It’s no secret that the National Security Agency (NSA) in the United States is collecting and analysing data from Internet users around the world using tools such as XKeyscore.
However, new information published on Das Erste has revealed that the NSA specifically looks for Internet traffic from users that might be interested in online security or privacy.
Though it may not be surprising, code published as part of the Das Erste report revealed that the NSA is monitoring connections to the Tor network, using its XKeyscore system.
Tor is a system that makes it easier for users to keep their browsing anonymous and private. It has also been included in a number of tutorials as a mechanism to work around geographic restrictions on websites to purchase content or products from companies that can’t or won’t sell to South Africa.
A Tor-related XKeyscore rule that was particularly interesting involved the Tor website itself:
// START_DEFINITION /* The fingerprint identifies sessions visiting the Tor Project website from non-fvey countries. */ fingerprint('anonymizer/tor/torpoject_visit')=http_host('www.torproject.org') and not(xff_cc('US' OR 'GB' OR 'CA' OR 'AU' OR 'NZ')); // END_DEFINITION
According to the report, this means that the NSA is watching for anyone who visits the Tor Project website outside the so-called “Five Eyes” (FVEY) countries.
For South Africans, this suggests that the US spy agency has made a note of anyone who has visited the Tor website, and will take note of anyone who simply clicks this link.
Other Internet traffic that may have landed the curious techie in the NSA’s sights includes searching for information relating to“Tails”, going to the Tails website, or visiting the Linux Journal website.
Tails is an acronym for “The Amnesic Incognito Live System”, a Linux-based live operating system that aims to preserve users’ privacy and anonymity.
The operating system can be booted on almost any computer from a DVD, USB stick, or SD card.
It also forces all connections to the Internet to go through the Tor network, so using Tails is an XKeyscore double-whammy, it seems.
The XKeyscore rules for Tails-related traffic is shown below:
// START_DEFINITION /* These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */ $TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and word('linux' or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor '); $TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*'); // END_DEFINITION // START_DEFINITION /* This fingerprint identifies users searching for the TAILs (The Amnesic Incognito Live System) software program, viewing documents relating to TAILs, or viewing websites that detail TAILs. */ fingerprint('ct_mo/TAILS')=fingerprint('documents/comsec/tails_doc') or web_search($TAILS_terms) or url($TAILS_websites) or html_title($TAILS_websites); // END_DEFINITION