Slashdot Mirror
Most Tor Keys May Be Vulnerable To NSA Cracking
Ars Technica reports that security researcher Rob Graham of Errata Security, after analyzing nearly 23,000 Tor connections through an exit node that Graham controls, believes that the encryption used by a majority of Tor users could be vulnerable to NSA decryption: "About 76 percent of the 22,920 connections he polled used some form of 1024-bit Diffie-Hellman key," rather than stronger elliptic curve encryption. More from the article: "'Everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys,' Graham wrote in a blog post published Friday. 'Assuming no "breakthroughs," the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.' He went on to cite official Tor statistics to observe that only 10 percent of Tor servers are using version 2.4 of the software. That's the only Tor release that implements elliptical curve Diffie-Hellman crypto, which cryptographers believe is much harder to break. The remaining versions use keys that are presumed to be weaker."
there goes the neighborhood
for how many chips?
Sheesh, evil *and* a jerk. -- Jade
If someone encrypts twice, does that make it exponentially harder to crack, or just twice as hard?
The more I read of Slashdot (and to an extend Ars Technica), the less I want to continue reading. All it is these days is NSA, NSA, NSA. It's too damn depressing and what's worse, it's one of those situations where it's
(a) an intangable threat (you will probably never suffer directly because of what they're doing, but it still feels wrong)
(b) related to (a), it's something that the wider public doesn't know about and would be hard-pressed to convince is a threat without sounding like a looney
(c) cannot be overcome (moving to Linux for example doesn't change much if the network can still be tapped, and evidently TOR is now comrpomised), short of abandoning technology and reverting to primitive technology for, again, a hypothetical threat that will probably not ever affect us DIRECTLY, but still something we know shouldn't be happening.
I just want to read about science and technology, interesting shit. Seems impossible to do that anymore since clearly NSA stuff rates rather highly.
TL:DR - what's the point of knowing how evil things are if tangible, WIDESPREAD changes aren't going to happen due to our lack of power? You just become miserable, while everyone else is (relatively) happy because they don't know. There's a reason ignorance is bliss is a saying.
"Holy crap! A weapon just floating in space!"
If that speculation is right, that a billion dollars will buy hardware that takes a few hours to break one key, great. That would mean nobody is going to break MY key, and that al Qaeda's keys were broken soon after they started using them. Works for me.
Mmmm laws that granted NSA permissions to do this have been approved during Bush presidency. Is this meaning Republicans and Democrats are the same? Maybe it's time to wake up US citizens and stop voting for those two partys over and over... But as a Canadian, I probably should not comment on US politics. Anyway our Prime is not a reference...
Ok, then don't use https at all.
Don't use a password. Make all your files available to the public.
You dont have anything to hide, so why hide it?
We need to improve the political ecosystem. Throwing cryptography is easy for programmers (who know nothing else) but it fails to correct the underlying problem. Worse yet, our enemies (yes, there are legitimate examples of people who want to hurt us) benefit from this double-edge weapon.
"When all you've got is a hammer, everything looks like a nail." That doesn't just apply to programming, it applies to programmers. Stop being lazy and fix the underlying problem.
If you have to hide, the Internet isn't for you.
It's kinda twisted. I'm just guessing but I'm guessing everything a pedophile would want, and, maybe even a terrorist would want is available in some hard copy someplace they could access with much less likelihood of getting caught. It's like using the Internet is part of some twisted rush they looking for.
According to consolidated financial statements and reports of the Tor Project for the year ending December 2012, US Federal agencies are responsible for nearly sixty percent of funds received by the project. Tor has taken a defensive stand against this, but who knows?
Ehhh, Canada's a two party system anyways. I happen to vote for one of the fringe parties and when I say Harper sucks, they assume I'm a liberal. When I complain about Trudeau they accuse me of being a Harper booster. We occasionally get to see a third party slightly modify things, but that's rare. And we get to see one other party that only one province votes for that can never run the country because they won't run candidates anywhere but their home province (mostly because they hate every single other province).
Canadian politics are probably a worse version of US politics. Can you imagine how well the US would work with 52 parties, each of them never having a chance of winning except California?
What is the NSA going to do with your pron? Everyone is quaking in fear at the United States government, and no one is quaking in fear at the prospect of the loss of credibility of the US government. China, Russia, etc are dictatorships that would have/do not have any qualms about using whatever means they have a their disposal to compete globally, if the NSA isn't on top they will be, and you can bet your asses you wont like the result.
A two party system with a third one being the official opposition right now... Yeah Right (Slow Clap).
What's this "have to hide" bullshit? What if you want to hide? A large percentage of the population are introverts, and a significant proportion of both those (among others) don't have any desire to share anything personal with anyone, at least aside from those they choose to. Some people like privacy, like anonymity, like not being seen by others. Hell - I get a serious case of anxiety if someone is merely standing behind me, no matter how innocuous my activities.
Please, don't start with this "if you have nothing to hide, you have nothing to worry about" utter crap. The next step to that is "if you have anything to hide, you're probably a pedophile" which you're already alluding to. No, we just don't like oxygen-wasting cretins sticking their nose into our lives. Considering such a vast number of people value their privacy in exactly the same way, this behavior is *natural*.
I make very little effort to hide my presence online. But if I did choose to, then by no means does anyone have any justification to suggest that there's something wrong with wanting to hide. It's part of the human condition - some people like being seen, being known, being pored over - some people prefer the exact opposite.
You might suggest this is an over-reaction, that you're merely pointing out that the internet isn't for people who want to hide. But the point is, it should be. You should be directing your energies to fixing the problem - not just throwing your hands up and saying 'don't bother trying to hide even if you want to'.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
1. Us government creates Tor.
2. Us government can audit Tor traffic.
Who exactly is surprised by this??
-Lod
...that I have is not with the NSA being able to crack some platform's encryption. TOR after all was a product of some part of the DOD at least in part in response to the great firewall in China, though it's been through some itterations since.
My concern is that there's likely to be far greater money available from people willing to make use of collections of cracked keys outside of the news sector, than there is within it. That tells me that it's far more likely that someone working at the NSA is likely to be being asked to collect such keys for truely neferious purpouses, than that the press will find out that such is happening.
A MITM attack on an individual with such a key seems to me to be far more likely than that the NSA is interested in actually reading the vast collection of encrypted data that they have collected over the years they have been running these programs.
I can hope that such materials are being held in the strictest of secure areas, but that's kind of what a lot of people thought was happening with the material that Manning is convicted of sending to WikiLeaks, and Snowden has been giving to The Guardian, and presumably others.
You never know...
If I lived in Alberta, I'd vote for the Quebec party. If Quebec secedes, Alberta would be next.
If I pay all installation fees, maintenance costs, and a small monthly rate, would you permit me to install HD cameras in all the rooms of your house? (including toilets). I'd like to run my own free to view reality TV show for my site but am having trouble setting this up fully above board due to privacy laws. All I really need is someone such as yourself who understands that privacy is pointless and is willing to sign away all the corresponding legal rights.
Patriot act wasn't driven by Bush, it was largely already written and pushed through by the spooks after 911.
Mass surveillance wasn't driven by Cheney, General Keith Alexander did that, turning a "intercept everything and filter" FISA warrant into a "intercept everything, filter out spam and store it".
When this scandal came out, he wanted Congress pass laws to give companies that acted for the NSA, immunity from their deads, i.e. to be above the law.
Make no mistake, the elected reps are not in charge, military pull the puppet strings, and they now have enough dirt to pick and choose politicians. Just as New Zealands PM got into power when 'someone' leaked incriminating emails against his predecessor. The military spooks now run the show, no different than the early KGB days.
Can you imagine NSA/GCHQ permitting a UK Prime Minister from cancelling their surveillance program? That would not be allowed to happen, so they'd leak scandals to prevent him ever coming to power. You wonder how the STASI kept East Germany in line for the KGB, and now we can see it playing out.
Watch for the scandals that shape US politics and secure NSA's funding. 20 million queries a month and that's just the ones they log.
Exactly. Some activities need to stay hidden. For example:
* I don't want someone's Christmas gift to be spoiled for them.
* My neighbors don't need to know how much my electric bill was, or what tier of service I have hooked up to that wireless router.
* I have a very dedicated stalker, whose information is limited because that person can't dig into my email or other accounts to find out what I'm up to.
* If I post on a forum for people who own a particular product, I don't need people to be able to find my house so they can steal it.
* A friend who's hurting after a disastrous breakup might email me something in confidence. That should stay confidential.
* Employment and tax documents, with pay grade information and SSNs and all kinds of other PII.
* Online banking, anyone?
* I may compose some music that isn't ready for release yet, and that needs to stay private until it's been polished.
* Medical records about who has what rash on their what now?
There's just some information that doesn't need to be free. No nefarious intent, just things that shouldn't be public.
No, it shouldn't. You are doing the same exact thing you are accusing the poster of doing. Imposing your will on the entire Internet when you do that. The whole intent of the Internet is to share data. What form that data takes is irrelevant. It is far easier if you are that paranoid that you leave the Internet than to ask the Internet to conform to your paranoia.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
Sorry guys, Tor is designed to be used in all the ways we've spent years trying to fix broken internet protocols from doing, you really need to stop drooling over it. Its not actually a good solution. It is in fact an absolutely shitty solution to the problem, as its really a way to create a bunch of new ones.
If you have to hide, the Internet isn't for you.
It's a really good solution! It protects privacy, it's supported/maintained by really smart people who want to protect privacy, and (when using the most current version) gives the user strong privacy.
I just made a whole lot of unsubstantiated claims with no explanation, no supporting evidence, and with no background... just like you did. (I didn't call people names, though.)
Sheesh, gimme some Deep Woods Off! - The number of astroturfers on Slashdot is astounding.
Who cares who else uses Tor? Who cares whether it creates protocol problems? Who cares whether pedophiles or botnets use the system?
The important bit, the one that has value to *me*, is that it can hide my identity. It can hide the identity of people who are afraid of oppression, it can hide the identity of whistle blowers, it can hide the identity of people asking for help.
Stop astroturfing - you're not particularly good at it.
pedophiles and botnets ... no one uses Tor that matters.
Sorry guys, Tor is designed to be used in all the ways we've spent years trying to fix broken internet protocols from doing, you really need to stop drooling over it. Its not actually a good solution. It is in fact an absolutely shitty solution to the problem, as its really a way to create a bunch of new ones.
If you have to hide, the Internet isn't for you.
Prove it, post your unedited, unblocked out tax returns, credit card statements, bank statements, phone records, emails, texts, and browser history. Now who has something to hide?
"If you have to hide, the Internet isn't for you."
"pedophiles and botnets"
Are you cutting yourself with that edginess?
You know what, I've yet to see anything worth reading coming from your keyboard and this is your crowning glory - associating people who want some privacy with pedophiles.
Your opinions are worth less than the photons they have been written with.
Ciao. Meet your new status.
--
BMO
Nonsense. No one is trying to use the force of the government to alter people's use of the Internet, so no one is asking the Internet to conform to anything. What's happening is that people are voluntarily using certain tools and protocols; that's it. There is no hypocrisy there, as all he did was point out why the "nothing to hide, nothing to fear" nonsense is just that: nonsense.
Am I supposed to be impressed at your reply? Did I hit a nerve?
I said nothing about people who want privacy.
I'm a firm believer in privacy, I'm not just no so retarded that I use PUBLIC NETWORKS for PRIVACY and then bitch about it.
You're ignorant of well known and cited reports about Tor usage.
Tor is a shitty solution to wanting privacy. Instead of ranting and ruffling around trying to look cool on slashdot perhaps you should get off your ass and act in that place called 'the real world' and stop voting for assholes who erode our privacy in far more damaging ways.
My new status? Whats that, I'm a foe of some douche on slashdot, OMG I'M GONNA GO CRY NOW. Seriously, grow up, get a clue, get out of your fucking moms basement and do something in the real world, judging by your UID you're what ... 40ish and you're still to stupid to realize that you have no privacy on a public network?
You utterly fail to understand why you have no privacy in the first place, you want to broadcast to strangers ... in secret.
For fucks sake, Tor was designed by the fucking US military, how stupid do you have to be to not realize they planned for ahead for dealing with public usage?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Using debian which means by the time they update to 2.4, the NSA will be able to crack it.
Thanks, assholes.
The original blog post by Rob Graham that Arstechnica reports on has created some confusion about Tor versions. The current recommended stable version of Tor is 0.2.3.25-12. The current alpha release is Tor 0.2.4.17-rc, and people running relays are being encouraged to use this version on the mailing lists. So the repositories, by recommending Tor 0.2.3.x, aren't out of date. However, the Tor website does advise against using the Ubuntu repositories because they aren't "reliably updated" (https://www.torproject.org/docs/debian#ubuntu), which I don't think is the fault of Tor developers. Also, the most up to date version of Tor can be found at the following repository: deb http://deb.torproject.org/torproject.org/ tor-nightly-0.2.4.x-wheezy main.
One or two infested OSs or encryption algorithms are not enough. It is an opportunity for the new "cottage cheese" computers and software industry.
Various hardware architectures, various OSs, encryption approaches, etc. which are talking to each other via open clear protocols.
Let my computer be less sleek or cool but it should me my computer and my software.
Uncatchable, and untraceable.
Fuck you, NSA.
I'm not imposing anything on anyone. Far from it - I'm saying if people want to be left alone, then leave them alone. Unless you already have evidence they're committing a crime, then nothing they do is yours or my business. OP was saying "if you have to hide, stay off the internet". I'm saying that premise is offensive, primarily in that he's suggesting that people who "have to hide" are the same as people who "want to hide".
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Could this explain why a hacked version of Firefox with NSA homing was discovered?
What are the odds of the NSA inserting malware to track users and then send the info to the FBI for prosecution? Could a user using a legit torrent hit a node and have this spyware installed from installing CENTOS for example?
http://saveie6.com/
> Your anxiety issues can be treated, the Internet is not proper treatment,
Firstly, who said my anxiety was anything to do with the internet? I never even mentioned a computer. Stop making up shit.
> You use the Internet as a crutch. Man up and fucking go see a damn doctor and stop being such a coward.
I said I don't make effort to hide my online activities. I'm not talking about myself. I'm respecting those who do want to maintain their privacy.
> You were NEVER anonymous on the Internet, you have ALWAYS been logged, you just aren't smart enough to realize it.
Huh? Of course I realize that. I've been building networks since before the net existed. I just posted yesterday in fact about the futility of trying to hide your information on the net - http://slashdot.org/comments.pl?sid=4173525&cid=44773011
You're completely mis-understanding me. We're probably on the same page in a lot of respects. My issue isn't that you're suggesting that the internet isn't secure. My issue is that you make no distinction between people who "have to hide" and people who "want to hide".
> I made no mention of that retarded 'nothing to hide nothing to fear' crap, you did.
You did - as soon as you failed to make the above distinction, you treated people who want to hide but have nothing to fear as being in the same group as people who NEED to hide. For example, you said TOR is only really used by "uber nerds, pedophiles and bot nets".. So - anyone who uses TOR because they want to hide, who isn't an uber nerd or a bot is.. a pedophile?
I'm simply pointing out that your argument basically strips down the internet population into - precisely - those who have nothing to hide and those who need to hide. Not only are the two not mutually exclusive, but it completely ignores the category that the majority of people fall into who want to keep their privacy - those who have nothing to hide but want to hide anyway.
Your line of thinking is very near to treating anyone who uses encryption, or encrypted channels, or any means of trying to secure the communications, pre-emptively criminal. It's a line of thinking that needs to be stamped out whenever it's seen.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
"Tor was created by the US Air Force"
Well, granted I wasn't there, but Wikipedia says that it was created with the assistance of the US Navy (NRL).
http://en.wikipedia.org/wiki/Tor_(anonymity_network)
No peace man is he
"...get off your ass and act in that place called 'the real world' and stop voting for assholes who erode our privacy in far more damaging ways."
Bingo.
Cookie for BitZ!
Yeah, actually if someone is bad enough to make the NSA's top 10 list, it'd probably be good for someone to be reading their email. I have a BIG problem with the fact that the NSA is tracking everyone's emails and phone calls. I've contacted my congressman about that more than once, calling them out very publicly.
The top NSA agents know who the really bad guys are, the guys who will probably be involved in the next 9/11. Maybe they can't publicize the intelligence that proves it, maybe they are missing a few details, but we knew who bin Laden was. I'm fine with invading their privacy.
But but but if they invade anyone's privacy, they'll invade everyone's privacy. If we let them, yes. Ideally what we want is systems, including budgets and oversight, which only allow them to spy on a few people, so they have to pick which ten people they really do need to spy on.
That's my point. They won't spend any money tracking me. Well, not more than about $10-$50, since I'm pretty sure I'm on a list or two. They WILL spend money tracking whoever appears to be the next bin Ladin. Cool. I'd like them to be able to track bin Laden, while it's not anywhere near worth it to track me.
If I were using "1 bit encryption" they WOULD break it. They proof of that is that they DO track people who use 0 bit (plain email, phone). That's bad. I prefer that everyone use encryption enough so NSA finds it worthwhile to track 0-100 people.
Ps - I said I'm probably on a list. I've worked in security for many years, so my footprints can be found looking at information about exploits, etc. I run a system where we teach cybersecurity to state and local government employees, so I frequent sites that a bad guy might find interesting. On top of that, I use words like "freedom" and "Constitution" and we now know the Obama administration considers those words to be red flags.
To be specific, a hash or signature should only be done once. A DES hash of an MD5 hash is weaker than either DES or MD5, for example.
There is a small exception to the above. Running multiple rounds of the SAME algorithm in a very specific way can sometimes make it slightly more secure against one particular type of attack - brute force. That's a narrow exception, though.
I find it offensive that you would disseminate information about how to circumvent the NSA's need to know what is going on to protect us. In truth, aren't you accusing the government of a conspiracy? What's the difference between that and accusing Jews of an international Jewish conspiracy? Are you going to start loading up government employees and officials into box cars and transport them to "relocation" camps? Its a slippery slope you're on!
Seastead this.
Hey look, an insensitive clod in the wild! You fail at reading comprehension and being decent to other people. Good job. It appears in your other posts you just love to argue so here's something to chew on.
The GP and parent poster were conversing about privacy in general on the Internet, in a calm and reasonable manner, and you extrapolated the ludicrous conclusion that someone was using Tor for online banking out of that? Do you mean to tell us that you never participated in an online user group or collaborated with someone on a project by email? Never shopped online? Never had your place of employment email you a document related to your terms of employment? (You must not be in a tech field then, which makes one wonder what you're doing on Slashdot.) Haven't you heard of health e-record systems? You know, the ones you can't opt out of, because more and more hospitals are participating and sharing data. There is no air-gap between those and the Internet, I assure you, as someone actually knowing enough of the implementation details. In fact, some of them email the records for every visit and test result directly to the patient, or at least provide a Web interface to the database. How about your health insurance, do they have electronic records? Sure do. Accessible by people who also have Internet access on the same machine? Yes. Whoops.
There is an implicit trust placed in some things, such as a democratic government being for the people. Nice to see that trust is earned... or is it still? Some people want their governments to be accountable to them, to be trustworthy again. Not that it's likely to happen anytime soon with the malaise affecting the general world population who get to enjoy their entertainment and forget that their consumption of that entertainment is being monitored, analyzed and monetized, but some of them want it. The engineers who built the Internet were supposed to be trustworthy. The people who built Tor were supposed to be trustworthy. There was a lot of language suggesting that they were, and it received a reputation of trustworthiness. Now that the rug has been pulled out from under it, people want some assurance of privacy before they trust these key parts of their digital lives again. Loss of trust makes a very unhappy public.
What if the postal service or your country's government wanted to read your mail, peruse your packages, and file descriptions of the contents of every package away? Would you be OK with that? Isn't that a public network? They are probably already storing and analyzing your phone conversations -- yet another public network -- are you OK with that too? Airspace is public too, right? So you won't mind if your neighbors fly drones with cameras to look in your windows, right? It's legal if they can see it from outside in a lot of places. There are those fun 'see-through-the-wall' radar systems, why not mount that to a drone? After all, it's outside in public airspace, so it's not REALLY an invasion of your privacy since you shouldn't be up to anything illegal in your house anyway and should therefore be okay with someone broadcasting a live feed of what you're doing behind closed doors. What about using a laser reflecting off your window as a microphone to pick up conversations in your bedroom? That's just light reflecting off your house, how can that be illegal? You know you can train freely-available software to accurately analyze the sound of someone typing and play back their keystrokes, right? What about using magnetic GPS tags to track your car? GPS is public, right? You don't mind if an unintended audience picks up the call-home signals from that device and tracks your car, do you? That's just EM emissions out there where anybody can receive them, no big deal. How about an extra-outlandish scenario that is nonetheless possible - monitoring the power fluctuations in your home remotely, so as to determine what you're up to when they can't see you. It's not that difficult to do. Where do you draw the line for privacy? Apparently, not very far away fr
The whole purpose of the Internet is to connect machines. Whether data is shared or not is up to the users.
- Michael T. Babcock (Yes, I blog)
Allow me to rest my hand in the sand and then complain like a bitch when I am run over by a lorry. Because someone else should have been saving the world while I looked the other way.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
go die in a fucking fire communist, nigger loving fucktard.
- BitZtream (692029)
(Man, if someone wants to know their christmas presents badly enough to crack 1024-bit RSA, just let them.)
There are a lot of reasons to use it over Tor.
Bruce Schneier http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-nsas-cryptanalytic-capabilities/ stated that "Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily."
I'd not rush from DH to ECC but would strongly recommend a move to 2048-bit or above keys
And have just realised that I haven't posted to Slashdot for many years...And yet somehow my .sig is still relevant. NSA may have dropped their plans for mandatory Escrow 15 years ago after the quote was made...but they didn't change the fundamental goal: to read everything.
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
I don't have a background in cryptography but how easily do encryption algorithm scal? I'm just curious why we aren't seeing something like 10000000 bits (you get the idea) of encryption awesomeness.
If your random key generation is not random then it does not matter what crypto algorithm you use, you're still vulnerable.
This is all the NSA has to do: ensure that they can guess the key to any publicly used crypto. If the key generation algorithm is weak or predictable then it doesn't matter if it is RSA10240 or AES5120 - they don't have to exhaust the entire key space in guessing.
So if the NSA has provided input into the PRNG used by (say) Apple and Microsoft then you're screwed whenever you ask the system to generate a key for you (like the session key for SSL/HTTPS.)
However if every key that you generate comes from a random hardware source then they face a much harder battle.
Open sourcing these core parts of the crypto would help us understand how strong or weak Microsoft's and Apple's algorithms really are. Being able to replace it with our own, even better.
Oh fuck you. My post was basically a cry for help and you come here with your superiority complex. Maybe I'm suffering a bit of disillusion here because I'm helpless in a shit world. Could have given some advice you know.
Bullcrap! You didn't cry for help, your post was a bitch fest about how tired YOU are about NSA stories. You state that since you cannot do anything about it, you would rather not know about it. Basically saying that since you choose to bury your head in the sand that Slashdot should impose a similar information policy on the rest of us.
I want to know what I'm up against, even if it does seem overhelming. Screw idiots and ignoramuses, let them eat Facebook.
People who wanted secure comms didn't fucking use the Internet.
There are many other ways to communicate. Not all communication is electronic, and not all data need be moved over networks.
The desire to use the internet is just gifting those who control the internet with information.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
> No, your key is #125125215 in the queue.
In that case, at four hours per key, they'll get to mine in 58,000 years.
It's too bad we can't know for sure that it takes at least a few hours per key, and that it always will. It would be ideal if it took about a day or so per key, with US government level resources.
A two party system with a third one being the official opposition right now... Yeah Right (Slow Clap).
Which is increasing looking like a one-time temporary thing, unfortunately. Modulo the Bloc voters they took and appear to be keeping, NDP support is about back where it was before the Crush and seems likely to stay there unless Trudeau does something dumb.
upon the advice of my lawyer, i have no sig at this time
If you're in Alberta, you can't vote for the Bloc. They don't run candidates outside of Quebec.
upon the advice of my lawyer, i have no sig at this time
What could you possibly be doing that would warrant the NSA's interest?
In addition to the most common answer to that question in this thread ("In ten years maybe what you consider trivial now will be considered highly suspicious"), may I point you to this other recent article on slashdot about a big marketeer reading its own "determined profile" and laughing off how much the ad targeter were off ?
Now realise this: there is big really monney in ad targetting and customer profiling. The marketeer behind are probably almost as serious about it, as NSA is serious about terrorism profiling.
Still, despite all the big brains behind this task, even if they DO have some success (see the Tagert vs. pregnant highschooler story), they can get sometime things completely wrong. (Can't manage to find the slashdot reference, but the guy's profile even guessed the wrong religion).
No back to your question: "What could you possibly be doing?"
Answer: Well nothing. Sometime it's not even what your are doing, but what the algo may wrongly assume you could be doing.
Think about the fly in Terry Gilliam's movie Brazil.
You could get into trouble because the stats wrongly said you could be doing something illegal, even if you actually did nothing. And that's onf of the scariest part of pervasive surveillance program: the risk of error.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
If you want to see their status report and plans to address it, see this post from April, 2012 and follow the links:
http://archives.seul.org/or/talk/Apr-2012/msg00068.html
Here's the page to configure a yum repo for the 0.2.4 branch:
https://www.torproject.org/docs/rpms.html.en
They ask that relay nodes run this.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)