← Back to context

Comment by reactordev

5 days ago

It goes deeper than that. The U.S. Government funds it, discourages other nations from using it, and spies on all web traffic as a result of it.

Almost 80% of communications go through a data center in Northern VA. Within a quick drive to Langley, Quantico, DC, and other places that house three letter agencies I’m not authorized to disclose.

64 comments

reactordev

Reply
Aurornis  5 days ago

> Almost 80% of communications go through a data center in Northern VA

Nobody who understands the scale of the internet could possibly believe this is true.

Routing internet traffic through a geographical location would increase ping times by a noticeable amount.

Even sending traffic from around the world to a datacenter in VA would require an amount of infrastructure multiple times larger than the internet itself to carry data all that distance. All built and maintained in secret.

  • n2d4  5 days ago

    He was likely referring to the claim that 70% of the internet flows through Loudon County, Virginia, where AWS us-east-1 is located, although the more accurate number is probably somewhere around 22%.

    https://en.wikipedia.org/wiki/Loudoun_County,_Virginia#Econo...

    • RajT88  5 days ago

      Every cloud provider worth talking about is there too. Both public and sovereign/gov data centers.

      And of course all the privately owned ones too. It is bananas. Not just because of government either - low ping times to the biggest population center of North America.

  • cookiengineer  5 days ago

    > Nobody who understands the scale of the internet could possibly believe this is true.

    Neither would anybody have believed that 8 out of 10 hard drive chips can contain any rootkits. Yet, here we are, and the insanity of it is that we've found lots of malware attributed to EQGRP, and the Snowden leaks (from the perspective of Booz Allen) have confirmed it.

    You should read up on quantum routing.

    They don't have to route through any specific location if they can just infiltrate the routers of your neighbors. Any data packet from the originating server will arrive slower at your location than the data packet of your neighbor. In that scenario TLS becomes pretty useless if the CA itself is also exchangeable, because you can't rely on TCP or UDP. Ironically the push for UDP makes it much easier to implement in the underlying token ring architectures and their virtual routing protocols like VC4 and later.

    That's how the internet and a star topology (or token ring topology on city level) was designed.

    • Sophira  5 days ago

      > Neither would anybody have believed that 8 out of 10 hard drive chips can contain any rootkits. Yet, here we are

      I haven't heard this before. Do you have any links I can read on this?

      1 reply →

  • reactordev  5 days ago

    Just because your client is in Switzerland and your data center is in Germany, doesn’t mean a data center in Virginia doesn’t have a copy.

    https://youtu.be/JR6YyYdF8ho

    That was 14 years ago…

    We have MUCH more capabilities today.

  • Henchman21  5 days ago

    Never tapped a port, eh?

    Edited to not be so flippant: I work in HFT/finance where recording all traffic is required I think by law and definitely for one's own sanity. We're able to maintain nanosecond trades while capturing ALL the traffic. It has zero impact on the traffic. This is normal, widely used tech. Think stuff like Ixia passive taps and/or Arista Metamako FPGA-based tap/mux devices.

    • Aurornis  5 days ago

      > Never tapped a port, eh?

      I have. I have a background in high speed networking.

      Have you ever paused for a moment to consider how much infrastructure would be required to send 80% of data on the internet across the country and into a single datacenter in Virginia?

      If you've worked in HFT, you can probably at least start to imagine the scale we're talking about.

      10 replies →

    • suhputt  5 days ago

      the time it takes for light to travel from los angeles to virginia is 12 - 16 ms, round trip is 30ms lets say - that is a noticeable delay, and it could be easily disproven that 80% of traffic is literally routed through VA

      now.. could they just copy the traffic and send it to VA on a side channel? probably?

      6 replies →

    • rtkwe  5 days ago

      The point they were making was that you could tell via ping times if the traffic was literally being routed through VA unnecessarily because the extra unavoidable light speed delay that extra distance would add between a user and the server if they weren't already very near to VA. Could be mirrored via the type of monitoring you're talking about but that'd only get you mostly encrypted traffic unless the 90s cypherpunk paranoia turns out to have been true.

    • wasabi991011  5 days ago

      But you are only tapping your own data that's already passing by you not? Not 80% of the internet that has nothing to do with you.

recursive  5 days ago

Speed of light establishes certain latency minima. Experimental data can falsify (or not) at geographical locations far enough from VA.

ascorbic  5 days ago

Most of the replies to this seem to think it's referring to some kind of secret government datacenter. It's us-east-1, and every other cloud provider's US East and GOV zones, which are all in NVA

Den_VR  5 days ago

So they… drive the data around NOVA?

  • shimman  5 days ago

    No, but if you want to collaborate with the federal government it makes it more convenient to be located where the federal government resides.

rootusrootus  5 days ago

When I worked for a CLEC (during that moment in history when they were briefly a Thing), we had a USG closet at our main datacenter, and we are nowhere even close to NoVA. I expect they still handle it this way rather than try to funnel any significant amount of traffic to a particular geographical region.