simonsnake@xxxxxxxxxxxxxxx transcribed 2.2K bytes: > I have two questions about the recent revelations that the NSA has been > collecting data about Tor users. > > I would like to hear from those with personal knowledge and experience such > as Jacob, Roger, Mike, etc. > > AIUI, from the stories in the German media > (http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html) and Wired > (http://www.wired.com/2014/07/nsa-targets-users-of-privacy-services/), the > NSA has logged the IP of everyone who ever accessed: > a) a directory server. > b) an entry node. > c) bridges.torproject.org > d) requested an email of bridges. > e) the tor website itself (except from five eyes countries). > > This is viable as the NSA runs the Quantum network which allows it to > intercept traffic to whichever sites it desires before that traffic arrives > at its destination. Couple points of clarity: The QUANTUM program, which is actually a family of attack vectors developed by the TAO division of the NSA, actually mainly allows for packet injection, i.e. inserting a cloned and/or modified TCP packets or HTTP request/responses with source spoofing which beats the original packet to its final destination. [0] There are several programs which allow for the possibility of traffic analysis, one of which is XKEYSCORE (XKS). [1] Several of these programs interface with programs such as those in QUANTUM. Traffic analysis programs aren't "data collections things"; [2] instead, they run pre-collected traffic through a complex series of rulesets in order classify the traffic for further processing by other programs, or for storage in a database. An example flow for the way an email to bridges@xxxxxxxxxxxxxx might be processed would be: 0. The outgoing email from your Gmail account is captured by PRISM, or a related/similar traffic surveillance program. 1. The captured email is processed by XKEYSCORE. 1a. The email matches the XKEYSCORE ruleset as being an email to bridges@xxxxxxxxxxxxxx (published in the Das Erste article you linked to above). 1a. i. Your outgoing email to bridges@xxxxxxxxxxxxxx, possibly along with other associated information, is stored in a database. 1a.ii. Other processing can happen at this point, if there are additional matching XKEYSCORE rules defined on the XKEYSCORE system processing your traffic. 1b. The email doesn't matches any XKEYSCORE ruleset. 1b. i. UNKNOWN. We don't know yet what is done with the captured traffic at this point. > Two questions: > > 1. What would be the purpose of collecting a vast trove of IP addresses? In > my case, my IP could be tied to my real name since I send emails via SMTP > which will contain my IP, email address, real name, etc. That said, IP > addresses are dynamic. I don't know how easy it would be to identify most > people via an IP. Of course, one way would be to ask the ISP directly. But, > whether tied to a real identity or not, what's the point? What does it > achieve? They also gather the IP address for those who access any number of > proxy services such as MegaProxy and FreeProxies.org. Would they not just > end up with a massive database of (mostly dynamic) IPs? Dynamism, to the extent that it prevents geolocation, in IPv4 address assignment is mostly a thing of the past. I'm usually able to accurately track an IPv4 address down to the city, and I'm sure they can do much better. What they achieve is the ability to accuse a person in the future based on that person's browsing/usage history. Why is this dangerous? For the US, the Congressional Research Service has stated that they do not know the precise number of federal crimes in effect in a region at a given time. Ergo, one could assume that if the number of these laws is unknown, their contents are likewise unknown. And therefore, not even a good lawyer knows off the top of her head if her client is doing something illegal. And then take into account that laws in the US are interpreted by historical precedence, and it now also matters when that person is accused of doing something. You have NO IDEA if anything you are doing is legal or illegal. There is an excellent lecture by a Regent Law Professor explaining more. [3] > 2. What is the attitude that encourages the gathering of this information? > Is it: because they can? Or do they truly believe that anyone who uses Tor > is dangerous? Bear in mind that Tor was developed and is still funded by the > US government. No-one can deny that dissidents in unfree countries use it. > So, even if you assume that a high percentage of users are bad people, what > about the dissidents in the Middle East or wherever? What is the psychology > here? I'm sure people like Roger are in regular contact with some government > types. Perhaps he can shed some light on the motivation? Anyone who has regularly contracted or actively volunteered with Tor has likely had quite some experience with spooks, not only Roger; though, Roger is probably a bit nicer when he talks to them than some others of us. I've contracted to the Tor Project for four years and volunteered some before that. I've spoken to senators and representatives on Capitol Hill, [4] as well as other agencies, regarding my work. The State Dept. has mentioned work by OONI that I had contributed to during one of their morning televised briefings. [5] The behaviours of the various branches and departments of the US federal goverment is, in my opinion (my views do not necessarily express those my employer's), like that of a two-year-old with Multiple Personality Disorder. They only rarely accurately comprehend the scope and impact of a technology, e.g. I've been asked by congressional aides if the tools I contribute to "are for other countries, or for the US?" They seem to think there are borders on the internet. Many of its personalities are often in direct conflict with one another. Some of its personalities are downright sociopathic and strive mainly for selfish ends via means which harm the overwhelming majority of people worldwide, both US persons and otherwise. In my opinion, the NSA, the FBI, and the CIA are prime examples of the US federal government's sociopathic personalities. As someone else mentioned in this thread, the official task of the NSA is to monitor communications: "collects, processes, and disseminates intelligence information from foreign signals for intelligence and counterintelligence purposes and to support military operations." The NSA is also tasked with "preventing foreign adversaries from gaining access to sensitive or classified national security information". [6] Weakening the security of systems, while simultaneously preventing others from accessing them, would make it appear as if the NSA is actually in direct conflict with itself. Additionally, the NSA is in direct conflict with the missions of several other departments, e.g. the State Dept.'s aims to protect U.S. citizens living/travelling abroad and assist U.S. companies in the international marketplace, and likely several other Department's mission statements. [0]: https://en.wikipedia.org/wiki/QUANTUM#QUANTUM_attacks [1]: https://en.wikipedia.org/wiki/XKEYSCORE [2]: https://youtu.be/ooPzr1vzmGY?t=2m41s [3]: https://youtu.be/d-7o9xYp7eE [4]: https://blog.patternsinthevoid.net/congress-not-the-chaos-computer-club-kind.html [5]: https://youtu.be/C9-LjX8wk60?t=59s [6]: https://www.nsa.gov/about/mission/index.shtml (Oh, the synecdoche! nsa.gov has a valid SSL cert, only to downgrade you to plaintext!) -- ââ isis agora lovecruft _________________________________________________________ GPG: 4096R/A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk