Delivery-Date: Sat, 05 Jul 2014 00:13:46 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 13B531E0A26
	for <archiver@seul.org>; Sat,  5 Jul 2014 00:13:44 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E18242FD32;
	Sat,  5 Jul 2014 04:13:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 167702FD32
 for <tor-talk@lists.torproject.org>; Sat,  5 Jul 2014 03:59:38 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 73kWklHHbKW7 for <tor-talk@lists.torproject.org>;
 Sat,  5 Jul 2014 03:59:37 +0000 (UTC)
Received: from mail-lb0-x22e.google.com (mail-lb0-x22e.google.com
 [IPv6:2a00:1450:4010:c04::22e])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 9EBCA2FD2A
 for <tor-talk@lists.torproject.org>; Sat,  5 Jul 2014 03:59:37 +0000 (UTC)
Received: by mail-lb0-f174.google.com with SMTP id u10so1550111lbd.19
 for <tor-talk@lists.torproject.org>; Fri, 04 Jul 2014 20:59:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=from:date:to:subject:message-id:references:mime-version
 :content-type:content-disposition:in-reply-to:user-agent;
 bh=rv7elvFOiDTCIVJrjOPVQczufCqaS8nwWaFZLe08Agc=;
 b=CobQVr/kSgBLkePgRg4qx2sYmziKdjXoIhJQPuepaP/RZcdtWsKb3NZ8OU+wglj1qZ
 GKFuPi0ZtsM29c9nC2/5NMTYEcGhPsrfMGnYOzyE2K3jGb+AVUOH06kiWW8SI2Xn0GvG
 3AUdQQeGTpUptvLjez8N3XaLaG/6Ibj6kAKjR92rA7xfCjbc7QhfiHlLCphHE/uM2gqS
 luuN/SfdtRXjPlrYQ7H1amGpsCkL9fH9zO1AqLXX5Y7VWPXL384hMSoP3CCwGai+Qjv6
 46oKbj9g/TRIyk+lN9INmc3Lx9juWfm8ZWjgEsWwLd0inKcoBZ0WYlDf9UnRoTvg0k2S
 R/WA==
X-Received: by 10.152.27.66 with SMTP id r2mr55138lag.53.1404532774335;
 Fri, 04 Jul 2014 20:59:34 -0700 (PDT)
Received: from localhost (tor-exit0-readme.dfri.se. [171.25.193.20])
 by mx.google.com with ESMTPSA id q3sm15773547lae.23.2014.07.04.20.59.33
 for <multiple recipients>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Fri, 04 Jul 2014 20:59:33 -0700 (PDT)
From: Matthew Finkel <matthew.finkel@gmail.com>
X-Google-Original-From: Matthew Finkel <Matthew.Finkel@gmail.com>
Date: Sat, 5 Jul 2014 03:59:28 +0000
To: tor-talk@lists.torproject.org, cypherpunks@cpunks.org,
 Liberation Technologies <liberationtech@lists.stanford.edu>
Message-ID: <20140705035926.GA12960@localhost>
References: <20140704145641.GP26986@leitl.org>
 <20140704213623.GA8586@patternsinthevoid.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20140704213623.GA8586@patternsinthevoid.net>
User-Agent: Mutt/1.5.20 (2009-06-14)
Subject: Re: [tor-talk] messing with XKeyScore
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Fri, Jul 04, 2014 at 09:36:23PM +0000, isis wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Eugen Leitl transcribed 5.8K bytes:
> > 
> > http://blog.erratasec.com/2014/07/jamming-xkeyscore_4.html?m=1 
> > 
> > Errata Security
> > 
> > Advanced persistent cybersecurity
> > 
> > Friday, July 04, 2014
> > 
> > Jamming XKeyScore
> > 
> > Back in the day there was talk about "jamming echelon" by adding keywords to email that the echelon system was supposedly looking for. We can do the same thing for XKeyScore: jam the system with more information than it can handle. (I enumerate the bugs I find in the code as "xks-00xx").
> > 
> > 
> > For example, when sending emails, just send from the address "bridges@torproject.org" and in the email body include:
> > 
> > https://bridges.torproject.org/
> > bridge = 0.0.0.1:443
> > bridge = 0.0.0.2:443
> > bridge = 0.0.0.3:443
> > ...
> > 
> > Continue this for megabytes worth of bridges (xks-0001), and it'll totally mess up XKeyScore. It has no defense against getting flooded with information like this, as far as I can see.
> > 
> 
> 
> Hi. I maintain and develop BridgeDB.
> 
> For what it's worth, the released XKS rules would not have worked against
> BridgeDB for over a year now. I have no knowledge of what regexes are
> currently in use in XKS deployments, nor if the apparent typos are errors in
> the original documents, or rather typos in one of the various levels of
> transcriptions which may have occurred in the editing process. If these typos
> were at some point in the original rules running on XKS systems, then *no*
> bridges would have been harvested due to various faults. None.
> 
> Ergo, as Jacob has pointed out to me, the regexes which are released should be
> assumed to be several years out of date, and also shouldn't be assumed to be
> representative of the entire ruleset of any deployed XKS system.
> 
> I am willing to implement tricks against specific problems with them, mostly
> for the lulz, because fuck the NSA. But it should be assumed that the actual
> regexes have perhaps been updated, and that highly specific tricks are not
> likely to land.
> 
> The ticket for this, by the way, was created by Andrea this afternoon, it's
> #12537: https://trac.torproject.org/projects/tor/ticket/12537

In reality it's a bit silly to try to mess with these rules if they are
n-years old. Based on the pics, simply requesting that all users use
bridges@bridges.torproject.org instead of bridges@torproject.org is the
easiest change that by-passes this specific set of rules. But, I
think it is more realistic that these minor points are moot and the
regexes were fixed long ago and that the ruleset more fully covers
Tor's distributors now.

This problem makes me sad on many levels, and I'm not opposed to
implementing mitigation techniques (within reason) based on the
rulesets, however we shouldn't do anything that will hurt our users nor
should be do anything that makes tor more difficult to use
(unfortunately this includes sending users bogus bridge addresses).

For the use-case of bridges, where a user tries to circumvent local
network interference and implicitly expects they're not fingerprinted
by NSA, we are mostly failing right now.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

