[tor-talk] Questions about NSA monitoring of Tor users.

isis isis at torproject.org
Mon Jul 14 18:06:09 UTC 2014

simonsnake at openmailbox.org transcribed 2.2K bytes:
> I have two questions about the recent revelations that the NSA has been
> collecting data about Tor users.
> I would like to hear from those with personal knowledge and experience such
> as Jacob, Roger, Mike, etc.
> AIUI, from the stories in the German media
> (http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html) and Wired
> (http://www.wired.com/2014/07/nsa-targets-users-of-privacy-services/), the
> NSA has logged the IP of everyone who ever accessed:
> a) a directory server.
> b) an entry node.
> c) bridges.torproject.org
> d) requested an email of bridges.
> e) the tor website itself (except from five eyes countries).
> This is viable as the NSA runs the Quantum network which allows it to
> intercept traffic to whichever sites it desires before that traffic arrives
> at its destination.

Couple points of clarity:

The QUANTUM program, which is actually a family of
attack vectors developed by the TAO division of the NSA, actually
mainly allows for packet injection, i.e. inserting a cloned and/or
modified TCP packets or HTTP request/responses with source spoofing
which beats the original packet to its final destination. [0]

There are several programs which allow for the possibility of traffic
analysis, one of which is XKEYSCORE (XKS). [1] Several of these
programs interface with programs such as those in QUANTUM. Traffic
analysis programs aren't "data collections things"; [2] instead, they
run pre-collected traffic through a complex series of rulesets in
order classify the traffic for further processing by other programs,
or for storage in a database.

An example flow for the way an email to bridges at torproject.org might
be processed would be:

 0. The outgoing email from your Gmail account is captured by PRISM,
     or a related/similar traffic surveillance program.

 1. The captured email is processed by XKEYSCORE.
    1a. The email matches the XKEYSCORE ruleset as being an email to
        bridges at torproject.org (published in the Das Erste article you
        linked to above).
        1a. i. Your outgoing email to bridges at torproject.org, possibly
               along with other associated information, is stored in a
        1a.ii. Other processing can happen at this point, if there are
               additional matching XKEYSCORE rules defined on the
               XKEYSCORE system processing your traffic.
    1b. The email doesn't matches any XKEYSCORE ruleset.
        1b. i. UNKNOWN. We don't know yet what is done with the
               captured traffic at this point.

> Two questions:
> 1.	What would be the purpose of collecting a vast trove of IP addresses? In
> my case, my IP could be tied to my real name since I send emails via SMTP
> which will contain my IP, email address, real name, etc. That said, IP
> addresses are dynamic. I don't know how easy it would be to identify most
> people via an IP. Of course, one way would be to ask the ISP directly. But,
> whether tied to a real identity or not, what's the point?  What does it
> achieve? They also gather the IP address for those who access any number of
> proxy services such as MegaProxy and FreeProxies.org. Would they not just
> end up with a massive database of (mostly dynamic) IPs?

Dynamism, to the extent that it prevents geolocation, in IPv4 address
assignment is mostly a thing of the past. I'm usually able to
accurately track an IPv4 address down to the city, and I'm sure they
can do much better.

What they achieve is the ability to accuse a person in the future
based on that person's browsing/usage history. Why is this dangerous?
For the US, the Congressional Research Service has stated that they do
not know the precise number of federal crimes in effect in a region at
a given time. Ergo, one could assume that if the number of these laws
is unknown, their contents are likewise unknown. And therefore, not
even a good lawyer knows off the top of her head if her client is
doing something illegal. And then take into account that laws in the
US are interpreted by historical precedence, and it now also matters
when that person is accused of doing something. You have NO IDEA if
anything you are doing is legal or illegal. There is an excellent
lecture by a Regent Law Professor explaining more. [3]

> 2.	What is the attitude that encourages the gathering of this information?
> Is it: because they can? Or do they truly believe that anyone who uses Tor
> is dangerous? Bear in mind that Tor was developed and is still funded by the
> US government. No-one can deny that dissidents in unfree countries use it.
> So, even if you assume that a high percentage of users are bad people, what
> about the dissidents in the Middle East or wherever? What is the psychology
> here? I'm sure people like Roger are in regular contact with some government
> types. Perhaps he can shed some light on the motivation?

Anyone who has regularly contracted or actively volunteered with Tor
has likely had quite some experience with spooks, not only Roger;
though, Roger is probably a bit nicer when he talks to them than some
others of us.

I've contracted to the Tor Project for four years and volunteered some
before that. I've spoken to senators and representatives on Capitol
Hill, [4] as well as other agencies, regarding my work. The State
Dept. has mentioned work by OONI that I had contributed to during one
of their morning televised briefings. [5]

The behaviours of the various branches and departments of the US
federal goverment is, in my opinion (my views do not necessarily
express those my employer's), like that of a two-year-old with
Multiple Personality Disorder. They only rarely accurately comprehend
the scope and impact of a technology, e.g. I've been asked by
congressional aides if the tools I contribute to "are for other
countries, or for the US?"  They seem to think there are borders on
the internet. Many of its personalities are often in direct conflict
with one another. Some of its personalities are downright sociopathic
and strive mainly for selfish ends via means which harm the
overwhelming majority of people worldwide, both US persons and
otherwise. In my opinion, the NSA, the FBI, and the CIA are prime
examples of the US federal government's sociopathic personalities.

As someone else mentioned in this thread, the official task of the NSA
is to monitor communications: "collects, processes, and disseminates
intelligence information from foreign signals for intelligence and
counterintelligence purposes and to support military operations."  The
NSA is also tasked with "preventing foreign adversaries from gaining
access to sensitive or classified national security information". [6]
Weakening the security of systems, while simultaneously preventing
others from accessing them, would make it appear as if the NSA is
actually in direct conflict with itself.

Additionally, the NSA is in direct conflict with the missions of
several other departments, e.g. the State Dept.'s aims to protect
U.S. citizens living/travelling abroad and assist U.S. companies in
the international marketplace, and likely several other Department's
mission statements.

[0]: https://en.wikipedia.org/wiki/QUANTUM#QUANTUM_attacks
[1]: https://en.wikipedia.org/wiki/XKEYSCORE
[2]: https://youtu.be/ooPzr1vzmGY?t=2m41s
[3]: https://youtu.be/d-7o9xYp7eE
[4]: https://blog.patternsinthevoid.net/congress-not-the-chaos-computer-club-kind.html
[5]: https://youtu.be/C9-LjX8wk60?t=59s
[6]: https://www.nsa.gov/about/mission/index.shtml (Oh, the synecdoche!
      nsa.gov has a valid SSL cert, only to downgrade you to plaintext!)

 ♥Ⓐ isis agora lovecruft
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1154 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140714/2b090ff2/attachment.sig>

More information about the tor-talk mailing list