Delivery-Date: Mon, 14 Jul 2014 14:12:11 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id AC3F41E045A
	for <archiver@seul.org>; Mon, 14 Jul 2014 14:12:08 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id B383F2FD3F;
	Mon, 14 Jul 2014 18:12:06 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1F91A2F30D
 for <tor-talk@lists.torproject.org>; Mon, 14 Jul 2014 18:06:32 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id UH5GKxpiLKZG for <tor-talk@lists.torproject.org>;
 Mon, 14 Jul 2014 18:06:32 +0000 (UTC)
Received: from patternsinthevoid.net (greyarea.patternsinthevoid.net
 [106.187.37.158])
 by eugeni.torproject.org (Postfix) with ESMTP id 5BE2E2EC42
 for <tor-talk@lists.torproject.org>; Mon, 14 Jul 2014 18:06:31 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by patternsinthevoid.net (Postfix) with ESMTP id 4E8D53A1414;
 Mon, 14 Jul 2014 18:06:27 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at patternsinthevoid.net
Received: from patternsinthevoid.net ([127.0.0.1])
 by localhost (greyarea.patternsinthevoid.net [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id UfY43wnXJmQf; Mon, 14 Jul 2014 18:06:16 +0000 (UTC)
Date: Mon, 14 Jul 2014 18:06:09 +0000
From: isis <isis@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140714180609.GB5119@patternsinthevoid.net>
References: <d31648d2e60f70c5195e991fd0b07cb7@openmailbox.org>
MIME-Version: 1.0
In-Reply-To: <d31648d2e60f70c5195e991fd0b07cb7@openmailbox.org>
X-GPG-Public-Key-URL: https://blog.patternsinthevoid.net/isis.txt
X-Louis-Lingg: In this hope do I say to you I despise you. I despise your
 order, your laws, your force-propped authority. Hang me for it!
Subject: Re: [tor-talk] Questions about NSA monitoring of Tor users.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============4787234825936973879=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============4787234825936973879==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="xgyAXRrhYN0wYx8y"
Content-Disposition: inline


--xgyAXRrhYN0wYx8y
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

simonsnake@openmailbox.org transcribed 2.2K bytes:
> I have two questions about the recent revelations that the NSA has been
> collecting data about Tor users.
>=20
> I would like to hear from those with personal knowledge and experience su=
ch
> as Jacob, Roger, Mike, etc.
>=20
> AIUI, from the stories in the German media
> (http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html) and Wired
> (http://www.wired.com/2014/07/nsa-targets-users-of-privacy-services/), the
> NSA has logged the IP of everyone who ever accessed:
> a) a directory server.
> b) an entry node.
> c) bridges.torproject.org
> d) requested an email of bridges.
> e) the tor website itself (except from five eyes countries).
>=20
> This is viable as the NSA runs the Quantum network which allows it to
> intercept traffic to whichever sites it desires before that traffic arriv=
es
> at its destination.

Couple points of clarity:

The QUANTUM program, which is actually a family of
attack vectors developed by the TAO division of the NSA, actually
mainly allows for packet injection, i.e. inserting a cloned and/or
modified TCP packets or HTTP request/responses with source spoofing
which beats the original packet to its final destination. [0]

There are several programs which allow for the possibility of traffic
analysis, one of which is XKEYSCORE (XKS). [1] Several of these
programs interface with programs such as those in QUANTUM. Traffic
analysis programs aren't "data collections things"; [2] instead, they
run pre-collected traffic through a complex series of rulesets in
order classify the traffic for further processing by other programs,
or for storage in a database.

An example flow for the way an email to bridges@torproject.org might
be processed would be:

 0. The outgoing email from your Gmail account is captured by PRISM,
     or a related/similar traffic surveillance program.

 1. The captured email is processed by XKEYSCORE.
    1a. The email matches the XKEYSCORE ruleset as being an email to
        bridges@torproject.org (published in the Das Erste article you
        linked to above).
        1a. i. Your outgoing email to bridges@torproject.org, possibly
               along with other associated information, is stored in a
      	       database.
        1a.ii. Other processing can happen at this point, if there are
               additional matching XKEYSCORE rules defined on the
               XKEYSCORE system processing your traffic.
    1b. The email doesn't matches any XKEYSCORE ruleset.
        1b. i. UNKNOWN. We don't know yet what is done with the
               captured traffic at this point.

> Two questions:
>=20
> 1.	What would be the purpose of collecting a vast trove of IP addresses? =
In
> my case, my IP could be tied to my real name since I send emails via SMTP
> which will contain my IP, email address, real name, etc. That said, IP
> addresses are dynamic. I don't know how easy it would be to identify most
> people via an IP. Of course, one way would be to ask the ISP directly. Bu=
t,
> whether tied to a real identity or not, what's the point?  What does it
> achieve? They also gather the IP address for those who access any number =
of
> proxy services such as MegaProxy and FreeProxies.org. Would they not just
> end up with a massive database of (mostly dynamic) IPs?

Dynamism, to the extent that it prevents geolocation, in IPv4 address
assignment is mostly a thing of the past. I'm usually able to
accurately track an IPv4 address down to the city, and I'm sure they
can do much better.

What they achieve is the ability to accuse a person in the future
based on that person's browsing/usage history. Why is this dangerous?
For the US, the Congressional Research Service has stated that they do
not know the precise number of federal crimes in effect in a region at
a given time. Ergo, one could assume that if the number of these laws
is unknown, their contents are likewise unknown. And therefore, not
even a good lawyer knows off the top of her head if her client is
doing something illegal. And then take into account that laws in the
US are interpreted by historical precedence, and it now also matters
when that person is accused of doing something. You have NO IDEA if
anything you are doing is legal or illegal. There is an excellent
lecture by a Regent Law Professor explaining more. [3]

> 2.	What is the attitude that encourages the gathering of this information?
> Is it: because they can? Or do they truly believe that anyone who uses Tor
> is dangerous? Bear in mind that Tor was developed and is still funded by =
the
> US government. No-one can deny that dissidents in unfree countries use it.
> So, even if you assume that a high percentage of users are bad people, wh=
at
> about the dissidents in the Middle East or wherever? What is the psycholo=
gy
> here? I'm sure people like Roger are in regular contact with some governm=
ent
> types. Perhaps he can shed some light on the motivation?

Anyone who has regularly contracted or actively volunteered with Tor
has likely had quite some experience with spooks, not only Roger;
though, Roger is probably a bit nicer when he talks to them than some
others of us.

I've contracted to the Tor Project for four years and volunteered some
before that. I've spoken to senators and representatives on Capitol
Hill, [4] as well as other agencies, regarding my work. The State
Dept. has mentioned work by OONI that I had contributed to during one
of their morning televised briefings. [5]

The behaviours of the various branches and departments of the US
federal goverment is, in my opinion (my views do not necessarily
express those my employer's), like that of a two-year-old with
Multiple Personality Disorder. They only rarely accurately comprehend
the scope and impact of a technology, e.g. I've been asked by
congressional aides if the tools I contribute to "are for other
countries, or for the US?"  They seem to think there are borders on
the internet. Many of its personalities are often in direct conflict
with one another. Some of its personalities are downright sociopathic
and strive mainly for selfish ends via means which harm the
overwhelming majority of people worldwide, both US persons and
otherwise. In my opinion, the NSA, the FBI, and the CIA are prime
examples of the US federal government's sociopathic personalities.

As someone else mentioned in this thread, the official task of the NSA
is to monitor communications: "collects, processes, and disseminates
intelligence information from foreign signals for intelligence and
counterintelligence purposes and to support military operations."  The
NSA is also tasked with "preventing foreign adversaries from gaining
access to sensitive or classified national security information". [6]
Weakening the security of systems, while simultaneously preventing
others from accessing them, would make it appear as if the NSA is
actually in direct conflict with itself.

Additionally, the NSA is in direct conflict with the missions of
several other departments, e.g. the State Dept.'s aims to protect
U.S. citizens living/travelling abroad and assist U.S. companies in
the international marketplace, and likely several other Department's
mission statements.

[0]: https://en.wikipedia.org/wiki/QUANTUM#QUANTUM_attacks
[1]: https://en.wikipedia.org/wiki/XKEYSCORE
[2]: https://youtu.be/ooPzr1vzmGY?t=3D2m41s
[3]: https://youtu.be/d-7o9xYp7eE
[4]: https://blog.patternsinthevoid.net/congress-not-the-chaos-computer-clu=
b-kind.html
[5]: https://youtu.be/C9-LjX8wk60?t=3D59s
[6]: https://www.nsa.gov/about/mission/index.shtml (Oh, the synecdoche!
      nsa.gov has a valid SSL cert, only to downgrade you to plaintext!)

--=20
 =E2=99=A5=E2=92=B6 isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt

--xgyAXRrhYN0wYx8y
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQMgBAEBCgELBQJTxBwRBYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXRGQzYzQUE1Q0QxOTM4NjlDMzIzNzE0NUE1QzE3
Nzc2RTI3RjdFODRESxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
MEE2QTU4QTE0QjU5NDZBQkRFMThFMjA3QTNBREI2N0EyQ0RCOEIzNS4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJEFwXd24n9+hN
1XUP9jvRJNw5QmLI0VsK/IhaHxXU3+3/zdDkcJ2uiSYPve1w8tgwtZlLMxDx1ozr
Nl3MGphHxYDk8mPUPtU5vQUrppsGx8BnWYfpTsdPGM29/3lGStHYXpMb3z0utirP
xkbORA0RVH1ev4AgqeZ6bH/8ZCWCfKzTw9hHoWEF5XSQUCfQm609nNHHCd/MmTQ1
884XpWYm5/CrMaXI1DKCCzDFIBUoePKa5AUbE04FEof2AyptklHjFPXtE1OhLrTD
2jZ4ar2Bxx2PM3fWTSGWtawBGclE29ka3lDMTHkYRPIm5yIVAQ4DOODWBPUlisj9
Z4GiNqAu2lcTgCH8dar7PPZr3QBoI+8PFPg6sGSVnJFItU9plxep07I3A8GgfXw1
rjZL+nEHwCEfTbpoQDAJ7m0JGuq5Drot4493vdCBZwS0JJzZndOxaMR/h98Oxn01
g9AEpGbibO3Am/MQzMJ6MrD3RTS9rc937Jc4BNYeAmp4BLfpLMRAxTj+EHO0lkUZ
dhPISw8duPYCl3jO6bXwW/KdzNjlR+X6TWEKwBbs7X2kiqXIlgBA3O0GMYEcCANw
y8j/0AvCoqjP3sGu1vapnhubbhKz+ZNTKBCff4atRxN5Nq8iNKCPun9c1YKUmjxm
1E5JlhxBXgbXWxM+OTA9kTX1uw/55k2KDszOaDfdbsSggVM=
=GsS6
-----END PGP SIGNATURE-----

--xgyAXRrhYN0wYx8y--

--===============4787234825936973879==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============4787234825936973879==--

