[Vision2020] [corrected] Re: The NSA is Targeting Users of Privacy Services, Leaked Code Shows
Tom Hansen
thansen at moscow.com
Mon Jul 7 13:11:36 PDT 2014
. . . and for that I feel grateful each time I board an aircraft and deplane.
Perhaps our focus should not necessarily be on the information that a tax-subsidized security agency gathers, but what they do with that information.
Seeya 'round town, Moscow, because . . .
"Moscow Cares" (the most fun you can have with your pants on)
http://www.MoscowCares.com
Tom Hansen
Moscow, Idaho
"There's room at the top they are telling you still.
But first you must learn how to smile as you kill,
If you want to be like the folks on the hill."
- John Lennon
> On Jul 7, 2014, at 1:02 PM, Sunil <sunilramalingam at hotmail.com> wrote:
>
> So because the state has an even greater ability to pry into our lives, we should allow them to? Is that your point?
>
> Or has the state somehow proven itself more trustworthy?
>
> Sunil
>
> Subject: Re: [Vision2020] [corrected] Re: The NSA is Targeting Users of Privacy Services, Leaked Code Shows
> From: thansen at moscow.com
> Date: Mon, 7 Jul 2014 12:06:16 -0700
> CC: vision2020 at moscow.com
> To: sunilramalingam at hotmail.com
>
> Yes. And I would thoroughly and strongly support you, Sunil . . . if this were 1974 and not 2014.
>
> Now, if you'll excuse me, I must clean out the "cookies" (as well as several other uninvited files) from my desktop computer and three laptop computers . . . a task I have not done since Friday.
>
> Seeya 'round town, Moscow, because . . .
>
> "Moscow Cares" (the most fun you can have with your pants on)
> http://www.MoscowCares.com
>
> Tom Hansen
> Moscow, Idaho
>
> "There's room at the top they are telling you still.
> But first you must learn how to smile as you kill,
> If you want to be like the folks on the hill."
>
> - John Lennon
>
>
> On Jul 7, 2014, at 11:22 AM, Sunil <sunilramalingam at hotmail.com> wrote:
>
> Your last clause explains exactly why we should insist they not spy on us.
>
> Sunil
>
> From: thansen at moscow.com
> Date: Mon, 7 Jul 2014 10:46:15 -0700
> To: suehovey at moscow.com
> CC: vision2020 at moscow.com
> Subject: Re: [Vision2020] [corrected] Re: The NSA is Targeting Users of Privacy Services, Leaked Code Shows
>
> As much as I may not like the government snooping around my private life, I feel that, in some instances, it has become an inconvenient necessity . . . especially when we consider the expedient and far-reaching evolution of technology.
>
> Seeya 'round town, Moscow, because . . .
>
> "Moscow Cares" (the most fun you can have with your pants on)
> http://www.MoscowCares.com
>
> Tom Hansen
> Moscow, Idaho
>
> "There's room at the top they are telling you still.
> But first you must learn how to smile as you kill,
> If you want to be like the folks on the hill."
>
> - John Lennon
>
>
> On Jul 7, 2014, at 10:05 AM, Sue Hovey <suehovey at moscow.com> wrote:
>
> Seems to me the Patriot Act continues more to compromise the rights of citizens than to keep us safe.
>
> Sent from my iPhone
>
> On Jul 7, 2014, at 9:53 AM, Moscow Cares <moscowcares at moscow.com> wrote:
>
> Mr. Rumelhart suggests:
>
> "Maybe if we dropped them down to about 10% of their current budget and fired the top three levels of management it would help."
>
> That'll show 'em, huh Mr. Rumelhart? We don't need no stinkin' NSA. We done got us the best homeland security the NRA can solicit . . . armed college kids, right? Yee haw!!
>
> Heck! I feel safer already.
>
> Seeya 'round town, Moscow, because . . .
>
> "Moscow Cares" (the most fun you can have with your pants on)
> http://www.MoscowCares.com
>
> Tom Hansen
> Moscow, Idaho
>
> "There's room at the top they are telling you still.
> But first you must learn how to smile as you kill,
> If you want to be like the folks on the hill."
>
> - John Lennon
>
>
> On Jul 7, 2014, at 8:57 AM, Paul Rumelhart <paul.rumelhart at gmail.com> wrote:
>
> Well, authorization for some of what they are doing comes directly from the Patriot Act, but some of it appears to be completely without mandate. Repealing the provisions of the Patriot Act that give them broader powers would help, at least theoretically. However, if they are abusing their mandate now and getting away with it despite the uproar from Snowden's leaks, then I have my doubts how much it will really restrict them. Maybe if we dropped them down to about 10% of their current budget and fired the top three levels of management it would help.
>
>
> On Sun, Jul 6, 2014 at 10:29 PM, Sue Hovey <suehovey at moscow.com> wrote:
>
> At this point would repeal of the Patriot Act help? Not assuming it could happen, of course.
> Sent from my iPhone
>
> On Jul 6, 2014, at 9:50 PM, Scott Dredge <scooterd408 at hotmail.com> wrote:
>
> I don't think they care whether or not we 'accept that they are just doing their jobs'. Unless there is a policy change or legal restriction they're going to continue surveilling. If you have an suggestions on how to stop it, I'm all eyes.
>
> From: sunilramalingam at hotmail.com
> To: vision2020 at moscow.com
> Date: Sun, 6 Jul 2014 17:45:51 -0700
> Subject: Re: [Vision2020] The NSA is Targeting Users of Privacy Services, Leaked Code Shows
>
> Scott,
>
> I should say that it's the state's falsehood, not yours. They want us to accept that they are just doing their jobs when they are going well beyond them.
>
> Sunil
>
> From: sunilramalingam at hotmail.com
> To: vision2020 at moscow.com
> Date: Sun, 6 Jul 2014 17:13:49 -0700
> Subject: Re: [Vision2020] The NSA is Targeting Users of Privacy Services, Leaked Code Shows
>
> Turn a blind eye on who? Citizens? When did it become their job to spy on all of us? Are we such cringing cowards that we should accept that falsehood?
>
> Sunil
>
> From: scooterd408 at hotmail.com
> To: paul.rumelhart at gmail.com; vision2020 at moscow.com
> Date: Sun, 6 Jul 2014 15:45:07 -0600
> Subject: Re: [Vision2020] The NSA is Targeting Users of Privacy Services, Leaked Code Shows
>
> <What an F-ed up country we live in.>
>
> We don't live in an effed up country. If anything technology *might* have simply evolved past the Constitutional protections put in place to limit government powers. My bet would be that the 4th Amendment would still hold up against improper NSA snooping. Short of a Supreme Court ruling or Congressional action, don't expect the NSA to just turn a blind eye out of the goodness of their heart. Spying is part of their job responsibilities.
>
> Date: Sun, 6 Jul 2014 13:59:06 -0700
> From: paul.rumelhart at gmail.com
> To: vision2020 at moscow.com
> Subject: [Vision2020] The NSA is Targeting Users of Privacy Services, Leaked Code Shows
>
> I am pasting in the entire article for your convenience. I will also provide a link to the article itself. Be warned, though, that if you click on the link to the publicly-published Wired magazine website to view this article and you are not located in the US, Canada, Australia, New Zealand or the UK your IP address could be collected and stored by the NSA. I encourage those of you who are brave enough to defy your government by clicking on a link to specific article in a legitimate mass-market online magazine to go ahead and do so. All it will do is get you added to another list (I'm guessing we're all on one, somewhere), thus reducing their signal-to-noise ratio for people legitimately concerned about privacy (such as dissidents, whistleblowers, oppressed people, people behind censorship firewalls, etc.
>
> As a side note, I'm pleased as punch that anyone who goes to the online magazine "Linux Journal", even if you are in one of the "Five Eyes" countries, gets their IP address recorded. Why? Because it means that they fear those of us who use an OS that can't be as easily back-doored, which is a good thing.
>
> First, the link of extreme extremism: http://www.wired.com/2014/07/nsa-targets-users-of-privacy-services/ What an F-ed up country we live in.
>
> Second, the article itself. Have a nice day.
>
> The NSA Is Targeting Users of Privacy Services, Leaked Code Shows
>
> By Kim Zetter
> 07.03.14 |
> 5:45 pm |
>
>
>
> If you use Tor or any of a number of other privacy services online or even visit their web sites to read about the services, there’s a good chance your IP address has been collected and stored by the NSA, according to top-secret source code for a program the NSA uses to conduct internet surveillance.
> There’s also a good chance you’ve been tagged for simply reading news articles about these services published by Wired and other sites.
> This is according to code, obtained and analyzed by journalists and others in Germany, which for the first time reveals the extent of some of the wide-spread tracking the NSA conducts on people using or interested in using privatizing tools and services—a list that includes journalists and their sources, human rights activists, political dissidents living under oppressive countries and many others who have various reasons for needing to shield their identity and their online activity.
> The source code, for the NSA system known as XKeyscore, is used in the collection and analysis of internet traffic, and reveals that simply searching the web for privacy tools online is enough to get the NSA to label you an “extremist” and target your IP address for inclusion in its database.
> But the NSA’s analysis isn’t limited to tracking metadata like IP addresses. The system also conducts deep-packet inspection of emails that users exchange with the Tor anonymizing service to obtain information that Tor conveys to users of so-called Tor “bridges.”
> Legal experts say the widespread targeting of people engaged in constitutionally protected activity like visiting web sites and reading articles, raises questions about the legal authority the NSA is using to track users in this way.
> “Under [the Foreign Intelligence Surveillance Act] there are numerous places where it says you shouldn’t be targeting people on the basis of activities protected by the First Amendment,” says Kurt Opsahl, deputy general counsel for the Electronic Frontier Foundation. “I can’t see how this activity could have been properly authorized under FISA. This is suggesting then that they have come up with some other theory of authorizing this.”
> The findings also contradict NSA longstanding claims that its surveillance targets only those suspected of engaging in activity that threatens national security.
> “They say ‘We’re not doing indiscriminate searches,’ but this is indiscriminate,” Opsahl notes. “It’s saying that anyone who is looking for those various [services] are suspicious persons.”
> He notes that the NSA actions are at clear odds with statements from former U.S. Secretary of State Hilary Clinton and others in the government about the importance of privacy services and tools to protect First Amendment freedoms.
> “One hand of the government is promoting tools for human rights advocates and political dissidents to be able to communicate and is championing that activity,” he says. “While another branch of the government is determining that that activity is suspicious and requires tracking. This may intimidate people from using these very important tools and have a chilling effect that could undermine the free expression of ideas throughout the world.”
> The findings were uncovered and published by Norddeutscher Rundfunk and Westdeutscher Rundfunk—two public radio and TV broadcasting organizations in Germany. An English-language analysis of the findings, along with parts of the source code for the XKeyscore program—was also published by Jacob Appelbaum, a well-known American developer employed by the Tor Project, and two others in Germany who play significant roles in Tor.
> Secrets Revealed in the Code
> XKeyscore is the collection system the NSA uses to scoop up internet data and analyze it. It has been described in NSA documents leaked by Edward Snowden as a crucial tool that the NSA can use to monitor “nearly everything a user does on the internet.”
> Embedded in the code they found rules describing what XKeyscore is focused on monitoring. The rules indicate that the NSA tracks any IP address that connects to the Tor web site or any IP address that contacts a server that is used for an anonymous email service called MixMinion that is maintained by a server at MIT. XKeyscore targets any traffic to or from an IP address for the server. The NSA is also tracking anyone who visits the popular online Linux publication, Linux Journal, which the NSA refers to as an “extremist forum” in the source code.
> Tor was originally developed and funded by the U.S. Naval Research Laboratory in the late ’90s to help government employees shield their identity online, but it was later passed to the public sector for use. Tor has since been completely rebuilt by developers, and is now overseen by the Tor Project, a non-profit in Massachusetts, though it is still primarily funded by government agencies.
> Tor allows users to surf the internet as well as conduct chat and send instant messages anonymously. It works by encrypting the traffic and relaying it through a number of random servers, or nodes, hosted by volunteers around the world to make it difficult for anyone to trace the data back to its source. Each node in the network can only see the previous node that sent it the traffic and the next node to which it’s sending the traffic.
> In documents released by Edward Snowden, NSA workers discussed their frustration in spying on people who use Tor. “We will never be able to de-anonymize all Tor users all the time,” one internal NSA document noted.
> But the XKeyscore source code reveals some of the ways the NSA attempts to overcome this obstacle.
> Tor isn’t the only target of XKeyscore, however. The system is also targeting users of other privacy services: Tails, HotSpotShield, FreeNet, Centurian, FreeProxies.org, and MegaProxy.
> Tails is an operating system used by human rights activists, as well as many of the journalists who have access to the Edward Snowden documents, to protect sensitive computer activity. It runs from a USB stick or CD so that it’s not stored on the system, and uses Tor and other privacy tools to protect user activity. At the end of each session, when the user reboots it, Tails erases any data pertaining to that session—such as evidence of documents opened or chats—except for data the user has specifically saved to an encrypted storage device. The NSA clearly regards Tails as a sinister tool, however, referring to it in one comment in the source code as “a comsec mechanism advocated by extremists on extremist forums.”
> The XKeyscore rule for monitoring Tails users indicates that it is designed to identify users searching for the software program, as well as anyone “viewing documents relating to TAILs, or viewing websites that detail TAILs.”
> How XKeyscore Works
> The XKeyscore rules use features the NSA calls “appids,” “fingerprints,” and “microplugins,” to identify and tag activity online.
> Appids, the German publication notes, are unique identifiers that help the system sort and categorize data and user activity, such as an online search. The microplugins are possibly used to extract and store specific types of data.
> The rules indicate that the NSA is specifically targeting the IP address of nine servers operated by key Tor volunteers in Germany, Sweden, Austria, the Netherlands and even the U.S. These servers are used by the Tor network as directory authorities. They generate, on an hourly basis, a directory of all the Tor nodes or relays on the Tor network, which change constantly as new servers are added by volunteers or taken out of the network. The Tor software consults these lists to direct traffic to the nodes. The XKeyscore system uses a fingerprint called “anonymizer/tor/node/authority” that targets any IP address that connects to the nine servers.
> One of the servers is maintained by Sebastian Hahn, a 28-year-old a Tor volunteer and computer science student at the University of Erlangen. A German attorney told the media outlets that the targeting of Tor volunteers in Germany may violate restrictions against the US conducting secret intelligence activity against German citizens in Germany.
> Another server is operated at MIT by Tor Project leader Roger Dingledine, an MIT alumnus. But in addition to serving as one of the Tor directory authorities, the server is also used to operate the MixMinion mail service and host a number of other web sites, including ones for online gaming libraries, which means the NSA may be collecting IP addresses for those users as well.
> The XKeyscore rules indicate that in addition to tracking activity to these Tor directory servers, the NSA also records and stores any IP address that connects to the thousands of Tor relays on the network. These addresses are all publicly known, as they are listed in the directory distributed by the nine servers. But in addition to these, there are non-public “bridges” that volunteers in the Tor network maintain. These can be used by human rights activists and others in repressive regimes like Iran and China that censor internet traffic and block their citizens from using known Tor relays.
> To obtain the non-public address of one of these bridges users send an email to the Tor Project or request an address via the Tor web site. To unmask these private bridges, however, XKeyscore records any connections to the bridges.torproject.org server and uses a microplugin to then read the contents of the email that the Tor Project sends to requesters in order to obtain the address of the bridge.
> The NSA also tracks the IP address of anyone who simply visits the Tor web site, though it specifically avoids fingerprinting users believed to be located in Five Eyes countries—the spying partnership that includes Australia, Canada, New Zealand, the UK and the US—from others. This appears to be the only distinction made for Five Eyes users, however. The rules for fingerprinting visitors to the Tails web site or the web site for the Linux Journal do not include such exceptions in the version of source code the media outlets examined.
> The EFF’s Opsahl says the exception made for these users with IP addresses in these countries is odd since the constitution protects U.S. citizens from NSA surveillance no matter which country they’re in, and people using or interested in using privacy services are likely to shield their real IP address when they visit these sites, making it difficult for the NSA to know exactly where they’re really located.
> XKeyscore additionally tracks the addresses for web sites that use Tor Hidden Services to hide their location on the internet. Sites that use Tor Hidden Services—part of the so-called Dark Web—have a special Tor URL that can only be accessed by those using the Tor browser and who know the specific address. Tor Hidden Services is used by activists to host forums discussing their activity, though it is also used by sites selling illegal drugs and other illicit goods. XKeyscore catalogs every one of these URLs it can discover by culling through what it calls “raw traffic” and storing the address in a database.
>
>
>
> ======================================================= List services made available by First Step Internet, serving the communities of the Palouse since 1994. http://www.fsr.net mailto:Vision2020 at moscow.com =======================================================
>
> ======================================================= List services made available by First Step Internet, serving the communities of the Palouse since 1994. http://www.fsr.net mailto:Vision2020 at moscow.com =======================================================
>
> ======================================================= List services made available by First Step Internet, serving the communities of the Palouse since 1994. http://www.fsr.net mailto:Vision2020 at moscow.com =======================================================
>
> ======================================================= List services made available by First Step Internet, serving the communities of the Palouse since 1994. http://www.fsr.net mailto:Vision2020 at moscow.com =======================================================
> =======================================================
> List services made available by First Step Internet,
> serving the communities of the Palouse since 1994.
> http://www.fsr.net
> mailto:Vision2020 at moscow.com
> =======================================================
>
> =======================================================
> List services made available by First Step Internet,
> serving the communities of the Palouse since 1994.
> http://www.fsr.net
> mailto:Vision2020 at moscow.com
> =======================================================
>
> =======================================================
> List services made available by First Step Internet,
> serving the communities of the Palouse since 1994.
> http://www.fsr.net
> mailto:Vision2020 at moscow.com
> =======================================================
> =======================================================
> List services made available by First Step Internet,
> serving the communities of the Palouse since 1994.
> http://www.fsr.net
> mailto:Vision2020 at moscow.com
> =======================================================
>
> ======================================================= List services made available by First Step Internet, serving the communities of the Palouse since 1994. http://www.fsr.net mailto:Vision2020 at moscow.com =======================================================
> =======================================================
> List services made available by First Step Internet,
> serving the communities of the Palouse since 1994.
> http://www.fsr.net
> mailto:Vision2020 at moscow.com
> =======================================================
> =======================================================
> List services made available by First Step Internet,
> serving the communities of the Palouse since 1994.
> http://www.fsr.net
> mailto:Vision2020 at moscow.com
> =======================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.fsr.com/pipermail/vision2020/attachments/20140707/9708138b/attachment-0001.html>
More information about the Vision2020
mailing list