Use Tor, Get Targeted By the NSA 451
An anonymous reader sends this news from Ars Technica:
"Using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for U.S.-based communications to be retained by the National Security Agency, even when they're collected inadvertently, according to a secret government document published Thursday. ...The memos outline procedures NSA analysts must follow to ensure they stay within the mandate of minimizing data collected on U.S. citizens and residents. While the documents make clear that data collection and interception must cease immediately once it's determined a target is within the U.S., they still provide analysts with a fair amount of leeway. And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the Tor Project—"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated.'"
Good for the economy. (Score:5, Funny)
So we just need to write a Spam Generator that sends out billions of encrypted stuff to US-citizens to create government jobs?
Nice!
Re: (Score:2, Interesting)
I'm thinking of torrenting NPR.
Re:Good for the economy. (Score:5, Interesting)
TOR != torrent
Perhaps GP meant he would torrent NPR over tor?
That's it. The thought was, it'd be a way to create some really big torrents over The Onion Router that would be active for long periods of time.
The flaw in my cunning plan is that there would need to be recipients for this to work. I may have to label it as porn.
Re:Good for the economy. (Score:4, Funny)
The flaw in my cunning plan is that there would need to be recipients for this to work. I may have to label it as porn.
Then that really would make you criminal.
Hm. I guess it could actually *be* porn, but I'd need some to torrent... Where does one find porn on the internet?
Re:Good for the economy. (Score:5, Interesting)
Why does it matter if someone is a "us person"? Fuck off spying on me America.
Re:Good for the economy. (Score:5, Funny)
Re:Good for the economy. (Score:5, Funny)
Re: (Score:2)
Just keep in mind that a government at 1990's prices would provide half the defense and services that it did in the 1990's due to 20 years worth of inflation.
Also- if you don't pay the promised social security bills you are going to have a lot of starving and dying old people. Some might get violent.
I could see means testing social security more (we already means test it some). Then you only take it away from people who have so much savings or such good pensions that they don't need it (it's just a cherry
Re: (Score:3)
I could see means testing social security more (we already means test it some). Then you only take it away from people who have so much savings or such good pensions that they don't need it (it's just a cherry on top of their retirement income).
So then you're a proponent of government taking money away from people under false pretenses. As in, "we'll take X percent of your income away from you today to provide for you when you get old. Oops, now you're old, we aren't going to provide for you after all. But we WILL give out free lunches to every child no matter how much money their parents make during the summer when school isn't in session. Aren't you glad you paid all those taxes and trusted us?"
If a private company did that, they'd be guilty o
Re: (Score:3)
Yes...and? Sometimes people need to deal with hard times after decades of bad decisions and waste. We allowed this situation to happen, we supported it, we deserve the consequence of fixing it.
"Its going to suck for me" is not an excuse to continue doing the wrong thing and digging deeper and deeper. Simply put, tank manufactuers may not decide tomorow to make bicycles, but, if you don't cut them off, they will NEVER stop making tanks.
Re:Good for the economy. (Score:5, Insightful)
And as it took "decades" of bad decisions, you are not going to change it in a year. The economy does not shift instantly when there are disruptions. That is not to say that nothing should be done, but unless you enjoy civil unrest, crime, massive unemployment, it must be done with care. See Greece for how not to do that sort of thing. Pensioners were committing suicide to avoid starving to death.
Our economy is a LOT bigger and harder to radically redesign.
Cutting off a few tank orders is not the same thing as cutting 40% of Federal spending to arrive at a balanced budget. If you suddenly removed $1 Trillion from the US economy, it doesn't matter how much capital would be freed up for "investment," as you would have widespread panic and unemployment that would make the "great Recession" seem like a day at the park. The fact is, it would "suck" for everyone worldwide. We are 5 years out from the housing bubble and we are just now digging out from unemployment trouble.
The problem is demographics, growth stagnation, and poor planning. Simplistic edicts like yours will not suddenly fix everything.
Re: (Score:3)
Re:Good for the economy. (Score:4, Funny)
So we just need to write a Spam Generator that sends out billions of encrypted stuff to US-citizens to create government jobs?
Nice!
As noble as that might seem, you will be undermining national security and wasting your own tax money.
As if I could EVER fuck that up more than the current regime. Try again, 'cause that bullshit sure as hell ain't a deterrent for our government.
Re:Good for the economy. (Score:5, Insightful)
Undermining national security. LOL. What does it feel like to see a threat in every shadow? Everyone is out to get you huh? Careful, the Democratic Republic of the Congo might just get the upper hand and de-stabilize the US before invading it!
Seriously, by fundamentally changing what the US stands for over the last 20-30 years, you have undermined your own national security. There isn't anything left worth fighting for.
Re:Good for the economy. (Score:5, Insightful)
Re:Good for the economy. (Score:5, Informative)
What is human right and human freedom that USA Government have been actively accusing other countries of lacking whereby they are spying on their own people in their own backyard? Its a disgraceful joke
You can't handle the truth. [youtube.com]
They've been doing it for decades through their intelligence partnerships with various NATO allies. The predecessors of these systems were already in place, the post-9/11 paranoia allowed them to ramp it up to unprecedented levels all over NATO.
For example, Canada has the same rule, a Canadian agency cannot spy on Canadians without specific legal orders. However the U.S. can spy on Canadians, and Canada can spy on Americans. Quid quo pro.
As soon as you have a covert agency in any country is will find some way to dirty itself because most of the time they cannot discuss their operations with politicians.
Re:Good for the economy. (Score:5, Interesting)
Technically though under the constitution, foreigners get the same rights as citizens. If it's unconstitutional to wiretap Americans without a warrant then it is also unconstitutional to wiretap foreigners without a warrant.
Whether or not these "laws" are constitutional, the reason they make it clear that they're spying on foreigners but not Americans is really only done for political reasons. They know that congress doesn't care about foreigners and that citizens won't mind much if they accidentally find out about rules that only apply to other poeple. Ie, if the government is spying on US citizens without a warrant then the public would demand a full accounting of what's going on and what legal justification there is and whether the letter of the law is being followed, but if they're only spying on foreigners then there's not much scrutiny paid to these illegal actions.
Re: (Score:3)
No. The Constitution talks about "citizens" and "persons" and fairly clearly distinguishes that they are not the same thing. An immigrant non-citizen in the USA is a "person" and does not have the right to vote, but does get other rights as a person.
Not until 2008 did the question of foreigners outside of the U.S. get a formal statement, thanks to a Supreme Court decision, regarding whether they get protections. The enti
Re: (Score:3)
WHat is readign and writing first
WHat (I'm not sure what a W Hat is.) is readign and writing (You misspelled reading. Also, this should be 'are reading and writing'.) [first] (Unnecessary word...makes no sense in the context of the sentence. Also missing punctuation.)
first get your self some ability to read and write ...now go back and try again ...
first (needs capitalization) get your self (this is one word, yourself, unless you are talking about his Ego - learn about reflexive pronouns [engvid.com]) some ability to read and write ...now go back and try again ... (overusage of the ellipsis - use actual punctuation)
what is human left or right.....anyhow?
what
Re:Good for the economy. (Score:5, Interesting)
Undermining national security. LOL. What does it feel like to see a threat in every shadow? Everyone is out to get you huh? Careful, the Democratic Republic of the Congo might just get the upper hand and de-stabilize the US before invading it!
Seriously, by fundamentally changing what the US stands for over the last 20-30 years, you have undermined your own national security. There isn't anything left worth fighting for.
The truth is, the US. Government is scared because they have been doing things that the people wouldn't approve for decades. They are scared because they know the house they built is coming down around them, and people are getting tired of it. They are scared because they know when we get sick of it and find out all shit they been doing, we are going to come down hard. They are trying to keep us from doing anything.
Re:Good for the economy. (Score:5, Insightful)
Undermining national security. LOL. What does it feel like to see a threat in every shadow? Everyone is out to get you huh? Careful, the Democratic Republic of the Congo might just get the upper hand and de-stabilize the US before invading it!
Seriously, by fundamentally changing what the US stands for over the last 20-30 years, you have undermined your own national security. There isn't anything left worth fighting for.
The truth is, the US. Government is scared because they have been doing things that the people wouldn't approve for decades. They are scared because they know the house they built is coming down around them, and people are getting tired of it. They are scared because they know when we get sick of it and find out all shit they been doing, we are going to come down hard. They are trying to keep us from doing anything.
Come down hard?! Hmm, no. The American people will continue to ignore what the U.S. government does as long as they keep Hollywood pumping out new episodes of "Ouch! My Balls!" If the American people really gave a fuck, then a Congress with 16% approval rating would be wiped clean rather than the majority of incumbents be re-elected.
Re: (Score:3, Interesting)
And there it is...We The People. We bitch, moan, rant and rave, yet pull the same damn lever each and every time. Is it the "devil you know" syndrome, the sheeple principle, general apathy, or some combination of all of the above.
Consider that the 16% rating comes from people thinking the "Congress" sucks, but "by God my guy is doing good...isn't he?" and thus vote him/her back into office. In my case I am in the manority and though I continue to cast my vote for "anything but the above" I'll lose. The
Re:Good for the economy. (Score:5, Interesting)
Or is it that there are only two levers to pull? The two parties work together to make sure no independent or third-party candidate ever gains enough power to threaten their duopoly.
Re:Good for the economy. (Score:4, Insightful)
Again, nothing to panic about, so don't vote for someone who says we should require blood samples to fly...
Re: (Score:2)
Not my tax money! and no, I don't trust your government like they ask for.
Please tell them to stop spying on me.
Re: (Score:2)
As noble as that might seem, you will be undermining national security and wasting your own tax money.
And we employ professionals to do both of those. We call them "Legislators".
Re:Good for the economy. (Score:5, Interesting)
Uhm, No
Actually TOR is many things including downloading (AFAIK you can't do torrents though but maybe you can) but it's also for folks who fear reprisals from their governments or for people who don't want their activity tracked for whatever reason. The people who set up TOR do it to promote the freedom and anonymity in the use of the Internet. Yes it's that tool for all those dirty old men out there looking for hookups on Craigslist while at work.
There was an incident last year where an unsuspecting TOR exit node host was charged for the activities of their anonymous users in his local country. [arstechnica.com] So the folks who support TOR (financially, hardware or act as hosts) don't take it lightly so people who use it shouldn't take it lightly either.
TOR is a great tool but you can also set yourself up with a SOCKs proxy very easily say on Amazon AWS (or any other cloud service) meaning, your encrypted traffic would go to their data center and exit out whatever local network pipe they use. It's not as sophisticated as TOR, where multiple hops are used but at least with Amazon's recent statement, they may resist secret demands for your info. You could also set up cascading tunnels of tunnels but meh, I'm already probably in some file somewhere with the FBI or the NSA just for saying you can do this. I guess I shouldn't mention I have a copy of the "The Anarchist Cookbook" should I? Crap I better burn it now. Oh crap, you can get it on Amazon anyway, so I guess they're now suspects. [amazon.com]
Re: (Score:2)
Re:Good for the economy. (Score:4, Insightful)
Define "Communication Purposes Only."
Re: (Score:3, Insightful)
Isn't that mostly what Tor already is?
A bunch of people downloading music and movies to hid from the RIAA and MPAA despite being told Tor's a bad tool for the job?
No, Tor doesn't run fast enough most of the time to make torrents worthwhile. Most people use Tor as an anoymous proxy, and that's all.
The Onion-based sites themselves mostly contain illegal activity such as child porn, drugs (Silk Road), hacking hangouts, credit card trading forums, and other stuff that is likely to get you in trouble with various governments around the world.
Re:Good for the economy. (Score:4, Insightful)
I don't really get it... The entire reason you might use Tor is because you want to hide what you're doing from the authorities... Why on earth would the authorities not consider it interesting what you're hiding if you're doing so?
It's like suggesting that a cop shouldn't go and investigate a guy handing a package to another guy in a back alley because back allies are common places for drug deals to take place.
They have suspicion that something dodgy is going on, and they're investigating it, that's what we pay them to do.
I use TOR for the same reason I close my curtains at night and don't keep my personal journal out on the front porch with a sign that says "read me!". I just don't like other people snooping on my private life. Though if I had to choose between some random guy on the street watching my browsing activity or the NSA, I'd choose the guy on the street because he's probably only doing it because he's nosy, but the NSA is doing it to see if they can link me to terrorism.
Re:Good for the economy. (Score:4, Informative)
Re:Good for the economy. (Score:5, Insightful)
The entire point and purpose of the 4th amendment is to prevent this sort of thing. The government is not supposed to search someone unless they have evidence that that specific person committed some specific crime.
That principle is important, because it prevents (sadly real world) problems like "a liquor store got robbed - detain every black person in a 3 block radius, one of them probably did it" or "it's Wednesday, round up every Jew in a 3 block radius and search them all - we'll find something to arrest some of them for" or "these Tea Party guys sure do oppose the party in power, lets search them all and see if we can find any grounds to arrest some of them".
Any power you grant the government or the police will be abused to the maximum extent consistent with human nature. You need to constrain the power to search more narrowly than "that guy looks suspicious to me".
Re:Good for the economy. (Score:5, Insightful)
Um, wow. Where to begin?
"eth0" doesn't live at /dev/eth0. It's not a character device. You can't just write a stream of bytes to it and expect them to appear on the wire. If you somehow could, the result stream of bytes would look nothing like ethernet packets, and all you would succeed in doing is wreaking havoc on your LAN. Your router wouldn't be able to understand anything it saw, and would transmit none of it to your ISP.
Also, mathematically, true random data can't be compressed. In practice, that holds true for the output of your pseudo-random number generator too. I.e. why the heck are you using "compress"?
Furthermore, on most modern unixes "/dev/random" consumes entropy from your kernel's entropy pool. If the level of entropy available gets low, reading from it will block until more random data is available. Unlike /dev/urandom, /dev/random will not generate more pseudo-random output on demand. That means that running the above command will make any process on your system that uses /dev/random (i.e. all active SSH sessions, HTTPS connections, etc.) hang. The entropy pool is replenished from various physical sources - such as the number of microseconds between incoming packets, keystrokes, etc. - but not quickly enough if you run the command you suggested. (At least, not unless your motherboard has a hardware entropy source. They exist, but they're rare.)
You really didn't think that comment through much, did you?
Uhm, guys? (Score:5, Insightful)
Given the recent revelations about the NSA dragnets of literally every single email, call, text, and pretty much any other form of electronic communication, it's pretty much a given that the best way to attract the NSA's attention is fog a mirror.
non-issue (Score:5, Informative)
You are supposed to use HTTPS only over Tor anyway and transmit no identifying data in other cases, respectively. Tor already assumes the existence of such an adversary as the NSA, so what's the story here?
Re:non-issue (Score:5, Insightful)
Tor already assumes the existence of such an adversary as the NSA, so what's the story here?
That TOR is right. Even in countries that are not a far-from-my-bed dictatorship.
Re: (Score:3)
The story here is that if you use Tor you might be flagging yourself as a "valid US target".
Re:non-issue (Score:5, Insightful)
You are supposed to use HTTPS only over Tor anyway and transmit no identifying data in other cases, respectively. Tor already assumes the existence of such an adversary as the NSA, so what's the story here?
The way I see it, if you use the internet without TOR or VPN etc then everything is out in the open and the NSA logs everything and keeps everything IF OR UNTIL they determine you are a US citizen.
Or, you can use TOR or VPN or whatever and the NSA will log everything and keep everything - and consider your actions suspicious.
Moral of the story - If you use TOR or VPN for anything interesting you better make sure you do it right. If you don't use TOR or VPN then don't do anything interesting.
Re: (Score:3)
Yeah, I don't see this as surprising.
If you're using TOR to try and conceal your country of origin, don't be surprised when a government agency which is allowed to spy on foreign communication might mistake your traffic for that of a foreign communication. The harder you make it to identify your communication as American, the less likely they are to legally 'ignore' your traffic.
Re: (Score:2)
You are supposed to use HTTPS only over Tor anyway and transmit no identifying data in other cases, respectively.
Until the adversary starts issuing warrants for the private server certificate keys to the entities hosting the HTTPS services you accessed over Tor.
Not only do you want to encrypt your Tor traffic, but you also want to only access services that are not under the jurisdiction of the adversary.
Read article on TOR, get targeted (Score:2)
Aren't they violating the millennium act? I suppose that's only if they try to circumvent an encryption scheme....
Re:Read article on TOR, get targeted (Score:5, Informative)
Aren't they violating the millennium act? I suppose that's only if they try to circumvent an encryption scheme....
It's the government doing this. That makes it legal, sorta. At least it is sorta legal if you wanna bag them terrorrorrorrorrists.
Personally, I think the terrorrorrorrorrists already won.
Re: (Score:2)
Shit, use the T-word now and you can get rid of all sorts of annoying problems. It's like that scene from "Cheech and Chong's Next Movie" where Paul Rubens (of Pee Wee Herman fame) is on the phone trying to get the police to come and arrest 'Los Guys' because they are doing a B&E to get the luggage.. (Funny Scene) anyway the cops are paying him lip service and he finally says "Look I think they're Iranians!" [youtube.com].. All of a sudden SWAT shows up with dozens of squad cars, megaphones blaring.... This was 198
Re:Read article on TOR, get targeted (Score:5, Insightful)
After 9/11 there were things done that made sense such as equipping airliners with armored cockpit doors, not allowing knives or axes or chainsaws in carry on, but collectively we should have kept a stiff upper lip, rebuilt the damn towers 1 story higher and said "It's going to take more than that to change us". Instead we went whining and cowering to the corner and those seeking more power ceased the opportunity telling us "they'd make us safe". I've read that line in enough history books to know whenever those in power start making that claim, bad things happen. Really bad things.
If you want to live in a free and open society the consequence of such is that sometimes people do bad things. That is the price of such a society. I think in my parents and certainly my grand parents generation they understood this. I put a lot of people off when I say this: but 3000 people die when bad guys crash planes into buildings. Well maybe we should look at things like the cockpit doors and explore air marshal programs. But the Patriot Act? No thanks. If it means 3000 people have to die now and then compared to having to live in a surveillance state, then so be it. 3000 people have to die. It's the price of the very freedoms we claim we so desire. So when bad guys do bad things, lets as a society help those directly effected the best ways we can, but we're never going to be safe. It's a dangerous world. And we as a society in the US don't seem to want to wake up to that reality.
Now I look around and wonder if Hobbes wasn't right: people are stupid and need to be ruled over by Kings. Because that what it seems like people have been "wanting" these past 12 years...
Anyone else notice a pattern? (Score:5, Insightful)
Re:Anyone else notice a pattern? (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
"Where does it actually end is what id like to know"
All your ass are belong to us! Set us up the BOMB!
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re:Anyone else notice a pattern? (Score:5, Insightful)
Does anyone still believe them?
Yes. And they're a part of the problem.
Re: (Score:2)
Re: (Score:2)
They keep stretching the parameters and scope of what they can do. Of course that is only after they have been caught lying about the scope to begin with. Does anyone still believe them? I imagine quite soon they will start declaring that they need to have a back door to all encryption just in case you might do something wrong.
Are you new to the world, or is this sarcasm?
Re: (Score:2)
Does anyone still believe them?
No.
Re: (Score:2)
Quantum computing is not a silver bullet. It'll break current public key encryption (Shor's algorithm) and symmetric ciphers with short key lengths (Grover's algorithm), but longer symmetric key ciphers (256 bits and longer) will remain secure.
It's Worse Than You Thought (Score:5, Insightful)
Combining the fragments of leaked information that are now public related to the NSA's programs and the legal authorities affirmed by the FISA courts and Attorney General Eric Holder, it's clear that the US government's surveillance apparatus has the potential to monitor a significant portion of US citizens' communications.
Several reputable reports, including PBS' Frontline and NOW, have detailed the construction and operation of telecommunication interception facilities such as Room 641A. These types of facilities, which were deployed by 2003 and revealed to the general public by 2006, provide the NSA with the opportunity to access a large volume of telecommunications traffic. To use an analogy, imagine that several major mail sorting hubs in the US had "secret" rooms controlled by the NSA that all mail passed through.
A significant portion of Internet traffic is encrypted. Online banking, Facebook, Twitter, Gmail, etc. utilize standard SSL encryption to provide security. To continue the analogy, while some internet traffic is unencrypted in much the same way that postcards are mailed all the time with their messages clearly visible, many "sensitive" online communications such as the aforementioned banking and social networking services encrypt communications, similar to the way that sensitive mail communications like bank statements are usually sent in envelopes and not on postcards.
It is not politically palatable to suggest that US government agencies can and should surveil US citizens' telecommunications in any indiscriminate fashion, and there is no clear legal authority that would permit them to do so. In an interview with Charlie Rose that aired June 17, 2013, President Barack Obama said "...if you're a U.S. person then NSA is not listening to your phone calls and it's not targeting your e-mails unless it's getting an individualized court order."
Under the original provisions of the 1978 Foreign Intelligence Surveillance Act (FISA), the US government does have authority to conduct surveillance of communications without a court order if the parties communicating are not United States persons. More recent amendments to FISA since September 11, 2001 have expanded the government's authority to conduct surveillance.
It can be difficult to identify the geographic origin of telecommunications traffic. Tor, Virtual Private Networking, and Internet proxies provide ways for Internet users to "hide" their return addresses. There are all sorts of legal, legitimate uses for these technologies. For example, the 1996 Health Insurance Portability and Accountability Act (HIPAA) is widely interpreted to require hospitals to use encryption technologies such as Virtual Private Networks to protect confidential medical information if it is transmitted electronically between medical facilities.
It is also incredibly difficult to determine the nationality of a user of a telecommunications network. For example, two non-US persons could be visiting the US and using a telecommunications network in the country or a US citizen could utilize a telecommunications network when traveling outside the US.
There's an area where it helps to extend the envelopes vs. postcards analogy a bit: encryption is, in some ways, more like mailing a letter in a combination safe where only the sender, receiver, and safe company know the combination. The whole point of encryption is that it secures communications in such a way that even if someone intercepted an encrypted message, they couldn't read it unless they knew the secret combination to decode it.
This leads to a couple of questions:
Re: (Score:3)
... If the US government is trying its best to restrict its surveillance to non-US persons, what does it do if it accidentally intercepts and reads communications from a US person?
Probably the same thing the Police and Federal Agencies do when they falsely arrest you. They say "Oops! So you didn't do anything wrong. But we are keeping all of your info in our database of criminals forever, just in case."
Re:It's Worse Than You Thought (Score:4, Insightful)
Instead of cracking each encoded message they intercept, it would be much easier for the NSA to simply obtain the decryption codes directly from the central authorities like Symantec/VeriSign. This would greatly simplify the problem and would allow the NSA to instantly decode much of the encrypted communication it intercepts
Symantec and VeriSign don't create the encryption keys. You do. The private key remains private. Their job is to simply add a trusted digital signature to the public key that you've produced.
Here's the catch, (Score:5, Informative)
http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant [guardian.co.uk]
Re: (Score:2)
" Where the NSA has no specific information on a person's location, analysts are free to presume they are overseas, the document continues." http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant [guardian.co.uk]
Great! so all they have to do is strip the locale info before handing the data to their analysts. One bounce through an offshore relay should do the trick.
Re: (Score:2)
So ....guilty until proven innocent.
I wouldn't work quite as well if everyone was consider a US citizen until proven otherwise, comrades.
Re: (Score:2)
It would work even better if non US citizens were not considered as subhuman.
It's becoming a trend that every time the US government strips your rights they find a way to deny your citizenship (anwar al-waki & son) so that no one can complain.
If you are american, you should stop excusing injustices if they don't seen to happen to "proper US citizens".
encryption (Score:5, Funny)
use TOR to send copies of 1984
That's the point of Tor. (Score:5, Insightful)
Yes, using Tor is going to attract attention. That's why we need as many people as possible to use Tor, to decrease the signal to noise ratio. If you have nothing to hide, you should be using Tor to help protect those who do.
Re: (Score:2)
Re: (Score:2)
No, I am Spartacus.
Re: (Score:2)
I am also All That!
Re: (Score:3)
No, I am Sparticus
No targeting anyone in the USA (Score:5, Insightful)
Re: (Score:2)
TOR exit node locations (Score:5, Interesting)
I think this is reasonable in the context of communications monitoring. TOR exit nodes are often not in the U.S., and it's reasonable to expect that traffic coming out of a TOR exit node may not originate from the U.S. I don't support this massive data collection in general, but I don't see why TOR traffic wouldn't be expected to raise red flags.
That having been said, I'm not sure where the fire is. Unless you're stupid enough to log into your own accounts (which contain identifying information) via TOR, they can collect all they want, but they'll never tie it back to you.
Now, could they theoretically track your traffic back to its origin if they have a complete picture of the network? It's possible, but they can only do a positive ID when there's not much TOR traffic, especially near your physical location, to begin with. That's where security by obscurity comes into play.
Re:TOR exit node locations (Score:5, Interesting)
If the NSA is operating the majority of TOR nodes does that make it easier for them to identify your location? Remember that they have a rather large computer budget.
Re: (Score:3)
Yes. My recollection is this is the canonical method circumventing Tor - and the US government has always been the actor in the best position to do this.
Running Tor is good. Running Tor exit nodes is even better, but you probably don't want to do that at home, at least at home in the US.
Re:TOR exit node locations (Score:5, Interesting)
It doesn't take much of a slip-up to reveal your identity.
Look at Panopticlick [eff.org] from the EFF. They can uniquely identify most computers just from the fingerprints in the browser - your collection of fonts, browser plug-ins, and other customizations are usually unique to one machine. So if you ever used Google and did anything that identifies yourself, such as purchased something online and had it shipped to your house, and you later use that same browser through Tor and surf to any site they are observing, or through any exit node under their scrutiny, or to any site loading javascripts from an NSA collaborator such as Google, they would be able to associate your anonymous activities with your identified session. (Ironically, an iPad or iPhone is usually very generic because Apple doesn't allow Safari to be modified. However, they still accept cookies and have no deliberate provisions for anonymity.)
We also have evidence that the intelligence agencies already understand this, and are actively using such information. The Gauss malware installs a font named Palida Narrow, which enables any site you visit to surreptitiously check to see if you're infected with Gauss. It's the same idea and the same mechanism.
To safely use Tor, you really need to be careful. You need a stock generic browser, launched from a clean OS image, and you should hope many other people are doing the same. A browser that returns randomly varying attributes to every request would be useful. Block flash, block cookies, and block javascript and all scripts entirely - you dont want Google Analytics or any of the thousand other profiling services to accidentally tag you. You need to connect from varying locations, none of which are your home. A wifi card that allows you to set a random MAC may help. And you likely need to do more - I certainly don't know everything they can observe.
Re: (Score:2)
Probably costs something like $10K/year to operate a small server. With the NSA's budget I would expect they could operate 10K-100K servers in locations around the world. These could be used for all sorts of functions, including honeypots, monitoring, and TOR monitoring.
The darkest place is under the lamp (Score:3)
It's always true. Just send your communications directly to NSA and a bunch of other people (from a SPAM list) and ask to have it forwarded to the final recipient. It's unlikely that it will get flagged as a potential threat....
Technicalities (Score:5, Insightful)
Re: (Score:3)
Does this technicality allow the U.S. government to open sealed First Class mail whenever it likes? Sure its a domestic delivery but we haven't confirmed that both the sender and the intended recipient are U.S. citizens.
Re: (Score:2)
Completely Off the Rail at Section 5.2 (Score:5, Informative)
yeah, the encrypted data bit is interesting (who doesn't use opportunistic TLS on SMTP these days?) but here's the bigger problem:
That's it, no questions left, the NSA is involved in domestic surveillance of US Citizens for law enforcement purposes. It's as if the Church Committee never existed.
Considering the ease of writing those two required letters and the current state of law breaking in the United States [amazon.com], it's easy to see how bureaucrats could take the guidelines as written and 'reasonably determine' that all domestic communications need to be stored in perpetuity.
Assuming anything else is to assume a level of generosity and restraint on the part of the intelligence agencies that each day we find ourselves more foolish to do.
THIS is the question to ask next in a hearing (Score:3)
"A simple question, Mr. Holder: how many of these extensions have you and your miserable predecessors rubber stamped? I'm putting the final touches on your Contempt of Congress while you ponder about lying. Again."
"unless such person can be positively identified" (Score:2)
Re: (Score:2)
Collected until demonstrated boring.
How does this get fixed? (Score:2)
I don't see how with the current form of government that's been perverted and the people in power.
Will it take 20M people marching on DC or a coup or ???.
Re: (Score:2)
Re: (Score:2)
Have you forgotten that "spying on foreigners" is what countries *do*, and have done since civilizations got big enough to bump into one another?
Greetings NSA Overlords (Score:4, Funny)
Time for this community to step up. (Score:3)
Many moons ago, people used to stuff all kinds of ridiculous claptrap in their Usenet .sig lines to "clog the NSA monitors." Keywords like nuclear, communist, peace, soviet, blah blah blah blah. It was a fairly useless exercise whether the underlying suspicions were true or not.
The execution was amteurish, but today's news proves that the principle is worth exlporing further. Software developers need to stop talking the talk and make a more concerted effort to transparently encrypt all the network communication conducted by their applications, their mail systems, their social media platforms, whatever. The cypherpunk community has long pooh-poohed allowing "weak" encryption to become entrenched and create a false sense of security. But this "secutrity through purity" approach has resulted in the abject failure of the widespread adoption of encryption at all levels. Can we not find some sort of barely acceptable common standard and just start routinely implementing it and make the marketing people figure out how to describe it as a sexy feature?
"Inadvertent" (Score:5, Insightful)
Re: (Score:2)
Wow. You're good at Govspeak.
Re:"Inadvertent" (Score:4, Insightful)
You will notice, of course, that the procedure does not contain a provision for removing items from the mouth other than by swallowing.
Same as Storing All Private Mail (Score:2)
Extended to the physical mails it is analogous to deeming all sealed letters and other private mail to be suspicious and in need of permanent archiving, and so create Postal Bots that open each letter, photocopies its contents, the reseals it it until the Government decides it wants to devote the resources to looking it up and reading it.
In the email case the saving is easier, and the reading is harder than with physical mail but they both accomplish the same task (treating private mail as government proper
Too much focus on Tor (Score:2)
what about encrypted chat?
It moves me to verse (Score:4, Funny)
A torrentor who Tor'd some torrent
Tried to tutor two torrentors to Tor
Said the two to the tutor
Is it harder to Tor
Than to torrent two torrents over Tor?
Re: (Score:2)
Don't tell me you're as Stupid as you are Cowardly.
They're not US Citizens and therefore don't fall under the protection of the US Constitution.
I'd be disappointed if the FSB, "MI5" and Chinese MSS aren't trying to do the same to the US.
Re:US Citizens Only (Score:4, Interesting)
"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain inalienable rights, that among these are life, liberty and the pursuit of happiness."
So I guess "ALL men" means only US citizens? And "inalienable" does mean much of anything?
Rights are universal, and if Americans really, truly believe in them, then they will strive to uphold them for everyone, everywhere.
Re:US Citizens Only (Score:5, Informative)
As a naturalized US citizen who actually took a small quiz on this, I am honor-bound to point out that the fine quotation you have provided is actually from the Declaration of Independence, and not the Constitution. While it certainly reflects the aspirations of the founders, and may well represent my or your best hopes, it's not actually the law of the land. The constitution is clearer about its jurisdiction.
Re:Awesome! (Score:4, Insightful)
Too bad you just linked your slashdot user account to that proxy and TOR ID... Better blacklist that proxy and reinitialize your TOR node ASAP. Just sayin'...