Posted on 07/10/2014 6:41:50 AM PDT by ShadowAce
Last week, German journalists revealed that the National Security Agency has a program to collect information about people who use privacy-protecting services, including popular anonymizing software called Tor. But it’s not clear how many users have been affected.
So we did a little sleuthing, and found that the NSA’s targeting list corresponds with the list of directory servers used by Tor between December 2010 and February 2012 – including two servers at the Massachusetts Institute of Technology. Tor users connect to the directory servers when they first launch the Tor service.
That means that if you downloaded Tor during 2011, the NSA may have scooped up your computer’s IP address and flagged you for further monitoring. The Tor Project is a nonprofit that receives significant funding from the U.S. government.
The revelations were among the first evidence of specific spy targets inside the United States. And they have been followed by yet more evidence. The Intercept revealed this week that the government monitored email of five prominent Muslim-Americans, including a former Bush Administration official.
It’s not clear if, or how extensively, the NSA spied on the users of Tor and other privacy services.
After the news, one of Tor’s original developers, Roger Dingledine, reassured users that they most likely remained anonymous while using the service: “Tor is designed to be robust to somebody watching traffic at one point in the network – even a directory authority.” It is more likely that users could have been spied on when they were not using Tor.
For its part, the NSA says it only collects information for valid foreign intelligence purposes and that it “minimizes” information it collects about U.S. residents. In other words, NSA may have discarded any information it obtained about U.S. residents who downloaded Tor.
However, according to a recent report by the Privacy and Civil Liberties Oversight Board, the NSA’s minimization procedures vary by program. Under Prism, for example, the NSA shares unminimized data with the FBI and CIA.
In addition, the NSA can also later search the communications of those it has inadvertently caught in its Prism dragnet, a tactic some have called a ” backdoor” search. It’s not clear if similar backdoors exist for other types of data such as IP addresses.
In response to the Tor news, the NSA said it is following President Obama’s January directive to not conduct surveillance for the purpose of “suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion.”
[Disclosure: Mike Tigas is the developer of an app that uses Tor, called theOnion Browser.]
We updated our chart of NSA revelations to include monitoring of privacy software.
For the geeks, here are the IP addresses of the were listed in the NSA Xkeyscore code and when they were added or removed from the list of Tor directory servers:
193.23.244.244
Added: Fri, 12 Feb 2010 15:31:08 -0400 (14:31 -0500)
194.109.206.212
Added: Sat, 8 Apr 2006 17:03:49 -0400 (21:03 +0000)
86.59.21.38
Added: Sat, 5 Nov 2005 16:20:51 -0400 (20:20 +0000)
213.115.239.118
Added: Thu, 10 Jun 2010 10:56:08 -0400 (16:56 +0200)
Removed: Wed, 29 Feb 2012 14:22:41 -0400 (13:22 -0500)
212.112.245.170
Added: Thu, 16 Dec 2010 08:10:19 -0400 (13:10 +0100)
128.31.0.39
Added Wed, 14 Oct 2009 19:36:08 -0400 (19:36 -0400)
216.224.124.114
Added: Wed, 7 Nov 2007 17:20:45 -0400 (21:20 +0000)
Removed: on Wed, 4 Apr 2012 19:51:04 -0400 (01:51 +0200)
208.83.223.34
Added: Mon, 10 Aug 2009 01:32:51 -0400 (01:32 -0400)
They already have my fingerprints from 33 years ago.
They know where I live, my number aint unlisted.
[ I figure I am so on the list it doesn’t matter at this point. When they start rouonding up people to take to the re-education camps I just need to be elsewhere. :-) ]
Just leave your powered on smartphone at home and bug out elsewhere, they will assume you are still home with your cell phone...
Bingo
How could anyone make it through the puckerbush reading topo maps and a compass without GPS and a dang ol CELL phone that targets you? ☺
Could you put me on your conspiracy theory ping list please?
Maybe the ones on government lists are the ones who don’t have Facebook or Twitter accounts.
“So, what good does it do the kgb to “scoop up your computer’s IP address”?”
Plenty. They can match the IP address up to your computer NIC’s MAC on your ISP’s routers. That way they have a current validation of your IP to your computer. Then when you visit websites and your IP is recorded they have a positive ID on your visit and activity.
TOR is just a distraction. They can most likely de-crypt connections in real time so there’s probably no real anonymity. Additionally, having TOR installed just let’s them know to monitor your data once you connect.
Running TOR in a secure hypervisor VM or having a dedicated computer is better obscurity but they’ll still know it’s your computer, your session and your usage. It just makes it a bit harder to obtain your session data.
Best bet is “John Doe” at your local Internet Gambling café or public library via fake ID. TOR on a boot CD with Everyone permission for execution run via a public computer with fake ID isn’t a bad idea. You could also try this via a boot USB drive. Both CD and USB may be enabled for boot devices for recovery purposes. Some techs are afraid of needing to go into BIOS to change the boot order during a recover operation because they lose the BIOS password. So they leave the CD or USB boot priority to the hard drive.
But if you’re not breaking the law, what do you have to fear comrade?
Only if you follow the rule.
well that and posting on a site like the notorious Free Republic
Then apparently I and many I know are on this list!
i knew it!
Seriously, if you don’t put me on the ping list I’m going to call in the artillery.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.