
On being targeted by the NSA - bjchrist
https://blog.torproject.org/blog/being-targeted-nsa
======
hnha
For a little bit of fun: Try linking to
[https://www.torproject.org/download/download-
easy.html.en](https://www.torproject.org/download/download-easy.html.en) on
Facebook and marvel at the non-descript error messages. They depend on where
you try to post it (timeline, comment). For example "could not be posted
because of technical error, try again in a few minutes"...

~~~
alecmuffett
Hi, my name's Alec, I work as a software engineer for Facebook. Apologies for
what you observed, it was due to an automatic system miscategorising the Tor
download site. We've fixed the issue, given our software a stern talking-to,
and are working to ensure that it does not happen again.

~~~
thangalin
I sent a message to FB noting the "mis-categorization" on May 26.

How long did it take to fix the issue? Assuming that it is a simple task to
fix, then why was it not fixed when I reported it on May 26th nor when I
reported it again on June 24th?

~~~
alecmuffett
Hi there; I don't know the answer to that question yet, but I will be
investigating the matter next week and will take action accordingly. Thank you
for the details and for taking the time to do that, it's appreciated.

~~~
chmars
Are your posts are Turing test? ;)

~~~
ttflee
I'm not a bot, but my English teachers always taught me not to put two verbs
in one sentence.

~~~
llllllllllll
Good thing you put 3 verbs in your sentence then ;)

------
snowfear
The link times out for me on Verizon, but it works under Tor. For those who
cannot access it, here is the text of the page:

We've been thinking of state surveillance for years because of our work in
places where journalists are threatened. Tor's anonymity is based on
distributed trust, so observing traffic at one place in the Tor network, even
a directory authority, isn't enough to break it. Tor has gone mainstream in
the past few years, and its wide diversity of users -- from civic-minded
individuals and ordinary consumers to activists, law enforcement, and
companies -- is part of its security. Just learning that somebody visited the
Tor or Tails website doesn't tell you whether that person is a journalist
source, someone concerned that her Internet Service Provider will learn about
her health conditions, or just someone irked that cat videos are blocked in
her location.

Trying to make a list of Tor's millions of daily users certainly counts as
widescale collection. Their attack on the bridge address distribution service
shows their "collect all the things" mentality -- it's worth emphasizing that
we designed bridges for users in countries like China and Iran, and here we
are finding out about attacks by our own country. Does reading the contents of
those mails violate the wiretap act? Now I understand how the Google engineers
felt when they learned about the attacks on their infrastructure.

~~~
bcl
Works fine for me on Verizon.

~~~
joyeuse6701
demonstrate with screenshot plz.

------
pvnick
The release of this source code does not match Snowden's modus operandi, which
is to avoid releasing technical details which would allow other governments to
construct similar surveillance systems. Bruce Schneier and Glenn Greenwald
believe that there are now multiple NSA leakers [1].

[1]
[https://twitter.com/ggreenwald/status/485081861119832064](https://twitter.com/ggreenwald/status/485081861119832064)

~~~
csandreasen
I suspect the "second NSA leaker" is just Jacob Appelbaum with the same set of
documents that Laura Poitras brought back to Der Spiegel. There's already
several people in the infosec community doubting the veracity of some aspects
of the Tor article[1][2][3], including from within the Tor developer community
itself[4]. Though there's no confirmation, some have suspected that Julian
Assange's most likely source for the Afghanistan revelation back in May[5] was
Appelbaum[6].

[1] [http://blog.erratasec.com/2014/07/validating-xkeyscore-
code....](http://blog.erratasec.com/2014/07/validating-xkeyscore-code.html)

[2]
[https://twitter.com/thegrugq/status/485158875721523200](https://twitter.com/thegrugq/status/485158875721523200)

[3]
[https://twitter.com/electrospaces/status/485193336912093185](https://twitter.com/electrospaces/status/485193336912093185)
(scroll up)

[4] [https://lists.torproject.org/pipermail/tor-
dev/2014-July/007...](https://lists.torproject.org/pipermail/tor-
dev/2014-July/007085.html)

[5] [http://gawker.com/why-did-wikileaks-name-country-x-when-
glen...](http://gawker.com/why-did-wikileaks-name-country-x-when-glenn-
greenwald-1580634729)

[6] [http://www.csmonitor.com/World/Security-
Watch/Backchannels/2...](http://www.csmonitor.com/World/Security-
Watch/Backchannels/2014/0520/Assange-threatens-to-release-Snowden-info-that-
Greenwald-says-could-endanger-lives)

------
MikeTaylor
I can't even see this blog. See the screenshot at
[http://www.miketaylor.org.uk/tmp/tor-
mitm.png](http://www.miketaylor.org.uk/tmp/tor-mitm.png)

Transcription follows:

\--

Cannot connect to the real torproject.org

Something is currently interfering with your secure connection to
torproject.org.

Try to reload this page in a few minutes or after switching to a new network.
If you have recently connected to a new Wi-Fi network, finish logging in
before reloading.

If you were to visit torproject.org right now, you might share private
information with an attacker. To protect your privacy, Chrome will not load
the page until it can establish a secure connection to the real
torproject.org.

~~~
slashdotaccount
You may want to disable your /tmp directory's files listing.

~~~
MikeTaylor
Thanks for the concern, but no worries -- that's open by design. Which isn't
to say it couldn't use a bit of a tidy up.

------
Create
­ _it 's worth emphasizing that we designed bridges for users in countries
like China and Iran, and here we are finding out about attacks by our own
country._

We begin therefore where they are determined not to end, with the question
whether any form of democratic self-government, anywhere, is consistent with
the kind of massive, pervasive, surveillance into which the Unites States
government has led not only us but the world.

This should not actually be a complicated inquiry.

[http://www.theguardian.com/technology/2014/may/27/-sp-
privac...](http://www.theguardian.com/technology/2014/may/27/-sp-privacy-
under-attack-nsa-files-revealed-new-threats-democracy)

------
joyeuse6701
running timewarner cable, all of torproject.org is timing out.

~~~
agyl
For me as well. But using Google DNS server or OpenDNS solves the issue.

------
robobro
There's no reason not to link to the primary source.

[https://blog.torproject.org/blog/being-targeted-
nsa](https://blog.torproject.org/blog/being-targeted-nsa)

~~~
dang
We changed the url to that from [http://betaboston.com/news/2014/07/04/tor-
project-responds-t...](http://betaboston.com/news/2014/07/04/tor-project-
responds-to-nsas-xkeyscore-tracking-of-visitors/).

------
eponeponepon
I found this particularly resonated:

"...we designed bridges for users in countries like China and Iran, and here
we are finding out about attacks by our own country."

I don't really know what to say to the NSA/Snowden/etc. stories any more.
Intellectually, I understand that each new worst revelation is worse than its
predecessor - emotionally though, none of it even surprises me any more.

...come on Fort Meade, I _want_ to be surprised. Drop something _really_
juicy. Something so diabolical that it's actually cool.

~~~
diafygi
This isn't for your entertainment. Please set aside your emotions and
contribute to stopping this. Are you registered to vote?

~~~
biafra
Who could you vote for in the US to stop this?

~~~
diafygi
Well George Miller is my current congressional representative, and he scores
an A on the EFF's scorecard, so I vote for him. Also, in a lot of the
primaries that I've seen, there's at least one candidate who is anti-mass
surveillance.

[https://standagainstspying.org/scorecard/](https://standagainstspying.org/scorecard/)

