Skip to comments.Feds tell Web firms to turn over user account passwords
Posted on 07/25/2013 3:49:38 PM PDT by Errant
The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.
If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.
"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."
(Excerpt) Read more at news.cnet.com ...
I will say it: folk off
Oh hell NO!!!!!!!!!!!!!!!!!!!!!!
So they can pull child porn down into anybody’s account and then prosecute them. Proving the government did it, would be next to impossible.
Of course, if they wanted to do that, it would probably be hard to stop them password or not.
Any company I do business with turns my pass word over to the FEDS will lose my business.........FOREVER!
Go to biometrics on the local host. Nothing stored on the remote server.
So they decrypt it first?
Passwords are not stored in a modern system. A one way cryptographic hash is stored instead. In reality, passwords are not checked directly. They are run through a complex hashing program that CAN NOT BE REVERSED and the output of the hash is stored.
To verify a password, the submitted password is put through the same hash and the output is compared to the stored hash. If they match then the proper password has been submitted.
ya , people going to be setup big time
The passwords are not encrypted, they are hashed. The difference being that an encrypted password can be “reversed” using a key. A hash CAN NOT BE reversed.
This proves the Feds are even stupider than I thought. Any good system does not store passwords, it stores a hash of the password. You can give the hashed value to anyone and it does not give them access. When you enter your password, that value is encrypted and then compared to the hash value.
Hmmmm, with your password, a government agent could use your account to establish a search history of any sort they may so desire.
In court they could make you look like any sort of monster that fits a narrative.
This is all creating a HUGE opportunity for some smart geek to start a Spy Free version of Facebook, Gmail..etc
The old established outfits are forever tainted in the public’s mind now.
To keep feds at bay locate offshore and store no data that is unencrypted and make certain only the user has the keys.
If any company is storing passwords in the open or even in encrypted form, they are going to get sued for doing this. We store customer passwords as one-way hashes exactly so these types of requests can never be complied with.
If the evil thug in our White House and his supporters want to do this lawfully, they need individual warrants, based “upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized”.
Instead, the general strategy for these data and just about everything else has been to collect everything on everyone and sort through our lives at leisure. The far left very obviously don’t care about freedom, the law, or the Constitution, so it comes down to just how brutal their forces are willing to get and just how firm decent people are willing to be in resisting tyranny.
There are ways around it. If you have access to the database, you don’t need the frontend.
Considering the feral government’s attitude toward our privacy, I wonder why it’s so concerned about its privacy. Is it trying to hide things?
The point is Google qualified their statement and with the parsing lessons I received from Bill Clinton via the MSM, I find that suspect.
The Feds are forcing them to create a second working password for the accounts...that way even if the user changes their password the Feds still have a working one.
No trick to have two passwords to open a single account....just a line or two of code.
I should have gone into tech and not psych in college.
More and more it looks like time to water the tree of liberty.
Yep, in a few hours, they could create enough on you to lock you away for several lifetimes. Perhaps disappear you into indefinite detention until you’re forgotten about.
Anyone that doesn’t know that our government is corrupted beyond repair, doesn’t know much.
It can be cracked - but not reversed. By that I mean that someone can brute force guess at the password and possibly get it right. Given enough resources, it might even be possible to build a database of passwords and their corresponding hashes. I believe IBM holds the patent for that very concept.
It is even possible to intercept the password by a man-in-the-middle attack or by some other social engineering method.
However, there is no mathematical way to take a hash and apply a program to that and end up with the original text. Thus, technically, it can not be reversed.
Freebook - For freedom lovin’ folk.
In short: The Federal Government is using your internet access to spy on you, collect information about you and PROFILE you. Develop your exit plan now - that means deleting accounts, deleting Facebook history, etc.. and learning to use the internet ANONYMOUSLY.
TOR. Accessing the Internet using public WiFi Access on an untraceable device. The capabilities are there, google is your friend.
If I said what I was thinking at this very moment (oh hell ... what I'm thinking most of the time!) the least of my worries would be being banned from FR.
How did that work out for them, hmmm?
I don’t know how big the net pipes are going into and out of Iceland but that would be an excellent place to host a service.
Russia has big pipes and a trusted name like Kaspersky could open a new service.
At this point I trust Russia before the US with my data...what a twisted world we are living in.
You don’t need the keys to the toy box if you can take the back off with a Phillips head screwdriver.
This is another reason the cloud should not be used for personal storage.
It’s your data. Don’t you want to control it?
Seriously? You're going to let GOOGLE know you are trying to figure out how to avoid having the government spy on your every move?
What not just publish all your personal information in the NYT classifieds while you are at it‽
Well, google (or bing) it from some anonymous account of course...
This brings to mind two questions:
1. What part of "the U.S. Government?"
2. Which, specifically, "major Internet companies?"
Vague reporting like that drives me crazy.
Think the worst and work backwards. How much do you with financial groups? And if this government want it to pay off the debt it will have access to your account. Black Swan?
Well, I dunno whether Putin would want to peek... at this point if he did peek it might just be for amusement purposes.
If I had anything I wanted to protect, I’d never allow that data to ever be processed on any device that accessed the net. And any storage media used, that is no longer needed, physically destroyed.
Do the names Andrew Breitbart or Michael Hastings ring a bell?
It just occurred to me how useful it would be to them to simply change the passwords of people who they wanted to lock out of the internet. Do enough at the same time and a lot of dissent would come to a grinding halt.
Yeah, the irony of that statement huh? Still, a simple Google search for "Tor" or "anonymous internet browsing" leads you to the rest (absent Google.)
I’d rather not hang out with the child pornographers at Tor
Seriously?! Damn, now I have to find a different anonymous browsing mechanism .... certainly don't want to be associated with that!!
Send the Obama morons the cryptographic hash data and let them spend the next several years trying to reverse them. Nitwits.
Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I dont add you to the list...
“Hmmmm, with your password, a government agent could use your account to establish a search history of any sort they may so desire.
In court they could make you look like any sort of monster that fits a narrative.”
If this is proven to be true, it sounds to me like “reasonable doubt” should not be very difficult to demonstrate to a jury. As a defense attorney, I would subpoena the government, and, of course, they won’t cooperate.
This should be interesting. What would have been a “tin foil hat” defense isn’t so funny now, is it?