←back to thread

The NSA Selector

(github.com)
302 points anigbrowl | 4 comments | 20 May 25 18:30 UTC | HN request time: 0.334s | source
Show context
jll29 ◴[20 May 25 21:16 UTC] No.44045997[source]
In NSA parlance, a "selector" primarily is a string that semi-uniquely identifies and addresses a persons intercepted data, such as

- an IP address,

- an email address,

- a phone number,

- a SIM card's MSIN

- a person's social security number,

- a national ID card number,

- a passport number,

- a social media handle etc.

(elsewhere also known as "accessor", "key", "handle" or "index")

replies(3): >>44046092 #>>44046548 #>>44047161 #
1. jonathanstrange ◴[20 May 25 21:27 UTC] No.44046092[source]
They are interesting because combining and updating them is a non-trivial problem, as I've realized today while implementing a user ban system.
replies(1): >>44046528 #
2. Terr_ ◴[20 May 25 22:22 UTC] No.44046528[source]
There's a certain system I work with where random unauthenticated visitors on the internet end up supplying data like name/phone/email, with no validation... And of course, the business wants to somehow convert that into a list of "real people" and start correlating it to other records.

I've been trying to stop anything too terrible from happening by asking them to clarify their business requirements, e.g. what should happen when there is malicious impersonation, or the expected result should be when inconsistencies and overlaps exist.

It's not like there's no value to the data... but I'm afraid they don't really understand the problem are are hoping the magic computer can somehow *poof* garbage into fine cuisine.

replies(2): >>44047188 #>>44047302 #
3. transcriptase ◴[21 May 25 00:20 UTC] No.44047188[source]
“Enrichment” is what they actually want. People think it’s Google, Amazon, Facebook etc selling their data when in reality they are simply letting people target based on it.

On the other hand there are hundreds of companies nobody has ever heard of that do buy, collate, clean, and sell access to the data that apps, browser extensions, windows apps, loyalty card programs, branded credit cards, retailers, and companies that scrape LinkedIn etc will happily sell.

You provide what you have and for a price these “enrichment” services will provide what is essentially a dossier of everything that can be even remotely inferred from the thousands of datapoints they have based on your email/name/phone.

What most people think big tech is doing is actually being done in ways that are far more unsettling by companies with cutesy names and vague services that major companies sign contracts with to improve their signal to noise ratio.

4. grues-dinner ◴[21 May 25 00:44 UTC] No.44047302[source]
Everyone in countries with data protection laws: concern.