Delivery-Date: Fri, 04 Jul 2014 02:43:18 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 493C41E0462
	for <archiver@seul.org>; Fri,  4 Jul 2014 02:43:16 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 36DFF2F5D6;
	Fri,  4 Jul 2014 06:43:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id AC0C22B562
 for <tor-talk@lists.torproject.org>; Fri,  4 Jul 2014 06:36:25 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id je_tEMtZvPbp for <tor-talk@lists.torproject.org>;
 Fri,  4 Jul 2014 06:36:25 +0000 (UTC)
Received: from mail-ve0-x232.google.com (mail-ve0-x232.google.com
 [IPv6:2607:f8b0:400c:c01::232])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 857C72AC5F
 for <tor-talk@lists.torproject.org>; Fri,  4 Jul 2014 06:36:25 +0000 (UTC)
Received: by mail-ve0-f178.google.com with SMTP id oy12so1250013veb.37
 for <tor-talk@lists.torproject.org>; Thu, 03 Jul 2014 23:36:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=fvicuc2fAIrTHGN9Cj89jtCJJqj+dAu9kqRuYEJA4z0=;
 b=NXPTaTx1ms9f6yfX1QwVFLLW4mocoAzX75JiFVV/h0cd3guVmwkV1xDlKc6B86QRQl
 nzr+78NotNWk23EjipMP4pXAVY37Q/Trfj/Fo4XGK7yPEGgJCZ++fvdeytxaqlpX5IoW
 ju4rGDs28RExtrsA9GtrgkhltXb7sYDgKqwlcQ7mX2Ha1N7d89poo4fBBXGC9dwOILKm
 oLoD1s96GARUFXqSOZbqNHIh7EDJQ6GuN6QBGXYeHNWrK0UnYSxEOsIwpg9463DVlz0b
 QBMFtO4i7uSBc+Jr97F4lUEIyO8/t98MMyHrYVhVkBCvY6xGWEiufahkfFRC7ep2jVgL
 XLjg==
MIME-Version: 1.0
X-Received: by 10.58.76.225 with SMTP id n1mr265320vew.32.1404455782477; Thu,
 03 Jul 2014 23:36:22 -0700 (PDT)
Received: by 10.221.65.198 with HTTP; Thu, 3 Jul 2014 23:36:22 -0700 (PDT)
In-Reply-To: <CAJVRA1Q_9A-0B-8HX7GDa0V8Q0YJUL6VAaXmgv0+1h0h3vU2FQ@mail.gmail.com>
References: <20140703094214.GF26986@leitl.org>
 <CAFggDF35Qpv12Ez8GZ3USRjB0NhwOrPgOKOZmrw18C1=tCHvfQ@mail.gmail.com>
 <53b5973c.67688c0a.376d.1d8eSMTPIN_ADDED_BROKEN@mx.google.com>
 <CAJVRA1Q_9A-0B-8HX7GDa0V8Q0YJUL6VAaXmgv0+1h0h3vU2FQ@mail.gmail.com>
Date: Fri, 4 Jul 2014 02:36:22 -0400
Message-ID: <CAD2Ti29NK3X6uq3hNsT8xa-yawKvehjOG9GsiNkJ_HJomK0+gA@mail.gmail.com>
From: grarpamp <grarpamp@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] according to leaked XKeyScore source NSA marks all
 Tor users as extremists, puts them on a surveillance list
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Thu, Jul 3, 2014 at 4:12 PM, coderman <coderman@gmail.com> wrote:
> On Thu, Jul 3, 2014 at 10:47 AM, Seth David Schoen <schoen@eff.org> wrote:
>> http://daserste.ndr.de/panorama/xkeyscorerules100.txt
>> Does anyone have theories about this part right at the bottom? ..
>>    /**
>>     * Placeholder fingerprint for Tor hidden service addresses.
>>     * Real fingerpritns will be fired by the plugins
>>     *   'anonymizer/tor/plugin/onion/*'...
>>    fingerprint('anonymizer/tor/hiddenservice/address') = nil;
>
> this says to me "we used to directly implement linking processes at
> print "... hiddenservice/address" but now we have improved our
> infrastructure of XKS workflow to abstract plugin interfaces of which
> this functionality is now implemented as "... plugin/onion".

There is more meta about the program to be inferred...
1) Note the formal directory structure /anonymizer/{tor,mixminion}.
Not far to presume /I2P, /RetroShare, /FreeNet, /etc is in operation as well.
2) rules100... this thing likely has more N00 rulesets as well.

> directories and authorities being of interest is interesting ;)

Every institution has some easy and some very hard to
change configurations. So rekey and change the IP's of the
dirauths and hope you get lucky and cause them to scrap
some expensive ASIC's or lookup tables and such ;)

You could also abuse their case sensitivity, lack of port names,
shift around the delimiting and presentation for a while too.
Maybe inject nsa.gov's ip in various places for extra fun.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

