

Ask HN: Does using TOR make you a target? - autonomy77

Just wondering what the community here felt about the potential risk of &quot;guilt by association&quot; - no matter how tenuous - of using the TOR network.  Does the mere use of this technology give users an automatic red flag in the eyes of the authorities?  Thoughts?
======
mattkrea
It was previously disclosed[0] that yes, even just visiting torproject.org
would mark you as a target and all your subsequent traffic would be funneled
into NSA systems.

[0] [http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-
priv...](http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-
conscious,nsa230.html)

~~~
mo
That is not the case. The disclosures show some rules to match requests to Tor
directory authorities (which most clients connect to to bootstrap) and the Tor
website, amongst others (like some article at linuxjournal). It is unknown
whether these are actual rules in deployment or just example rules from some
demo slides, who can add or select rules for collection on what networks, how
many rulesets there are and, maybe most importantly, how many rules your
traffic has to match before it gets "flagged", and whether that results in
full collection of the traffic or for a subset of the (meta)data.

~~~
mattkrea
While, in looking at the docs again (I Googled them just now having not seen
them since the initial leak) you are mostly correct if you've seen the rest of
their systems that have so far been made public I can't help but assume that
you are flagged on these rules alone.

The most protective their systems got seems to be:

1) Login to Active Directory 2) Explain why you are targeting this person
using a dropdown or <select> 3) Enter email or user ID 4) Wait for results?

This is is why, while you are correct, I would just like to say that it is
safer to err on the side of caution and assume that you are targeted.

Edit: Here is the source that fingerprinted the torproject address I referred
to meaning they fingerprint and then search for these requests. There are
similar definitions for Tails.

// START_DEFINITION /* The fingerprint identifies sessions visiting the Tor
Project website from non-fvey countries. */
fingerprint('anonymizer/tor/torpoject_visit')=http_host('www.torproject.org')
and not(xff_cc('US' OR 'GB' OR 'CA' OR 'AU' OR 'NZ')); // END_DEFINITION

