Nicholas Weaver Explains how QUANTUM Works

An excellent essay. For the non-technical, his conclusion is the most important:

Everything we've seen about QUANTUM and other internet activity can be replicated with a surprisingly moderate budget, using existing tools with just a little modification.

The biggest limitation on QUANTUM is location: The attacker must be able to see a request which identifies the target. Since the same techniques can work on a Wi-Fi network, a $50 Raspberry Pi, located in a Foggy Bottom Starbucks, can provide any country, big and small, with a little window of QUANTUM exploitation. A foreign government can perform the QUANTUM attack NSA-style wherever your traffic passes through their country.

And that's the bottom line with the NSA's QUANTUM program. The NSA does not have a monopoly on the technology, and their widespread use acts as implicit permission to others, both nation-state and criminal.

Moreover, until we fix the underlying Internet architecture that makes QUANTUM attacks possible, we are vulnerable to all of those attackers.