Use Tor, Get Targeted By the NSA 451
An anonymous reader sends this news from Ars Technica:
"Using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for U.S.-based communications to be retained by the National Security Agency, even when they're collected inadvertently, according to a secret government document published Thursday. ...The memos outline procedures NSA analysts must follow to ensure they stay within the mandate of minimizing data collected on U.S. citizens and residents. While the documents make clear that data collection and interception must cease immediately once it's determined a target is within the U.S., they still provide analysts with a fair amount of leeway. And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the Tor Project—"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated.'"
Re:Good for the economy. (Score:2, Interesting)
I'm thinking of torrenting NPR.
TOR exit node locations (Score:5, Interesting)
I think this is reasonable in the context of communications monitoring. TOR exit nodes are often not in the U.S., and it's reasonable to expect that traffic coming out of a TOR exit node may not originate from the U.S. I don't support this massive data collection in general, but I don't see why TOR traffic wouldn't be expected to raise red flags.
That having been said, I'm not sure where the fire is. Unless you're stupid enough to log into your own accounts (which contain identifying information) via TOR, they can collect all they want, but they'll never tie it back to you.
Now, could they theoretically track your traffic back to its origin if they have a complete picture of the network? It's possible, but they can only do a positive ID when there's not much TOR traffic, especially near your physical location, to begin with. That's where security by obscurity comes into play.
Re:Good for the economy. (Score:5, Interesting)
Why does it matter if someone is a "us person"? Fuck off spying on me America.
Re:TOR exit node locations (Score:5, Interesting)
If the NSA is operating the majority of TOR nodes does that make it easier for them to identify your location? Remember that they have a rather large computer budget.
Re:Good for the economy. (Score:5, Interesting)
Uhm, No
Actually TOR is many things including downloading (AFAIK you can't do torrents though but maybe you can) but it's also for folks who fear reprisals from their governments or for people who don't want their activity tracked for whatever reason. The people who set up TOR do it to promote the freedom and anonymity in the use of the Internet. Yes it's that tool for all those dirty old men out there looking for hookups on Craigslist while at work.
There was an incident last year where an unsuspecting TOR exit node host was charged for the activities of their anonymous users in his local country. [arstechnica.com] So the folks who support TOR (financially, hardware or act as hosts) don't take it lightly so people who use it shouldn't take it lightly either.
TOR is a great tool but you can also set yourself up with a SOCKs proxy very easily say on Amazon AWS (or any other cloud service) meaning, your encrypted traffic would go to their data center and exit out whatever local network pipe they use. It's not as sophisticated as TOR, where multiple hops are used but at least with Amazon's recent statement, they may resist secret demands for your info. You could also set up cascading tunnels of tunnels but meh, I'm already probably in some file somewhere with the FBI or the NSA just for saying you can do this. I guess I shouldn't mention I have a copy of the "The Anarchist Cookbook" should I? Crap I better burn it now. Oh crap, you can get it on Amazon anyway, so I guess they're now suspects. [amazon.com]
Re:US Citizens Only (Score:4, Interesting)
"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain inalienable rights, that among these are life, liberty and the pursuit of happiness."
So I guess "ALL men" means only US citizens? And "inalienable" does mean much of anything?
Rights are universal, and if Americans really, truly believe in them, then they will strive to uphold them for everyone, everywhere.
Re:Good for the economy. (Score:5, Interesting)
Undermining national security. LOL. What does it feel like to see a threat in every shadow? Everyone is out to get you huh? Careful, the Democratic Republic of the Congo might just get the upper hand and de-stabilize the US before invading it!
Seriously, by fundamentally changing what the US stands for over the last 20-30 years, you have undermined your own national security. There isn't anything left worth fighting for.
The truth is, the US. Government is scared because they have been doing things that the people wouldn't approve for decades. They are scared because they know the house they built is coming down around them, and people are getting tired of it. They are scared because they know when we get sick of it and find out all shit they been doing, we are going to come down hard. They are trying to keep us from doing anything.
Re:Good for the economy. (Score:3, Interesting)
And there it is...We The People. We bitch, moan, rant and rave, yet pull the same damn lever each and every time. Is it the "devil you know" syndrome, the sheeple principle, general apathy, or some combination of all of the above.
Consider that the 16% rating comes from people thinking the "Congress" sucks, but "by God my guy is doing good...isn't he?" and thus vote him/her back into office. In my case I am in the manority and though I continue to cast my vote for "anything but the above" I'll lose. The system was gamed long time ago and if you'll pardon the pun...The House always wins.
Re:Good for the economy. (Score:5, Interesting)
TOR != torrent
Perhaps GP meant he would torrent NPR over tor?
That's it. The thought was, it'd be a way to create some really big torrents over The Onion Router that would be active for long periods of time.
The flaw in my cunning plan is that there would need to be recipients for this to work. I may have to label it as porn.
Re:TOR exit node locations (Score:5, Interesting)
It doesn't take much of a slip-up to reveal your identity.
Look at Panopticlick [eff.org] from the EFF. They can uniquely identify most computers just from the fingerprints in the browser - your collection of fonts, browser plug-ins, and other customizations are usually unique to one machine. So if you ever used Google and did anything that identifies yourself, such as purchased something online and had it shipped to your house, and you later use that same browser through Tor and surf to any site they are observing, or through any exit node under their scrutiny, or to any site loading javascripts from an NSA collaborator such as Google, they would be able to associate your anonymous activities with your identified session. (Ironically, an iPad or iPhone is usually very generic because Apple doesn't allow Safari to be modified. However, they still accept cookies and have no deliberate provisions for anonymity.)
We also have evidence that the intelligence agencies already understand this, and are actively using such information. The Gauss malware installs a font named Palida Narrow, which enables any site you visit to surreptitiously check to see if you're infected with Gauss. It's the same idea and the same mechanism.
To safely use Tor, you really need to be careful. You need a stock generic browser, launched from a clean OS image, and you should hope many other people are doing the same. A browser that returns randomly varying attributes to every request would be useful. Block flash, block cookies, and block javascript and all scripts entirely - you dont want Google Analytics or any of the thousand other profiling services to accidentally tag you. You need to connect from varying locations, none of which are your home. A wifi card that allows you to set a random MAC may help. And you likely need to do more - I certainly don't know everything they can observe.
Re:Good for the economy. (Score:5, Interesting)
Or is it that there are only two levers to pull? The two parties work together to make sure no independent or third-party candidate ever gains enough power to threaten their duopoly.
Re:Good for the economy. (Score:5, Interesting)
Technically though under the constitution, foreigners get the same rights as citizens. If it's unconstitutional to wiretap Americans without a warrant then it is also unconstitutional to wiretap foreigners without a warrant.
Whether or not these "laws" are constitutional, the reason they make it clear that they're spying on foreigners but not Americans is really only done for political reasons. They know that congress doesn't care about foreigners and that citizens won't mind much if they accidentally find out about rules that only apply to other poeple. Ie, if the government is spying on US citizens without a warrant then the public would demand a full accounting of what's going on and what legal justification there is and whether the letter of the law is being followed, but if they're only spying on foreigners then there's not much scrutiny paid to these illegal actions.