
Tor users are selected and monitored by the NSA as extremists - sveme
https://translate.google.com/translate?sl=de&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fmeldung%2FXKeyscore-Quellcode-Tor-Nutzer-werden-von-der-NSA-als-Extremisten-markiert-und-ueberwacht-2248328.html&edit-text=
======
dspillett
I'm not sure why people seem surprised by this.

Any sufficiently (i.e. correctly) encrypted content/traffic should be
indiscernible from any other of the same scale. While there are ways to infer
what sort of traffic is being carried from certain packed inspection and
statistical techniques (a bulk HTTP transfer will look different to a peer-to-
peer one and both will look very different to an interactive SSH session, and
so on) you can't do that for the content.

There are five groups using Tor and similar by my understanding (in no
particular order): criminals (including terrorists, people trafficers, illegal
drug industry people, and so forth), the oppressed and freedom fighters
(depending on your point of view a lot of people in this category might belong
in the first one instead and vice-versa), the paranoid who think the whole
world is out to get them, those wanting to protect all their content+comms
whether secret or not out of principal, and those who are simply experimenting
with it (out of "random" interest, academic interest, or because they work in
a relevant/related field).

The proportion of nefarious types (relative to the total user-base) routinely
using Tor is going to be significantly higher then the proportion of such who
are not, so the authorities are naturally going to look to Tor for that
reason. They are not saying that they think everyone using Tor is a terrorist,
they are saying some are but we can't tell who so we are going to check
everyone.

The only way this will change is if everything is thusly protected, so there
will be no difference between the diversity of Tor users and the diversity of
the overall population.

~~~
javajosh
_> I'm not sure why people seem surprised by this._

Not to get too meta, but this 'lack of surprise' thing has become a too-common
reaction. I mean, objectively, what's more important - that the NSA is
labeling Tor users as extremists, or whether or not you found this new
information 'surprising'? Apart from being a distasteful brag, I don't think
the assumption is correct. I'd imagine most people's response to be 'anger' or
'depression' or 'concern', although of course it's impossible to know for
sure.

But what I really object to, and why I hope people stop using this language,
is that it asserts that our collective reaction (however it is characterized)
is more important than the story itself. In a very subtle way, it refocuses
the argument and lets the NSA off the hook, and indeed, blames us for our
having silly, outdated ideas like that our government might value and even
protect our right to anonymous speech, rather than criminalize it.

As for the rest, it's possibly true that ubiquity is the only way forward.

~~~
marktangotango
>> our right to anonymous speech

You lost me here. Privacy, yes, anonymity? Where is that in the Constitution
(assuming you're a USA-ian).

~~~
ghkbrew
The right to anonymous speech is can be considered (and is by many) an
implication of first amendment rights to free speech. One way to look at it is
that the requirement that a person be identified before being allowed to speak
is itself a limitation on speech.

I'm too lazy to do my own citations, but the courts have repeatedly struck
down bans on anonymous speech on these grounds.

~~~
marktangotango
Thanks for the clarification.

------
sveme
Trying to human-translate the first part of the article:

XKeyscore-Sourcecode: Tor-Users are marked and surveilled as extremists

According to an analysis of the XKeyscore sourcecode by German public
broadcasters ARD and WDR, people showing an interest in anonymization on the
web by, for example, googling for "Tails" or "Tor" will be added as extremists
to an NSA database and monitored from thereon.

That's at least the gist of it. I'm pretty sure you'll get more background
once the anglosphere awakens.

~~~
prof_hobart
It's difficult to believe that this is all it takes (or if it is, why they
aren't just including everyone).

Tails is hardly an uncommon word, with a meaning entire devoid of any
terrorist connection.

And so is Tor - it may not be that common elsewhere, but tor means "rock on
top of a hill" and various places have it in their name. I've stayed the High
Tor hotel in Derbyshire before, and as it was to see a fireworks festival they
may have spotted various picture of explosions that I posted - I wonder if
that set any triggers off.

~~~
grkvlt
It's a pretty basic and obvious problem with keyword searching and data
reduction that will have been solved a _long_ time ago. A very simplistic
model would have words like 'Tor' and 'Tails' increment an 'interestingness'
counter, along with other terms like 'Bomb', 'Jihad' and so on. Once the
counter passes a threshold, you look at the messages. As I said, this is basic
stuff, there are much better and smarter ways to do this. In fact, there are
entire large companies that exist to write software that carries out searching
of data by keyword; Google springs to mind!

Do all these people writing 'I searched for Glastonbury Tor, now I'm on a
terrorist watch-list, stupid NSA, Hah!' really believe that they system works
like that?

~~~
mpyne
> Do all these people writing 'I searched for Glastonbury Tor, now I'm on a
> terrorist watch-list, stupid NSA, Hah!' really believe that they system
> works like that?

It gets better, they believe NSA is devilishly competent when it serves their
argument that NSA is simply out to oppress the populace, but then
simultaneously believe NSA is so foolish as to waste a bunch of time tracking
non-threats who happen to trip over enough keywords.

Double-think: It's not just for the Party leadership.

~~~
prof_hobart
Not seen many people on the "NSA are evil" side arguing that they are
devilishly competent.

~~~
mpyne
You should pay more attention then, since that's the argument used for why NSA
in particular is a threat and not allied foreign intelligence agencies like
BND. Seriously, I've had someone tell me that BND is no threat because they're
derived from an ineffective West German intelligence agency instead of the
very good East German equivalent.

If NSA were incompetent they'd be a sideshow and no threat at all.

------
higherpurpose
NSA policies are simply insane and/or lazily thought out. I mean we even
learned a while ago that _not using Facebook_ makes you "suspicious" \-
Seriously? Or maybe watching a certain type of Youtube videos.

My point is I wouldn't single out just Tor here. They probably have dozens of
other such idiotic policies that lead to abuses and putting people on "lists"
that then they can take revenge on, such as through adding them to no-fly
lists and so on, with very little to no recourse for the people affected (if
they even ever find out about if or why they're put there, since it all tends
to be _secret_ ).

What happened to innocent until proven guilty? The NSA is simply out of
control and needs to be reined in, otherwise expect abuses against people that
haven't even heard of Tor.

~~~
Shish2k
> we even learned a while ago that not using Facebook makes you "suspicious"

I tried googling for evidence of this ("nsa not using facebook suspicious"),
and this comment (posted 56 minutes ago as of my writing) is the top google
hit, with others being irrelevant o_O

Do you have a link to support this? At this point I am wondering if it's safe
to assume all conspiracy theories are true by default, and lack of evidence is
evidence of conspiracy to cover it up...

~~~
haswell
Remove "nsa" from your query, and you'll find a long list of relevant results.
There was quite a bit of coverage around the web a year or two back about this
topic, but never in the context of the NSA as far as I know.

------
IgorPartola
One possible solution to this would be for Firefox to integrate Tor with their
private browsing mode. That would give the Tor network a huge spike in
traffic. I have no doubt in my mind that the NSA can and probably does monitor
every bit of traffic everyone sends, but the more inconvenient and muddled we
make it the better.

I think we can all assume we (HN readers/posters) are on the NSA lists. Lots
of us mentioned Tor and the NSA online. "He who must not be named" will show
up as soon as you say his name and all that. The question is whether this puts
you into actual risk. I sincerely hope not, but this shit is really getting
out of hand.

~~~
javajosh
_> One possible solution to this would be for Firefox to integrate Tor with
their private browsing mode._

I really like this idea. The practical downside is that Tor is generally very
slow.

BTW I'm not entirely sure how the NSA can justify an anti-Tor stance, when
anonymous speech is clearly protected by the First Amendment. Without
something like Tor, true anonymous speech on the Internet is impossible;
therefore Tor, or something like it, is a necessary tool to maintain that
right.

(Anonymous speech has been historically important, when people would print and
distribute anonymous pamphlets about political issues. Honestly, I am
concerned about criminal use of Tor too, and would be perfectly happy to have
a version of Tor limited to political speech and organization.)

~~~
IgorPartola
> BTW I'm not entirely sure how the NSA can justify an anti-Tor stance, when
> anonymous speech is clearly protected by the First Amendment.

Welcome to America, where the constitution is up for interpretation by
agencies who have no obligation to disclose anything to anyone. The problem
with the NSA is not even that it does all these things. It's that they operate
as a sort of rogue arm of the government and if anyone tries to question what
they do from within the government they can choose not to answer questions.

------
noir_lord
Create a "Fight the NSA button" that links to a google search for Tor or Tails
then post it on everything.

If they really are doing this (and considering recent events I would lean that
way) that would seem like an effective irritant.

EDIT: For clarity, the button should explain what it will do, putting someone
on a watch list without their consent is not a moral thing to do.

~~~
spacefight
Or embed a google search within an iframe.

~~~
noir_lord
The button requires user action, the iframe is passive I'm not convinced
getting someone put on a watchlist without them taking a specific action is a
particularly moral thing to do...

For the sake of clarity I wasn't suggesting the button be put on without a
clear explanation of what it did.

~~~
malka
That's the point. A watchlist with every human, and its friends on it, is
kinda useless.

~~~
draugadrotten
> A watchlist with every human, and its friends on it, is kinda useless.

In the right circumstances, it would be very useful. Not for catching
terrorists but for putting pressure on the people on the list.

"We are only monitoring her because she is on the terrorist watchlist." "She
is only restricted from air travel because she is on the terrorist watchlist."
"She is only denied a fair trial because she is on the terrorist watchlist."
"Please cooperate with us Miss President, unless you want us to tell the press
that you have been on the NSA terrorist watchlist since 2001."

Having everyone on the terrorist watchlist is very useful, when you are able
to selectively choose if and when you are disclosing the fact that someone is
on the list.

~~~
malka
I don't get your point. With your use, they might as well have no list at all.
It would be exactly the same as having everyone on it.

~~~
draugadrotten
The use of the word 'everyone' isn't literal. It's possible that NSAs list of
suspects would not literally include every single human being, but it could
still include too many.

The Sheldon character is very funny on TV.

------
mkal_tsr
"According to the source code will be labeled as extremists in XKeyscore users
when they search the internet for anonymizing tools like Tor or Tails, thanks
to the global monitoring of search queries."

Holy fuck this is disturbing.

Does someone have access to a human-translated copy or similar article?

~~~
VMG
It's based on a report by the TV station ARD. The video shows source code
printouts, here are screencaps:

[http://i.imgur.com/3flJ50Y.png](http://i.imgur.com/3flJ50Y.png)

[http://i.imgur.com/NRMY6Qo.png](http://i.imgur.com/NRMY6Qo.png)

Edit: some say it's not really the XKeyscore code:
[http://blog.fefe.de/?ts=ad4bdd72](http://blog.fefe.de/?ts=ad4bdd72)

~~~
mkal_tsr
"Edit: some say it's not really the XKeyscore code"

Yeah, looking at the code it definitely _involves_ TOR, but I'm really
interested in the "searching for these Tools -> you're now flagged"
claim+proof because that is just so wrong.

~~~
spacefight
It looks like a selector for 3 known TOR directories IPs, either based on HTTP
or HTTPS traffic.

~~~
mike_hearn
They're just screenshots to make the TV show more interesting. They're
obviously not showing the entire source on air.

If they claim to have the entire source code of XKeyScore and knowing that
Snowden accessed so much, why should we doubt them?

~~~
spacefight
True. There's also not much use of showing more source code on screen (or
config files as it looks in this case)...

------
DamnYuppie
I am obviously highly suspicious because I have not only searched for but used
TOR. It is handy when you want to price compare flights. I also don't like
Facebook, I wonder where I am ranked on the NSA's list of potential terrible
people?

~~~
fredley
For a while I taught a security course which included information about how
Tor works. I did a lot of googling around Tor and anonymity in general. I must
be on a few lists by now.

~~~
shill
You might have a record in the Hitlerian maincore database.

[http://en.m.wikipedia.org/wiki/Main_Core](http://en.m.wikipedia.org/wiki/Main_Core)

------
dm2
I was talking on the phone to someone in another country (a US friendly
country) and the other person mentioned Tor. The second he got to the end of
the word the phone call cut out. I haven't had a phone call cut out in years
except that one time.

It was most likely a complete coincidence but it would be very interesting if
anyone else has ever had a similar experience.

~~~
e455b328
It was not a coincidence. I created an account just to respond because I've
been waiting years to have my experience... "validated".

The same exact thing has happened during phone conversations I've had except
with a different word. And I first noticed it years ago but it was post-9/11\.
When it happened I thought the phone call dropped by accident. I called back
and picked up where I left off telling the same story. At the same word the
call dropped again. I called back again and said "uhh, that was weird. Did you
notice it cut off again when I said _______?" And the call dropped once more.
At that point there was no plausible way it was a coincidence. The next time I
called, I decided not to test it again.

I've been looking out ever since for some mention of this somewhere. Never saw
one until now.

~~~
aatos
What was the word?

~~~
BillyParadise
Obviously, it was _______

And if this one is blanked out, too, then you know I'm the newest addition to
the Watchlist.

~~~
enraged_camel
It's not blanked out for me. Clearly the NSA is interfering with your web
experience.

------
fchollet
Is it possible that this, and the release of this information, is part of a
NSA strategy for deterring people from using TOR or encryption? Internet users
will now be too scared to be put on some list to even look up information
about TOR or PGP.

~~~
mkohlmyr
Admittedly I'm not well versed in TOR and how secure it actually is but surely
it would be more actionable for major intelligence agencies to operate a
number nodes in the network and use them to attempt to track and mitm
requests?

As for encryption I haven't seen much to indicate a deterrence strategy, but
maybe I'm not following the media as much as I should.

~~~
alextgordon
Read this: [http://cryptome.org/2013/10/nsa-tor-
stinks.pdf](http://cryptome.org/2013/10/nsa-tor-stinks.pdf)

"Current: access to very few nodes. Success rate negligible because all three
Tor nodes in the circuit have to be in the set of nodes we have access to"

~~~
Globz
Funny how they want to investigate Evercookie persistence and use it to
identify Tor users.

For those of you who doesn't know about Evercookie :
[http://samy.pl/evercookie/](http://samy.pl/evercookie/)
[https://github.com/samyk/evercookie](https://github.com/samyk/evercookie)

------
caio1982
If by extremists they mean freedom extremists then that's fine with me, bring
it on NSA.

~~~
nobodyshere
Anyways, if they are trying to justify doing that by fighting with terrorists,
I'd say the terrorists have already won.

------
Create
We begin therefore where they are determined not to end, with the question
whether any form of democratic self-government, anywhere, is consistent with
the kind of massive, pervasive, surveillance into which the Unites States
government has led not only us but the world.

This should not actually be a complicated inquiry.

[http://www.theguardian.com/technology/2014/may/27/-sp-
privac...](http://www.theguardian.com/technology/2014/may/27/-sp-privacy-
under-attack-nsa-files-revealed-new-threats-democracy)

------
mullingitover
I have to wonder if it'd be possible to DDOS the NSA by having everyone do 'dd
if=/dev/random of=supersecretstuff.txt count=1024 bs=1048576' and post large
files full of random bits all over the web.

The NSA would be obligated to collect and store every damn one of those huge
blobs of random bits on the off chance it'd be used later as a one-time pad,
or that it's encrypted secrets that they need to investigate. It costs nothing
to generate random bits, but it costs > 0 to store that data. Sooner or later
they'd just run out of disk space.

~~~
AlyssaRowan
No.

But finite state machines take finite amounts of time and memory to run - and
even though it runs 'nearline', XKeyScore is not invulnerable to targeted
resource exhaustion attacks.

------
rett12
I suppose everyone here is already on a list anyway. Everyone who leaves a
criticism for the NSA. Everyone who up votes this conversation and other
similar ones. Everyone who contributes to OSS Privacy. Everyone who misspells
Thor. How useful can this really be when there's so much noise?

------
plg
What if we had a system where there was a constant stream of random bytes
coming to/from every IP address out there... and when you wanted to send
actual information, you always sent it encrypted ... then everyone would be an
extremist and encryptors would no longer stand out.

~~~
grkvlt
Yes, this would defeat traffic analysis, but it only works if everyone is
using the same shared channel, or if each user maintains a channel with every
other user they might ever wish to communicate with. Every user must also
check each packet to see if it is encrypted with their public key (requiring
an extensive PKI) and is a valid message for them, which is expensive. The
bandwidth required is also enormous for anything other than a very limited
number of participants.

Sure, Tor achieves some of these goals, and if everyone used Tor all of the
time then it would make the NSAs job much more difficult, but it isn't ever
going to happen, for obvious operational and practical reasons.

------
Nemcue
Uh — someone has the XKeyscore sourcecode? How'd they get their hands on that?
Is this verified?

~~~
jonnybgood
That's what I'm still trying to figure out. How do we know if it's even real?

------
VexXtreme
So would this XKeyscore thing know what you're searching for if you're not
logged into your Google account and you're behind SSL? Would that imply they
have private keys to Google SSL certificates?

~~~
jeletonskelly
Yes, they probably can. One of the early NSA leaks showed that the NSA had
compromised the private networks of many large tech companies. It would be
safe to assume this gave them access to tons of unencrypted data about users
and behavior. The NSA is using a graph database to store all sorts of data and
then joining data across domains to get a fairly complete picture of your
digital life.

------
nnnnni
Well, I guess that the FBI is full of extremists. They use Tor to stay
anonymous just like everyone else.

------
manyman899
i'd say monitoring every single communication going in and out of your country
and storing it is pretty extreme don't you think? I can't imagine any tor
users really give a damn what the nsa think about them. The NSA are clinically
insane

------
plicense
Lol what about Tor developers?

~~~
forgottenpass
They're already on the list of boat-rockers to harass at airports.

[http://en.wikipedia.org/wiki/Jacob_Appelbaum#Detention_and_i...](http://en.wikipedia.org/wiki/Jacob_Appelbaum#Detention_and_investigation)

------
lowlevel
German is difficult. German run through google translate, even more so.

------
jonnybgood
Pure unadulterated sensationalism. The NSA scandal is a moneymaker. No
surprise that it's coming out of German media after the leaks about Merkel.

It is in the US government's interest for Tor to thrive, it even uses Tor.

~~~
why-el
There are factual statements in the article that you could respond to. That's
how a constructive comment should be.

~~~
jonnybgood
What factual statements? It's vague and ambiguous. XKEYSCORE is also not just
a computer program. This is not real source code of XKEYSCORE as you wouldn't
hard code Tor or any targeting vectors in to the source. It's not how the NSA
operates as we've already seen. This is the biggest giveaway that the source
code they're showing is fake.

Are we to accept any article about the NSA without question?

~~~
vidarh
> This is not real source code of XKEYSCORE as you wouldn't hard code Tor or
> any targeting vectors in to the source.

The article mentions both source code and _configuration files_.

~~~
jonnybgood
And how do you know this source code and config files are the real deal? Even
so, the NSA creates programs that take user input for targeting vectors. Past
leaks have shown this. I believe XKEYSCORE was one of these kinds of programs.

