| ▲ | reactordev 12 hours ago |
| It goes deeper than that. The U.S. Government funds it, discourages other nations from using it, and spies on all web traffic as a result of it. Almost 80% of communications go through a data center in Northern VA. Within a quick drive to Langley, Quantico, DC, and other places that house three letter agencies I’m not authorized to disclose. |
|
| ▲ | Aurornis 10 hours ago | parent | next [-] |
| > Almost 80% of communications go through a data center in Northern VA Nobody who understands the scale of the internet could possibly believe this is true. Routing internet traffic through a geographical location would increase ping times by a noticeable amount. Even sending traffic from around the world to a datacenter in VA would require an amount of infrastructure multiple times larger than the internet itself to carry data all that distance. All built and maintained in secret. |
| |
| ▲ | n2d4 9 hours ago | parent | next [-] | | He was likely referring to the claim that 70% of the internet flows through Loudon County, Virginia, where AWS us-east-1 is located, although the more accurate number is probably somewhere around 22%. https://en.wikipedia.org/wiki/Loudoun_County,_Virginia#Econo... | | |
| ▲ | RajT88 7 hours ago | parent [-] | | Every cloud provider worth talking about is there too. Both public and sovereign/gov data centers. And of course all the privately owned ones too. It is bananas. Not just because of government either - low ping times to the biggest population center of North America. |
| |
| ▲ | reactordev 9 hours ago | parent | prev | next [-] | | Just because your client is in Switzerland and your data center is in Germany, doesn’t mean a data center in Virginia doesn’t have a copy. https://youtu.be/JR6YyYdF8ho That was 14 years ago… We have MUCH more capabilities today. | | |
| ▲ | petcat 8 hours ago | parent | next [-] | | The datacenter is in Utah, not Virginia. https://en.wikipedia.org/wiki/Utah_Data_Center | | | |
| ▲ | Aurornis 8 hours ago | parent | prev [-] | | Do you have a single actual source for anything you’re saying about this happening today? I’m well aware of the historical surveillance programs. I’m asking for a source for all of your claims about what’s happening today regarding 80% of internet traffic. | | |
| ▲ | mc32 8 hours ago | parent | next [-] | | That claim makes no sense in today's world. For over a decade, the likes of Youtube, Netflix and short form video make the majority of throughput. Why in the world would anyone want to monitor known catalogs of content? Most of which are delivered by POPs in data centers distributed all over the world. | |
| ▲ | reactordev 8 hours ago | parent | prev [-] | | https://www.bbc.com/news/articles/c93dnnxewdvo As for traffic, I can’t cite numbers, you’ll just have to trust me when I say it. I can’t give you packet breakdown or IP4 vs IP6. To have that discussion requires a secret clearance at least. | | |
| ▲ | nozzlegear 6 hours ago | parent | next [-] | | You have clearance enough to imply that these things are going on but not enough to actually prove anything? Surely the requirements of your clearance would come with some basic terms like "don't use winks and nudges to implicate us in vast conspiracies on public forums," or the far more simple "don't mention this to anyone." | |
| ▲ | IAmGraydon 8 hours ago | parent | prev [-] | | Let’s be serious for a minute here. If you’re claiming to have secret clearance on an Internet forum, you don’t. | | |
|
|
| |
| ▲ | cookiengineer 5 hours ago | parent | prev | next [-] | | > Nobody who understands the scale of the internet could possibly believe this is true. Neither would anybody have believed that 8 out of 10 hard drive chips can contain any rootkits. Yet, here we are, and the insanity of it is that we've found lots of malware attributed to EQGRP, and the Snowden leaks (from the perspective of Booz Allen) have confirmed it. You should read up on quantum routing. They don't have to route through any specific location if they can just infiltrate the routers of your neighbors. Any data packet from the originating server will arrive slower at your location than the data packet of your neighbor. In that scenario TLS becomes pretty useless if the CA itself is also exchangeable, because you can't rely on TCP or UDP. Ironically the push for UDP makes it much easier to implement in the underlying token ring architectures and their virtual routing protocols like VC4 and later. That's how the internet and a star topology (or token ring topology on city level) was designed. | |
| ▲ | Henchman21 9 hours ago | parent | prev [-] | | Never tapped a port, eh? Edited to not be so flippant: I work in HFT/finance where recording all traffic is required I think by law and definitely for one's own sanity. We're able to maintain nanosecond trades while capturing ALL the traffic. It has zero impact on the traffic. This is normal, widely used tech. Think stuff like Ixia passive taps and/or Arista Metamako FPGA-based tap/mux devices. | | |
| ▲ | Aurornis 9 hours ago | parent | next [-] | | > Never tapped a port, eh? I have. I have a background in high speed networking. Have you ever paused for a moment to consider how much infrastructure would be required to send 80% of data on the internet across the country and into a single datacenter in Virginia? If you've worked in HFT, you can probably at least start to imagine the scale we're talking about. | | |
| ▲ | reactordev 9 hours ago | parent [-] | | It’s not a single data center, it’s about 200 of them. | | |
| ▲ | Aurornis 9 hours ago | parent [-] | | Just minutes ago you said this: > Almost 80% of communications go through a data center in Northern VA Where are you getting this new 200 numbers? Share a source please. | | |
| ▲ | Mtinie 7 hours ago | parent | next [-] | | https://broadbandbreakfast.com/dateline-ashburn-data-centers... “Loudoun County currently has 199 data centers, with another 117 in development, according to Michael Turner, vice chair of the board of supervisors transportation and land use committee and Ashburn’s district supervisor.” https://virginiabusiness.com/loudoun-county-advances-changes... | |
| ▲ | reactordev 9 hours ago | parent | prev | next [-] | | One of… Ashburn, VA is the data center capital of the world. When you type and hit submit, even on this site, your data will hit one of those data centers. The few exceptions are government networks and China. | |
| ▲ | jen20 8 hours ago | parent | prev [-] | | I have no data or information on the topic, but the use of English was fine for the apparent intended meaning: "Almost 80% of communications go through a data center in X" Does not mean that all traffic goes through a single data center in X. Just that it goes through one of potentially many data centers that happen to be in X. | | |
| ▲ | coliveira 5 hours ago | parent [-] | | You're right. It's fantastic to see how English comprehension is decaying, even in groups that supposedly are smarter than average. There's a fast decaying tendency in language comprehension overall, and I can only point to the fact that much of the new generation is unable and unwilling to read even a single book. |
|
|
|
| |
| ▲ | suhputt 9 hours ago | parent | prev | next [-] | | the time it takes for light to travel from los angeles to virginia is 12 - 16 ms, round trip is 30ms lets say - that is a noticeable delay, and it could be easily disproven that 80% of traffic is literally routed through VA now.. could they just copy the traffic and send it to VA on a side channel? probably? | | |
| ▲ | metadat 8 hours ago | parent | next [-] | | And how useful would this information be? srcIP:port_dstIP:port pairs with almost all traffic encrypted. Pretty boring from a sigint pov. Instagram, YouTube, misc Web traffic, and torrents, with a side of minutae. I'm certain the three letter agencies yearn for the days before letsencrypt was de facto. | | |
| ▲ | rtkwe 5 hours ago | parent [-] | | There is the small possibility that the NSA has found cracks in some of the popular cyphers and could actually make sense of the encrypted data. It's not completely out of the question, their cryptanalysis has been shown to be ahead of the public best efforts in the past. They demonstrated it back in the 70s with DES S-boxes hardening them against a technique no one publicly knew about until the 80s. |
| |
| ▲ | NGRhodes 8 hours ago | parent | prev [-] | | i used to work, 15 years ago, on a (permissive, not covert) monitoring service for a UK national public service, the NHS spine core. We used switches to mirror ports and capture traffic in promisciouse mode on a few dozen servers
split across a few datacentres that all the traffic went througg. We had certs installed to decode https. We could get enough hardware to do this step easily, but fast enough storage was an issue, we had 1 petabyte of usable storage across all sitesn that could hold a few days of content. We aimed to get this data filtered and forwarded into our central Splunk (seperate storage) and also into our bespoke dashboards within 60s. We often lagged... |
| |
| ▲ | rtkwe 6 hours ago | parent | prev | next [-] | | The point they were making was that you could tell via ping times if the traffic was literally being routed through VA unnecessarily because the extra unavoidable light speed delay that extra distance would add between a user and the server if they weren't already very near to VA. Could be mirrored via the type of monitoring you're talking about but that'd only get you mostly encrypted traffic unless the 90s cypherpunk paranoia turns out to have been true. | |
| ▲ | wasabi991011 9 hours ago | parent | prev [-] | | But you are only tapping your own data that's already passing by you not? Not 80% of the internet that has nothing to do with you. |
|
|
|
| ▲ | recursive 12 hours ago | parent | prev | next [-] |
| Speed of light establishes certain latency minima. Experimental data can falsify (or not) at geographical locations far enough from VA. |
| |
| ▲ | dboreham 10 hours ago | parent | next [-] | | "Going through" doesn't necessarily imply store and forward. It could be tapped elsewhere and shipped to WVA. fwiw the idea of running a network in order to tap it is hardly new. The British operated largest telegraph network in the world in the 1800's for that reason. | | |
| ▲ | Aurornis 10 hours ago | parent [-] | | You think there's an entire shadow infrastructure across the United States or world that carries 80% of all internet traffic all the way to VA? It would have to be several times larger than the internet infrastructure itself due to the distances involved. All built and maintained in secret? | | |
| ▲ | coliveira 5 hours ago | parent | next [-] | | You just don't have imagination. Google, just by itself, controls 89% of the traffic in the Internet. And we know that the government can get any information they want from them, without even asking too much. If you combine this with other major companies operating very close to the US government, it is probable that more than 95% of the web traffic outside China that is easily within reach of these sinister 3 letter organizations. | |
| ▲ | Henchman21 9 hours ago | parent | prev [-] | | No. That isn't required at all. Fundamentally you lack understanding of how this happens. Yes, there is some port duplication. Yes it costs money. But it is not anywhere near as onerous as you assume. https://en.wikipedia.org/wiki/Room_641A | | |
| ▲ | Aurornis 9 hours ago | parent [-] | | > Fundamentally you lack understanding of how this happens. Yes, there is some port duplication. Yes it costs money. But it is not anywhere near as onerous as you assume No, I understand networking hardware quite well actually. I'm also familiar with Room 641A. Room 641A did not capture 80% of internet traffic. If you think 80% of internet traffic could be routed through Room 641A you're not thinking about the infrastructure required to get it all there. It was a targeted operation on backbone lines that were right there. | | |
| ▲ | PenguinCoder 9 hours ago | parent [-] | | While the most well known, there are other points of presence doing the same thing. Easy and trivial to duplicate traffic at line speed. It doesn't affect the traffic flow itself. | | |
| ▲ | reactordev 9 hours ago | parent [-] | | They will never believe you until you show them and that requires a clearance. | | |
| ▲ | ta20240528 2 hours ago | parent | next [-] | | No need for a clearance, merely explain that 1. fibre-optic traffic is a beam of light 2. this beam can be passed through a glass prism… 3. the prism splits off say 20% of the light by intensity 4. this 20% is identical to the 80% 5. both the 20% and 80% component are 'bright' enough to be used 6. the 80% continues on its merry way, the 20% is redirected for 'other' uses. | |
| ▲ | dmoy 7 hours ago | parent | prev | next [-] | | A decent number of people reading this probably do have secret clearance. But that's not really the relevant point. Simply having secret clearance doesn't mean you can just go digging around arbitrary secret classified info that you have no business reading. And it certainly doesn't mean that discussion can be had on hackernews. | |
| ▲ | 8 hours ago | parent | prev [-] | | [deleted] |
|
|
|
|
|
| |
| ▲ | reactordev 12 hours ago | parent | prev [-] | | Correct but local governments using Palantir will need to provide it to them somehow. | | |
|
|
| ▲ | ascorbic 2 hours ago | parent | prev | next [-] |
| Most of the replies to this seem to think it's referring to some kind of secret government datacenter. It's us-east-1, and every other cloud provider's US East and GOV zones, which are all in NVA |
|
| ▲ | Den_VR 10 hours ago | parent | prev | next [-] |
| So they… drive the data around NOVA? |
| |
| ▲ | shimman 10 hours ago | parent | next [-] | | No, but if you want to collaborate with the federal government it makes it more convenient to be located where the federal government resides. | |
| ▲ | reactordev 9 hours ago | parent | prev [-] | | No, but you can visit a “clean room” and look at the data at any number of sites. |
|
|
| ▲ | rootusrootus 9 hours ago | parent | prev [-] |
| When I worked for a CLEC (during that moment in history when they were briefly a Thing), we had a USG closet at our main datacenter, and we are nowhere even close to NoVA. I expect they still handle it this way rather than try to funnel any significant amount of traffic to a particular geographical region. |
