NSA's XKeyscore Source Code Leaked! Shows Tor Users Classified As 'Extremists'

from the peeling-away-the-layers dept

We learnt about the NSA's XKeyscore program a year ago, and about its incredibly wide reach. But now the German TV stations NDR and WDR claim to have excerpts from its source code. We already knew that the NSA and GCHQ have been targeting Tor and its users, but the latest leak reveals some details about which Tor exit nodes were selected for surveillance -- including at least one in Germany, which is likely to increase public anger there. It also shows that Tor users are explicitly regarded as "extremists" (original in German, pointed out to us by @liese_mueller):

The source code contains both technical instructions and comments from the developers that provide an insight into the mind of the NSA. Thus, all users of such programs are equated with "extremists".
Such is the concern about Tor that even visitors to Tor sites -- whether or not they use the program -- have their details recorded:
not only long-term users of this encryption software become targets for the [US] secret service. Anyone who wants to visit the official Tor Web site simply for information is highlighted.
The source code also gives the lie to the oft-repeated claim that only metadata, not content, is gathered:
With the source code can be proven beyond reasonable doubt for the first time that the NSA is reading not only so-called metadata, that is, connection data. If emails are sent using the Tor network, then programming code shows that the contents -- the so-called email-body -- are evaluated and stored.
As well as all this interesting information, what's important here is that it suggests the source of this leak -- presumably Edward Snowden, although the German news report does not name him -- copied not just NSA documents, but source code too. As in the present case, that is likely to provide a level of detail that goes well beyond descriptive texts.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Jack, 3 Jul 2014 @ 8:05am


    Well, if they are just targeting exit nodes and don't have both your entry and exit nodes compromised, as long as you aren't using any personally identifying information (obvious ones like name and address, and non-obvious ones like user-agent, headers, and cookies) you are still fine and anonymous. They can see what you are doing, but not who you are.

    As long as you are careful about how you are using TOR, it is still safe. That is until the NSA has all 3 of your nodes compromised...

    A big caveat for the NSA though - while they may be able to compromise a few nodes here and there or set up a bunch of fake nodes, it is such a big network that it would be very unlikely to have both your entry and exit node at the same time. Plus, you can simply change your route through the TOR network with a single click, which should be done often anyway. 5 or 10 years from now, who knows...

    Always treat TOR like you are being monitored and are already compromised. Switch routes frequently, never use the same user-agent, always rotate through names/accounts, never allow JS and always make sure cookies are cleared out and sessions are closed after every single use.

    Plus, you can always use proxy-chains and go through a VPN before entering TOR - it doesn't slow you down at all since TOR is always slower than a VPN.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories


Email This

This feature is only available to registered users. Register or sign in to use it.