Any sufficiently (i.e. correctly) encrypted content/traffic should be indiscernible from any other of the same scale. While there are ways to infer what sort of traffic is being carried from certain packed inspection and statistical techniques (a bulk HTTP transfer will look different to a peer-to-peer one and both will look very different to an interactive SSH session, and so on) you can't do that for the content.
There are five groups using Tor and similar by my understanding (in no particular order): criminals (including terrorists, people trafficers, illegal drug industry people, and so forth), the oppressed and freedom fighters (depending on your point of view a lot of people in this category might belong in the first one instead and vice-versa), the paranoid who think the whole world is out to get them, those wanting to protect all their content+comms whether secret or not out of principal, and those who are simply experimenting with it (out of "random" interest, academic interest, or because they work in a relevant/related field).
The proportion of nefarious types (relative to the total user-base) routinely using Tor is going to be significantly higher then the proportion of such who are not, so the authorities are naturally going to look to Tor for that reason. They are not saying that they think everyone using Tor is a terrorist, they are saying some are but we can't tell who so we are going to check everyone.
The only way this will change is if everything is thusly protected, so there will be no difference between the diversity of Tor users and the diversity of the overall population.
Not to get too meta, but this 'lack of surprise' thing has become a too-common reaction. I mean, objectively, what's more important - that the NSA is labeling Tor users as extremists, or whether or not you found this new information 'surprising'? Apart from being a distasteful brag, I don't think the assumption is correct. I'd imagine most people's response to be 'anger' or 'depression' or 'concern', although of course it's impossible to know for sure.
But what I really object to, and why I hope people stop using this language, is that it asserts that our collective reaction (however it is characterized) is more important than the story itself. In a very subtle way, it refocuses the argument and lets the NSA off the hook, and indeed, blames us for our having silly, outdated ideas like that our government might value and even protect our right to anonymous speech, rather than criminalize it.
As for the rest, it's possibly true that ubiquity is the only way forward.
I strongly agree with this. Not only is the "why is anyone surprised" a cynical ploy at seeming "sophisticated," but it serves to make people feel foolish for their initial anger, distrust, fear, sense of betrayal etc. And they have very good reason to feel those things! But we look at them with blank, bored eyes and ask why they're surprised.
I mean, do we really expect anyone else to seriously care about this stuff, when we kind of subtly mock them for having initially cared at all?
"I'm not sure why anyone's surprised" is the nerd version of being too "cool" to ever care about something.
I haven't met anyone IRL that was not surprised by the extent of the revelations thus far. The prevalence of this "lack of surprise" opinion in online discussions (esp on reddit) seems disproportional to my personal observations, albeit in a rather limited sample size.
I don;t intend to come over as bragging, but given what is widely know surprise is simply not a sensible reaction if you keep up with the relevant news.
Constantly being surprised by this sort of thing means people simply aren't learning from the recent past. People seem to go from surprised, to offended/angry/disgusted, to apathetic, to completely forgetting until next time, to being surprised again.
I'm not sure what the answer is unfortunately, aside from maybe "stay offended/angry/disgusted and nag and nag and nag and nag and nag until things change or you are arrested".
"Better late than never" is a concept that badly needs to be used here. Even if someone IS horribly late in realizing something, scaring them away with dismissive language is just going to make the problem worse in the future.
The right to anonymous speech is can be considered (and is by many) an implication of first amendment rights to free speech. One way to look at it is that the requirement that a person be identified before being allowed to speak is itself a limitation on speech.
I'm too lazy to do my own citations, but the courts have repeatedly struck down bans on anonymous speech on these grounds.
I'd hate to be one of those people, but I'd enjoy some kind of citation on that claim that the majority of Tor users are using it for nefarious purposes.
I may be stretching here, but I think most of us would probably agree that monitoring or outright shutting down Tor would be OK if the nefarious usage was 100%. More interesting is, at which point do we consider monitoring morally wrong as that percentage approaches zero?
I don't want to get into a semantics argument here, but:
"The proportion of nefarious types (relative to the total user-base) routinely using Tor is going to be significantly higher then the proportion of such who are not..."
He is claiming that nefarious usage is significantly higher than non-nefarious usage. That's the exact meaning of majority.
No, I think he meant "...who are not using Tor". He's saying that if 1% of normal internet traffic is nefarious, that he suspects that > 1% of Tor traffic is nefarious.
That is to say that your odds of finding a nefarious packet is greater on Tor than on the broader internet.
I don't think it's worded very clearly, but at the end of the day there's only one reasonable interpretation. He's saying that (numbers made up and not realistic) 10% of nefarious types use Tor, while 1% of regular folk use Tor. If nefarious folk make up 1% of the general population, they'll make up about 10% of Tor users, and thus focusing on Tor users will get you a larger proportion of the nefarious.
Assume 5% of Tor users are nefarious. Assume 1% of Internet at large users are nefarious. The proportion of nefarious Tor users is significantly (5x) higher. But it's not majority.
In the context of normal law enforcement that would be like searching my car only on the basis of driving down a street where drug deals are are done relatively more often than on other streets.
All you need to do is look at the hidden services listed on any of the .onion directories. This is why I stopped running a node -- I just can't justify helping criminals, even if I have no way to know which data passes through my system.
I am not disagreeing with your point of view, but how is Tor different from anything else that can be used by criminals, which includes pretty much ... everything? By that analogy, and again I am not being dense, the use of any encryption can be justified as helping criminals?
> By that analogy the use of any encryption can be justified as helping criminals?
That is certainly the view of the security services: anyone using encryption we can't break is a potential enemy hiding something we want to know.
That is why there were export restrictions on encryption technology until it became obvious that was detrimental (crypto developed elsewhere wan't covered, so the restrictions put allied commercial users at a disadvantage to other countries in the industrial espionage stakes without actually affecting the people the restrictions were aimed at at all).
It is also why services that offer encryption are pressured into giving authorities access to the private keys, and those that refuse (or can't due to the design meaning the keys are only in their users hands) tend to get shut down.
The difference here is that with Tor it is me who is providing the bandwidth for them to use. I want to see Tor succeed, but I just can't get past the fact that the people running .onion directories seem to feel that since it can be used for anything that everything should be promoted equally.
It does not even matter that "the majority of Tor users are using it for nefarious purposes". Any attempt at intimidation will work out exactly the other way around.
Doing anything that the NSA do not like, is "cool"; even more so in the global scene.
Seriously, if you want to get people to use Tor, all you have to say is that the NSA do not like it.
> It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum". [1]
Hush puppy, it's okay to call absurd that which is absurd. It won't bite you.
The NSA strategy of spying on everyone only works when most people are not aware of it. The surprise element is now gone. They can undoubtedly already see the effect of the recent scandals in a serious decrease in quality of the information that they collect. The entire internet is now slowly but surely moving to stronger forms of encryption. On the long run, it probably means that the entire internet will go dark for them. In other words, the ones who wanted to see everything will end up seeing nothing at all.
The Snowden revelations also killed two other illusions:
1. Putting the state-actor threat in the too-hard pile is a viable security plan.
2. If you sell to governments, especially the US government, you can also sell internationally to strategically important customers and not provide a "trust nobody" level of security. "Trust that I have implemented no back doors."
Going dark simply means providing the level of security that was always needed against mafia-connected state-actors and other high-level threats. And it means adapting to the level of trust (i.e. none) required to do business across multiple sovereign nations that want real autonomy of action.
Yes, you are right. This entire NSA thing is bad business for American companies. Even an erstwhile global darling such as Google suffers from this. They are now being viewed with suspicion ...
Around here you'll get a lot of "How dare you say Google isn't doing enough..."
The problem with that is there is a minimum threshold: Web-of-trust for key exchange; open clients; encryption the default, etc.
Google can be lauded for being 5% of the way there while everyone else is dawdling and hoping the toothpaste goes back in the tube. But that's not the same as actually equipping their users to trust nobody as the usual day to day way of working.
Trying to human-translate the first part of the article:
XKeyscore-Sourcecode: Tor-Users are marked and surveilled as extremists
According to an analysis of the XKeyscore sourcecode by German public broadcasters ARD and WDR, people showing an interest in anonymization on the web by, for example, googling for "Tails" or "Tor" will be added as extremists to an NSA database and monitored from thereon.
That's at least the gist of it. I'm pretty sure you'll get more background once the anglosphere awakens.
It's difficult to believe that this is all it takes (or if it is, why they aren't just including everyone).
Tails is hardly an uncommon word, with a meaning entire devoid of any terrorist connection.
And so is Tor - it may not be that common elsewhere, but tor means "rock on top of a hill" and various places have it in their name. I've stayed the High Tor hotel in Derbyshire before, and as it was to see a fireworks festival they may have spotted various picture of explosions that I posted - I wonder if that set any triggers off.
Simple keyword recognition à la "He said Treadstone! Track him down!" only happens in movies. If a one-man startup can develop the technology to analyze a bunch of packets to and from a person and determine whether he is interested in rocks on top of hills or the anonymization tool, I'm sure the NSA can do even better.
It's a pretty basic and obvious problem with keyword searching and data reduction that will have been solved a long time ago. A very simplistic model would have words like 'Tor' and 'Tails' increment an 'interestingness' counter, along with other terms like 'Bomb', 'Jihad' and so on. Once the counter passes a threshold, you look at the messages. As I said, this is basic stuff, there are much better and smarter ways to do this. In fact, there are entire large companies that exist to write software that carries out searching of data by keyword; Google springs to mind!
Do all these people writing 'I searched for Glastonbury Tor, now I'm on a terrorist watch-list, stupid NSA, Hah!' really believe that they system works like that?
> Do all these people writing 'I searched for Glastonbury Tor, now I'm on a terrorist watch-list, stupid NSA, Hah!' really believe that they system works like that?
It gets better, they believe NSA is devilishly competent when it serves their argument that NSA is simply out to oppress the populace, but then simultaneously believe NSA is so foolish as to waste a bunch of time tracking non-threats who happen to trip over enough keywords.
Double-think: It's not just for the Party leadership.
You should pay more attention then, since that's the argument used for why NSA in particular is a threat and not allied foreign intelligence agencies like BND. Seriously, I've had someone tell me that BND is no threat because they're derived from an ineffective West German intelligence agency instead of the very good East German equivalent.
If NSA were incompetent they'd be a sideshow and no threat at all.
They are. At least, that's my takeaway from the Snowden revelations. They are just using various and overlapping justifications for it, e.g., Schneier's notion of robustness of NSA surveillance programs [0]. The NSA's goal is to collect everything from everyone. Therefore, they want to use the broadest and most expensive justifications and criteria for collection.
Keep in mind search engines often know what link you click on, and NSA probably also monitors which site is subsequently visited pursuant to a keyword search.
NSA policies are simply insane and/or lazily thought out. I mean we even learned a while ago that not using Facebook makes you "suspicious" - Seriously? Or maybe watching a certain type of Youtube videos.
My point is I wouldn't single out just Tor here. They probably have dozens of other such idiotic policies that lead to abuses and putting people on "lists" that then they can take revenge on, such as through adding them to no-fly lists and so on, with very little to no recourse for the people affected (if they even ever find out about if or why they're put there, since it all tends to be secret).
What happened to innocent until proven guilty? The NSA is simply out of control and needs to be reined in, otherwise expect abuses against people that haven't even heard of Tor.
> we even learned a while ago that not using Facebook makes you "suspicious"
I tried googling for evidence of this ("nsa not using facebook suspicious"), and this comment (posted 56 minutes ago as of my writing) is the top google hit, with others being irrelevant o_O
Do you have a link to support this? At this point I am wondering if it's safe to assume all conspiracy theories are true by default, and lack of evidence is evidence of conspiracy to cover it up...
Remove "nsa" from your query, and you'll find a long list of relevant results. There was quite a bit of coverage around the web a year or two back about this topic, but never in the context of the NSA as far as I know.
NSA uses several different parameters to identify potential targets.
E.g a Tor user with no Facebook profile who recently spent two months in Syria, sound suspicious?
The fact that someone doesn't make a Facebook profile stands out, the fact that someone is using Tor stands out and the fact that someone is taking regular trips to Syria stands out.
Nobody's getting arrested for using Tor, or not having a Facebook profile. But those are things used in evaluating people.
One possible solution to this would be for Firefox to integrate Tor with their private browsing mode. That would give the Tor network a huge spike in traffic. I have no doubt in my mind that the NSA can and probably does monitor every bit of traffic everyone sends, but the more inconvenient and muddled we make it the better.
I think we can all assume we (HN readers/posters) are on the NSA lists. Lots of us mentioned Tor and the NSA online. "He who must not be named" will show up as soon as you say his name and all that. The question is whether this puts you into actual risk. I sincerely hope not, but this shit is really getting out of hand.
I'm sure that the NSA also has a large array of lists. Having a list called 'extremists' and 'terrorists' helps you get warrants, even if the list is merely composed of people interested in protecting their anonymity.
Tor will never take off on its own. There are many stigmas, and many barriers. Furthermore, in the past year to two years, pretty much every service has blacklisted all Tor exit nodes. It used to be moderately easy to sign up for Gmx (and, three years ago, even gmail) over Tor without needing a phone number. Many websites block all exit nodes from posting (though most at least allow viewing).
I would dislike to see this as a feature in Firefox until Tor is easier to use. In principle it makes sense and I support the idea, but in practice it would make private browsing very frustrating. I also imagine that you'd have a much more extreme supply vs. demand problem if this happened, reducing an already slow Tor to barely usable speeds.
>One possible solution to this would be for Firefox to integrate Tor with their private browsing mode.
I really like this idea. The practical downside is that Tor is generally very slow.
BTW I'm not entirely sure how the NSA can justify an anti-Tor stance, when anonymous speech is clearly protected by the First Amendment. Without something like Tor, true anonymous speech on the Internet is impossible; therefore Tor, or something like it, is a necessary tool to maintain that right.
(Anonymous speech has been historically important, when people would print and distribute anonymous pamphlets about political issues. Honestly, I am concerned about criminal use of Tor too, and would be perfectly happy to have a version of Tor limited to political speech and organization.)
> BTW I'm not entirely sure how the NSA can justify an anti-Tor stance, when anonymous speech is clearly protected by the First Amendment.
Welcome to America, where the constitution is up for interpretation by agencies who have no obligation to disclose anything to anyone. The problem with the NSA is not even that it does all these things. It's that they operate as a sort of rogue arm of the government and if anyone tries to question what they do from within the government they can choose not to answer questions.
> "BTW I'm not entirely sure how the NSA can justify an anti-Tor stance, when anonymous speech is clearly protected by the First Amendment."
Well, at least they are consistent with their stance on the Fourth Amendment. Namely, that both are subservient to the 0th amendment: "The right of the people to be monitored^H^H^H^H^H^H^H^H^H protected by their government, even against their will, shall not be questioned."
I really like that idea; enough so that I do all of my private browsing through Tor.
Of course the downside to that, besides all the inconveniences of Tor, is that it gets associated in the public mind with both extremist criminals and porn. Maybe the NSA isn't so concerned with the latter, but Tor's image is bad enough has it is. I doubt this would really make it more politically savvy to support it.
It would seem like an effective waste of your time. Do you really imagine the NSA cannot filter out things like that? Keywords generated by a program are easily recognised by source or content, and are simple to filter out. I imagine they are looking for a sequence of events like: 1. Search for 'Tor', 2. Download of Tor application, 3. Encrypted traffic from the same source. Look up CEP (Complex Event Processing [1]) systems and what they are capable of.
The button requires user action, the iframe is passive I'm not convinced getting someone put on a watchlist without them taking a specific action is a particularly moral thing to do...
For the sake of clarity I wasn't suggesting the button be put on without a clear explanation of what it did.
> A watchlist with every human, and its friends on it, is kinda useless.
In the right circumstances, it would be very useful. Not for catching terrorists but for putting pressure on the people on the list.
"We are only monitoring her because she is on the terrorist watchlist."
"She is only restricted from air travel because she is on the terrorist watchlist."
"She is only denied a fair trial because she is on the terrorist watchlist."
"Please cooperate with us Miss President, unless you want us to tell the press that you have been on the NSA terrorist watchlist since 2001."
Having everyone on the terrorist watchlist is very useful, when you are able to selectively choose if and when you are disclosing the fact that someone is on the list.
The use of the word 'everyone' isn't literal. It's possible that NSAs list of suspects would not literally include every single human being, but it could still include too many.
No way it's there, the Stasi did have file on most citizens, but it wasn't as well indexed, comprehensive, and easily searchable as what current government 'security' agencies have.
"According to the source code will be labeled as extremists in XKeyscore users when they search the internet for anonymizing tools like Tor or Tails, thanks to the global monitoring of search queries."
Holy fuck this is disturbing.
Does someone have access to a human-translated copy or similar article?
"Edit: some say it's not really the XKeyscore code"
Yeah, looking at the code it definitely involves TOR, but I'm really interested in the "searching for these Tools -> you're now flagged" claim+proof because that is just so wrong.
Well whether this particular piece of information is true or not the whole situation is not making me feel more secure as someone who runs a (non exit) Tor relay.
I curious to see if this backfires at me the next time I visit the US. At this point it wouldn't be a total surprise any more.
Think of it a bit like crm114, but less hairy, bigger, and searching all your traffic.
That's not directly part of a selector but a support library, so I highly doubt anyone is targeted purely on that - but it is probably part of attempted traffic correlation attacks on Tor.
I'd like to revise my comment above: article is 100% accurate and yes, that is real XKeyScore source code, and it is being directly called, solo, by real selectors in the wild.
I'm horrified: this is actual "your name will also go on ze list" territory. Selectors as wide as this have absolutely no genuine intelligence value whatsoever. This never saw oversight. They're insane.
Please do not let this discourage you from using Tor. Oh, quite the opposite - this shows you exactly why you need to use Tor, more than ever, and why more people, perhaps everyone, should. The more people who do, the more useless this selector becomes.
I'd like to warmly thank all the new sources who have come forward since Snowden's disclosures last year (no, this isn't from Snowden). This is absolutely golden.
By the way, malformed regexes are a frequent source of exploitable security bugs…
I am obviously highly suspicious because I have not only searched for but used TOR. It is handy when you want to price compare flights. I also don't like Facebook, I wonder where I am ranked on the NSA's list of potential terrible people?
For a while I taught a security course which included information about how Tor works. I did a lot of googling around Tor and anonymity in general. I must be on a few lists by now.
I was talking on the phone to someone in another country (a US friendly country) and the other person mentioned Tor. The second he got to the end of the word the phone call cut out. I haven't had a phone call cut out in years except that one time.
It was most likely a complete coincidence but it would be very interesting if anyone else has ever had a similar experience.
It was not a coincidence. I created an account just to respond because I've been waiting years to have my experience... "validated".
The same exact thing has happened during phone conversations I've had except with a different word. And I first noticed it years ago but it was post-9/11. When it happened I thought the phone call dropped by accident. I called back and picked up where I left off telling the same story. At the same word the call dropped again. I called back again and said "uhh, that was weird. Did you notice it cut off again when I said _______?" And the call dropped once more. At that point there was no plausible way it was a coincidence. The next time I called, I decided not to test it again.
I've been looking out ever since for some mention of this somewhere. Never saw one until now.
It would be very interesting to be able to reproduce that happening and be able to test what it does and does not "detect".
I would imagine that foreign terrorists would speak in their native language. Any sophisticated terrorist would use code-words (Get on the train and trigger the Goat). Does the system pick up if you spell out a word?
It's certainly possible but there's not much reason why the phone calls would consistently drop unless that was their method of preventing terrorist activity.
It's known that all calls around the president are monitored for X miles, so the technology is certainly in place and in use.
It was absolutely a coincidence. What on earth would the rationale be for an intelligence agency to cut off a call as soon as they heard a term of interest? I think your tinfoil hat is leaking.
Your scenario is very possible and was my initial thought as well. The call dropping could be carrier/phone/region specific due to invalid or error causing commands breaking something when the call logging or recording is activated. (tower connection, phone software, phone radio firmware, or anything else along the connection)
It's probably been fixed by now if it was a bug such as that. I'm sure bugs like this go unnoticed every day by people interacting with computer systems and just brush it off as a "glitch" or "service issue".
It just isn't likely. There's no plausible mechanism or reason for an intelligence collection system with keyword analysis to have real-time control of the signalling pathway for the phone system.
Which incidentally works very differently to the way most people seem to imagine phone tapping works -- some agents in trenchcoats in a dark room full of reel-to-reel tape recorders, wearing headphones and carefully putting crocodile clips onto a particular wire, and listening in, hoping the suspect isn't tipped off by crackles or beeps on the wire, or suspicious dropped calls. Maybe in 1950s Hollywood that was how it worked, but now the NSA is just grabbing the content and metadata wholesale from a backbone connection, and analysing at their leisure.
I didn't mention it cuz I figured if they're monitoring calls for it then they're damn sure monitoring posts for it and I didn't want to end up on a list. But what the hell, I'd rather learn more about what this is really all about. And that's the thing: the word wasn't even that crazy, unless you're on line at an airport (apparently) which I wasn't.
The word was "bomb".
(...Now that I think about it, I was at a train station. Not a major one though, doubt if that's related.)
People use the word 'bomb' in conversations on the phone all the time. Nobody is getting their calls disconnected for saying that, I assure you. It was a strange coincidence - a fault on the line or similar phenomenon.
Agreed, it's an incredibly popular word, and even if calls were just being dropped in train stations, it would still be widely known. Plus, what would be the advantage of dropping the call, and allowing the person to redial? If the call is being monitored, wouldn't it make more sense to send the audio to security for review? If they're calling from a public phone, you could activate a silent alarm so they're randomly selected by security, or simply redirect security cameras to their location.
I find it unlikely that this is intentional. To do intentionally intentionally would require human monitoring (or more powerful context analysis than I've heard of): "Tor" is a homophone for "Tore" and "Torr", and in a few accents it's very similar to "Tour". It's also a prefix for a lot of words. At least "Tore" and "Tour" are more common in conversation than "Tor", and I'd expect things like "Torrent" to also be more common.
In the case of human monitoring, cutting the call off immediately is an odd response: usually both spooks and law enforcement would rather keep listening to get more information. An automated system might try to do that, but only one whose designers don't care if it's noticed: if my phone cuts off whenever I talk to a foreigner about a tour, I'm surely going to notice.
There could have been something fishy going on there, but it doesn't fit the usual threat models in non-dictatorial regimes.
I agree that it was most likely a coincidence, other than server access any intelligence agency would have no reason to monitor me.
Even if you were near the president and said on the phone or over a radio "Shoot the president's head" it could be completely justified depending on context (if you were a production crew talking to a camera operator for instance). It would be nearly impossible to sort out the false positives and even if you could it wouldn't prevent much because of code-words that could be used.
Then again, we all know that bugs happen, there might have been a new system in place. It would be conceivable that the phone/tower/something received a bad command when the "recording" started and it caused the call to drop.
I say "hacked" and "stolen" on the phone all the time, but those would likely be on the list of "calls to record".
Whenever I finish a Skype call, I immediately get a message supposedly from the other person with a 4-digit number. I don't know what that number means yet. Also, my phone's wifi will not turn off since last week.
Those are all probably just coincidences, but then again, it would also fit in the kind of behavior I'd expect to observe from spyware, either state-sponsored or just the usual kind. In any case, the NSA has made it very easy to become paranoid.
If you're using Skype on Linux, it's the number of seconds of the call. Skype on Linux hasn't been updated in so long that the client doesn't always know what to do with what it's sent; if you're using Skype on Mac, that's when it tells you that you just got off a call with so-and-so for such-and-such time, but on Linux, it just prints out the literal number of seconds and it's done.
I had the same problem, when I used the 4.2 linux version of the Skype client. It seems that it was a protocol mismatch between the Windows and Linux versions of the Skype client, and the 4-digit number is the duration of the call in seconds.
Is it possible that this, and the release of this information, is part of a NSA strategy for deterring people from using TOR or encryption? Internet users will now be too scared to be put on some list to even look up information about TOR or PGP.
Admittedly I'm not well versed in TOR and how secure it actually is but surely it would be more actionable for major intelligence agencies to operate a number nodes in the network and use them to attempt to track and mitm requests?
As for encryption I haven't seen much to indicate a deterrence strategy, but maybe I'm not following the media as much as I should.
"Current: access to very few nodes. Success rate negligible because all three Tor nodes in the circuit have to be in the set of nodes we have access to"
It seems to me that the two tactics could be complementary. If you discourage people from using Tor, then you don't have to devote as many resources to the people that use Tor.
No, I don't think this article is providing facts.
The US government created Tor and has been a major sponsor since it's inception. It would be against US government (State Department) interest for people to stop using it.
We begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.
This should not actually be a complicated inquiry.
I have to wonder if it'd be possible to DDOS the NSA by having everyone do 'dd if=/dev/random of=supersecretstuff.txt count=1024 bs=1048576' and post large files full of random bits all over the web.
The NSA would be obligated to collect and store every damn one of those huge blobs of random bits on the off chance it'd be used later as a one-time pad, or that it's encrypted secrets that they need to investigate. It costs nothing to generate random bits, but it costs > 0 to store that data. Sooner or later they'd just run out of disk space.
But finite state machines take finite amounts of time and memory to run - and even though it runs 'nearline', XKeyScore is not invulnerable to targeted resource exhaustion attacks.
I suppose everyone here is already on a list anyway. Everyone who leaves a criticism for the NSA. Everyone who up votes this conversation and other similar ones. Everyone who contributes to OSS Privacy. Everyone who misspells Thor.
How useful can this really be when there's so much noise?
What if we had a system where there was a constant stream of random bytes coming to/from every IP address out there... and when you wanted to send actual information, you always sent it encrypted ... then everyone would be an extremist and encryptors would no longer stand out.
Yes, this would defeat traffic analysis, but it only works if everyone is using the same shared channel, or if each user maintains a channel with every other user they might ever wish to communicate with. Every user must also check each packet to see if it is encrypted with their public key (requiring an extensive PKI) and is a valid message for them, which is expensive. The bandwidth required is also enormous for anything other than a very limited number of participants.
Sure, Tor achieves some of these goals, and if everyone used Tor all of the time then it would make the NSAs job much more difficult, but it isn't ever going to happen, for obvious operational and practical reasons.
If everyone's communications were properly encrypted, you probably would not need useless random bytes sent down the pipes since there is so much data being transfered on the internet.
So would this XKeyscore thing know what you're searching for if you're not logged into your Google account and you're behind SSL? Would that imply they have private keys to Google SSL certificates?
Yes, they probably can. One of the early NSA leaks showed that the NSA had compromised the private networks of many large tech companies. It would be safe to assume this gave them access to tons of unencrypted data about users and behavior. The NSA is using a graph database to store all sorts of data and then joining data across domains to get a fairly complete picture of your digital life.
i'd say monitoring every single communication going in and out of your country and storing it is pretty extreme don't you think? I can't imagine any tor users really give a damn what the nsa think about them. The NSA are clinically insane
What factual statements? It's vague and ambiguous. XKEYSCORE is also not just a computer program. This is not real source code of XKEYSCORE as you wouldn't hard code Tor or any targeting vectors in to the source. It's not how the NSA operates as we've already seen. This is the biggest giveaway that the source code they're showing is fake.
Are we to accept any article about the NSA without question?
And how do you know this source code and config files are the real deal? Even so, the NSA creates programs that take user input for targeting vectors. Past leaks have shown this. I believe XKEYSCORE was one of these kinds of programs.
Any sufficiently (i.e. correctly) encrypted content/traffic should be indiscernible from any other of the same scale. While there are ways to infer what sort of traffic is being carried from certain packed inspection and statistical techniques (a bulk HTTP transfer will look different to a peer-to-peer one and both will look very different to an interactive SSH session, and so on) you can't do that for the content.
There are five groups using Tor and similar by my understanding (in no particular order): criminals (including terrorists, people trafficers, illegal drug industry people, and so forth), the oppressed and freedom fighters (depending on your point of view a lot of people in this category might belong in the first one instead and vice-versa), the paranoid who think the whole world is out to get them, those wanting to protect all their content+comms whether secret or not out of principal, and those who are simply experimenting with it (out of "random" interest, academic interest, or because they work in a relevant/related field).
The proportion of nefarious types (relative to the total user-base) routinely using Tor is going to be significantly higher then the proportion of such who are not, so the authorities are naturally going to look to Tor for that reason. They are not saying that they think everyone using Tor is a terrorist, they are saying some are but we can't tell who so we are going to check everyone.
The only way this will change is if everything is thusly protected, so there will be no difference between the diversity of Tor users and the diversity of the overall population.