back to article Use Tor or 'extremist' Tails Linux? Congrats, you're on an NSA list

Alleged leaked documents about the NSA's XKeyscore snooping software appear to show the paranoid agency is targeting Tor and Tails users, Linux Journal readers – and anyone else interested in online privacy. At the heart of the claims is this sample configuration file for the XKeyscore system. The top-secret documents were …

Silver badge

"... a level of surveillance that makes the old East German Stasi look like a bunch of amateurs"

Unfortunately for their credibility, they don't appear to lock down their internal stuff sufficiently well. I would imagine they are conducting quite a thorough review of internal security.

If their own contractors can become whistle blowers with huge documentation drops, the Lord only knows what their real enemies can be getting up to. We can only hope the baddies will find it distinctly harder to muck about with our 5 eyes from now on.

21
1
Silver badge

Well the Stasi didn't have contractors. However people knew/suspected quite a bit. I mean back then it was all manual, so you could see the people following you around.

9
0
Silver badge

You're also on the list if you read this article.

Delete your cache now and put on a tin-foil helmet as soon as possible!

12
0
Anonymous Coward

The Stasi

The Stasi DID have contractors. Need a coffin, call Boris. Need access to a particular buildings maintenance areas, call Dieter. Need a specific car, call Ernst.

Please learn your history before making authoritative declarations.

8
0
Silver badge
Happy

Re: The Stasi

They only had three? Ah, good old fashioned E German efficiency!

10
0

Re: The Stasi

I thought everything was state owned and controlled in the old DDR. As such there was only one entity - the state - as such it could not have any sub contractors.

1
0
Anonymous Coward

"Visited the Tor, Tails or a Linux mag website? You're on the NSA's 'EXTREMIST' list"

Grow a beard and wear a puffy jacket, expect to be shot.....

10
0

Anyone purchasing tin-foil is also on the list.

Nothing must block the brain scanners.

10
0

"Delete your cache now and put on a tin-foil helmet as soon as possible!" - My God, I thought it was only a tin-foil hat that was needed.

1
0
Anonymous Coward

so I'm on the list?

we had an 'online privacy' day where I downloaded a then current version of TAILS, (hence being fingerprinted/analysed to bits by FVEY - which I didn't know at the time) I then copied it & handed out hundreds of burned TAILS on CD-R to privacy interested visitors amongst the 18,000 open-day visitors that we had. Hmmm, sorry FVEY, you weren't top of the threat model at the time - we were just trying to get people out of the Google-Bubble/home-banking-trojan paradigm - mild apologies if I massively increased your targets!

I sincerely hopes no-one else downloads TAILS, even if they don't need it today, and passes on the CD-R or liveBoot USB now that we know its "extremist" to try and bank safely.

so don't BONK here to become another extremist! [some of the 26 IPs behind TAILS are very close to Boeing, in Seattle, but some are in .ru]

7
1

I know an OS that will save us all !

http://tinfoilhat.shmoo.com/

- Networking is removed as 'that's how they get to you'...

- Even reading the screen over the user's shoulder is very hard when Tinfoil Hat is switched to paranoid mode, which sets the screen to a very low contrast. !

1
0
Coat

Now they dont need to.

They have the tools to make physical surveillance quite unnecessary, they cover all our means of communications , except perhaps carrier pigeons .. and even then , i'm not so sure they're not undercover agents ^^ . Still , freedom liberty and free speech are at stake and frankly can we not react to living under constant surveillance. The earth feels like an open air prison. Yet noone revolts strongly thinking a bit of security is worth abandoning what's left of our privacy and freedom . Pathetic. I need a strong one. Mine's the one with " I love the freedom, fsck the NSA " on the back.

2
1
Thumb Up

"Delete your cache now and put on a tin-foil helmet as soon as possible!" - My God, I thought it was only a tin-foil hat that was needed.

It's where the male brain is right??

1
2
g e

So if LJ relocated to, say, Germany

The NSA would lose a lot of intel from being outside much of the traffic (assuming LJ is USA-hosted currently)?

As much as they're ever outside of anything, of course.

0
0
Silver badge

they're a spy agency

It may well be that the NSA are paying close attention to (some/most/all) Germans in Germany, but isn't that kind of thing, well, their _job_? Expecting them to _not_ be paying attention is, well, reminiscent of a certain Australian prime minister telling parliament that the Soviets weren't running a spy ring in Australia because he had been assured by the Soviet foreign minister that they'd never do that.

I _expect_ them to be:

1 keeping an eye on _all_ communications going into and out of the United States

2 _all_ communications anywhere outside of the United States

3 _all_ communications anywhere inside of the United States which they can get away with monitoring

That boils down to, well, all communications, period, except where they physically can't do it or where it might be politically inexpedient to get caught trying... and I suspect that they'll damn well try everything they can and see what they can get away with.

They're a spy agency. Spying is what they do. They seem to be quite good at it, and they certainly have had plenty of practice. If the German courts start yapping about it, the NSA will ignore them. Hell, if _American_ courts start yapping at them, the NSA will, at most, throw some scapegoat off the sled and carry on as before.

9
26
Silver badge

Re: they're a spy agency

They're not good at it. We're discussing it for one thing. The leaks were trivially performed by someone who should never have been party to that kind of information. Even on a military level, leaks of sensitive material are incredibly easy things to do (the hope is that the punishment that Manning et al receive is enough to put you off doing them).

In fact, I'd say this shows just how bad they are - personally, I believe the techniques they are using at INCREDIBLY bad at collecting anything useful. The signal-to-noise ratio is just far too low and they've had to resort to basically listening to every packet in order to get anywhere. And, to be honest, we just don't hear of that many cases which end with "And the plan was foiled by the NSA/GCHQ". In fact, we don't. You could argue that's secrecy, but I don't think it's all that common at all.

And, at the end of the day, nobody is above the law. You want to spy, you spy legally. The people you are spying on will consider it illegal while you are on their soil, of course. If the law does not apply to spies, we could just say that and have done with it. But the fact is that it applies to them the same as everyone else. Some countries have forgotten this recently, but even in the MIDST OF WAR it can be illegal to treat an enemy inhumanely. That's how stupid it is to claim that a spy is above the law. If a spy gets caught breaking a foreign law in a foreign country, yeah, hard cheese, that's your job that we've given you permission to do (but that permission does not extend to overriding the target country's permission, obviously). But if a spy is caught breaking the law left, right and centre on it's own soil when EVERY statement it makes says that it's complying with the relevant laws, that can be taken - ironically, by just the extremists it's looks to contain - as a descent into anarchy.

Personally, spying in the last 50 years or so is nothing more than amateur hour after being left behind - brains-wise - by the rest of the developed world. There was a time and place where intellectuals dedicated their lives to forwarding their nation's cause and were at the cutting-edge of science (and inventing new sciences along the way). Those days have passed, and we have kids with McDonald's chef certificates using encryption that those agencies can't beat (yet, again ironically, invented for just that kind of purpose).

Spying en masse, on your citizens and allies, illegally, and then claiming it's legal, is a recipe for disaster. All this "acres of supercomputers" nonsense that gets spouted? I can only think that if that's considered a viable intelligence source nowadays, you might as well pack up the invisible ink and laser watches now. I honestly JUDGE the modern GCHQ for becoming nothing more than government-funded, consultant-advised, facebook-watchers.

And I'm almost certainly on some list somewhere. I've education background in cryptography, I can code, I've run TrueCrypt and Tor, I use Linux, and I'm pedantic about the security of systems. I'd be disappointed if I wasn't. But I'd be a million times more disappointed if any of those are even considered a factor without some actual real suspicion based on something other than my website/OS preference first.

Spying's gone seriously downhill. It's now just a "Google him" exercise with a "private Google" that the NSA/GCHQ are trying to build for themselves.

46
2
Silver badge
Thumb Down

Re: they're a spy agency

I _expect_ them to be

You know, this is the Internet. You can still freely google the history of the 20th century. May be an eye opener.

10
2

Re: they're a spy agency

Aren't spies considered to be unlawful combatants, at least under the US interpretation of the Geneva Convention?

13
0
Anonymous Coward

Re: they're a spy agency

Not if it's a _US_ spy. Then it's a LAWFUL combatant (read: one on OUR side). As for the 4th Amendment, they'll just say that in a world where the slightest innocuous codeword can trigger an existential threat, all bets are off and all searches are reasonable. Otherwise, the US, if not the entire world, is DOOMED. If the government cannot defend itself, what good is government at all?

10
0
Silver badge
FAIL

Re: Lee D(unce) Re: they're a spy agency

".....we just don't hear of that many cases which end with "And the plan was foiled by the NSA/GCHQ". In fact, we don't. You could argue that's secrecy, but I don't think it's all that common at all....." If only you'd bothered to read the previous El Reg article on XKeyScore (it's even linked in the article!) you would have seen that the following statement was included in the leaked, internal info: ".....NSA training manuals state that 300 terrorists have been captured using intelligence from XKeyscore before 2008....." Now, could it be they kept the successes secret for a reason, like IT WORKED BEST WHEN THE ENEMY DIDN'T KNOW ABOUT IT!

"....And, at the end of the day, nobody is above the law. You want to spy, you spy legally....." Under US law it is all legal.

".....I'm almost certainly on some list somewhere..... I'd be disappointed if I wasn't...." Don't worry, that kind of wanting to justify your paranoia is common amongst the tinfoil-attired. It really would be terrible if you realised you are of zero interest to anyone.

1
33
Silver badge
Boffin

@Matt Bryant - Re: Lee D(unce) they're a spy agency

> "NSA training manuals state that 300 terrorists have been captured using intelligence from XKeyscore before 2008"

And, of course, we all believe them, don't we, boys and girls? (After all, they wouldn't say "well, actually we haven't caught anyone, but that won't stop us trying!" would they?)

(Who are these terrorists? If they're terrorists and have been captured, surely they've been charged and convicted in a court of law so we can *know* that they're terrorists? If they haven't been charged and convicted, then wouldn't that just make them "alleged terrorists"? Or is a suspicion of them being terrorists enough to call that a success...?)

> Under US law it is all legal.

Oh, well *that's* alright then! Nothing to see, move along...

> It really would be terrible if you realised you are of zero interest to anyone.

Umm, did I mis-read this bit from the article: "the extent of the paranoid agency's targeting of Tor users, Linux Journal readers and and anyone else interested in online privacy"? Why would they be targeting these people if they were "of zero interest"?

29
0

Re: they're a spy agency

I'm not trying to defend the NSA here, but as far as targets go, this one isn't unreasonable. People who are looking into ways to hide their online communication are more likely than the average netizen to be doing something of interest. They might be terrorists or other spies, they might be Chinese pro-democracy activists or Iranian counter-revolutionaries; in any case, the NSA wants to know what they're up to. Of course, there are also plenty of people doing nothing of interest who happen to be conspiracy theorists or just don't like being spied upon, but I don't know of an easy way to tell the difference short of spying on them more.

I don't like the overbroad dragnet espionage, but at least there were some attempts to focus on valid targets. If it had emerged that they were scrutinizing visitors to dailykitten.com, that would raise serious questions about their competence.

2
27
Silver badge
Happy

"If the government cannot defend itself, what good is government at all?"

...and I thought that the government should protect its citizens. Must have misread that whole democracy thing.

23
1
Silver badge

Re: they're a spy agency

The way the spy game is supposed to be played is:

Step one: Find leads

Step two: Follow up leads to see if they merit interest.

Step three: Actively pursue hot leads.

Step four: Use intel gained in step three to thwart espionage and sabotage against country.

The way the NSA plays it

Step one: Throw out as wide a net as possible, collect and store all possible information, regardless of relevance.

Step four: Badger Congress for even more funding to gather and collate even more information.

Step five: Look like incompetent idiots everytime you're caught with your pants down because you have no steps two, three, or a working four.

Step six: use outcome of Step five as ammo for Step four.

28
1
Silver badge

Who are these terrorists?

Well, we now know you are an extremist if you use TOR. So I would assume you become a terrorist if you ever sent an encrypted email, live in a suspicious country, or posted an anonymous comment in this forum.

The US spying bureaucracy redefines the language as they see fit (if they can't change the law, they just re-interpret the meaning of it). Can not collect data on US citizens? Let's create some statistical measure of 'foreigner' to make everybody a potential foreigner. Let's not 'collect' data but instead store and automatically trawl it. I didn't see their interpretation of 'data' in the press yet, but I am sure it's obfuscatingly creative.

16
1
Silver badge

Re: Re: they're a spy agency

"You want to spy, you spy legally."

You cannot mean this to be taken seriously. Depending on the point of view, NSA's activities are either legal (under US law, and subject to future determinations about legality and about the constitutionality of the enabling laws) or illegal (under the laws of the countries in which the targets are located). That is equally true, with obvious adjustments, for the comparable spying done by intelligence agencies of other nations.

2
1

Re: they're a spy agency

Dear Tom,

I'd rather think that the point made was along the lines of: If they are allowed to spy on us, then we should be allowed to spy on them. And that is obviously not the case (see posts about unlawful combatants).

Equally getting US spies in front of, say, a German judge will proof impossible, as normally lawful combatants (include the Big Chief Himself) are considered above any law by Themselves.

And that is why, I guess, everybody is up in arms about the whole US... Two rules: one for us (US) one for you...

Regards,

Guus

10
0
Silver badge

Re: they're a spy agency

No, if there's anything that shows that they're as arbitrary as the inquisition, this is it.

Visit a particular magazine's website to find out how to use a command line as pretty much was the only way to use most computers up till 20-or-so years ago? Get labelled as 'extremist'.

This is also the perfect example of mission creep in action. Extrapolate from here and imagine what will be considered extremist in another 20 years.

3
1

Re: they're a spy agency

"People who are looking into ways to hide their online communication are more likely than the average netizen to be doing something of interest."

And yet still the overwhelming majority of them aren't interested in committing acts of terrorism

Increasing the amount of noise you collect doesn't help you refine the signal.

5
1
Anonymous Coward

Re: they're a spy agency

Do you lock the door of your house? Pull your curtains at night? What do you do in there that you feel the need to hide?

Does this mark you as a legitimate target for security services?

0
1

Re: they're a spy agency

> The way the NSA plays it

they're a bunch of misfits that need medication.

2
1
Silver badge
Coat

"and anyone else interested in online privacy"

So reading this article automatically puts you on the list ?

19
1

Re: "and anyone else interested in online privacy"

The truly ironic part is that due to all the security focused interest and the associated sites and activism around it, if I was a 3 letter analyst, i would probably be much more skeptical of those who weren't on the list.

Karl P

5
0
Silver badge

Re: "and anyone else interested in online privacy"

So do you think the NSA has learned of the Streisand effect yet?

Of course one could always post ads like:

To protect yourself from identity crime online - CLICK HERE

Keep your identity safe when going online at net cafes - CLICK HERE

6
1
Anonymous Coward

Re: "and anyone else interested in online privacy"

They have. They don't care. They'd rather have 10 million false positives than one false negative, as it's THAT'S the one that'll destroy civilization as we know it.

8
0
FAIL

Re: "and anyone else interested in online privacy"

They may not care, but their data sorting and categorization sucks, especially if they cannot thwart any recent terrorist plots. I am wondering how many NSA/GCHQ astroturfers are voting posts like mine down because it goes against their agenda. Thought so.

7
0
Anonymous Coward

Re: "and anyone else interested in online privacy"

You have been on the list for a long time in the first place.

So unless you are ready to ask the question: "Are you running Threadstone now?" and back it up by asking it with proper style you might as well order your coffin too.

0
0
Silver badge

Re: "and anyone else interested in online privacy"

I wonder how many people visited the Tails, Tor, or Truecrypt homepages when their respective big news stories broke recently. Does that label them as extremists?

(What about posting something with those three keywords or just reading a page with them?)

1
1

Re: "and anyone else interested in online privacy"

karlp:

Exactly!

A properly implemented OTP defeats the spies utterly. The spies know this, the terrorists know this. Which makes me wonder why terrorism is even mentioned, hell, they couldn't/didn't stop the Boston Marathon bombers even with some advance knowledge...

The answer is ubiquitous encryption. GPG parties, massive use of Tails to browse, etc..

2
1

Re: "and anyone else interested in online privacy"

"They have. They don't care. They'd rather have 10 million false positives than one false negative, as it's THAT'S the one that'll destroy civilization as we know it."

Oops, sorry, that was me. I used tor to buy some tin foil from my local online grocery store. I'm making a special top-secret hat you understand.

0
0
Stop

Re: "and anyone else interested in online privacy"

AC: "They have. They don't care. They'd rather have 10 million false positives than one false negative, as it's THAT'S the one that'll destroy civilization as we know it."

The problem is that they have no resources to investigate all their false positives, so the true positives are buried. As has been said several times already, signal to noise ratio is important.

1
1
Silver badge
Facepalm

Re: DocJames Re: "and anyone else interested in online privacy"

"....so the true positives are buried...." Apart from the 300 cases detected by these tools, as mentioned in the slides Snowjob leaked?

0
3

Re: DocJames "and anyone else interested in online privacy"

Matt replied! To me! I've made it as an ElReg poster.

I'm not sure I trust their information. I'm unconvinced that they are true positives. Humans as a group are famed for their ability to fool themselves - I wouldn't be surprised if they've miscounted (although noone will ever know, as it's all too secret to even talk about, except to claim it's misinformation).

I'm not sure why I'm telling you people are good at believing untrue things.

0
0
Silver badge
Happy

Re: DocJames "and anyone else interested in online privacy"

".....I'm not sure why I'm telling you people are good at believing untrue things." It's because you subconsciously know your rejection of the 300 figure is because you want to believe it is not true, not because you can empirically prove it is true. Call it intellectual guilt at the possibility you may be proving your own statement.

0
3
Anonymous Coward

If you're not on the NSA's list...

Well, what contribution to mankind have you made? ;-)

Dave

P.S. ("Hi guys/gals!") I always include a friendly greeting to the spooks who may be reading my posts.

13
1
Silver badge

Right - I'm contacting my MP and MEP. Might not do much good, but I'm not at all happy that this American criminal gang (as in - they have broken US, UK and European laws), the NSA, are snooping on UK nationals, nor that GCHQ appear to be in bed with them. I'd urge all European citizens reading this to do the same.

16
2
Happy

I'm contacting my MP and MEP....American criminal gang...

Right - you're on the list!

// "When the President does it, that means it is not illegal."

-- Richard M. Nixon, TV interview with David Frost, May 20, 1977

7
1
Silver badge

"Right - I'm contacting my MP and MEP."

Lot's of luck with that. I _know_ that the NSA doesn't care what _American_ politicians, you know, the ones who write the checks to run the thing, think. I suspect that the yapping of furriners simply will not register... except to tell them who to have a close look at next.

5
0
Black Helicopters

...the NSA doesn't care what _American_ politicians...

That's because they know whatever happens, *they* have jobs -- important ones, like defending the free world against the forces of evil, and stuff like that.

Unlike the poiliticians, who drift in and out of the government at the whim of the voters -- along with their investigations and reforms.

3
1

Mr Hague is no better. Over a year ago he came out using weasel words in an effort to say that GCHQ where not spying on UK citizen.

8
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017