How The NSA Targets Tor

← Back to Stories (view on slashdot.org)

Posted by Soulskill on Friday October 4, 2013 @05:01AM from the i-bet-it's-a-layered-approach dept.

The Guardian has released new documents from Edward Snowden showing how the U.S. National Security Agency targets internet anonymity tool Tor to gather intelligence. One of the documents, a presentation titled "Tor Stinks," bluntly acknowledges how effective the tool is: "We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand." (Other documents: presentation 1, presentation 2.) The NSA is able to extract information sometimes, though, and Bruce Schneier details what we know of that process in an article of his own. "The NSA creates 'fingerprints' that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet. ... After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems." Schneier explains in a related article why it's important that we figure out exactly what the NSA is doing. "Given how inept the NSA was at protecting its own secrets, it's extremely unlikely that Edward Snowden was the first sysadmin contractor to walk out the door with a boatload of them. And the previous leakers could have easily been working for a foreign government."

234 comments

Min score:

Reason:

Sort:

How about the nodes by Anonymous Coward · 2013-10-04 05:07 · Score: 1

I don't see the document talking about the security of nodes.
How is the safety of operating your own node?
1. Re:How about the nodes by pipatron · 2013-10-04 05:18 · Score: 1
  
  What do you mean by this? If you operate a node, your computer is simply a passive router of traffic. I'm not sure what you mean by "safety" here.
  
  --
  c++; /* this makes c bigger but returns the old value */
2. Re:How about the nodes by larry+bagina · 2013-10-04 05:36 · Score: 2
  
  He means: will the NSA try to root you for running a tor node?
  
  --
  Do you even lift?
  These aren't the 'roids you're looking for.
3. Re:How about the nodes by pipatron · 2013-10-04 05:46 · Score: 5, Interesting
  
  Interesting. If I worked for NSA, I would try to. It would give some more information. Though on the other hand, they may just as well run their own nodes to get that information (oh yes, they do this already), and hacking 'normal' people just for the lulz always increases the chance of information about your operations getting out.
  In short: It would be stupid to hack you just because you're running a node, unless you're their target in some other way.
  
  --
  c++; /* this makes c bigger but returns the old value */
4. Re:How about the nodes by lgw · 2013-10-04 05:52 · Score: 5, Interesting
  
  Not according to this latest leak (who knows about future leaks).
  As I read this leak, TOR isn't broken (I the sense that the NSA isn't recording all unencrypted TOR traffic, the way some had feared). The NSA doesn't root all nodes. If they're interested in some specific person, they break their anonymity by rooting them specifically. But I still need to go read Bruce's analysis.
  I find it interesting/amusing that when Freedom Hosting was busted, and the FBI left behind a rootkit on the hosted servers to infect users wholesale, that wasn't an NSA payload - it was a 0-day they bought on Silk Road. For all that this spying pisses me off on principle, I love that bit: someone at the FBI has a sense of humor, or at least irony.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
5. Re:How about the nodes by Anonymous Coward · 2013-10-04 05:54 · Score: 2, Informative
  
  He means: will the NSA try to root you for running a tor node?
  One of the presentations says "probably not" and cites legal and technical challenges. We all know "legal" isn't really much of a roadblock, probably written in there for plausible deniability while the presenter mentioned with a wink and a sneer while dictating against the powerpoint, but sounds like if you run an exit node and keep it patched up, it might not be worth the squeeze for a full attack.
  Keep in mind that if they decide your node IS worthy of being attacked, you won't have the resources to defend against every known and currently-unknown exploit, so you should assume you've already been compromised and mitigate accordingly.
6. Re:How about the nodes by lgw · 2013-10-04 06:03 · Score: 2
  
  Reading through Bruce Schneier's Guardian article, I could be wrong here. It's unclear whether they root all TOR nodes. I don't see this one on his blog, where he occasionally responds to comments, so it's hard to ask.
  Either way, it's (so far) a good sign for TOR users trying to avoid government scrutiny by not-the-US-or-it's-allies, that the NSA has to root nodes in order to break anonymity. The system described is pretty elaborate, and seems unnecessary if they could get the same result from total network traffic analysis.
  It does make a comedy of the TOR groups presentations to the FBI in recent years, though, about why TOR should remain legal.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
7. Re:How about the nodes by SecurityTheatre · 2013-10-04 06:24 · Score: 2
  
  The powerpoint specifically states that they have considered it but regard it a questionable action both for policy reasons as well as technical ones.
8. Re:How about the nodes by hydrofix · 2013-10-04 06:30 · Score: 1
  
  Anyone can run a Tor node. I would think it's much easier for NSA to operate a gigaton of its own Tor nodes via different cloud providers than try to infiltrate existing nodes. And, anyway the whole idea of Tor is that you never get to read other people's messages unless you are operating an exit node or a hidden service. If you are running a simple router node, all your inputs and outputs are encrypted and not readable by you.
9. Re:How about the nodes by eddy · 2013-10-04 06:40 · Score: 1
  
  One slide mentioned this. It said that the node exploitation route was improbable due to technical and legal difficulties.
  
  --
  Belief is the currency of delusion.
10. Re:How about the nodes by SuricouRaven · 2013-10-04 06:48 · Score: 1
  
  That means they are aware that wholesale hacking of TOR nodes would be noticed and invite countermeasures.
11. Re:How about the nodes by lgw · 2013-10-04 07:05 · Score: 5, Interesting
  
  There's a subtle but profound point there. Most warrantless searching of internet stuff has been done under the banner of "no reasonable expectation of privacy". But a TOR user has taken active steps to ensure his privacy - this traffic is as much "not public" as we have the technology to make it. If you don't (legally) have a reasonable expectation of privacy when you go that far, It gives lie to the excuse in the first place.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
12. Re:How about the nodes by Anonymous Coward · 2013-10-04 07:35 · Score: 2, Interesting
  
  It does make a comedy of the TOR groups presentations to the FBI in recent years, though, about why TOR should remain legal.
  What, what? Forgive my probable naivete, but shouldn't that be the other way around? It should remain legal unless the FBI has some compelling arguments otherwise. First and Fourth amendments, and all that.
13. Re:How about the nodes by ron_ivi · 2013-10-04 07:46 · Score: 5, Informative
  
  Second to last slide mentions that too - paraphrased "could be worse - people might find alternatives to tor or improve it if they knew what we could do".
14. Re:How about the nodes by icebike · 2013-10-04 08:27 · Score: 2
  
  Keep in mind that if they decide your node IS worthy of being attacked, you won't have the resources to defend against every known and currently-unknown exploit, so you should assume you've already been compromised and mitigate accordingly.
  If they think your node is worthy of attack, even a moderate defense will simply cause them to take it down or busy it up, such that users of interest move to another node.
  
  --
  Sig Battery depleted. Reverting to safe mode.
15. Re:How about the nodes by Anonymous Coward · 2013-10-04 11:02 · Score: 0
  
  Mod Parent Up!
16. Re:How about the nodes by Agent+ME · 2013-10-04 11:40 · Score: 1
  
  the FBI left behind a rootkit on the hosted servers to infect users wholesale, that wasn't an NSA payload - it was a 0-day they bought on Silk Road.
  Source please? I missed that.
17. Re:How about the nodes by Nahor · 2013-10-04 13:34 · Score: 1
  
  By strict definition, TOR doesn't ensure privacy. Your connection still ends up somewhere on the regular Internet and whatever you post in Slashdot will be visible by everybody. What TOR ensures is anonymity.
18. Re:How about the nodes by MikeBabcock · 2013-10-04 13:46 · Score: 1
  
  Anonymity is the penultimate of privacy.
  Might want to reconsider your terminology.
  
  --
  - Michael T. Babcock (Yes, I blog)
19. Re:How about the nodes by AHuxley · 2013-10-04 16:28 · Score: 1
  
  http://arstechnica.com/security/2013/10/bitcoin-talk-forum-hacked-hours-after-making-cameo-in-silk-road-takedown/ might be it?
  
  --
  Domestic spying is now "Benign Information Gathering"
20. Re:How about the nodes by AHuxley · 2013-10-04 16:54 · Score: 1
  
  yes hydrofoil, "infiltrate existing nodes" via fronts or tame turned users.
  The classic thinking was always a total http://en.wikipedia.org/wiki/Room_641A like mastery of the US telco network - telco brand, OS, software would not save your message on their 'network'.
  Any message in was seen before the first ip changing hop, let travel the "world" and then seen on its final destination ip connection (lets say US to US or US friendly nation).
  The other aspect was a bulk of instant front groups running existing quality nodes in cities, suburbia to catch people on average, in bulk trying to use TOR.
  This new news puts the US at a Russian or China level of been detected. The US has the network we call the internet as its own plaything in its totality - why mess around/even consider risking what smart admins might just stumble over one day?
  The admins would tell friends, outside (non US) antivirus vendors would blog/research any new threats in very public ways.
  The other sort of related computer use hint was "Senator: Let's monitor P2P for illegal files" and some unique string per discovered computer and files.
  http://news.cnet.com/8301-10784_3-9920665-7.html
  This feels like disinformation - watch your system not the brands, not the networks - watch your file system, your code while the wider network and any encryption sold/gifted is junk. TOR is not "crypto" hard, why the dedicated per end user efforts?
  Thats a lot of cleared staff needed to spy on a lot of unique computers and keep the hidden software running and review the results :)
  
  --
  Domestic spying is now "Benign Information Gathering"
21. Re:How about the nodes by Nahor · 2013-10-04 18:44 · Score: 2
  
  There is a lot of overlap between anonymity and privacy but neither is a subset of the other.
  http://www.wired.com/politics/security/commentary/securitymatters/2007/09/security_matters_0920
  http://www.concurringopinions.com/archives/2011/01/privacy-vs-security-vs-anonymity.html
22. Re:How about the nodes by MikeBabcock · 2013-10-05 02:57 · Score: 1
  
  Jeez. http://www.merriam-webster.com/dictionary/penultimate
  
  --
  - Michael T. Babcock (Yes, I blog)
23. Re:How about the nodes by Nahor · 2013-10-05 03:52 · Score: 1
  
  Did you read that definition of yours? "Anonymity is the penultimate of privacy" implies that anonymity is a part of privacy, that privacy is a super-set of anonymity. It is not. You can have anonymity without privacy. That's what Tor is. It ensures that nobody can know *who* is doing something. It doesn't prevent one from knowing *what* is being done. One just needs to be the exit node or sit in front of the target server (or anywhere in between those two) to know that "what". If one wants privacy, one should use an end-to-end encryption like SSL.
  So yes, I reconsidered my terminology and stand by what I said.
24. Re:How about the nodes by Burz · 2013-10-05 05:44 · Score: 1
  
  IMO, its all about the future leaks. With years of 1024bit weakly-encrypted Tor traffic stored in NSA data centers, you can be sure that a very large cover will be blown off past Tor activity. The fact that Tor remains somewhat centralized will contribute to the crypanalysis effort against it, probably causing Tor to lose credibility sooner than people think. Tor is switching to 2048bit encryption (which I2P moved to long ago), though I can't imagine the old data will last more than another 5 years.
25. Re:How about the nodes by Burz · 2013-10-05 06:01 · Score: 1
  
  Keep in mind that if they decide your node IS worthy of being attacked, you won't have the resources to defend against every known and currently-unknown exploit, so you should assume you've already been compromised and mitigate accordingly.
  If they think your node is worthy of attack, even a moderate defense will simply cause them to take it down or busy it up, such that users of interest move to another node.
  That could ultimately be the thing that finally sends the rest of Tor's users to I2P: With Tor's opt-in relays, a P2P ethic does not take hold. With I2P there is more spreading of the network load, and someone wanting to DOS a node would have to at least contribute a lot more bandwidth back to the rest of the network (which has the side-effect of freeing up bandwidth for the node being attacked). Not contributing bandwith back creates the risk that other nodes will stonewall you... its not unlike bittorrent in that respect (and is the main reason why bittorrent works fully on I2P).
26. Re:How about the nodes by kloro2006 · 2013-10-05 14:14 · Score: 1
  
  NSA and the rest of the spooks have been claiming that they are able to spy on whomever, whenever they want. The real message of this story is that the spook claims are lies. Spook technical resources are bankrupt because competent technicians are people of conscience. You can't isolate creativity. If it can't function in all areas it can't function in any. And people who are cowards in dealing with organizational authority will be cowards in their work, and cowards can neither create nor maintain large, reliable systems.
We need a workers government by For+a+Free+Internet · 2013-10-04 05:07 · Score: 0

Only a Soviet America will clean out the den of thieves and criminals that is the NSA, CA, etc.

--
UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
TAILS by Anonymous Coward · 2013-10-04 05:14 · Score: 2, Informative

And this is exactly why you use TAILS. No fingerprints. Heck I have an exclusive machine for TAILS.
1. Re:TAILS by plover · 2013-10-04 05:23 · Score: 5, Insightful
  
  This quote from TFA was particularly insightful:
  
  Other efforts mounted by the agencies include attempting to direct traffic toward NSA-operated servers, or attacking other software used by Tor users. One presentation, titled 'Tor: Overview of Existing Techniques', also refers to making efforts to "shape", or influence, the future development of Tor, in conjunction with GCHQ.
  What that says is "hang on to old copies of TAILS and Tor, and don't 'upgrade' them." Sure, they're going to keep trying to attack them, but for right now this is as close to evidence as we'll ever get that says they're effective.
  
  --
  John
2. Re:TAILS by jaymzter · 2013-10-04 05:35 · Score: 1
  
  I was thinking the same thing (FoxAcid, does it run Linux?). Why ANYONE doing anything online a government thinks they shouldn't, would do so running MS Windows is a mystery. The only way I would even consider it is if the machine was completely blocked from internet access with the exception of the TOR proxy ports.
  
  --
  If thou see a fair woman pay court to her, for thus thou wilt obtain love
3. Re:TAILS by lgw · 2013-10-04 06:15 · Score: 4, Interesting
  
  I think you've misunderstood the attack.
  1. They can identify anyone using TOR by looking at the encrypted traffic. Doesn't matter what you're running.
  2. Using their privileged position on the internet backbone, they can perform MitM attacks by responding faster than the real servers, so they server you their malware package while serving the original content. Doesn't matter what you're running.
  3. The NSA has 0-days for everything, so now you're rooted. Doesn't matter what you're running. And likely de-anonymized at this point.
  4. If you're using a live CD, you might stop being rooted when you power down. Unless the NSA has a 0-day for your BIOS, which is certainly possible, in which case even that didn't help.
  This is the full financial power of a Cold War military intelligence branch being directed against individual citizens. Doesn't matter what you're running, you brought a knife to a gun fight, and they brought an armor division.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
4. Re:TAILS by Anonymous Coward · 2013-10-04 06:21 · Score: 1
  
  You're not secure running Linux, Captain Neckbeard.
5. Re:TAILS by larry+bagina · 2013-10-04 06:28 · Score: 1
  
  Duh, use SE Linux!
  
  --
  Do you even lift?
  These aren't the 'roids you're looking for.
6. Re:TAILS by Anonymous Coward · 2013-10-04 06:38 · Score: 0
  
  FoxAcid
  Very clever - wouldn't have worked if you didn't have something (mentioned in the documents) - that enables you to grep all HTTP requests. Doesn't even have to have an exploit on it. I get a kick out of that as a technical achievement, but I really get a kick out of the little joke Bruce played in his article. Somewhere in the bowels of the US surveillance bureaucracy, there are a gazillion referrer-IDs pointing to the Guardian article, and some poor guy has to look at them all.
  A hat tip to both the spooks in the administration and to the journalists covering the story today, that was fun.
7. Re:TAILS by SecurityTheatre · 2013-10-04 06:45 · Score: 5, Informative
  
  This is absurd.
  Listen, I've read the analysis and I've read all the available documentation. I agree with Schneider's analysis, but you're exaggerating.
  
  1. They can identify anyone using TOR by looking at the encrypted traffic. Doesn't matter what you're running.
  Maybe. But they do this by injecting cookies and then trying to find those cookies later on the unencrypted Internet, once you've turned off Tor. This doesn't work so well if you're using the browser bundle, or some sort of Live CD, but it may work on
  
  2. Using their privileged position on the internet backbone, they can perform MitM attacks by responding faster than the real servers, so they server you their malware package while serving the original content. Doesn't matter what you're running.
  The race-condition man-on-the-side capability of the NSA was never doubted, though nobody was really sure until recently how/where/if it was deployed and how often it was used. It looks like it's a rather common thing they use these days. In that vein, they can probably intercept the traffic between the exit node and the hosted content, unless, of course, you're using a .onion site, in which case, they most certainly cannot (unless they own the exit node, which they will only sometimes do).
  
  3. The NSA has 0-days for everything, so now you're rooted. Doesn't matter what you're running. And likely de-anonymized at this point.
  If you're rooted, you are also de-anonymized. That's almost a sure bet. Avoiding getting rooted is the key.
  
  4. If you're using a live CD, you might stop being rooted when you power down. Unless the NSA has a 0-day for your BIOS, which is certainly possible, in which case even that didn't help.
  Doing a blind root on a BIOS is pretty unlikely. In fact, rooting someone who doesn't have a browser/OS combination that has a pre-built exploit make is much less likely. Especially even moreso if you spoof the user agent.
  Regardless, the tone of your post is a bit over the top, and doesn't match the evidence- just figured I would point that out.
8. Re:TAILS by Anonymous Coward · 2013-10-04 06:55 · Score: 0
  
  2. Using their privileged position on the internet backbone, they can perform MitM attacks by responding faster than the real servers, so they server you their malware package while serving the original content. Doesn't matter what you're running.
  3. The NSA has 0-days for everything, so now you're rooted. Doesn't matter what you're running. And likely de-anonymized at this point.
  I don't understand how they could root you if you're not running any plugin and have Javascript disabled, could you explain ?
9. Re:TAILS by Runaway1956 · 2013-10-04 07:04 · Score: 2
  
  Uhhhmmmm - a number of people are clueless. That's ONE reason to commit nefarious deeds on the internet using Windows.
  Other people think they are smarter than you, me, or the government, and they believe they can actually "secure" Windows against attack.
  I have "met" one guy, who actually, seriously believes that Win98 was the last secure version of Windows. He won't trust any more modern version of Windows - and never did trust anything else. The guy is weird, what can I say? But, he's probably not unique.
  The BEST idea is, if you are intent on subverting the government - don't use the internet to do it.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
10. Re:TAILS by Runaway1956 · 2013-10-04 07:08 · Score: 2
  
  The guy on Linux is MORE LIKELY to be secure than the guy running Windows.
  Not because it's LInux - but because the guy on Linux is PROBABLY more savvy than the Windows guy. You will note please, that I said PROBABLY. A truly tech savvy Windows administrator can give the best Linux guy a run for his money. But, hundreds of millions of Windows users are truly clueless.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
11. Re:TAILS by lgw · 2013-10-04 07:11 · Score: 1
  
  Firefox has bugs in the Firefox part of Firefox. 0-day attacks on the browsers themselves are perhaps the most valuable and rare attacks these days, moreso than OS privilege escalation bugs I'd guess, but the NSA has effectively infinite money and manpower to find or buy exploits.
  Do they actually have a 0-day for every version of every browser? I don't think that extreme has been confirmed, but we know they have lots, and it's unreasonable to assume any of the major browsers is bug-free.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
12. Re:TAILS by Anonymous Coward · 2013-10-04 07:15 · Score: 0, Troll
  
  Given your nick and that you are posting about security matters, you may like to note that the security guru's name is Bruce Schneier (without a d). You're welcome.
13. Re:TAILS by lgw · 2013-10-04 07:21 · Score: 3, Interesting
  
  1. They can identify anyone using TOR by looking at the encrypted traffic. Doesn't matter what you're running.
  Maybe. But they do this by injecting cookies and then trying to find those cookies later on the unencrypted Internet, once you've turned off Tor. This doesn't work so well if you're using the browser bundle, or some sort of Live CD, but it may work on
  Sorry, I was unclear. They can easily identify TOR traffic as TOR traffic - they can identify that you are a user of TOR. Governments with far less resources can do this, and block all TOR traffic. There was a /. story about this some years back, on the TOR team trying to respond but admitting it would always be an arms race.
  
  Doing a blind root on a BIOS is pretty unlikely. In fact, rooting someone who doesn't have a browser/OS combination that has a pre-built exploit make is much less likely. Especially even moreso if you spoof the user agent.
  Yes - this is the one area where I do doubt even the NSAs capabilities. But the user agent has nothing to do with it - TOR tries to make everyone's browser fingerprint look the same anyhow - if you changed it in some way there are attacks based on having that unique fingerprint (no clue how real such attacks are). Regardless, most TOR users are running a recent browser bundle on a very limited choice of OSs, and this is one case where Windows likely isn't the biggest target.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
14. Re:TAILS by krkhan · 2013-10-04 07:24 · Score: 2
  I don't understand how they could root you if you're not running any plugin and have Javascript disabled, could you explain ?
  By exploiting vulnerabilities in the browser. Being a piece of software it's no more secure than any other out there. Spoofing user-agent might help, but the dilemma runs like this:
  
  * Using a non-popular browser (e.g., Midori, Lynx) would make you slightly less prone to these attacks as the focus is usually on the popular ones (Firefox, IE).
  * The browser in question might have "leaks" (e.g. cookies) which Tor community tries actively to plug against by releasing a standard bundle based on a popular browser.
15. Re:TAILS by Anonymous Coward · 2013-10-04 07:43 · Score: 0
  
  3. The NSA has 0-days for everything they have a fingerprint for so now you're rooted if you haven't changed your system's fingerprint. Doesn't matter what off the shelf software you're running.
  Fixed that for you.
  If you're really worried about it, you don't run stock kernels or drivers or apps (oh my!), but roll your own with enough changes to not match anything out there. Then, because that unique fingerprint now uniquely ID's your server(s), you change that frequently to make traffic analysis harder.
  (Sometimes security through obscurity actually works, the trick is being obscure enough.)
16. Re:TAILS by SecurityTheatre · 2013-10-04 07:52 · Score: 1
  
  I was reading that the TOR attacks against the browser bundle executed by the FBI recently were specifically targeted at Windows users, because not enough people doing illegal crap are sophisticated (or paranoid) enough to run something other than what was pre-installed on their system. That may change now, but it probably wasn't the case before these leaks and other events.
17. Re:TAILS by Ingenium13 · 2013-10-04 07:53 · Score: 1
  
  The solution to this is to run Tor (specifically the Tor bundle) in a combination VM (or container, such as Docker) and AppArmor/SELinux profile. So no changes are stored; it reverts to the original image each time it's run. Furthermore, you can the restrict access of everything other than the tor daemon to only be able to access the tor SOCKS port on localhost, and block all UDP (no DNS).
  That way even if rooted with a 0-day, it can't really give up your identity and it won't persist. Sure, they could probably chain 0-days together to try to escape the VM/container and sandbox, but it would certainly make it quite a bit more difficult for them.
  There are pre-made Docker containers and AppArmor profiles for the Tor bundle already. They just need modified/combined to let you use both at once.
18. Re:TAILS by VortexCortex · 2013-10-04 08:07 · Score: 5, Insightful
  
  This is the full financial power of a Cold War military intelligence branch being directed against individual citizens. Doesn't matter what you're running, you brought a knife to a gun fight, and they brought an armor division.
  Yeah, I agree. We're pretty fucked, but I do think there's hope, however. The common man is disposed to do nothing until they feel the jack-boot at their own throat. The founding fathers knew of this:
  
  Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security.
  USA Declaration of Independence.
  The important thing to note is that they also gave us tools such that we would not have to throw off our government in order to fix it. We actually can fire congress. We actually can hold accountable the traitors to the constitution they swore to uphold. They keep this shit up, and more folks will come around to the idea of using them. They may have an armor division, but note that it's actually on our side. The pen is mightier than the sword, and the Army is not the NSA or CIA or individual sessions of congress.
  I developed a fairly weak encryption system with hash based CBC, and a simple substitution cipher prior to XOR to reduce effectiveness of chosen plain text attacks (random throw-away nonce initialization vector also helps). It's going to be part of the reverse-DRM system for my games (give the users the power: They can ensure game updates and mods can be trusted / signed), but since it's for games and the mods are scripts not native code, and will distribute online (thus internationally), I don't need anything super secure, or copyright encumbered (so I can open & close source as needed to mitigate cheaters in online games).
  I was looking at my router bandwidth log a few days ago and there was an upload of about 375 megabytes in the middle of the night, over an hour and a half 11pm to 12:30ish. No one was uploading anything here, I know for a fact. I recall a few days prior to that my Firefox browser had oddly glitched and crashed on adobe flash content (this rarely ever happens, since I don't consume much flash). The next day I noticed on my private game dev forum that a post I had made somehow got duplicated and glitched up, marking it as a global sticky announcement, and quite tellingly, none of the BBCode markup was parsed into the board's internal format -- My post somehow made it into the SQL database twice, and one copy apparently didn't go through the board's posting filter -- The posts are transactional, if the forum had glitched the DB wouldn't have been populated, let alone twice, and it would have been filtered for markup PRIOR to even touching the DB... This post was a list of all the improvements I recently made to my custom cipher. Coincidence? Yeah, right.
  In addition to being a cryptographer, I frequently make politically inciteful comments (see above), and since I make games as a hobby research some crazy stuff for plot ideas, sometimes I post in-character as a machine mastermind; And am also writing a novel about machines holding the government for ransom. (Spoiler: the machines autopiloted airplanes into bulidings as a show of force on 9/11 to get the government to expand the world wide neural network... you can imagine red flags everywhere doing research and collaborative writing for that, eh?) I also tinker with electronics hardware and hobby OSs coded in ASM and my own toy languages. Being that I email enc@nsa.gov directly to comply with encryptio
19. Re:TAILS by VortexCortex · 2013-10-04 08:33 · Score: 1
  
  The NSA is like a "covert spy" wearing a Tee Shirt that reads: "I'm from the NSA, I'm here to help." For fuck's sake they FAIL at being covert. We might as well not have them in that case. You think a terrorist is too dumb to notice such egregious failures to keep their cracks from being noticed? Seriously, if you're reading this, NSA. Fire that fool who cracked me. You might want to hire some ACTUAL hackers, because you look like morons.
20. Re:TAILS by turgid · 2013-10-04 08:43 · Score: 1
  
  Nah, it's just disinformation to keep the paranoid using certain versions of certain software so that they feel secure... and the spooks can concentrate on cracking them (and know who the really paranoid people are) if they haven't already.
  Now, if you'll excuse me, Phil and Liz are about to revert to 12-foot blood-drinking lizard form (it's that time of night) and I'm scheduled to pilot their saucer craft to zeta Reticuli for the conference with the Masters this evening. I need to look out my spare element 115. The anti-gravity drive has nearly run out.
  
  --
  Stick Men
21. Re:TAILS by Anonymous Coward · 2013-10-04 08:45 · Score: 0
  
  Maybe I am being overly pedantic but to me "rooting" implies not just access but also privilege escalation.
22. Re:TAILS by Alef · 2013-10-04 08:49 · Score: 1
  
  ...with the risk of hanging on to cracked and exploitable copies. Are you sure that's the better alternative?
23. Re:TAILS by Xaedalus · 2013-10-04 09:03 · Score: 1
  
  The fear of terrorists comes because the average American is white (though this is on the verge of changing) has a functioning 10th grade education, has never gone overseas (or if they have, it's on a quick two week vacation to England, France, Italy, or Germany), is more racist/supremacist than they care to think about, and watched planes fly into towers 12 years ago. They think anyone with brown or black skin is scary, especially those from other countries (plus they smell funny). They watch the evening news, identify more with celebrity & sports culture than politics (because that's normal--politics and religion never get discussed in "polite" company unless it's by "smart" people). They're more conservative than they care to think they are, and the trauma of 9/11 left a lingering suspicion of the foreign and the "other" that will never quite fade. If you want a comparable analog, look at the WWII vets who fought in the Pacific Theater. To this date, the lingering hatred of the Japanese amongst them is still amazing. They've never given that up completely. When you consider in a nation of 300 Million, that the majority of our population are what I've described, then you'll understand why the government acts the way it does. Our government is a reflection of ourselves--not the other way around.
  
  --
  Here's to hot beer, cold women, and Glaswegian kisses for all.
24. Re:TAILS by JSG · 2013-10-04 09:21 · Score: 2
  
  Remind me who sponsored SELinux in the first place please ...
  Cheers
  Jon
25. Re:TAILS by Applekid · 2013-10-04 09:21 · Score: 1
  
  I was thinking the same thing (FoxAcid, does it run Linux?). Why ANYONE doing anything online a government thinks they shouldn't, would do so running MS Windows is a mystery. The only way I would even consider it is if the machine was completely blocked from internet access with the exception of the TOR proxy ports.
  I do ALL my nefarious deeds while running Windows.
  Technically, they're compromised machines belonging to someone else who have no idea who I am or what I'm doing, but -- mere technicalities -- they still run Windows!
  
  --
  More Twoson than Cupertino
26. Re:TAILS by JSG · 2013-10-04 09:35 · Score: 1
  
  Yeah right, except quite a few of us post on Slashdot and other tech sites - we are a gated community. Nearly all sysadmins are a piece of piss to find on t'interwebs.
  Perhaps those site's web log files might not be as well protected as you might want - I doubt that our host's web masters are the only viewers.
  Perhaps you describe some aspect of your home/work/cloudy system, perhaps over many posts over several months/years (your modus operandus) on these tech sites.
  Perhaps there is someone who has a system that draws neat graphs linking posts to persons to groups of IT systems and hence to how they are secured.
  To make it especially easy to follow, why not sign off your posts in a distinctive way.
  Cheers
  Jon
  PS Bugger AC - I've been here years and a few years before I signed up. I've never bothered posting AC - I'm a security consultant.
27. Re:TAILS by TheRealMindChild · 2013-10-04 09:51 · Score: 3, Funny
  
  They are going to root my BeOS 4.5 VM? Methinks not!
  
  --
  
  "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
28. Re:TAILS by Anonymous Coward · 2013-10-04 11:00 · Score: 0
  
  The important thing to note is that they also gave us tools such that we would not have to throw off our government in order to fix it. We actually can fire congress. We actually can hold accountable the traitors to the constitution they swore to uphold. They keep this shit up, and more folks will come around to the idea of using them. They may have an armor division, but note that it's actually on our side. The pen is mightier than the sword, and the Army is not the NSA or CIA or individual sessions of congress.
  Given your quote (I've bolded the particular sentence), I would strongly urge you read a book called Beyond Outrage by Robert B. Reich.
  The problem is not with the US Congress. The problem is not swords vs. pens, the problem is something more nefarious that impacts every single aspect of American existence (at nearly all levels of government and all levels of American life), while operating within the legal boundaries that were set forth by our forefathers in addition to all the subsequent rules/laws that have been appended or tacked on over the past 200 years.
  Read the book and be enlightened, become depressed, and at the end, learn about some approaches/methodologies that can hopefully rectify the situation. Hint: they do not involve "firing Congress".
29. Re:TAILS by steelfood · 2013-10-04 11:20 · Score: 2
  
  Remember that these are with respect to targeted attacks. The techniques described are only put into use against you if they think you're doing something wrong. They can target anyone but they can't target everyone at once. But the attacks apply to everyone.
  And really, running off a live CD isn't the way to defeat this. It is to simplify the renderer (cut the JS/CSS crap, go back to plain HTML), overhaul the browser security structure, and keep the playing field diverse. The more products are out there, the more 0-days they have to gather to attack any given individual. That's why they aim for the browser bundle. It's generic, and so if they break one person's security infrastructure (however flimsy it might turn out to be), they break everybody else's. But it doesn't mean they don't have attacks ready for Lynx+TOR or Konqueror+TOR. It's just less likely.
  I think TBB should move away from Firefox. Yes, it's popular. But it's also far too complex, and is getting worse with each version. Do a security audit of something like Konqueror and go with that.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
30. Re:TAILS by Anonymous Coward · 2013-10-04 11:20 · Score: 0
  
  There friends from The Search Engine will buy Custom Exploits for them.
31. Re:TAILS by Anonymous Coward · 2013-10-04 11:23 · Score: 0
  
  Fortunately, Global Internet Defense has already though about the issue. If you want to be safe, run FF inside Qemu and use the SPARC instruction set. Advertise "x86" in the browser string. When FF crashes, analyze dump and send it to Kaspersky. He will have serious fun with that x86 exploit you just acquired.
  We just have to accept the challenge and start to think who pays for FF. Hint: It's a major global corporation who does private COMINT.
32. Re:TAILS by Anonymous Coward · 2013-10-04 11:25 · Score: 0
  
  Given that FF codebase on Linux and Windows is largely the same, I venture to say their exploits probably work for Linux and Windows to get user-privilege.
33. Re:TAILS by steelfood · 2013-10-04 11:57 · Score: 1, Insightful
  
  OK, a couple of things.
  1) They probably have info on everybody here. Every person who visits this site with any regularity probably has an FBI file, courtesy of the NSA. Note that Slashdot doesn't use HTTPS. Note that this is ground zero for intellectuals, which as we've seen in China and Iran, make up the bulk of their dissenters.
  2) If you're willing to pay the Best Buy tax and have a LiveCD saved off somewhere prior to being targeted, you probably can get a clean system. I'm not sure it matters though, as that machine's going to be compromised the moment it goes online anyway. So your choice is either to be secure by not exposing your communications to the rest of the world, or to not be secure the moment you try.
  3) They're not going to black van you. The important stuff isn't what you do at home, by yourself, with yourself. I.e., they're not interested in your masturbation, intellectual or physical. They're interested in your communications. Because words spoken in an empty room have no power, but those spoken to an audience does. If you speak, they'd want to make sure you're not too loud, that not too many others hear. In more repressive places, they don't want you to speak at all. And without the affirmation of others, you become one of those crazy people with crazy ideas, i.e. easily discredited, powerless. That's the ultimate goal.
  4) If you're as clean as you say you are, you should run for public office. But I sincerely doubt it. Everybody's got dirt somewhere. And if you don't, something you've done, or someone close to you did, can probably be made to look bad. Suffice to say, if you feel that the system works as intended, you should try it out. Sadly, myself and many others here are fairly certain it doesn't work the way it's supposed to. The best anybody (EFF, ACLU, etc.) can really do, short of something violent, tragic, and likely not nearly as beneficial as it would initially appear (reference Arab Spring, where things are worse now than they were before), is hold off the inevitable.
  5) This is not a result of terrorism. Terrorism is just the latest key to the uneducated American psyche. Before that, it was communism. Before that, it was something else, Native Americans maybe. This is a power grab by someone, or several individuals. Just like wealth has been moving from the general population to a select few over the past 20 years, so has power. Hoover was the perfect example of such a power grab in the past, and guess what, that happened in the 20's when there was a similar wealth distribution. Most people have no idea about Hoover, and even if they did, don't understand the significance of his actions. That's because:
  6) Most people just don't care. They're not willing to sacrifice their time and energy into serving other people. If they run for public service, they're going to make sure it serves themselves first and foremost. That's just how things are. The founders based the foundation of their system upon an enlightened society. They themselves were fairly enlightened individuals, albeit with the occasional shortcoming. We're about as far away from that as we can get, and getting farther with every passing moment. The attacks on education, the attacks on information, these are all methods to keep people in the dark, unenlightened.
  7) The nihilist parts of Nietzsche are good too. Actually, the part you like comes out of his nihilism. Privacy implicitly assumes that it's possible for there to be nobody else present but you and yourself alone. In fact, that actually may be why most people don't care for their privacy; they start from the position that they don't have it in the first place.
  In summary: Business as usual. 25000 years and we're fundamentally no different today than the humans alive then. Did you really expect a different outcome?
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
34. Re: TAILS by Anonymous Coward · 2013-10-04 13:56 · Score: 0
  
  I know you! Aren't you that guy from Belize who pretended to be a drunk tourist to escape murder charges in your country???
35. Re:TAILS by Anonymous Coward · 2013-10-04 14:24 · Score: 1
  
  PS Bugger AC - I've been here years and a few years before I signed up. I've never bothered posting AC - I'm a security consultant.
  I do it because fuck anybody who is more concerned with a name than they are with what I'm actually saying.
  Plus, all the cool kids browse at -1
36. Re:TAILS by AHuxley · 2013-10-04 16:58 · Score: 1
  
  They would get your isp logs and into your adsl/HFC/optical device/router/switch :)
  BeOS does provide a different file system outside Mac, Win, Linux - good.
  BeOS does provide a different OS outside Mac, Win, Linux - good.
  AV and firewall :)
  
  --
  Domestic spying is now "Benign Information Gathering"
37. Re:TAILS by Sun · 2013-10-04 17:09 · Score: 1
  
  If you're rooted, you are also de-anonymized. That's almost a sure bet. Avoiding getting rooted is the key.
  That really depends on how much resources you are willing to put into not getting de-anonymized.
  For example:
  Install a dedicated computer. This computer is used for all anonymized traffic, and only for it. Do not install TOR on it. Set it up in its own network, and set the router for that network to:
  1. Not allow any connection between that network and the router, or any other component of your internal network.
  and
  2. Route all outgoing traffic from that computer to the internet only through TOR, including DNS queries.
  Even if that computer is rooted, any de-anonymizing beacon it will try to send out will be routed through TOR. It will simply not know what its own external IP address is. Since the rest of the network will not accept traffic from it, there is nothing it can do to try and hack the rest of the network.
  Proper construction means that rooting the anonymous machine is, by no means, checkmate.
  Shachar
38. Re:TAILS by AHuxley · 2013-10-04 17:09 · Score: 1
  
  Yes back to a lot of simple tools that do a few tasks very well and code that has been well understood.
  
  --
  Domestic spying is now "Benign Information Gathering"
39. Re:TAILS by AHuxley · 2013-10-04 17:11 · Score: 1
  
  ye AC, expect to see a lot more efforts to bait something in the wild. The junk crypto and failed brands still have to be avoided too :)
  
  --
  Domestic spying is now "Benign Information Gathering"
40. Re:TAILS by Anonymous Coward · 2013-10-04 17:35 · Score: 0
  
  If we had even a little bit of common sense and could put 2 and 2 together... you'd realize there are NO real terrorists. It's just a bunch of "intelligence" agencies playing the part. Emanuel Goldstein ring a bell? Al CIA Duh? How many sovereign nations have the CIA overthrown and placed their employees into power? And that's not even the tip of the iceberg as far as the kind of evil they perpetrate.
  http://www.youtube.com/watch?v=yuC_4mGTs98 check this out, it'll get you started.
  If humankind had 2 brain cells to rub together, we wouldn't have had 10K+ years of war after war and absolute misery.
41. Re:TAILS by Anonymous Coward · 2013-10-04 20:50 · Score: 0
  
  *highfives* for being smart enough, bright enough, and wise enough to fuck with them in every sane legal way.
  Don't let it get you down. Imagine how it pisses off us plebeians with no skills like yours. It's partly the reason they are still in a position of authority to pull that shit.
42. Re:TAILS by Anonymous Coward · 2013-10-04 22:35 · Score: 0
  
  What that says is "hang on to old copies of TAILS and Tor, and don't 'upgrade' them." Sure, they're going to keep trying to attack them, but for right now this is as close to evidence as we'll ever get that says they're effective.
  Especially since they're probably using this attack on everyone downloading Tor as well. Hit the download link and get it from their FoxAcid server. To protect against this, you can verify the download with the GPG signature, so you better grab the gpg file from the FoxAcid server and verify it with the public key fetched from the FoxAcid keyserver.
43. Re:TAILS by Burz · 2013-10-05 06:32 · Score: 1
  
  Hypervisor desktop employing some of the more powerful hardware VM features found in newer processors to create a substantially more secure environment.
44. Re:TAILS by Rich0 · 2013-10-05 09:58 · Score: 1
  
  If you're rooted, you are also de-anonymized. That's almost a sure bet. Avoiding getting rooted is the key.
  Only if the device that was rooted contains or has access to identifying information. If the device you're browsing on is itself isolated from the rest of the network/etc that is not a sure thing. Granted, they could access unencrypted content/etc, so if you're sending private mail over tor they're going to be reading it. However, if you still avoid any mention of who you are and the device is isolated, then at best they're going to get a MAC address that belongs to VMWare, and an RFC 1918 IP. That won't get them much.
45. Re:TAILS by Anonymous Coward · 2013-10-05 22:57 · Score: 0
  
  This kind of stuff is why the machines keep us around, it's like a dog opening a fridge door: absolute gold :D
  Bless you & keep up the good work :)
46. Re:TAILS by lgw · 2013-10-07 05:27 · Score: 1
  
  The datacenter for the GAO ran Netware on their outward-facing boxes for years after you'd think anyone would still be running it. I'm guessing they shared this reasoning. :)
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
47. Re:TAILS by lgw · 2013-10-07 05:37 · Score: 1
  
  Privilege escalation is actually easier, if perhaps harder to target. All current OSs are "reasonably secure", but I'd doubt any are perfectly bug-free and so it's just a matter of finding the exploits. Kernels change slower than browsers, so it's a safe bet the NSA has several privilege escalation exploits for every OS. They do have to guess which OS you're running, but there are timing-based attacks to discover browser and OS, if they can get you directly connected to a server (no clue how well those work if you have JS/plugins disabled).
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
It's so nice of the NSA by Anonymous Coward · 2013-10-04 05:14 · Score: 0

To point out weaknesses in the Internet for us, at least they're putting our hard earned tax payer money to good use. BTW, when do we get to switch to a IPv6 based Internet with IPSec enforced on all routes?
-- stoops
1. Re:It's so nice of the NSA by mellon · 2013-10-04 05:16 · Score: 0
  
  IPsec isn't that interesting if the keys are all compromised.
2. Re:It's so nice of the NSA by 0123456 · 2013-10-04 05:26 · Score: 1
  
  IPsec isn't that interesting if the keys are all compromised.
  Duh. No form of encryption works if the keys are all compromised.
  However, IPSEC supports forward secrecy, which should always be used where available. That means they can't easily decode a recorded IPSEC session even when the keys are compromised, only launch man-in-the-middle attacks.
3. Re:It's so nice of the NSA by TheResilientFarter · 2013-10-04 05:33 · Score: 2
  
  My understanding is whenever quantum computing reaches its whatever level of computations, FS won't work when at least one of the private keys is known. Many are running on the assumption that many encrypted sessions are being archived for later decryption.
4. Re:It's so nice of the NSA by mellon · 2013-10-04 13:44 · Score: 1
  
  Right, the problem is that IPsec doesn't really solve the keying problem. The most typical use of IPsec depends on PKI, which is at risk from other NSA attacks. Opportunistic encryption and ssh-style leaps of faith are not without value, but you can't just wave your hands and say "IPsec," any more than you can hand someone who's never baked a five pound bag of flour and some yeast and expect them to produce a loaf of bread.
Govt. won't be happy by darrellg1 · 2013-10-04 05:15 · Score: 2, Insightful

until it can monitor EVERYTHING. The end result of that will be CONTROL. Smart TVs? Built in cameras. How long until they start REQUIRING being monitored?
1. Re:Govt. won't be happy by Anonymous Coward · 2013-10-04 05:25 · Score: 5, Funny
  
  You call them "Smart TVs." I call them "telescreens."
2. Re:Govt. won't be happy by interkin3tic · 2013-10-04 05:55 · Score: 5, Insightful
  
  How about we not personify the government? I find it more useful. Understanding the factors and motivations at work will allow us to respond appropriately, or at least properly understand why this keeps happening.
  
  Here's how I see it: Government agencies tend to take the path of least resistance to accomplish their assigned goals. Spy agencies goals are to monitor and identify threats. It's much easier to monitor everyone online rather than the comparatively difficult task of getting a proper subpoena for each individual being monitored.
  
  The reason this is easier is because it's allowed by the government and tolerated by the people (at least enough to let it stand, we're not taking to the streets with torches and rope). Due process has not been updated to cover this in a way most of us feel would be appropriate. There are probably other barriers against this type of behavior that more knowledgeable people could come up with. They should be there, but they're not.
  
  The officials in charge likely know that there is only so much they can abuse that power before it's taken away from them. If it came out that the NSA had found a way to listen in on every conversation and track you at the moment, and the public understood it and wasn't successfully distracted from it, the NSA would have it's powers trimmed. And then their job would be harder again.
  
  So it's not that they're just voyeurs who will stop at nothing to have a live feed on your sphincter. It's more that we want to have our cake and eat it too. We want the NSA to protect us from the boogeymen terrorists, and we don't want them to spy on us either. But we're more flexible on the latter, so there you have it.
  
  We'd need to keep limiting the NSA from taking the easiest paths we don't want them to take, but we're also lazy and apathetic as a nation.
3. Re:Govt. won't be happy by Anonymous Coward · 2013-10-04 07:20 · Score: 0
  
  It is curious, inteligence agencies are not able to avoid mass shootings, crazy drivers and marathon bombs with all their hard work looking into everybody's business.
  BTW took them eleven fucking years and one war to get Bin Laden, and Al Zawahiri is still out there as strong as ever. The american people should wake the fuck up and understand that terrorists do not use google.com or facebook.com, they use BOMBS and relegion.
  NSA have got the internet under their pockets to get advantages to the american corporation (aka government), its all about making $$ over others countries and industries.
  This. Is. Not. About. Your. National. Security.
4. Re:Govt. won't be happy by Anonymous Coward · 2013-10-04 07:51 · Score: 0
  
  I call them "telescreens."
  And I call them tablets, smartphones, laptops ... there's not much electronics kit these days which doesn't have a camera or two built in.
  Come to think of it, are you sure your car's backup camera isn't silently recording/transmitting every place you've been?
5. Re:Govt. won't be happy by Anonymous Coward · 2013-10-04 08:07 · Score: 0
  
  The road to hell is paved with good intentions.
  Their intentions and motivations are irrelevant, their words demonstrably proven to be untrustworthy and their actions speak loudest of all.
6. Re:Govt. won't be happy by interkin3tic · 2013-10-04 09:16 · Score: 2
  
  I'm not saying their intentions justify their actions, only that if you want to understand their actions, that is their intent. Knowing that should shape how we respond. For instance, we'd be idiots to simply demand the NSA heads be fired and then leave it at that: any new heads of the NSA will get right back to doing the same things before too long. Changing the path of least resistance from running through "spy on everyone at all times" is what needs to happen. That's tougher than band-aid solutions like "vote for someone who makes vague promises to get tough on the NSA" but is the only thing that will be effective.
7. Re:Govt. won't be happy by steelfood · 2013-10-04 10:40 · Score: 1
  
  Here's how I see it: Government agencies tend to take the path of least resistance to accomplish their assigned goals.
  It's a bit more than that. There's a smell of corruption, on a very large scale.
  The government can forcibly compel companies in the U.S. to work for them in secret. This ability to perform MITM/MITS attacks is only due to the free pass they're given to intimidate any entity into cooperating with them (see Qwest for an idea of what happens if someone doesn't cooperate).
  That's secret police type of stuff right there, and antithetical to this country's founding principles. This isn't the path of least resistance. This is government turning on its population. It's degredation of the fundamental inalienable rights of the People via ever-expanding government powers enabled by a systemic, protracted attack on the system of checks and balances. To put it another way, it's the SS and KGB, 21st-century style.
  But unlike similarly-repressive governments like Iran and China, this isn't motivated by religion or ideology. It's motivated by the plain old simple human greed of those with money.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
8. Re:Govt. won't be happy by Anonymous Coward · 2013-10-05 15:22 · Score: 0
  
  until it can monitor EVERYTHING. The end result of that will be CONTROL. Smart TVs? Built in cameras.
  How long until they start REQUIRING being monitored?
  You would rather be monitored than to have a piece of tape on your TV?
Dichotomy by plover · 2013-10-04 05:15 · Score: 2

People often claim that the NSA is watching exit nodes, and can tie Tor traffic back to the users. This apparently claims the opposite.
So do we know for sure if this a real leak, or was this "leaked"?

--
John
1. Re:Dichotomy by pipatron · 2013-10-04 05:22 · Score: 1
  
  Of course they are watching exit nodes. Everybody should assume they do (also the person running the node will watch, and that person's ISP).
  However, I have never heard anyone claiming they can tie the traffic back by watching the traffic, other by the well know timing attacks that they *do* talk about in the article. Basically, they see some traffic exit the node at the same time as they see similar traffic at some completely unrelated place in the network, building up statistics which can identify a suspect over time. This is why they say they have limited success.
  
  --
  c++; /* this makes c bigger but returns the old value */
2. Re:Dichotomy by blueg3 · 2013-10-04 05:36 · Score: 2
  
  No, this article states directly what most people are really saying. People say that NSA controls quite a few exit nodes, but we're not really sure how many. If they controlled a lot, they could deanonymize Tor traffic. According to TFA, NSA knows full well exactly this and tried it, but couldn't gain control of a sufficient number of exit nodes. That's not surprising, it really would take controlling quite a lot of exit nodes.
  The more real danger is mentioned in the article, also. Your computer and the connection from the exit node to the site you're visiting are the main weaknesses in Tor. The exit node has an ideal man-in-the-middle position over your traffic, and the NSA is one of the most benign malicious actors running exit nodes. Any HTTP connection over Tor is idiotic and any HTTPS session should be examined carefully.
3. Re:Dichotomy by Threni · 2013-10-04 06:14 · Score: 1
  
  They don't have to 'control' exit nodes, as in compromise or seize them. They can simply run thousands of exit nodes so that the chances are you'll use one of them. They could also run thousands of regular nodes to do traffic analysis. Finally, they can work with ISPs to monitor other people's exit node usage. None of this is very complicated if people are compelled to obey you.
4. Re:Dichotomy by Anonymous Coward · 2013-10-04 06:43 · Score: 1
  
  The presentation is six years old. They probably have more techniques by now.
5. Re:Dichotomy by fustakrakich · 2013-10-04 06:53 · Score: 1
  
  So do we know for sure if this a real leak, or was this "leaked"?
  That's the million dollar question for all these affairs.
  
  --
  “He’s not deformed, he’s just drunk!”
6. Re:Dichotomy by hacker · 2013-10-04 09:21 · Score: 1
  
  According to TFA, NSA knows full well exactly this and tried it, but couldn't gain control of a sufficient number of exit nodes. That's not surprising, it really would take controlling quite a lot of exit nodes.
  Are we sure they didn't just root the botnet around mid-August/early September?
  http://www.infosecurity-magazine.com/view/34453/massive-botnet-is-behind-tor-usage-spike-/
  Can we be absolutely certain that the botnet itself, and every single node, is 100% secure and non-rootable from the NSA's 0-day toolkits?
7. Re:Dichotomy by chihowa · 2013-10-04 10:35 · Score: 1
  
  That's what the person you're replying to just said. Although, from the article, they apparently aren't running enough nodes to quite pull this off.
  They can't just run all of these nodes from their own block of addresses, so I assume distributing enough nodes across the world is limiting their ability to properly analyze the network. There are only 4000 relay nodes and fewer than 1000 exit nodes, so there must be some operational limitation on their ability to outnumber the other nodes and own the network.
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
8. Re:Dichotomy by Anonymous Coward · 2013-10-04 11:32 · Score: 0
  
  They could "modulate" exit router traffic rates (by active throttling) and then try to correlate the signal they modulate on the exit router stream with the encrypted client data streams. For German users, GCHQ/NSA can probably do this in an excellent fashion, as they control the transatlantic cables.
  Time to ratchet up mixnet security levels. Go for constant bitrates with txmitting bogus packets when bandwith not required.
9. Re:Dichotomy by Threni · 2013-10-04 11:33 · Score: 1
  
  Do you have any idea what the NSA's budget is? How many people they have working for them, or other arms of the US government? You seriously think they'd struggle to get, say, 10,000 pcs on domestic ISPs around the world to operate as exit nodes? Perhaps you can explain why this would pose a problem for them?
10. Re:Dichotomy by Anonymous Coward · 2013-10-04 11:36 · Score: 0
  
  There was a story here a few years ago how USG took over virus botnets for their own nefarious purposes. Sure as hell they can use this resource to shut down the entire TOR system any moment. Or modulate traffic rates to perform side-channel correlation/route identification attacks. TOR is quite weak at this point - in the future, constant bitrates must be used to defeat traffic/bandwith rate analysis.
11. Re:Dichotomy by Anonymous Coward · 2013-10-04 11:39 · Score: 0
  
  Given your numbers (which I consider proper), that all sounds like a RUSE. Or should i call it "Maskirovka" ?? They have billions of dollars but cannot afford a few thousand cable modem lines ? No a plausible story.
  If every NSA/CSS soldier simply plugged a computer to his personal modem, they would be the majority of all nodes.
12. Re:Dichotomy by Anonymous Coward · 2013-10-04 11:44 · Score: 0
  
  Trouble reading much? That's what he was saying!
13. Re:Dichotomy by Anonymous Coward · 2013-10-04 22:41 · Score: 0
  
  No, fuckwit, he was saying the opposite:
  "so I assume distributing enough nodes across the world is limiting their ability to properly analyze the network"
  How could that possibly be a problem for them?
  Are you special or something?
Tor site says so by Rato+Ruter · 2013-10-04 05:18 · Score: 2

To make a long story short, Tor warns about this in the site, if not with the exact words, anyone capable of watching outgoing traffic from a machine and incoming traffic to the destination server may be able to match both. Thinking that most internet traffic goes through the US, it not really a surprise they are able to do so. Saying they will *never* be able to de-anonymize all Tor users to me sounds like a trap, an attempt to make users feel safe, but instead might just be a computational power issue.
Insufficient data to draw useful conclusions by IamTheRealMike · 2013-10-04 05:18 · Score: 5, Interesting

A few days ago a well known Tor developer was getting angry on Twitter because he thought the Guardian was holding back a story on Tor due to redacting requests and pressure from governments.
The presentations cited date from 2007. That's 6 years ago and tells us diddly squat about their current capabilities. All it tells us, really, is that in 2007 they had developed some working techniques in the lab, and were talking about the same kinds of attacks that were being discussed in public. It also tells us they use custom malware - but that was already revealed previously.
The Snowden files contain a complete copy of GCHQ's internal wiki. It seems highly unlikely that there is no further information on Tor after 2007. Rather, it feels like the British and American governments treat their capabilities against Tor as one of their most valuable secrets and applied significant pressure, the resulting compromise being "you can make a story about Tor, as long as it's based on old information that is no longer relevant".
1. Re:Insufficient data to draw useful conclusions by Anonymous Coward · 2013-10-04 05:28 · Score: 0
  
  News organisations and journalists are a shame. They'd be given the Pentagon Papers and instead publish something about WWI.
2. Re:Insufficient data to draw useful conclusions by Anonymous Coward · 2013-10-04 05:37 · Score: 0
  
  Yeah, something doesn't pass the sniff test here. Either it's just old or the whole presentation was just a honeypot that suckered Snowden & Co., but Tor regularly admits that it can be deanonymized with timing attacks if the attacker can see all the traffic everywhere, which is exactly what PRISM is for.
3. Re:Insufficient data to draw useful conclusions by Anonymous Coward · 2013-10-04 07:56 · Score: 0
  
  +1
  5 years is an very long time in the computer world.
  The question boils down to: Why would they give up?
4. Re:Insufficient data to draw useful conclusions by AHuxley · 2013-10-04 17:21 · Score: 1
  
  Hi Mike,
  http://cryptome.org/2013/10/questioning-snowden-truth.htm
  21 points on the capabilities, govs been governments consulted, the terms "selected" "withholding"
  
  --
  Domestic spying is now "Benign Information Gathering"
5. Re:Insufficient data to draw useful conclusions by Yvanhoe · 2013-10-04 17:46 · Score: 1
  
  The more it unfolds, the more I feel like Snowden is a counter-intelligence operation to stop talking about Assange. Snowden teaches us nothing new, makes vague claims, redacts useful contents.
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Instead of an Arab Spring by Anonymous Coward · 2013-10-04 05:19 · Score: 1, Insightful

Man, it's about time we had an American Spring... before it becomes impossible.
1. Re:Instead of an Arab Spring by i_ate_god · 2013-10-04 05:40 · Score: 5, Insightful
  
  so will this result in a theocratic christian government run by the bible belt?
  
  --
  I'm god, but it's a bit of a drag really...
2. Re:Instead of an Arab Spring by CanHasDIY · 2013-10-04 06:08 · Score: 1
  
  At least then they'd be consistent.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
3. Re:Instead of an Arab Spring by Lunix+Nutcase · 2013-10-04 06:27 · Score: 1
  
  Then get off your fat ass and do something rather than expecting others to do all the work.
4. Re:Instead of an Arab Spring by Anonymous Coward · 2013-10-04 06:29 · Score: 1
  
  Christian extremists blackmailing the government? Noooooo, that could heeeevaaaa happen...
5. Re:Instead of an Arab Spring by Anonymous Coward · 2013-10-04 06:31 · Score: 0
  
  so will this result in a theocratic christian government run by the bible belt?
  Just nuke'm from orbit. It's the only way to be sure.
6. Re:Instead of an Arab Spring by Brucelet · 2013-10-04 07:40 · Score: 1
  
  The Right tried that, and just ended up with the Tea Party obstructing everything. The Left tried it too and got the Occupy movement which never gained enough traction.
7. Re:Instead of an Arab Spring by CreatureComfort · 2013-10-04 07:48 · Score: 1
  
  Hey, I scream at the TV in outrage. Does that count?
  
  Well, when I turn off the PS3 to take a break from GTA V...
  
  --
  "Unheard of means only it's undreamed of yet,
  Impossible means not yet done." ~~ Julia Ecklar
8. Re:Instead of an Arab Spring by magic+maverick+ · 2013-10-04 09:09 · Score: 2
  
  You're a fucking nutbag.
  
  --
  HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
9. Re:Instead of an Arab Spring by cold+fjord · 2013-10-04 09:23 · Score: 0
  
  In other words, you have no facts to contradict that? Fine then.
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
10. Re:Instead of an Arab Spring by Anonymous Coward · 2013-10-04 13:20 · Score: 0
  
  Isn't that what you already have?
11. Re:Instead of an Arab Spring by magic+maverick+ · 2013-10-04 21:58 · Score: 1
  
  I'm not arguing with you. Please understand that. I'm just insulting you. I don't need facts to insult you. (Though the fact that you are a fucking nutbag is obvious to see from your posts.)
  
  --
  HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
12. Re:Instead of an Arab Spring by cold+fjord · 2013-10-04 22:06 · Score: 1
  
  Hmmm, well then, it appears that didn't work out the way you planned. I feel amused, not insulted. Of course the important thing is that even if I had felt insulted, that still wouldn't alter the facts. I am slightly curious though, what is it that you think is odd about the post, since it is simply factual information. Is it the implication which might clash with your preconceptions? Or perhaps the unexpected nature of it? Or you just don't like it?
  
  --
  much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
13. Re:Instead of an Arab Spring by Anonymous Coward · 2013-10-05 01:34 · Score: 0
  
  l can only comment on your link about the Malmö rowdy youth problems. In the small passage about Malmö (most of the linked text have nothing to do about Malmö and contains only unrelated and empty rethorique) is totally blown out of proportions. The problem was caused by a small group of rowdy kids, during a period shortly after the "riots" begun, backed by a handfull of young adults (the kind of trouble makers that travels around the country/Europe looking for brawls, be it sport events or political events, it doesn't matter to them, they just wants a fight with minimal risk of getting caught).
  A kid can of course be as dangerous as any adult, and a large enough group of kids on their home turf can be really dangerous. But what is important, none of the kids had any backing in their actions from their parents or any local adults. In the cases where the kids got identified, their parents was both surprised and emberrassed of what they had done, many of them taking sides against their youth in Swedish news media. Most important, as kids grow up, most of them get wiser, this is a problem that will vanish as time passes by (but, of course, there will always be new stupid kids, and occations when they get out of control, this is the second "riot" in Malmö this century (as reported by some media), the small city I live in have had several larger, and more dangerous, brawls during this same period, but no news media report about this as it is only youth of Swedish ethnicity involved).
  I spent a two week bicycle vacation in Malmö this summer. It is a wonderful and friendly city. A majority of its inhabitants seem to be of other ethnicities then Swedish, but I never, as an ethnic Swede, felt any hostility: all the people I met was really, really, genuinly nice (strictly speaking, those that have had their roots for countless generations in Malmö are ethnic Danes (they speak Danish dialects, separeted in the 18th century from the Danish dialects spoken in Denmark, and have a Dano-Swedish mix of traditions). Living in central Malmö, I could reach every part of the city by bike within half an hour, and I visited all areas of the town, including the ones where the "riots" took place a few months earlier.
Ehhh... by Temtongkek · 2013-10-04 05:21 · Score: 0

I'm no expert, but this doesn't feel right. I really can't explain it, so I won't even try...just feels like things are being "let loose" into the wild on purpose, as opposed to actual documents surfacing because of Snowden. I may very well be wrong, but the whole scope of things just feels...off.
1. Re:Ehhh... by pipatron · 2013-10-04 05:32 · Score: 1
  
  I think it's because Snowden didn't release it all, like Manning, but just released a small part of it, and only to a newspaper. He claimed to have his reasons for this, not that I agree with them. Something about how the Manning files identified some people, and that Snowden didn't want that to happen.
  
  --
  c++; /* this makes c bigger but returns the old value */
2. Re:Ehhh... by magic+maverick+ · 2013-10-04 09:15 · Score: 2
  
  Manning didn't release everything at once. That was a Guardian journalist. Manning gave the lot to Wikileaks, who worked with the newspapers to release little bits at a time. Then some idiot at the Guardian told everyone the key to the encrypted load, and it all got out. But don't blame it on Manning, who did exactly what Snowden did later (i.e. give the stuff to pros, who then went through it and published a little at a time).
  
  --
  HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
3. Re:Ehhh... by AHuxley · 2013-10-04 17:30 · Score: 1
  
  The term limited hangout http://en.wikipedia.org/wiki/Limited_hangout, there was also this early on http://gawker.com/naomi-wolf-is-a-snowden-truther-513470303
  http://cryptome.org/2013/10/questioning-snowden-truth.htm
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:Ehhh... by AHuxley · 2013-10-06 18:18 · Score: 1
  
  Some more views Tem
  http://cryptome.org/2013/10/nsa-tor-disinfo.htm
  http://cryptome.org/2013/10/nsa-ego-differ/nsa-ego-differ.htm
  
  --
  Domestic spying is now "Benign Information Gathering"
duh.. by Anonymous Coward · 2013-10-04 05:21 · Score: 3

For Tor browsing you should use a different browser and OS, in a VM, than the one you normally use.
1. Re:duh.. by TheResilientFarter · 2013-10-04 05:38 · Score: 1
  
  I run Secret Agent in FF. Doesn't that accomplish basically the same thing?
2. Re:duh.. by Anonymous Coward · 2013-10-04 05:40 · Score: 0
  
  For Tor browsing you should use a different browser and OS, in a VM, than the one you normally use.
  I.e. IE running on Windows 8.
3. Re:duh.. by Anonymous Coward · 2013-10-04 05:44 · Score: 0
  
  A good first step would be to put Tails OS on a bootable USB drive and only use that to access tor services.
4. Re:duh.. by pipatron · 2013-10-04 05:50 · Score: 1
  
  Uhm, heh...
  No. Sorry.
  From the look of that website, you probably have some nice tracking installed now though.
  
  --
  c++; /* this makes c bigger but returns the old value */
5. Re:duh.. by TheResilientFarter · 2013-10-04 05:58 · Score: 1
  
  Why do you say that?
6. Re:duh.. by pipatron · 2013-10-04 06:19 · Score: 1
  
  I'm just judging the book by its cover. It looks like it's design to lure people with flashy but cheap looking animations.
  Anyway, changing your browser string won't make you less trackable. They don't use those for tracking individual users.
  
  --
  c++; /* this makes c bigger but returns the old value */
7. Re:duh.. by turgid · 2013-10-04 08:55 · Score: 1
  
  ...on an obscure binary architecture. Might I suggest eZ80. But it's only 24-bit so you'll need at least two wired up in parallel to run 32-bit code. Add one more and you can probably run a 64-bit OS. It has built-in TCP/IP so the slow clockspeed shouldn't be a problem.
  
  --
  Stick Men
8. Re:duh.. by TheResilientFarter · 2013-10-04 08:56 · Score: 1
  
  It is a website all about how to fight Phorm. The string is part of how they track users. Facebook and Google have both admitted to such. Check out Panopticlick at the EFF.
9. Re:duh.. by Anonymous Coward · 2013-10-04 23:55 · Score: 0
  
  ...on an obscure binary architecture. Might I suggest eZ80. But it's only 24-bit so you'll need at least two wired up in parallel to run 32-bit code. Add one more and you can probably run a 64-bit OS. It has built-in TCP/IP so the slow clockspeed shouldn't be a problem.
  That would only make for a highly unique device fingerprint? And it means old vulnerabilities may not be fixed.
10. Re:duh.. by Anonymous Coward · 2013-10-05 01:50 · Score: 0
  
  Not if you compile with -fomit-instructions.
Dont forget stupid people. by Kenja · 2013-10-04 05:22 · Score: 2

For example, the silk road guy who legally changed his name to his handle ("frosty") and then used said name in his encryption key.

--

"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
They target Tor via the ISP's by John3 · 2013-10-04 05:27 · Score: 5, Interesting

I've been running Tor on my home FIOS connection for about six months in non-exit relay mode. Last month I received a registered letter from Verizon notifying me that I was using excessive bandwidth and that my connection would be terminated in ten days if I did not cease and desist. From what I read there were less than 100 FIOS customers that received this letter, and it was sent to folks who used upwards of 10tb per month. The paranoid conspiracy theorist in me says that the NSA encourages ISP's to crack down on Tor relays, while the annoyed consumer in me looks on it as a ploy by Verizon to sell me a commercial fiber service. Either way, I don't have the inclination or money to fight this battle, and so I shut down my Tor relay for now. Interesting to note that we were blocked from accessing Hulu Plus from our home as they had identified my IP as a Tor relay. Now that the relay has been off for a few weeks I should try connecting to Hulu again to see how long they blacklist IP's for.

--
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
1. Re:They target Tor via the ISP's by Anonymous Coward · 2013-10-04 05:44 · Score: 0
  
  Now that the relay has been off for a few weeks I should try connecting to Hulu again to see how long they blacklist IP's for.
  A long time ago (in a galaxy far, far away) I ran a tor exit node. Years after shutting it down, my IP-address was still blocked at various sites.
  I hope you don't have to wait that long.
2. Re:They target Tor via the ISP's by airdweller · 2013-10-04 05:47 · Score: 1
  
  Can't you just throttle the relay bandwidth?
  Odd. Why would Hulu care whether anyone is a Tor node?
3. Re:They target Tor via the ISP's by LordKaT · 2013-10-04 05:47 · Score: 1
  
  I run a non-exit Tor node, and have not received any letter like this, on FiOS. Although, I DO limit my bandwidth consumption via Tor.
4. Re:They target Tor via the ISP's by Anonymous Coward · 2013-10-04 05:50 · Score: 0
  
  it was sent to folks who used upwards of 10tb per month
  and you don't think that *this* was the reason you got the termination notice? you're still as clueless know as you were when you set up the software without configuring speed or bandwidth usage limits.
  10 terabytes per month is equal to over 30 megabits/sec *continuously* for the entire month... you may need both hands to count the number of terms in your tos/aup you're in violation of with that usage pattern on verizon fios residential service.
5. Re:They target Tor via the ISP's by Anonymous Coward · 2013-10-04 05:51 · Score: 0
  
  Yep, it's annoying when sites blacklist you even if you're a non-exit. On another note, perhaps the Tor software could have some bandwidth limiters. Then you could be sure that there's ulterior motives behind the letter.
6. Re:They target Tor via the ISP's by John3 · 2013-10-04 05:53 · Score: 1
  
  I was running as an exit relay for a while. Trying to do as much as I could, but then realized it was not that great an idea to run exit from a home ISP connection. We received several letters about illegal activity so decided to step it back a notch and just run regular relay.
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
7. Re:They target Tor via the ISP's by geekamole · 2013-10-04 05:55 · Score: 1
  
  I'm curious about the Hulu Plus situation--why would they have a reason to block a non-exit relay? Was your relay a listed one or a non-listed one (a.k.a. obfuscated bridge, I think)?
8. Re:They target Tor via the ISP's by John3 · 2013-10-04 05:55 · Score: 1
  
  I'm sure my problem was Tor was running at full throttle. I will set it up again in a month or two and throttle the bandwidth to reasonable levels.
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
9. Re:They target Tor via the ISP's by Anonymous Coward · 2013-10-04 06:00 · Score: 0
  
  Does tor not disguise itself as web traffic? Whatever else it does it should look like ordinary HTTP(s) noise.
  I'm not familiar with tor so maybe it's a naive question.
  As for the GP .... um, 10tb/month .... you are the reason ISPs have to establish caps.
10. Re:They target Tor via the ISP's by LordKaT · 2013-10-04 06:05 · Score: 1
  
  Yeah, that was probably your problem. Also, keep a check on any torrents you have running - running those at full tilt can consume an ass-load of bandwidth too.
  Tor basically asks "how much bandwidth can I use" and then uses it. I have to keep an eye on it because I run a live stream at HD resolutions, and being conscious of my bandwidth usage is priority #1.
11. Re:They target Tor via the ISP's by John3 · 2013-10-04 06:07 · Score: 1
  
  FIOS advertises as "No limits", and the tos/aup doesn't specify bandwidth. It does, however, specify that you can't run servers on a residential line so that's the tactic they use. And I knew there were bandwidth throttles in Tor, I just didn't expect Verizon to have an issue with the usage since they had advertised "No limits".
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
12. Re:They target Tor via the ISP's by John3 · 2013-10-04 06:09 · Score: 1
  
  Tor was configured as an exit relay for about two weeks. I think that was what kicked in the issue with Hulu. Another user posted in the thread that he ran exit relay and was blocked by Hulu for several years.
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
13. Re:They target Tor via the ISP's by tacokill · 2013-10-04 06:16 · Score: 1
  
  Why would you have problems with Hulu if you are a non-exit relay? I don't understand how that can happen or how Hulu even knows you're running a tor relay.
  
  If you are running a Tor relay AND setup as an exit node, then I get it.
  
  Please clarify.
14. Re:They target Tor via the ISP's by John3 · 2013-10-04 06:29 · Score: 1
  
  Sorry, didn't post the complete timeline. I ran as an exit node for a few weeks but stopped when I received a couple of letters questioning activity that came through my IP address. That was what probably got me blacklisted with Hulu. I will likely reconfigure Tor with bandwidth limits and set it up again in a few weeks.
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
15. Re:They target Tor via the ISP's by Anonymous Coward · 2013-10-04 06:33 · Score: 0
  
  Hulu is not available in all places because of legal issues around copyright, TOR is used to bypass those restrictions.
16. Re:They target Tor via the ISP's by Anonymous Coward · 2013-10-04 06:35 · Score: 0
  
  Interesting to note that we were blocked from accessing Hulu Plus from our home as they had identified my IP as a Tor relay. Now that the relay has been off for a few weeks I should try connecting to Hulu again to see how long they blacklist IP's for.
  That is interesting, Hulu shouldn't be blocking Tor relay nodes, it's the exit nodes that they should be blocking.
  It's obvious that they are blocking EVERY Tor node listed rather than just those that exit said traffic.
  Maybe we should tell the EFF that compiling lists of EVERY Tor server is a bad idea.
17. Re:They target Tor via the ISP's by omnichad · 2013-10-04 06:37 · Score: 1
  
  well..they said non-exit, so probably not.
18. Re:They target Tor via the ISP's by larry+bagina · 2013-10-04 06:40 · Score: 2
  
  node-to-node traffic is encrypted, usually on port 9001. At the exit node, it's decrypted and sent to the final destination as standard traffic. Standard trafic with the exit node's IP address, that is.
  Start posting goatse and tub girl links on slashdot and see how long it takes for your ip address to get blocked. Bonus points if you can crapflood to the point you get some pink. Then try sending some spam. I'm sure you can imagine how an exit node IP address gets put on a block list.
  Tor does let exit nodes specify which ports are allowed.
  
  --
  Do you even lift?
  These aren't the 'roids you're looking for.
19. Re:They target Tor via the ISP's by tacokill · 2013-10-04 06:40 · Score: 1
  
  Got it. That makes perfect sense now. Yes, that is certainly what got you blacklisted. Thanks for the clarification. I have run a relay but never an exit node for precisely this reason. I can't believe you ran it for 2 weeks without hearing from Verizon before that time.
  
  Did you know you can run tor and be a relay without being an exit node? That still helps the Tor network tremendously so you might consider that if you aren't able to be an exit node anymore.
20. Re:They target Tor via the ISP's by John3 · 2013-10-04 06:47 · Score: 1
  
  Yes, I'm going to set it up again in a few weeks, as a non-exit relay and with a bandwidth cap. I jumped in with both feet without looking, not usually a good idea. :)
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
21. Re:They target Tor via the ISP's by SecurityTheatre · 2013-10-04 06:51 · Score: 1
  
  Hulu doesn't allow connections for anyone outside the US. They have copyright holders with a gun to their head so they have to be extreme dicks about blocking non-US access, including all proxies they know of...
22. Re:They target Tor via the ISP's by onyxruby · 2013-10-04 08:10 · Score: 1
  
  I'm not so sure Tor was your problem. Tor is notoriously slow and the amount of bandwidth it would have used probably didn't come close to using 10TB of data. I'm more including to think your systems got owned and you were acting as a spam relay or other such service.
  The amount of bandwidth you were using goes far beyond the using Netflix, Hulu, Amazon Prime, downloading all the Linux ISO's and every episode of your favorite show and every game of your favorite sport the last 50 years. Even someone going crazy with downloading warez would have a hard time using that kind of bandwidth.
  Obviously I don't know your setup, but if I worked at Verizon I would be having a look at your traffic to see if you had become a bot in someone's control.
23. Re:They target Tor via the ISP's by ElKry · 2013-10-04 08:27 · Score: 1
  
  Hulu doesn't allow connections for anyone outside the US. They have copyright holders with a gun to their head so they have to be extreme dicks about blocking non-US access, including all proxies they know of...
  They don't have copyright holders with a gun to their head, they *are* copyright holders.
  
  "Hulu is a joint venture of NBCUniversal Television Group (Comcast), Fox Broadcasting Company (21st Century Fox) and Disney–ABC Television Group (The Walt Disney Company)"
24. Re:They target Tor via the ISP's by John3 · 2013-10-04 09:11 · Score: 1
  
  The Tor bandwidth chart looked like it was pretty much using 75% of my 100Mbps fiber line 24/7. I disabled Tor and Verizon didn't shut me off so my usage must have dropped. I'm not a computer professional, but I have been maintaining web and email servers for my hardware store since 1995 (BBS systems before that) and I know my PC wasn't a bot.
  
  I'm not a math whiz when it comes to computing bandwidth, but it appears to me that 10tb per month works out to an average of 4Mbps over 30 days so that's definitely something that could come just from Tor relaying when there is no bandwidth cap set up in Tor.
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
25. Re:They target Tor via the ISP's by onyxruby · 2013-10-04 10:22 · Score: 1
  
  Going with your numbers I would still be concerned and want to check things out as that would leave you with 2.5tb of bandwidth for a month which is a lot for a hardware store. You might be running a server for the Internet where you sell hardware, but even then it sounds excessive and I would be concerned. I would set up WireShark on another system and mirror your ports one at a time and have a look at your traffic.
  Now I won't argue your point that you ought to be able to use your advertised bandwidth at all. Internet in this country is an abomination compared to what it should be. I'm not trying to criticize you, so please don't be offended.
26. Re:They target Tor via the ISP's by chihowa · 2013-10-04 10:48 · Score: 1
  
  It's not a secret where the exit nodes are. In fact, none of the nodes are kept secret.
  That said, you usually don't get blocked from websites for hosting a relay node, though you certainly do get blocked from many sites (this one included!) for hosting an exit node.
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
27. Re:They target Tor via the ISP's by John3 · 2013-10-04 11:57 · Score: 1
  
  No offense taken, and I certainly suspected a possible virus. However, this was on my home PC, the only PC that is on 24/7. I ran Wireshark, netstat, and assorted other utilities to check the activity, the PC is clean. I was occasionally running uTorrent, but the torrents I was seeding were low demand (live shows shared via Dime A Dozen) and that program was throttled.
  
  Now I don't know for a fact exactly how much bandwidth I was using. I am basing the 10 terrabytes on the published news stories. Perhaps I was using nowhere near that, and Verizon has not been forthcoming about the limits (at least not to me) so maybe it really was just about Tor.
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
28. Re:They target Tor via the ISP's by AHuxley · 2013-10-04 16:15 · Score: 1
  
  Hi john, re the virus aspect.
  Recall the US hints at tame antivirus vendor cooperation. With tame lawyers, tame telcos, tame US software/hardware providers...
  https://en.wikipedia.org/wiki/Magic_Lantern_(software)
  The virus/AV US cooperation aspect sounds interesting again.
  
  --
  Domestic spying is now "Benign Information Gathering"
29. Re: They target Tor via the ISP's by Anonymous Coward · 2013-10-05 05:02 · Score: 0
  
  Guess what, advertisements and marketing lies 100% of the time.
  Get factual and read them legalese. That is the defining thing. The rest is just garbage with shiny covers and bright colors.
War against privacy. by gmuslera · 2013-10-04 05:28 · Score: 2

This is not about monitoring anymore, probably never was

...giving the agency opportunity to launch prepared attacks against their systems
They are actively attacking Tor nodes and clients, be or not outside US, being used for criminal activities or just someone worried about his own privacy.
This is not about defending against terrorists, they are attacking the US citizens that dares to try to have some privacy. Along with foreing citizens worried about the same.
And they are not just forcing everyone to be unsafe, they are too, so others (foreing countries, private companies wanting to get rid of competitors, hacking groups, old-style criminal organizations, even terrorist groups) can use the same tools/backdoors/exploits as them, being either provided by leaks (not just Snowdens unknown predecessors, there are a lot of private companies with high security clearance with access to all of that that could have their own agenda (Snowden worked for one of them), or just plain hacking (like yesterday's Adobe one that could had leaked where Acrobat or Flash have NSA backdoors).
1. Re:War against privacy. by AlphaWoIf_HK · 2013-10-04 05:36 · Score: 1
  
  This is not about defending against terrorists, they are attacking the US citizens that dares to try to have some privacy.
  And these pieces of garbage seem damn smug about it, too; exactly what I'd expect from thugs.
  
  --
  Da derp dee derp da teedly derpee derpee dum. Rated PG-13.
The plan by Anonymous Coward · 2013-10-04 05:33 · Score: 0, Troll

Find FoxAcid related boxes.
Exploit the shit out of said boxes. (win2k3 lol)
Enjoy mayhem.
1. Re:The plan by lgw · 2013-10-04 06:40 · Score: 1, Interesting
  
  Find FoxAcid related boxes.
  Exploit the shit out of said boxes. (win2k3 lol)
  Enjoy mayhem.
  You approach a military roadblock. You see one guy manning the roadblock, and he's unarmed. Why do you think that is?
  When you know an organization cares about security, and you don't see the security, what should you conclude?
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
2. Re:The plan by Anonymous Coward · 2013-10-04 15:34 · Score: 0
  
  Oh, you sound so wise. Please, do tell us the answer to your fantastically clever riddle. We are not worthy of your great intellect. Oh wise one.
3. Re:The plan by Pichu0102 · 2013-10-04 21:09 · Score: 1
  
  For the first, I'd say snipers are watching, with armed people nearby in hiding, possibly in many locations surrounding you watching to see what you do.
  For the second, honeypot.
a related question by tonfagun · 2013-10-04 05:34 · Score: 1

Sorry if the answer to my question is obvious/common knowledge, but is it known why Snowden didn't release the complete data set, e.g. via wikileaks? Why is the Guardian the "gatekeeper" to this information, I wonder?

I mean, I can think of one reason maybe: to protect his own safety perhaps. Maybe he set something up that releases the full data in case he's arrested, or worse. But anyway, that's speculation... anyone knows if there's some definite answer to the question why the complete data isn't torrented yet?
1. Re:a related question by pipatron · 2013-10-04 05:48 · Score: 1
  
  He did claim early on that he did this because he didn't want any personal information about any NSA agents getting out, and I bet the papers are full of them.
  It is, however, a pretty lame excuse IMHO. But I'm not the one with a government agency after me.
  
  --
  c++; /* this makes c bigger but returns the old value */
2. Re:a related question by Anonymous Coward · 2013-10-04 06:04 · Score: 0
  
  because his employer doesn't want those released.
3. Re:a related question by IamTheRealMike · 2013-10-04 06:30 · Score: 5, Interesting
  
  Because he knew that if there was an indiscriminate data dump, governments would use that to distract from the real meat. By getting professional journalists to digest the data into understandable stories, he ensured that would not happen. Also he feels details about specific operations or sites or whatever isn't really important to the debate, which is what he cares about the most.
  Now that said, we'll have to see if he is happy with the current level of disclosures. My impression so far is that he has been very happy with how things worked out. But this is a guy who had EFF and Tor stickers on his laptop. If he knows Tor is broken and the Guardian do stories implying that it's not, it'll be interesting to see if he has any reaction to that. Right now he's lying low because he wanted to fade away so the stories focus on the material - and that's something he has done amazingly well.
4. Re:a related question by lgw · 2013-10-04 06:32 · Score: 1
  
  For non-geeks, the slow release by the Guardian has been the best approach - much as we'd like to know everything all at once, it would be a 1-week story that way. This way the NSA is constantly in the news, every week a new outrage, and it might just possibly make people care.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
5. Re:a related question by tonfagun · 2013-10-04 06:51 · Score: 1
  
  Great answer... didn't think of that. Completely agree, sometimes more would actually be less, certainly when it comes to media attention. I just hope he's watching all of this closely, and if he feels the Guardian isn't doing its job, he'll dump the entire data anyway, maybe with names/addresses striked out.
  You also make another good point, about how he managed to keep a *relatively* low profile... quite different from our favorite activist slash attention seeker Assange. (by the way, I'd mod your comment insightful, but alas, got no mod points)
6. Re:a related question by Anonymous Coward · 2013-10-04 08:45 · Score: 0
  
  The man (Snowden) went to Russia! His biggest mistake he will probably ever do. The reason he has a low profile has nothing to do with his intentions. He's used right now by not very idealist people for the knowledge he has on US security systems.
7. Re:a related question by Anonymous Coward · 2013-10-04 08:54 · Score: 0
  
  Sorry if the answer to my question is obvious/common knowledge, but is it known why Snowden didn't release the complete data set, e.g. via wikileaks?
  I don't know why he didn't, but I can think of a good reason: If you release information on illegal things the government is doing, that's whistleblowing, but if you just grab everything you can and post it on the internet, that's just releasing classified information. It's likely that Snowden has a lot of information and needs time to go through it all to make sure that he's whistleblowing rather than simply releasing classified information.
  Everyone seems to have forgotten that, prior to Bradley Manning, Wikileaks policy was to post anything and everything they receive regardless of whether anyone needs to know or even if anyone wants to know. Most of their leaks were company documents that no one gave two shits about. It was only after Bradley Manning that they decided to become some sort of saint and filter their releases, or at least pretend to do so, since we all know the data came out anyway. ...and even if Wikileaks had made good on their promise to release only the whisleblowing parts of the information, Bradley Manning still released a lot of non-whistleblowing information to them, which is still illegal.
  I can't say I'm surprised that Snowden has had nothing to do with Wikileaks, as they're not nearly as respectable as everyone makes them out to be. It seems that, even with the government treating him as some sort of criminal, he's still attempting to do this the right way and avoid giving irrelevant classified information to third parties.
8. Re:a related question by steelfood · 2013-10-04 10:25 · Score: 1
  
  He doesn't have the specifics from TAO (the branch of the NSA that deals with targeted attacks on tehnically sophisticated individuals), only the high-level overview of how operations are supposed to work.
  So he could be supporting TOR not knowing exactly whether it's vulnurable or not. He thinks it's secure, and I think a lot of experts agree that it's theoretically secure. But if TAO has a working quantum computer in a room that can crack every encryption algorithm, he wouldn't know of it.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
9. Re:a related question by Splab · 2013-10-04 13:00 · Score: 1
  
  So far TOR seems to still be safe, the people getting busted (at least publicly) are people who have been doing something stupid.
  The Silk Road bust was (officially) a chance bust, where false documents where picked up in the mail.
  The Pedo busts that have been going on lately are users using known vulnerable TOR versions, getting infected on windows of all things.
  Also rumors of people getting busted by using same usernames on TOR and public networks and/or having some very distinctive writing styles, allowing analysis specialists to pick them up.
  So so far, TOR still seems to be safe, as long as you aren't doing something really stupid.
  (Do note however, TOR is known to be vulnerable to timing attacks, so you probably don't want someone with global knowledge to be on the opposing force, if you are doing anything illegal)
10. Re: a related question by Anonymous Coward · 2013-10-04 21:07 · Score: 0
  
  Nice try. So what was he supposed to do, stay here so he could be locked up in a secret prison without a trial for years and have his story suppressed by the corporate media?
  You're either a shill or you believe that America should be the land of not making waves.
Foreign government? by Hatta · 2013-10-04 05:35 · Score: 4, Insightful

What the NSA is doing is unacceptable whether or not a foreign government access any of the data. Unless the US government obtains a warrant, based on probable cause, that specifically describes the places to be searched and things to be siezed, this activity is illegal.

--
Give me Classic Slashdot or give me death!
1. Re:Foreign government? by pixelpusher220 · 2013-10-04 05:58 · Score: 2
  
  Sadly, no it isn't illegal anymore. It should, however, be ruled unconstitutional once we manage to pry a case up to a competent SCOTUS (and I'm not sure we have one currently).
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
2. Re:Foreign government? by Hatta · 2013-10-04 06:07 · Score: 2
  
  Of course it's illegal. The laws that they claim make it legal are unconstitutional, and therefore completely null. Congress has no authority to pass a law that makes generalized surveillance legal.
  
  --
  Give me Classic Slashdot or give me death!
3. Re:Foreign government? by SecurityTheatre · 2013-10-04 06:52 · Score: 1
  
  The Patriot Act begs to differ...
4. Re:Foreign government? by pixelpusher220 · 2013-10-04 07:32 · Score: 1
  
  Congress can pass anything it damn well feels like and also why generally you can't challenge a law in court until it's 'harmed' you.
  
  Legal doesn't mean morally right, just that's what the 'law' says, and the law clearly does say they can do this crap. Or at least that's what they tell us it says since until very very recently they haven't even let their interpretation of the law be public.
  
  We have the same opinion of their constitutionality but until SCOTUS rules on them, they are the law and are what defines 'legal' in this country.
  
  --
  People in cars cause accidents....accidents in cars cause people :-D
5. Re:Foreign government? by lgw · 2013-10-04 07:33 · Score: 1
  
  You may be right in principle, but that's not how the system actually works.
  A law no matter how blatantly unconstitutional is still a real law, as meaningful as any other, until someone with standing (someone already hurt by that law) gets a case in front of the SCOTUS, and the SCOTUS doesn't invent some rationale why we'll keep the blatantly unconstitutional law anyway. These days there seems to be a trend just to deny standing, instead of invent every more farfetched reasons why blatantly unconstitutional laws should stand.
  We're really at the mercy of getting a SCOTUS with a deep respect for the Constitution, and that whole idea has been fought full force by the left, because of fears that such a court would overturn Roe v Wade. These days I'm starting to wonder if that whole multi-decade fight wasn't just a staged farce, whereby both parties conspire to pack the court with Justices who are happy to ignore the Constitution while each side can tell it's faithful "we're fighting the good fight on abortion - we did everything we could!"
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
6. Re:Foreign government? by the+eric+conspiracy · 2013-10-04 07:39 · Score: 2
  
  Generalized surveillance is a requirement of government for basic law enforcement. A policeman standing at a corner watching traffic for violations is engaging in generalized surveillance.
  As is the collection of financial transactions for enforcement of tax laws a form of generalized surveillance.
  What is not legal under the Constitution is generalized collection of data that requires a warrant. Government cannot open all the mail. Nor can it listen to all telephone conversations. There is no power under the Constitution for a general warrant. In the 18th century these were called 'writs of assistance' and the 5th Amendment was specifically framed to prohibit them.
  Now however the situation has evolved because of the advance of technology. The capability to collect massive amounts of non-protected data that is exempt from warrant requirements and use that collection to invade the privacy of any and all citizens has dramatically shifted the balance between privacy and public.
  The only reasonable way to address this change is to expand the scope of what data requires warrants.
7. Re:Foreign government? by Anonymous Coward · 2013-10-04 07:46 · Score: 0
  
  You are about 32 years late with your outrage... but good try.
  http://www.archives.gov/federal-register/codification/executive-order/12333.html
8. Re:Foreign government? by Anonymous Coward · 2013-10-04 07:54 · Score: 0
  
  What do you call it when a government does things it has no authority to do?
  Illegitimate.
9. Re:Foreign government? by SpanglerIsAGod · 2013-10-04 10:35 · Score: 1
  
  The NSA and the CIA were not created to do legal things. It's just that they were only supposed to do their illegal things in other countries.
  
  --
  War doesn't show who is right - just who is left.
10. Re:Foreign government? by chihowa · 2013-10-04 11:10 · Score: 1
  
  A law no matter how blatantly unconstitutional is still a real law, as meaningful as any other, until someone with standing (someone already hurt by that law) gets a case in front of the SCOTUS
  The source from which the Supreme Court derives its authority, and ultimately the final arbiter of constitutionality is the people.
  The legal encyclopedia American Jurisprudence says the following in regard to constitutionality:
  
  The general rule is that an unconstitutional statute, though having the form and the name of law, is in reality no law, but is wholly void and ineffective for any purpose since unconstitutionality dates from the time of its enactment and not merely from the date of the decision so branding it; an unconstitutional law, in legal contemplation, is as inoperative as if it had never been passed ... An unconstitutional law is void. (16 Am. Jur. 2d, Sec. 178)
  I understand that you're saying, in reality, the system doesn't operate like this. The problem is that the decision to operate in this manner is a legally inconsistent farce. They are undermining their own legitimacy and it can't end well.
  Undermining the Constitution undermines the only source of authority by which this government operates. If the Constitution is nothing more than a goddamn piece of paper to them, then the government is ultimately not legitimate at all.
  
  --
  If you want a vision of the future, imagine a youtube comments section scrolling - forever.
11. Re:Foreign government? by Anonymous Coward · 2013-10-05 01:58 · Score: 0
  
  It is up to the courts to declare the laws be unconstitutional and therefore, unlawful. Before that happens, the laws are presumed constitutional and binding.
12. Re:Foreign government? by lgw · 2013-10-07 05:49 · Score: 1
  
  I agree with you on the "can't end well". I think we sold ourselves out to ensure the legality of abortion nationwide. If the congress had the courage to pass laws to that effect, we could fill the SCOTUS with "constitutional conservatives" without RvW being important anymore - but a courageous congress seems farfetched indeed.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
They are welcome to target tor by Anonymous Coward · 2013-10-04 05:39 · Score: 0

As I only use it to bypass my countries dns restrictions on the pirate bay Im sure it costs the American government more money in time and effort to get the information than it is worth.
Excessive bandwidth by davidwr · 2013-10-04 05:45 · Score: 1

Well, if you didn't deliberately throttle TOR usage I can see that as an issue.
Memo to anyone with a consumer-grade ISP that doesn't explicitly allow you a specified bandwidth:
Call your ISP and get them to "name a bandwidth" below which you are guaranteed not to be called out for "excessive usage" and/or buy a business-grade service that has specified bandwidth limits.
Don't go over these limits.
Also, if your grade of service doesn't explicitly allow servers, buy one that does. You don't want to give the ISP an excuse to shut you down.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
1. Re:Excessive bandwidth by John3 · 2013-10-04 05:54 · Score: 1
  
  Great advice and something I will look at in a few months once the dust settles. I guess I was too eager to do as much as I could with my shiny new upgraded 100mb FIOS connection. :)
  
  --
  "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
2. Re:Excessive bandwidth by fisted · 2013-10-04 06:15 · Score: 1
  
  100 millibits per what? That'd better be nanoseconds, then.
  
  --
  CLI paste? paste.pr0.tips!
3. Re:Excessive bandwidth by Anonymous Coward · 2013-10-04 06:38 · Score: 0
  
  Wow. A 100 millibit data cap on a FIOS connection. No wonder you got hit with an overage.
"Tor stinks" by davidwr · 2013-10-04 05:49 · Score: 2

Tor, originally sponsored by the United States Navy.
Any questions?

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
1. Re:"Tor stinks" by rangerfan558 · 2013-10-04 12:36 · Score: 1
  
  "Tor, originally sponsored by the United States Navy. Any questions? I've ask this same question, numerous time when discussing Tor with friends.
No money to be made in privacy by Anonymous Coward · 2013-10-04 05:57 · Score: 0

If you're in the business of government, there's not much money to be made in accepting the defaults of human nature -- one of which is that human beings value privacy, and expect others to respect that privacy.
Spying is clearly a violation of
* Freedom of movement
* Freedom of association
Let's put it this way. Would it be normal human behavior for your next-door neighbor to track your daily movements, intercept your communications, and generally know every aspect of your life? Of course not -- he would be considered a stalker. What makes government different? Why is government spying not merely a glorified form of stalking?
The money is made by attacking human nature, not accepting it. If you want to know the real reason government spies on innocent people, look no further than the hundreds of billions of dollars it justifies in spending. The end goal is to (1) create that cash flow in the first place, and (2) leverage it for personal gain.
1. Re:No money to be made in privacy by AlphaWoIf_HK · 2013-10-04 06:02 · Score: 1
  
  Why is government spying not merely a glorified form of stalking?
  Given the amount of authority the government has, it is much, much worse, and far more dangerous than mere stalking, even if it is similar in some aspects.
  
  --
  Da derp dee derp da teedly derpee derpee dum. Rated PG-13.
2. Re:No money to be made in privacy by Anonymous Coward · 2013-10-04 06:31 · Score: 0
  
  Agreed, although I feel it's crucial when evaluating government to compare the behavior of government to normal human behavior. Only then will a person begin to question their motives. If a person accepts that government inherently has the right to behave differently than everyone else, then there's no point in going any further. Government wins by TKO, and human nature loses (freedom along with it).
get a new router and get a new IP address by logicassasin · 2013-10-04 06:04 · Score: 1

or, if your current router supports changing the MAC address do that and get a new IP. It really isn't that hard to get a new IP from your ISP without calling them up.

--
Fifty watts per channel, baby cakes.
1. Re:get a new router and get a new IP address by ub3r+n3u7r4l1st · 2013-10-04 08:51 · Score: 1
  
  spoofing MAC address to distribute copyrighted content is what leads Aaron Swartz to a death sentence.
  
  --
  New Economic Perspectives
2. Re:get a new router and get a new IP address by Anonymous Coward · 2013-10-04 10:25 · Score: 0
  
  Unless its assigned via PPP, Like most DSL connections.
DNS mentioned in the slide deck by Anonymous Coward · 2013-10-04 06:51 · Score: 0

One interesting point in the slide deck was the suggestion that maybe Tor users accessed DNS in such a way as to leave a fingerprint. That begs the question - how much instrumentation does the SIGINT community have on well-known or well-used resolvers and authoritative servers, and at what level? I'm going to crawl back into my hole and put on my tin foil hat now.
Gov't infecting your system by L3370 · 2013-10-04 07:56 · Score: 1

This question is like pissing into a sea of piss but...

How could any evidence collected from an intentionally compromised system be useful to the rule of law? Couldn't a lawyer destroy the shit out a case like this? If a 3 letter agency infects a system, its owned. it is now vulnerable ...how can you prove without a doubt the user of that device is the wrongdoer when the computer is willfully opened up to attack or misuse by parties other than the original intended user? If one party can own it, so can others. And how can you rule out fabrication of evidence when the malicous logic is designed to give control to the very same organization that will be putting the target on trial?

I just can't fathom how this is a good idea for anyone that is trying to uphold the rule of law. Then I remember...We've drone'd American citizens...they aren't even concerned how this looks because the end goal is to not ever bring this shit to light in the first place. Legality has never been the issue because the system was designed to remain secret forever...
1. Re:Gov't infecting your system by tokencode · 2013-10-04 08:12 · Score: 1
  
  That goes back to another revelation called Parallel Construction. If they come across something using a method that won't stand up in court, the create a parallel evidence trail. It was described as State Police somewhere saying to be at a certain rest stop and pull over a grey sedan with plates NSU372 and search it. The police find the car, wait for any minor traffic violation and pull it over. The case is presented to the prosecutor and judge/court as if the investigation started will the traffic stop and not the original information.
2. Re:Gov't infecting your system by the+eric+conspiracy · 2013-10-04 13:57 · Score: 1
  
  Afaik NSA is mostly about gathering information for intelligence purposes. As such they really don't go to court with that information very often.
3. Re:Gov't infecting your system by AHuxley · 2013-10-04 17:37 · Score: 1
  
  As such they really don't go to court with that information very often.
  The GCHQ had to try that in the 1990's and with the new ideas around domestic US court friendly locked boxes - the NSA has new domestic mission visions too.
  
  --
  Domestic spying is now "Benign Information Gathering"
NSA 2006 Report on Tor up now. by eddy · 2013-10-04 09:20 · Score: 4, Informative

"Our goal was to analyse Tor source code and determine any vulnerabilities in the system. We set up an internal Tor network to analyze..." http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-tor-encryption-program/501/

--
Belief is the currency of delusion.
How did you guys miss this? by Anonymous Coward · 2013-10-04 10:39 · Score: 2, Interesting

"It is a Windows 2003 computer configured with custom software and a series of Perl scripts. These servers are run by the NSA's tailored access operations, or TAO, group."
If they are using Windows Server 2003 for their MITM attacks, you would think someone could come up with a way to identify and infect them.
1. Re:How did you guys miss this? by ShaunC · 2013-10-04 13:37 · Score: 1
  
  If they are using Windows Server 2003 for their MITM attacks, you would think someone could come up with a way to identify and infect them.
  Assuming that information is accurate to begin with, I'm pretty sure NSA knows a thing or two about securely deploying a Windows system on the public internet; after all, they wrote the book on it. And I don't think it would be wise to be "that guy" who goes probing for vulnerabilities on NSA's hardware.
  Also, I find it a bit funny that NSA's advice related to the government shutdown is in quote marks: "Due to the Government Shutdown, this site is not being updated."
  
  --
  Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
2. Re:How did you guys miss this? by AHuxley · 2013-10-04 17:46 · Score: 1
  
  White boxes in homes, small business around suburbia with a huge optical pipes and a tame US 'consumer' isp account with interesting bandwidth options?
  Sneaker net support or 1 staff member, connecting only to targeted users.
  All the skilled admin would see was a fraction of a 'small' consumer pipe on a consumer account linked to an exchange in suburbia ie random domestic OS, known bandwidths, known isp... interest fades after fixing and seeing a more work waiting.
  That night, day, week, month, year many more "small" efforts are made.
  
  --
  Domestic spying is now "Benign Information Gathering"
what??? by logicassasin · 2013-10-04 11:25 · Score: 1

You change the mac address by either changing the device you're using or spoofing it. The purpose being to be able to access Hulu again.
Exactly what are you getting at here???

--
Fifty watts per channel, baby cakes.
Who is the real one with the agenda? by Anonymous Coward · 2013-10-04 12:21 · Score: 0

People often forget that Bruce has a rather large beef with NIST, since they rejected two of his children (aka algorithms) first was two fish and second was skein.
His continuous milking of the publicity must be sweet revenge against the organization that dared snub him not once but twice.
NIST/NSA = lots of free publicity and good exposure for his books!
1. Re: Who is the real one with the agenda? by Anonymous Coward · 2013-10-04 17:20 · Score: 0
  
  Bruce isn't that smart!
So... by mlauzon · 2013-10-04 12:23 · Score: 1

Hacking & cracking are illegal, yet the us government is allowed to do it..?!

--
Michael
http://s1.sfgame.us/index.php?rec=58163
If You Aren't Using The Internet, You Have No Fear by Anonymous Coward · 2013-10-04 14:04 · Score: 0

To all you people whining about your civil rights being violated, it was your choice to use the Internet. If you aren't using the Internet, then you have nothing to worry about.
This is not the spirit of America by Anonymous Coward · 2013-10-04 15:30 · Score: 0

The NSA is a government agency. It has absolutely no business in trying to obtain communications data without a warrant. "Freedom and Democracy" cannot be safeguarded so long as citizens do not have the ability to communicate in complete anonymity. That includes being able to read content posted on any website and to post content on any website.
Any government or government agency which attempts to subvert this Inalienable Right is an enemy of America working against the basic interests of the American Way and the American People. It is as simple as that. There are no ifs, there are no buts. There is no: But 911... this or... but Timothy McVeigh that.
The government will say that it needs to rescind anonymity in order to protect us from various bogey-men. But that is not the American way. That is Saddam's way. That is Stalin's way.. and if I may fall victim to Godwin's law before any idiots jump in and start screaming Godwin (you f*cking braindead zombie morons can't you recognise the curtailment of free expression that you idiots are creating with your stupid need to point out that you have heard of such a thing as "Godwin's Law" every time - as though that makes you somehow intellectually superior?) it is Hitler's way. But it is not the American way.
So wtf did TBB claim "Javascript can be turned on" by Anonymous Coward · 2013-10-04 22:34 · Score: 0

Most of these injection vulnerabilities rely on Javascript as I understand it. Tor Browser Bundle claimed "all known JS vulnerabilities have been closed" and thus encouraged people to leave JS on. Tails followed this policy and ships with JS *on* by default in spite of many outraged complaints on its defunct message board that this was misleading and stupid.
WTF???
IRC helping to identify users by SgtChaireBourne · 2013-10-05 20:49 · Score: 1

Which makes me wonder why IRC is being pushed so much. It helps very much with the scenario you describe. Being centralized and synchronous, it is practical to pull the virtual plug on a targeted user and then see which name drops out of the channel. That was one thing that Usenet had going for it, it was decentralized and asynchronous, making it all but impossible to censor or even track specific users. Remember, not long ago it was part of the package of Internet access advertised by ISPs, it was a key part "getting on the Internet". Suddenly all that stopped. It would not be surprising if there were a little pressure on the ISPs to phase it out, including especially the text groups and not just from the MAFIAA over the dreaded binary groups.

--
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.