Mugshot and Public
Hot Girl With a Gr
Vegan-based Diet b
mailbate.com
they too me home a
Thy Name is Duplic
Gender Bender
There are teen mom
You've Got That Pu
This tool was crea

Now the Battle Rea
I’ll do anything t
smushai.com
You've Got That Pu
They Came at Us Wi
When you want to l
Dinner, Movie and
The Ultimate Shock
There's Always a T
we’ve gotten valua
<<      >>
hertzbleed.com website. The NSA did not immediately respond to a request for comment. "I have no reason to believe there's any malicious content or intent behind this, other than pure interest in spying on people," said Daniel Dawkins, a security researcher who discovered the vulnerability, said. "The idea that people are using this to cause harm is just a logical fallacy." Dawkins described the bug as "the equivalent of a back door, the equivalent of if you were sitting in someone's house and you were using their bathroom and you could see every little thing they did." In a blog post , Christopher Soghoian, principal technologist for the American Civil Liberties Union, described the hack as a "gross violation of privacy and basic decency," adding, "it's one thing for the government to vacuum up metadata about what content we're communicating, but it's quite another for the government to be looking at the metadata itself -- the content of our emails and web chats and website visits -- that it's not supposed to have access to in the first place." For one thing, the bug gives "the NSA unfettered access to millions of American email accounts." "The NSA is grabbing all the emails that are passing through Google's overseas data centers (which likely account for the majority of the traffic)," said Moxie Marlinspike, a software developer who is designing the encryption protocol used in the secure email program. "Now all of that email is being stored at the NSA. Think about what that means for world peace. You can't even imagine." To exploit the bug, an attacker would first need a target's email address. With that address in hand, the attacker could then search for the target's unique email address in Google's encrypted cloud, then request a plaintext copy of their email and attachments, said Soghoian. "Think about what this means for world peace," said Marlinspike. "You can't even imagine." The bug could allow an "autocorrect to 'GCHQ'" scenario, according to Dawkins. "It would mean that GCHQ -- as an example -- could request a copy of anyone's email to see if they are friends with anyone on the FBI's list of suspicious persons. If so, GCHQ can then take a copy of their email and attach a virus," said Dawkins, who describes himself as a former FBI special agent and a former Navy intelligence officer. Marlinspike agreed, saying that "the GCHQ could send one email to the NSA with the subject line 'Hey, I'm not a terrorist, am I?', then take the entire content of that email to analyze the identity of everyone in that email -- which is now fully compromised, all by default." "This isn't the NSA trying to do some deep-packet inspection to snoop on bad guys," Marlinspike said. "This is the NSA -- which is meant to be focused on stopping bad guys -- trying to collect everyone's email and give it to everyone they're collecting the emails from. If you send an email to an email address that's in a database, they get access to it, even if it's an email you thought was private." Marlinspike called the bug "an egregious violation of people's privacy, as well as basic standards for security, trust, and transparency. We have to trust that NSA does not abuse this access -- and we've seen that they lie, steal, cheat, and commit willful acts of violation in the past. But the fact is, this hack demonstrates that every single email is accessible to the NSA -- we just don't know which ones." Even though the majority of Google Mail's traffic likely passed through Google data centers in Europe -- including traffic that originated from inside the U.S. -- it is difficult to say whether Google's policies adequately protect U.S. citizens' email privacy. "They say that the NSA can't spy on Americans," said Marlinspike, who is a former employee of Google, where he worked on privacy and cryptographic engineering issues. "But they did it anyway. So I find it hard to believe they'd be much more protective of their own data centers." The bug is significant, even in the context of NSA spying, said Marlinspike, who was concerned that "the NSA might be reading my email" as the result of the disclosure of the classified vulnerability. "And I assume the NSA would not want any of their email publicly visible." "This is not just a 'what if' vulnerability -- this is a real vulnerability," he said. "It's not as egregious as their tapping of fiber optic cables, but it's certainly one more tool in the NSA's arsenal for attacking the public at large. To be fair, I don't think the NSA wants to infect the public at large with malicious software. But given that they can, and in fact already do, how does this affect their relationship with the public?" Soghoian said the vulnerability is part of a wider pattern. "First it was TikTok, now it's Google," he said. "If you want to use any popular service on the internet, you're going to be tracked by the NSA and that's not just a back door -- that's actual, routine, non-targeted snooping on your stuff." The NSA "doesn't just use what they're authorized to use," said Soghoian, adding that "the NSA is routinely collecting things that have nothing to do with terrorism, let alone national security. They collect information on every person and business in the United States." "They can collect your communications if you communicate with people who contact them -- but, really, you don't need a backdoor to access your email, for example," Soghoian said. "A lot of Americans are being contacted by the federal government or by the government of their own country. And the NSA has direct access to all that communication." By far the majority of NSA surveillance targets are foreigners, said Soghoian, who added, "But if they can collect on you, they collect on you. They're collecting on everybody." "And this is not some weird problem that only affects people with a crazy email address like lewismene@gmail.com -- I actually have that in my email address," said Soghoian. "The problem here is the NSA is taking everyone's email address and searching it without regard to what's on the other end of that search -- which is a serious issue that affects all of us." Marlinspike said he hoped that the bug will be used to show how the NSA spies on people and "make the case against surveillance as a whole, and how people can take back their communications from an extremely powerful government entity." In a blog post, Google addressed the security vulnerability, saying, "An error in our recent code update allowed these [email] addresses to slip through in certain cases. This was not intentional, and we are working to fix it as soon as possible." Google declined to say what steps, if any, the company had taken to warn the public about the bug or to notify the federal government of its discovery. "What Google is saying is completely true -- the NSA has this data -- and the NSA doesn't seem to think it's a problem that every email you send and receive is readable by the NSA," said Soghoian. "And they're planning on using it. We saw with the FISA court and the NSA hacking tools that the NSA doesn't even care if they're breaking the law. Their job is to spy on everyone -- and that's not a secret, that's the job of the NSA." For his part, Marlinspike described the possibility that the NSA might not use the data as "the least of our worries." "The fact is that this was a bug in Gmail -- which means it was in our systems," said Marlinspike, who added, "we should fix the bugs in our systems." Marlinspike