to place
> throughout the world. It’s a one stop shop for access to the NSA’s
> information. And what’s more you can tag individuals using
> "XKeyscore". Let’s say I saw you once and I thought what you were
> doing was interesting or you just have access that’s interesting to
> me, let’s say you work at a major German corporation and I want access
> to that network, I can track your username on a website on a form
> somewhere, I can track your real name, I can track associations with
> your friends and I can build what’s called a fingerprint which is
> network activity unique to you which means anywhere you go in the
> world anywhere you try to sort of hide your online presence hide your
> identity, the NSA can find you and anyone who’s allowed to use this or
> who the NSA shares their software with can do the same thing. Germany
> is one of the countries that have access to "XKeyscore".
Esp. "I can build what’s called a fingerprint which is network activity
unique to you which means anywhere you go in the world"
He didn't elaborate on what this "fingerprint" is based on, but it could be:
* Obviously, log in to email, fetch emails
* Set of websites I regularly visit, e.g. regular visits to the set of
heise.de,
nytimes.com and
mozilla.org is probably fairly unique in
the world.
* EFF's panopticlick
* Unique IDs in "phone home", e.g "Firefox Health Services". This is
precisely why I opposed Metrics, I wrote in bug 718066 comment 2:
"Having a UUID would allow, for example, to track all my dynamic IP
addresses over time, and allow to build a profile, when combined
with access logs. If I have a notebook or mobile browser, it would
even allow to track the places where I go based on IP geolocation /
whois data."
and I was thinking of the NSA, and now Snowden confirms that they
are doing precisely that.
I think we have to draw conclusions from this - remove anything that can
identify a single user, unless he explicitly chooses to identify himself.
Ben