Silk Road forums
Discussion => Security => Topic started by: astor on July 07, 2013, 01:20 pm
-
There's an interesting thread on the tor-talk mailing list, which I thought I'd repost here.
user:
Dear reader,
I'm a Tor user.
My interest in anonymity awoke in response to the European
parliament passing the data retention directive in 2005. I did (and
still do) not want my ISP to be able to spy on everything I do.
I maintain a German web site explaining how Internet communication
works, warning against data retention, and advertising anonymity via
Tor [1]. I thought that there is not much to lose when using Tor
(except for speed).
Now, I'm about to include a big warning concerning Tor. Maybe I'm
driven by fear, uncertainty, and doubt. But I doubt that. I'd like
to see this e-mail as a consensus check ;)
I'm only talking about Tor users like me, living in a stable
democracy. In my idealistic (or naive?) view, it's nobody's
business to collect data about me as long as I'm not a suspect of
crime. If they do anyways, they violate my (perceived) rights,
privacy, and dignity. I'm using Tor as tool to fight that
violation. (My reasoning does not apply to people under oppressive
regimes who use Tor as protection from their own government when
they coordinate and communicate and whose physical freedom and
well-being are at risk.)
Of course, since Tor's beginning the threat model has been excluding
global passive adversaries (which are able to observe both ends of
the torified communication) but I didn't consider that a real issue.
However, now I do.
Today, the GCHQ (GB) is running Tempora to spy on all transatlantic
data, including three days of full storage for deeper analysis. The
NSA (US) is doing all kinds of spying with PRISM, including rumors
of tapping directly into the German Internet eXchange DE-CIX [2].
The DGSE (French foreign intelligence agency) is spying massively on
the French (so much for *foreign* intelligence). The BND (German
foreign intelligence) is allowed to monitor up to 20% of
border-crossing Internet traffic; supposedly, they are looking at 5%
right now and investing heavily to increase that number [3].
In 2007 Murdoch and Zieliński [4] developed traffic analysis
techniques based on sampled data for parties monitoring Internet
eXchanges (IXes). Apparently, the parties mentioned above have
capabilities that go far beyond the paper's sampling technique.
Thus, I'm assuming that global adversaries are spying on me.
As I said, initially I worried about my ISP under data retention and
considered Tor to be an excellent protection. Of course, that's
only part of the story as I'd like to restrict who is able to spy on
me as much as possible, whether my ISP, the ordinary criminal, or
our governments's spies. Frankly, I only started to think about the
last point after seeing the video "Enemies of the State" of last
year's Chaos Communication Congress [5]. There, former NSA
officials complained that the NSA is beating US citizens'
constitutional rights into the dust. However, the existence of
rights for Non-Americans was not acknowledged, and I wondered how my
expectations should look like given that I'm not protected by the US
constitution.
Now, Tor re-routes traffic on a world-wide basis. I believe that
without special precautions (I'm going to write a separate e-mail on
that), my communication with the entry node as well as the exit's
with the real communication partner will flow through big pipes and
IXes, which are worth the investment of spying facilities; of
course, terrorism needs to be fought...
Thus, Tor does not anonymize; instead, it turns all my network
traffic over to adversaries. Hopefully, Tor makes the adversaries'
lives harder, and they need more compute power to spy on me. Maybe
they find torified traffic more interesting and handle it with
higher priority. In any case, I assume that torified traffic gets
analyzed.
In contrast, without Tor I'm *not* certain that all my traffic gets
analyzed. Part of my traffic does not need to flow through big
pipes and IXes but stays in local, untapped regions of the Internet.
Thus, my warning could read as follows:
1. If you are using Tor, you should assume that all your network
traffic gets stored, analyzed, and de-anonymized by intelligence
agencies.
2. If you do not use Tor, you should be aware that your ISP could
spy on all of your network traffic, while part of it (that part
passing tapped IXes) gets stored and analyzed by intelligence
agencies.
Of course, there still is more fun in using Tor.
What's your take on the current situation? Should the Tor FAQ
include a similar warning?
=========
arma:
1. If you are using Tor, you should assume that all your network
traffic gets stored, analyzed, and de-anonymized by intelligence
agencies.
I don't want to tell you to stop worrying, but depending on how much
you think these intelligence agencies collaborate, I think the "and
de-anonymized" phrase might be overstated. For example, I would not be
surprised if French intelligence doesn't has enough of a reach on the
Internet to be able to break Tor easily -- simply because they haven't
made enough deals with enough backbone providers relative to the locations
of big Tor relays. Maybe they trade data with England and the US, but
then again maybe they don't (or don't trade all of it).
One of the unfortunate properties of the Internet is how it's much less
decentralized than we'd like (and than we used to think). But there are
still quite a few different places that you need to tap in order to have
a good chance of beating a Tor circuit. For background, you might like:
http://freehaven.net/anonbib/#feamster:wpes2004
http://freehaven.net/anonbib/#DBLP:conf:ccs:EdmanS09
and there's a third paper in this chain of research which I'm hoping
the authors will make public soon -- stay tuned.
2. If you do not use Tor, you should be aware that your ISP could
spy on all of your network traffic, while part of it (that part
passing tapped IXes) gets stored and analyzed by intelligence
agencies.
I think you're underestimating the problem here. You say "Part of my
traffic does not need to flow through big pipes and IXes but stays in
local, untapped regions of the Internet." I think for the typical web
user, basically _every single page they visit_ pulls in a component that
goes through these 'big pipes' you refer to.
In short, I think web users are in bad shape using Tor if their adversary
is "every intelligence agency combined", but they're in way way worse
shape when not using Tor.
While I'm at it -- you don't think Deutsche Telekom has a deal with
BND where they hand over all the internal German Internet traffic they
see? I hope the era where people say "My government is doing everything
that has been reported in the news so far, but surely they're not doing
anything else" is finally over, but I guess it will be a while yet.
=========
mp:
It's also important to understand the limitations of these attacks. If
the data they record is low resolution (such as Murdoch's IX sampled
results), the accuracy will be poor.
Murdoch didn't achieve any success at all until several megabytes were
transmitted in a single connection, and even after that, the accuracy
was heavily impacted by the prevalence of similar traffic elsewhere in
the network (due to a phenomenon called the 'base rate fallacy').
As more people use Tor, the better this property gets. In fact, a
Raccoon (when you run an anonymity network, you get all sorts of
interesting characters) proved that the accuracy of dragnet correlation
attacks falls proportional to 1/U^2, where U is the number of concurrent
active users. This creature also pointed out the same property is
visible in Murdoch's own graphs:
http://archives.seul.org/or/dev/Sep-2008/msg00016.html
https://lists.torproject.org/pipermail/tor-talk/2012-March/023592.html
I think this property suggests that with better usability and some
lightweight defenses, Tor can actually do quite well, especially for
relatively small, short transmissions like website loads.
I am worried about the level and duration of timing resolution that
datacenters as large as the NSA one in Utah could provide (assuming that
all that storage is for traffic, and not for stuff like mapping ECC
curves onto Z_p). Even so, I still think protocol-level active attacks
(such as RPW's hidden service Guard discovery attack, and the Raccoon's
bitstomping/tagging attack) are far more likely to be how intelligence
agencies and others will attack Tor:
http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf
https://lists.torproject.org/pipermail/tor-dev/2012-March/003347.html
-
You're right, it is interesting.
Isn't the guy basically saying that clearnet is bad and TOR is a little better. I think he is being naive assuming his net activity may be safer on the clearnet due to volume of users vs percentage of info grabbed by "the bad guys".
Now I am in no way clued up about computers (I'm learning) however TOR and TAILS and PGP and VPN have to be more anonymous than hoping your shit will slide through the clearnet. Don't they?
-
I think Arma is largely wrong about how much damage single intelligence agencies can do against Tor. Sure maybe the french signals intelligence cannot do significant damage against Tor, but the NSA sure as hell can. The GCHQ sure as hell can. Even Sweden sure as hell can. Sweden signals intelligence monitors 100% of communications entering and exiting Sweden. If your Tor circuit has an entry node in Sweden a middle node outside of Sweden and an exit node in Sweden and a destination outside of Sweden, the Swedish signals intelligence agency can certainly link you to your destination. If your Tor circuit has an entry node in the UK and a middle node outside of the Uk and an exit node in the UK and a destination outside of the UK, the GCHQ can certainly link you to your destination. Most worrying is the NSA, if you have an entry node in the USA and an exit node in the USA and a destination outside of the USA, the NSA can certainly link you to your destination. The signals intelligence agencies definitely seem most focused on international traffic, but it is safe to assume that even nation internal traffic is monitored to a large extent. Certainly there are many circuit constructions that are essentially known to be insecure against specific intelligence agencies without them having any need to cooperate with foreign governments. Taking into account the way that traffic is routed through the internet, the situation is even more dire. If somebody in Germany uses an entry node in the USA and an exit node in Canada that sends traffic through the USA on the way to a destination in Singapore, the NSA is going to be able to link that user to their destination without any cooperation from foreign governments.
It is deceptive to say that Tor withstands all but global external adversaries. In reality it is more accurate to say that Tor completely fails in the face of a global external adversary. Anybody who can watch entry and exit traffic of a specific circuit can defeat Tor in that instance. Simply looking at open circuits is enough to demonstrate that traffic sometimes takes a path that makes it vulnerable to single intelligence agencies. If the intelligence agency is the signals intelligence agency of Russia or China or Japan then you can see that very rarely will they be able to compromise a Tor circuit from an external position, without cooperation of foreign intelligence agencies. But if the attacker is the USA, or Germany or Sweden or the UK, then you can see that they can compromise a large percentage of Tor circuits, especially the NSA can.
Tor is not secure against major signals intelligence agencies in areas that route large amounts of the worlds internet traffic, or in areas where there are a large number of Tor nodes. Thinking otherwise is simply wishful thinking.
-
Also Mike Perry is right the resolution of the intercept is important in determining how much damage can be done, but given the capabilities of Narusinsight supercomputers I think it is not a good idea to assume that intelligence agencies are merely sampling Tor traffic. In 2005 A single Narusinsight box could continuously analyze 10 gigabits per second of traffic in real time. The NSA has several of these things hooked up to split fiber optic cables at many major internet exchange points in the USA. They can target traffic based on all kinds of characteristics, and it would be trivial for the NSA to decide to start gathering all traffic to and from Tor nodes.
Also I will need to read through those papers, but I am currently under the impression that observation of a single 512 byte packet at entry and exit is enough to carry out a timing correlation attack. Resolution is still important, if the NSA only intercepts one out of a thousand Tor packets then a lot of traffic they could have otherwise deanonymized will get by. But as far as a single users traffic goes, if they can observe a packet at entry and exit I am under the impression that the user is very likely fucked. I don't believe that it takes megabytes of traffic to carry out a timing attack. I will need to read those .pdfs that MP linked to (again probably) when I have some more time.
-
If your Tor circuit has an entry node in Sweden a middle node outside of Sweden and an exit node in Sweden and a destination outside of Sweden, the Swedish signals intelligence agency can certainly link you to your destination.
Certainly there are many circuit constructions that are essentially known to be insecure against specific intelligence agencies without them having any need to cooperate with foreign governments.
This is bad because a majority of clearnet sites are hosted in the United States. So if you select an entry guard in Sweden, which you keep for a month, the chances are extremely high that you will use an exit node in Sweden several times before rotating that entry guard, and most if not all of those times, the middle node will be outside of Sweden. There's been a lot of talk about circuit path selection based on ASes. Considering the recent revelations of state intelligence agency surveillance, perhaps path selection should be based on border crossings as well.
It is deceptive to say that Tor withstands all but global external adversaries. In reality it is more accurate to say that Tor completely fails in the face of a global external adversary. Anybody who can watch entry and exit traffic of a specific circuit can defeat Tor in that instance. Simply looking at open circuits is enough to demonstrate that traffic sometimes takes a path that makes it vulnerable to single intelligence agencies. If the intelligence agency is the signals intelligence agency of Russia or China or Japan then you can see that very rarely will they be able to compromise a Tor circuit from an external position, without cooperation of foreign intelligence agencies. But if the attacker is the USA, or Germany or Sweden or the UK, then you can see that they can compromise a large percentage of Tor circuits, especially the NSA can.
This doesn't factor in the reality of the vast amounts of data that they have to deal with. There are probably terabytes per second crossing the borders of the United States. The Tor network is currently pushing 2.5 GB/s so about 1 GB/s of that is crossing the US border, second after second, day after day. Tens of thousands of simultaneous circuits. I suspect it's incredibly difficult to pull anything useful out of that.
Our biggest protection is that we are needles in a haystack.
-
You're right, it is interesting.
Isn't the guy basically saying that clearnet is bad and TOR is a little better. I think he is being naive assuming his net activity may be safer on the clearnet due to volume of users vs percentage of info grabbed by "the bad guys".
The first poster's argument is basically that bouncing your Tor circuits around the world exposes you to more intelligence agencies than direct clearnet links would, especially when some network resources are geographically close, so Tor is less safe than clearnet. The second poster argues that the vast majority of clearnet sites pull ad, tracking and analytics stuff from all over the internet, exposing you to many intelligence agencies as well.
-
This is bad because a majority of clearnet sites are hosted in the United States. So if you select an entry guard in Sweden, which you keep for a month, the chances are extremely high that you will use an exit node in Sweden several times before rotating that entry guard, and most if not all of those times, the middle node will be outside of Sweden. There's been a lot of talk about circuit path selection based on ASes. Considering the recent revelations of state intelligence agency surveillance, perhaps path selection should be based on border crossings as well.
LASTor is one good paper on AS awareness. I think the authors actually have implemented and released an AS aware Tor client. Yes it is very bad for US citizens, because if your entry node is outside of the US then all of that traffic is definitely vulnerable to NSA interception, and then if your exit node is also not in the US but your destination site is, all of that traffic coming back into the US is vulnerable to NSA interception as well and then you are vulnerable to a timing attack. Being in the USA with an entry guard outside of the USA and an exit node outside of the USA, in addition to having a destination site inside of the USA, definitely makes you vulnerable to the NSA. They are monitoring international traffic more than anything else I imagine, until recently they were only thought to be legally allowed to monitor international traffic.
This doesn't factor in the reality of the vast amounts of data that they have to deal with. There are probably terabytes per second crossing the borders of the United States. The Tor network is currently pushing 2.5 GB/s so about 1 GB/s of that is crossing the US border, second after second, day after day. Tens of thousands of simultaneous circuits. I suspect it's incredibly difficult to pull anything useful out of that.
This doesn't factor in the reality that Narusinsight boxes can be made to only target traffic from specific IP addresses, and that the list of Tor relay IP addresses is public. If they want to attack Tor they don't give a shit about the terabytes of data per second crossing the border, they just hone in on *Tor* traffic crossing the border. A single Narusinsight box can monitor 1GB/s of targeted traffic, and there are dozens of these things installed at major internet exchange points across the USA, and they are capable of analyzing the monitored traffic in real time. The conclusion that the NSA can do major damage against Tor seems quite obvious to me. Tens of thousands of simultaneous circuits don't matter because they are all involved only a few thousand IP addresses, and those IP addresses can be targeted, and it is obvious that a single Narusinsight box is capable of monitoring 100% of US Tor traffic that passes through it.
Our biggest protection is that we are needles in a haystack.
Doesn't really apply when we are talking about attackers of this level. They can analyze half of the haystack in real time and quickly detect the metal they are looking for.
-
You're right, it is interesting.
Isn't the guy basically saying that clearnet is bad and TOR is a little better. I think he is being naive assuming his net activity may be safer on the clearnet due to volume of users vs percentage of info grabbed by "the bad guys".
The first poster's argument is basically that bouncing your Tor circuits around the world exposes you to more intelligence agencies than direct clearnet links would, especially when some network resources are geographically close, so Tor is less safe than clearnet. The second poster argues that the vast majority of clearnet sites pull ad, tracking and analytics stuff from all over the internet, exposing you to many intelligence agencies as well.
And the first poster is clearly very wrong about this. Tor hopes that the multiple intelligence agencies you expose your traffic to do not cooperate in sharing intelligence with each other. Against weaker agencies this is effective. Not using Tor at all is obviously far less anonymous than using Tor. But when it comes to powerful and well positioned intelligence agencies, chances are you are bouncing your traffic around in such a way that they can still unravel what is happening.
-
This doesn't factor in the reality that Narusinsight boxes can be made to only target traffic from specific IP addresses, and that the list of Tor relay IP addresses is public. If they want to attack Tor they don't give a shit about the terabytes of data per second crossing the border, they just hone in on *Tor* traffic crossing the border. A single Narusinsight box can monitor 1GB/s of targeted traffic, and there are dozens of these things installed at major internet exchange points across the USA, and they are capable of analyzing the monitored traffic in real time. The conclusion that the NSA can do major damage against Tor seems quite obvious to me. Tens of thousands of simultaneous circuits don't matter because they are all involved only a few thousand IP addresses, and those IP addresses can be targeted, and it is obvious that a single Narusinsight box is capable of monitoring 100% of US Tor traffic that passes through it.
Time to switch to some permanent US bridges. :)
-
Whether or not NSA or any other agency says they don't eavesdrop local traffic I don't think they can be trusted.
Just brainstorming here, I don't think this is any big insight but I can delete it if needed ... For hidden services, what is the communication protocol between the relay and the server hosting the hidden service? I'm guessing it is just using TCP/IP? If so, it seems like if you controlled a tor entry node and enough tor relays to make a circuit (and the circuit could be comprised all of machines you control), then you could discover the public IP of a hidden service by making a request to your tor entry node and monitoring the traffic on your relays to see what public IP it reaches for?
-
hehe yeah. This is why I kind of laugh when people are so paranoid that they want to exclude all US nodes, especially when they are US citizens. By excluding all US nodes they are essentially ensuring that the NSA can monitor the end points of their circuits to US destinations.
Imagine it like this.
US Citizen -> Entry in Australia -> Middle in Canada -> Exit in Germany -> Destination in US
Between US and Australia there is international traffic, between Australia and Canada the traffic is likely traveling internationally through the US, between Canada and Germany the traffic is likely traveling internationally through the US and between Germany and the destination in the US the traffic is definitely traveling internationally through the US.
Now Australian signals intelligence can pick up the traffic from US to Australia, Canadian signals intelligence can pick up the traffic from Australia and to Germany, and the German signals intelligence can pick up the traffic from Canada and to the destination in the US. Arma has a good point, unless Australia, Canada and Germany are sharing intelligence (or have the US sharing intelligence with them), they are not likely able to view the entire circuit, and additionally unless Germany and Australia are sharing intelligence (or getting intelligence from the US) they are not likely able to perform an end point timing attack by themselves. But the NSA doesn't need anybody to share intelligence with them to follow that entire path from start to finish, they only need to monitor all Tor traffic crossing the US borders.
Of course it appears that the NSA is probably also monitoring Tor traffic between US nodes, which most people thought they were doing as well, but it appears that they are actually doing it legally now whereas before people assumed they were doing it illegally. The moral of the story is that the NSA is the most powerful signals intelligence agency in the world, and they are beyond a doubt the best positioned signals intelligence agency in the world. Using a low latency network to try to hide from the NSA is not a good idea.
-
Of course it appears that the NSA is probably also monitoring Tor traffic between US nodes, which most people thought they were doing as well, but it appears that they are actually doing it legally now whereas before people assumed they were doing it illegally. The moral of the story is that the NSA is the most powerful signals intelligence agency in the world, and they are beyond a doubt the best positioned signals intelligence agency in the world. Using a low latency network to try to hide from the NSA is not a good idea.
Yeah, I was just thinking about this. The internet isn't really a web, like a spider web, it's more hierarchical, like a tree, where the major backbone infrastructure is the trunk and large branches, so to get from any leaf (node) to another, all paths go through the major branches. If you live in a small town that is an hour away from a major city that has an IX, all of your traffic goes through that IX, and thus all of your connections to US Tor entry points can be watched. If the destination is one of the major service providers near San Francisco, where there is also conveniently an IX (or maybe a few?), all proxies including Tor could be useless.
-
The Good News is that the NSA doesn't give a shit about us. If they did then we wouldn't be here. I know I am supposed to be uber paranoid about the NSA and ultra pissed off that they are illegally spying on me, but I am quite convinced that they are seriously only interested in stopping terrorist attacks and espionage. If they really wanted to act as a criminal intelligence agency and go after sites like SR, we wouldn't have a site like SR running for two years embarrassing the US police. I see that there are clear separations between the different levels of federal agency, and they are actually not particularly cliquish with each other between the different levels. I expect the NSA to lead to my arrest about as much as I expect an FBI agent to give me a traffic ticket. Perhaps this is just wishful thinking on my part, but I honestly doubt it.
-
How can you say that when 80% of "sneak and peek" searches (authorized by PATRIOT ACT) are against drug dealers?
-
As he pointed out, because the government is not a lean, efficient monolithic entity, it's a vast bureaucracy. The Department of Homeland Security was created after the 9/11 attacks specifically to bring these agencies into closer cooperation, but they still do a piss poor job of data sharing.
If you get a sneak and peak, it will be by the FBI, not the NSA.
-
How can you say that when 80% of "sneak and peek" searches (authorized by PATRIOT ACT) are against drug dealers?
Because the NSA has absolutely nothing to do with sneak and peak. They don't even have field agents as far as I am aware. They strictly consist of mathematicians and computer scientists and their missions are to collect and analyze traffic patterns, break encryption of adversaries, design encryption for the government that cannot be broken, protect the American cyber infrastructure from attack and attack the cyber infrastructure of targets for intelligence and possibly warfare purposes.
Intelligence Agencies: NSA, CIA
Federal Police Agencies: ICE, FBI, DEA, IRS
State Police Agencies: New York State Police, California Highway Patrol
Local Police Agencies: LAPD, NYPD
These agencies have different sorts of targets and different levels of skill and different legal permissions. Local police agencies mostly deal with things like drunk drivers, domestic abuse, shoplifting, petty drug crimes, small time CP offenders etc. They are also a first layer of response to things like 911 calls, so if somebody shoots someone or something they will be the ones to respond to a 911 call and make an arrest or initial search for the perpetrator. State police deal with mostly the same things but they have wider jurisdiction and might handle more complex investigations (though apparently the extent of what the state police do varies significantly from state to state). State and local police are more responsive than proactive. Federal police agencies have jurisdiction over the entire USA and they are much more specialized as compared to local and state police, for example the DEA enforces federal drug law, ICE enforces custom and immigration law, the IRS enforces tax law, the FBI is a general investigatory agency though they also are specialized in various things including but not limited to cyber investigations, counter terrorism, mafia investigations and serial killer investigations. The federal police generally do not bother small time offenders, they leave them for the local and state police agencies. They focus some on mid level offenders and primarily on the biggest offenders. If they are involved in going after a small time offender, it will be in a minimal support role for the state or local police. The intelligence agencies are on a completely different level. The NSA is tasked with the electronic forms of espionage that I already mentioned. The CIA is involved primarily in human intelligence, infiltrating foreign governments with moles as well as turning the agents of foreign governments to the USA. They are also involved in covert operations and a wide variety of other things, but predominately they are a human intelligence agency. There are other intelligence agencies specialized in creating signatures of events and then measuring variables trying to detect them (for example creating a signature of what a certain type of missile sounds like and then creating systems that can detect when those missiles are launched). There are a ton of different intelligence agencies and they are all extremely specialized in what they do and none of them are tasked with targeting criminals, they are not police agencies most of them are either military agencies (such as the NSA) or in a specialized class of their own (such as the CIA).
The FBI is a bit of a mix between a police agency and an intelligence agency though. They have criminal investigators but they also have investigators who specialize in counter intelligence (detecting spies in the USA) and counter terrorism. The FBI can be considered as a hybrid police intelligence agency, and they certainly scare me a lot more than the NSA does.
-
It is worth pointing out that post 9/11 these distinctions are less clear though. For example, I believe the NYPD is trained in counter terrorism and intelligence now as well. The general distinctions still stand but the lines are getting muddier. I still perceive the intelligence agencies as having a big fat line between them and the police agencies though (meaning I do not see intelligence agencies acting as police agencies), even if the police agencies are starting to act more like intelligence agencies.
-
but I am quite convinced that they are seriously only interested in stopping terrorist attacks and espionage.
WHAT? What terrorist attacks? The only real terrorist is the fucking american government.
If the NSA hasn't told some other US police monkey where SR is located it's because they want people to believe that they don't have the information, or some other twisted purpose, but they can do it in the future.
Also, the idea that the government is some big inept bureaucracy is mostly wrong. Yes, it's a big bureaucracy. No it's not inept at all, especially the most psychotic branch like cops and the military.
-
Sub
-
but I am quite convinced that they are seriously only interested in stopping terrorist attacks and espionage.
WHAT? What terrorist attacks? The only real terrorist is the fucking american government.
If the NSA hasn't told some other US police monkey where SR is located it's because they want people to believe that they don't have the information, or some other twisted purpose, but they can do it in the future.
Also, the idea that the government is some big inept bureaucracy is mostly wrong. Yes, it's a big bureaucracy. No it's not inept at all, especially the most psychotic branch like cops and the military.
Well the government claims that the NSA has foiled at least 54 terrorist attacks. Perhaps they are exaggerating, I really have no idea, but I believe fully that the NSA has stopped at least several terrorist attacks. They have also significantly contributed to the security of the internet, various operating systems and to the current state of the art publicly available forms of cryptography (although once they did try to sneak a backdoor in a random number generator they released). On the other hand, I cannot think of a single instance where the NSA contributed to the downfall of a criminal organization. Perhaps it is because it is classified information, but I do see there are many criminal websites that the federal police are struggling to bring down, and the NSA doesn't appear to be doing anything to help them.
I agree that the government is not a big inept bureaucracy at the highest levels. The intelligence agencies are full of extraordinarily talented and intelligent individuals, and the think tanks and the most powerful politicians are not idiots either. The military is the most powerful in the world. When you go down to police agencies and local politicians and such though, they tend to be less skilled and less intelligent for the most part, and they also tend to be grossly incompetent.
-
If your Tor circuit has an entry node in Sweden a middle node outside of Sweden and an exit node in Sweden and a destination outside of Sweden, the Swedish signals intelligence agency can certainly link you to your destination.
Certainly there are many circuit constructions that are essentially known to be insecure against specific intelligence agencies without them having any need to cooperate with foreign governments.
This is bad because a majority of clearnet sites are hosted in the United States. So if you select an entry guard in Sweden, which you keep for a month, the chances are extremely high that you will use an exit node in Sweden several times before rotating that entry guard, and most if not all of those times, the middle node will be outside of Sweden. There's been a lot of talk about circuit path selection based on ASes. Considering the recent revelations of state intelligence agency surveillance, perhaps path selection should be based on border crossings as well.
It is deceptive to say that Tor withstands all but global external adversaries. In reality it is more accurate to say that Tor completely fails in the face of a global external adversary. Anybody who can watch entry and exit traffic of a specific circuit can defeat Tor in that instance. Simply looking at open circuits is enough to demonstrate that traffic sometimes takes a path that makes it vulnerable to single intelligence agencies. If the intelligence agency is the signals intelligence agency of Russia or China or Japan then you can see that very rarely will they be able to compromise a Tor circuit from an external position, without cooperation of foreign intelligence agencies. But if the attacker is the USA, or Germany or Sweden or the UK, then you can see that they can compromise a large percentage of Tor circuits, especially the NSA can.
This doesn't factor in the reality of the vast amounts of data that they have to deal with. There are probably terabytes per second crossing the borders of the United States. The Tor network is currently pushing 2.5 GB/s so about 1 GB/s of that is crossing the US border, second after second, day after day. Tens of thousands of simultaneous circuits. I suspect it's incredibly difficult to pull anything useful out of that.
Our biggest protection is that we are needles in a haystack.
I wonder how sensationalized some of these responses are in wake of the Snowden uproar. While the logistics are intimidating on paper, why hasn't any real interception (Boston Bombers and Aurora Incident come to mind in the America) occurred even over clear net?
It seems as though, while there may be some database with everything I've ever thought stored within, there's no real cross-referencing or algorithm analyzing the data for warrant-producing gains.
I am sure DPR is far from being unwanted; why hasn't he (they) gotten located?
The threat is real, and I believe we have to take our precautions, but I think the reality of the matter is that it's still unlikely due to either technology or budgetary constraints (I hope).
-
It seems as though, while there may be some database with everything I've ever thought stored within, there's no real cross-referencing or algorithm analyzing the data for warrant-producing gains.
There probably are, but with massive data sets, they are mostly useless. "Big data" is the most overhyped thing in tech right now, like "cloud" services were a few years ago. If you have a data set with thousands of parameters and you analyze it a million ways, than even with a rigid standard like "1 in 1000 probability of being spurious", which is more formally called a p-value of .001, you are going to find a thousand associations like that! There are ways to address it, like the Bonferroni correction, but it is extremely difficult to find the 10 true associations and exclude the 990 false ones. You are bound to get high false positive and false negative rates. Then you will waste your time raiding innocent people, or spend a lot of money following false leads, and really a judge should never sign a warrant based on evidence that has a 40% chance of being false. The NSA's current standard is a 51% probability of being true, or what John Oliver described as "a coin toss, plus one percent".
With signal analysis specifically, large data sets suffer from the base rate fallacy: http://www.raid-symposium.org/raid99/PAPERS/Axelsson.pdf
A Tor developer named Mike Perry has argued at length that many of the threat assessments against Tor don't take it into account. Many of those assessments also suffer from publication bias (he claims) and are not reproducible under real world conditions, even when the researchers run their analyses on the live Tor network, because there are still components they control, such as the hidden service they are trying to find.
In one sense, it's good that the NSA is collecting vast amounts of data. It makes drawing robust conclusions more difficult, so the more the better
-
As another example, Google has been collecting data on millions of people for years. You can view your "ad preferences" in your account, where it will tell you whether Google thinks you are male or female, how old you are, and what your interests are. I've seen whole reddit threads where people posted their ad preferences and which parts were true or false. Not surprisingly, they suck! This is the tech company with the smartest people in the world and the most data on their customers, yet they get more things wrong than right.
-
It seems as though, while there may be some database with everything I've ever thought stored within, there's no real cross-referencing or algorithm analyzing the data for warrant-producing gains.
There probably are, but with massive data sets, they are mostly useless. "Big data" is the most overhyped thing in tech right now, like "cloud" services were a few years ago. If you have a data set with thousands of parameters and you analyze it a million ways, than even with a rigid standard like "1 in 1000 probability of being spurious", which is more formally called a p-value of .001, you are going to find a thousand associations like that! There are ways to address it, like the Bonferroni correction, but it is extremely difficult to find the 10 true associations and exclude the 990 false ones. You are bound to get high false positive and false negative rates. Then you will waste your time raiding innocent people, or spend a lot of money following false leads, and really a judge should never sign a warrant based on evidence that has a 40% chance of being false. The NSA's current standard is a 51% probability of being true, or what John Oliver described as "a coin toss, plus one percent".
With signal analysis specifically, large data sets suffer from the base rate fallacy: http://www.raid-symposium.org/raid99/PAPERS/Axelsson.pdf
A Tor developer named Mike Perry has argued at length that many of the threat assessments against Tor don't take it into account. Many of those assessments also suffer from publication bias (he claims) and are not reproducible under real world conditions, even when the researchers run their analyses on the live Tor network, because there are still components they control, such as the hidden service they are trying to find.
In one sense, it's good that the NSA is collecting vast amounts of data. It makes drawing robust conclusions more difficult, so the more the better
Mike Perry may argue that, but Nick Mathewson and Roger Dingledine will both tell you that observation of a single packet at two points on a Tor circuit is likely enough for linkability. None of the big name academic anonymity researchers actually think that Tor can even stand a chance of resisting an attacker who watches both ends of a circuit. Let's consider an active attacker who watermarks streams. Now, active attacking isn't required, and observation of multiple packets isn't required, but I can understand and explain the probability of a false positive for a watermarked stream much better than I can explain the probability of a false positive from arrival time of a single packet. Imagine that the stream carries 128 packets, since Tor packets are 512 bytes this means the stream of packets is 64 kilobytes. The attacker can delay individual packets such that an identifiable interpacket arrival time signature is inserted in the stream. Imagine that the attacker delays 64 kilobytes of traffic from the user, and then releases the packets one after the other with 50 milliseconds of artificial delay between each of them. This will add a few seconds of delay to the stream, but it will create packets that have a very unique arrival time pattern. The attacker could first run several Tor exit nodes and observe how many streams of packets come with a delay of 50 +/- 10 milliseconds between each of them (to take into account any potential minor jitter at the middle node). They are likely to find that absolutely no streams have this characteristic. When they modify the targeted stream, they force it to have this characteristic, and because the middle node does not artificially delay traffic, the watermark will permanently be embedded in the stream from the time it is inserted all the way up to the destination website. I highly doubt that there is any base rate fallacy that will cause false positives in such a scenario, especially if the attacker delays the individual packets for 0-50 milliseconds prior to forwarding them on, and then looks for that signature of interpacket arrival timings. In fact, it can even be done more smoothly than that. The attacker could insert a specific timing delay between the first two packets, and then if they detect two packets at another surveillance point that arrive with this timing characteristic, they release two more with a different delay, and then release more and more and more. If they observe their inserted watermark for 64 rounds it seems like it is very conclusive that they are observing the same stream at two different locations. Especially considering that there will be a correlation in the total stream size as well, and especially considering that they can do this bidirectionally (although considering that a single packet in one direction is enough, using unidirectional tunnels like I2P does is not a protection but rather doubles the risk of falling victim to an internal attack)!
I don't think that Narusinsight computers are capable of active attacks, but they can passively record and analyze the natural interpacket arrival timing characteristics of a stream in real time. Real time analysis by itself would not be as useful for a passive attack, in an active attack they could monitor for streams with their predetermined watermarks inserted into them, but for passive analysis they will need to compare fingerprints collected from all of their different collection points. But if they find a correlation between interpacket timing characteristics between a stream collected at one internet backbone and a stream collected at another, it is not at all likely to be a false positive.
I actually am considering making a simple graphical program that can observe a Tor stream and visually represent the packets (perhaps as tiny squares, with space between them representing the difference between their arrival time). It will be fun to send traffic through two nodes running this program, and then to visually compare the stream as it was recorded passing through the entry and the exit node, to see how closely they map together. Then I can add some delays as well, as well as visually compare the delayed stream at an entry node to an exit node. Of course there is no need to create a visual representation, but it just seems like a fun project to me, and it will perhaps help people to understand this attack better, especially if they notice that the watermarked stream looks strikingly different from all of the normal streams. Then maybe I will make a program that simply carries out passive interpacket timing correlation, and see the success rate it has with linking my own streams together out of the noise of regular traffic running over my nodes. It is not even as hard as comparing all streams through node 1 with all streams through node 2, it is at worst a matter of comparing all streams through node 1 and node 2 that are the same size, this can further be reduced by only comparing streams of the same size that share a middle node. If there are ten simultaneous streams through node 1 and 2 that are 100 kb and that share a middle node, something tells me it will not be hard to tell which of the streams is which simply by looking at the spatially represented interpacket arrival timing characteristics of the first several dozen packets of each stream.
-
Mike Perry is probably actually talking about website fingerprinting attacks rather than end point timing attacks. Roger also argues that fingerprinting attacks will have too many false positives to be useful. Of course there are others in the academic community who disagree with him.
-
It seems as though, while there may be some database with everything I've ever thought stored within, there's no real cross-referencing or algorithm analyzing the data for warrant-producing gains.
There probably are, but with massive data sets, they are mostly useless. "Big data" is the most overhyped thing in tech right now, like "cloud" services were a few years ago. If you have a data set with thousands of parameters and you analyze it a million ways, than even with a rigid standard like "1 in 1000 probability of being spurious", which is more formally called a p-value of .001, you are going to find a thousand associations like that! There are ways to address it, like the Bonferroni correction, but it is extremely difficult to find the 10 true associations and exclude the 990 false ones. You are bound to get high false positive and false negative rates. Then you will waste your time raiding innocent people, or spend a lot of money following false leads, and really a judge should never sign a warrant based on evidence that has a 40% chance of being false. The NSA's current standard is a 51% probability of being true, or what John Oliver described as "a coin toss, plus one percent".
With signal analysis specifically, large data sets suffer from the base rate fallacy: http://www.raid-symposium.org/raid99/PAPERS/Axelsson.pdf
A Tor developer named Mike Perry has argued at length that many of the threat assessments against Tor don't take it into account. Many of those assessments also suffer from publication bias (he claims) and are not reproducible under real world conditions, even when the researchers run their analyses on the live Tor network, because there are still components they control, such as the hidden service they are trying to find.
In one sense, it's good that the NSA is collecting vast amounts of data. It makes drawing robust conclusions more difficult, so the more the better
I'm not sure I agree with this. The more data collected means that there is more data to go through to find something if you are ever targetted. The effect on detecting crimes may be the same as not collecting the data but the effect on prosecuting crimes is potentially much different.
-
Even the effect on detecting crimes is significant. People are mistaken in thinking that the NSA needs to filter off so much noise that it is like finding a needle in a haystack, in reality filtering off noise is trivial. I highly suggest reading the following paper from 2009:
https://www.blackhat.com/presentations/bh-usa-09/TOPLETZ/BHUSA09-Topletz-GlobalSpying-PAPER.pdf
I will copy paste the majority of it, some small parts I did not though. Also I would like to point out that one of the authors, Steve Topletz, is a highly controversial figure in anonymity circles. On the other hand, Jonathan Logan and Kyle Williams are not very controversial. All of them have done work on commercial VPN software similar to JonDoNym, they have also contributed somewhat to Tor although Steve is pretty much an outcast in the Tor community, and has a history of being full of shit. That said, a lot of the things he was saying in 2009 in regards to the NSA turned out to be completely accurate, and I actually believe he was one of the first people to publicly point out Roger Dingledines past ties to the NSA. Steve has also given presentations on anonymity at several hacker conferences, as well as at least once at a police and intelligence conference requiring a security clearance to participate in. All of the authors have at least one or two published papers, but they are not very big names in the academic world. They are all pretty well known in the hacker scene though, especially Steve who is a CDC member.
In this article, we will present insight to the realistic possibilities of Internet mass surveillance. When
talking about the threat of Internet surveillance, the common argument is that there is so much traffic
that any one conversation or email won't be picked up unless there is reason to suspect those
concerned; it is impossible that “they” can listen to us all.
This argument assumes that there is a scarcity of resources and motivation required for mass
surveillance. The truth is that motivation and resources are directly connected. If the resources are
inexpensive enough, then the motivations present are sufficient to use them. This is visible in the
economic effect of supply availability increasing the demand. The effect is that since it is more easily
done, it will be done more readily. Another fault in the above argument is that it assumes that there is
only all-or-nothing surveillance, which is incorrect.
It is important to break down the resources required and methods available as well as the means of
surveillance in order to understand what realistic threat mass surveillance of digital communication is.
The resources required are Access, Storage, Traffic, and Analysis. In this paper, we are speaking about
digital communications, and these methods do not fully apply to purely analog communication, such as
POTS (normal telephone service).
ACCESS
Surveillence requires access to the communication to be surveilled. Data today is transmitted via
copper cable lines, fiber-optics, directed micro-wave communication, broadcast radio (WiMAX,WiFi
etc.), satellite, and a few other arcane methods . The most profitable transmission media for
surveillance, by far, are fiber, broadcast, directed micro-wave, and satellite. Fiber provides the benefit
of large amounts of data from a single “cable.” Broadcast radio provides the benefit of non-physical
accessibility. Directed micro-wave is easily acquired through classic stand-in-the-middle listening.
Satellite provides a very big footprint, where one needs only to be standing near the receiver of the
transmission.
Fiber cables provide the most interesting targets for surveillance. Almost all international
communication eventually goes over a few particular fiber lines, so this is where the tapping is focused.
This is a practice far different from the UK / USA Echelon system of the 1980s, which operated mostly
by targeting direct micro-wave and satellite transmissions, because international fiber-optic lines were
more rare. Today, tapping into fiber is easily accomplished through a variety of methods: splicing the
fiber-optic line, connecting to the repeaters, or tapping into the endpoint routers, and through even
more esoteric methods, like bending the fiber and detecting stray “ghost” photons1. Tapping in most
cases is purely passive, which means two things. First, the signals are being listened to and not
intercepted or modified. Second, surveillance-induced artifacts are non-trivial to detect by the endpoint,
which means there is no “click” on the phone to tell you that someone is listening in. This is especially
true in digital communications espionage, which is the focus of this paper.
Access to fiber-optic lines is mostly accomplished by connecting to repeaters and tapping endpoint
routers. That is what is being performed by AT&T at the request of the NSA. This method is
inexpensive in resources and easy to implement, plus it requires very few people to know about it and
to operate it. In the case of repeater connections, even the fiber owners may not be aware that their
lines are being tapped unless they find the tap during routine maintenance.
Civilians generally assume that the Internet consists of millions of independent lines that would have to
be tapped individually for mass surveillance. Luckily for signals intelligence gathering and analysis,
this is not the case. To tap into 90% of traffic connecting the Eastern Hemisphere to the Western
Hemisphere (GUS / RUS / AFRICA / MIDDLE EAST / EU to US), agencies only need access to either
30 fiber cables2 or half of the 45 landing points3. An alternate method to achieve such access to this
traffic is to install access devices in just seven of the correct Internet Exchanges4 (IXs), which are
where ISPs and backbones interconnect at a single location. Rest assured, all of above has happened at
various scales5 as intelligence agencies are pitted against each other to gain power through knowledge.
Competition levels of espionage can be represented as many sets of Nash equilibria6, where allies and
enemies are not in distinct groups. In specific game theory, it can be represented by the classic Arms
Race model7, with distrustful parties engaged in noncooperative escalation games.
A special property of the Internet, which lends itself to accessibility, is resiliency in routing; if you can
not tap into a specific route, then you can destroy it to have the traffic rerouted through lines that you
have full access to. Accidently drop an anchor on a submarine cable, or have an excavator accidentally
cut a line, and then execute a Distributed Denial of Service or Table Poison attack against the routers in
question. There is an endless amount of innocuous events which are created or exploited for covert
access to fiber-optic communications. For example, one event occurred in November 2005, where the
cable between Iceland and Scotland was apparently severed8, rerouting all traffic through the USA.
Such an event could easily be used for purposeful traffic rerouting, a tapping opportunity, or both9,10.
For tapping subjects that require more surgical precision and shorter time windows than typical dragnet
operations, there are additional options like breaking into routers to establish “shadow routes" on IXs
and landing points. A shadow route is where the traffic between two interfaces is mirrored and a copy
is sent to a third virtual interface, such as a GRE tunnel or IPSec Encapsulated Security Payload11.
It is important to keep in mind that a surveillance organization does not have to cover all nodes or
routes for full access. One must simply select the ones with the most connections or throughput to other
nodes in order to succeed. Tapping into the connection at any endpoint, transmission line, repeater, or
router is enough to obtain the access required for mass surveillance. After you have access, the
remaining work for mass surveillance is relatively trivial.
STORAGE
Storage, as well as traffic, are relatively expensive resources. It makes little sense to tap into
communication lines and not be able to store the data that you want. However, if you are able to select,
reduce, and compress the data you are interested in, then storage resource requirements decrease.
Today, the cost of storage using standard products on the market is high when compared to the total
amount of traffic traveling the Internet. The cost of storing a year’s worth of traffic is very high; for
2008 alone, it would cost over $33 billionA. However, if you use data reduction methods, then the total
storage costs are much lower. For example, it is not necessary to store a copy of all traffic each time
someone downloads a movie; it is enough to reference the movie. The same applies for webpages,
documents, and other uniform communications. By storing only unique Internet traffic at the data-
mining facility, storage costs are reduced to much less than 1% of the original projection, which brings
mass surveillance into close reach for many organizations like the NSA, which has a projected yearly
budget between $3.5b and $4b12, excluding covert operations (Black Ops). Italy implemented such a
system in 2007, named DRAGON13, to retain data acquired from the mass surveillance of their citizens.
Some countries, like Sweden, not only record traffic destined for their country, but they also record all
international traffic that crosses their borders14. Think of them as a nosy person who not only reads his
own mail, but rifles through his neighbors' mailboxes as well.
TRAFFIC
Captured data must be transferred from the temporary storage on the tapped line to the aggregate data
stored at the data-mining facility. Therefore, data of interest must be transferred to a collection point.
Using the above projections, transferring unique traffic from the tapping point to the data-mining
facility costs roughly $40 million annuallyB. This is entirely in the financial reach of both large and
small intelligence gathering organizations. Although it is not publicly known if any organization does
indeed copy and store all unique traffic on the Internet, game theory suggests that if it is both possible
and beneficial, then not only is it likely, but also, capable parties will scramble to do so just to remain
on par with their counterparts.
Analyzing the stored data is where real intelligence happens, and it is more demanding than both
storage and traffic requirements. Post-tapping analysis and offsite analysis should be differentiated;
post-tapping is what selects and reduces the data to that which is unique and of interest15, whereas
offsite analysis is where raw data is turned into intelligence to be acted upon. Post-tap analysis
typically occurs directly at the tap, and the resulting data is stored. Very little communication is of
interest for realtime surveillance, so data is rarely relayed immediately and is typically cached to be
transmitted at a time better suited to both the cost and detectability of the surveillance. For the purpose
of this document, we will always assume higher and padded costs in an effort to demonstrate the
maximum financial requirements. The reality is that the costs are much lower, especially when
equipment is purchased in massive quantities and resources are shared by multiple organizations. The
cost of post-tap analysis is approximately $4.5k per Gbps of trafficC. This means that the post-tap
analysis hardware cost for all unique global Internet traffic at full network utilization is roughly $530m
per yearD for hardware costs alone. Hardware costs consist of only 48% of the total cost before traffic,
with traffic, datacenter upkeep, energy, and storage maintenance making up the rest. This brings the
total post-tap costs to approximately $1.13b per year, not including the installation and maintenance of
access components, which is an additional $1.5b per year. Offsite analysis costs vary, and depending
on what operations and techniques are performed on the unique data collected from the entire Internet,
costs could start at a few million dollars and reach up to a $1.5b in yearly costsE.
The total cost of surveilling all unique Internet traffic in the world is approximately $4.4bF, with a
variance of around $500m, depending on what is done with the information. Since the regions of
interest are different, with some intelligence organizations focusing on multi-national rather than global
surveillance, the cost for non-global mass surveillance of the Internet is less than $1.5b per interested
party. Eight particular intelligence-service countries have a strong interest in acquiring total global
surveillance; those are the United States, the United Kingdom, France, Germany, Russia, Israel, China,
and Australia. Other countries are restrained in their interest, limiting their appetites to those of their
domestic and foreign intelligence services16, which request spying on their citizens and neighboring
traffic.
Economically speaking, this is far less than many countries spend on things like military weapons or
state police17, all while providing an invaluable threat and strategic intelligence. This financial estimate
assumes that the selection of unique communication is 100%, without regard to protocol, and includes
all website, e-mail, and VoIP traffic. This estimate also assumes that it is a single party doing the work,
and that resources like taps, storage, and manpower are not being shared. In practice, however, many
allied countries share intelligence resources. One probable example would be the United States and
Germany sharing hardware taps of Middle Eastern traffic. As we can see in most "developed"
countries, today the actual work is outsourced to private contractors by legislative mandate, such as the
EU Data Retention Directive18, which provides no funding and shifts the burden entirely upon private
Data Centers and ISPs. In some countries, ISPs are required to provide the access, storage, and traffic
components or do it for their own profit by participating with interested 3rd parties, such as Nokia &
Siemens19. Given the minimal costs compared to both the budgets and perceived benefits, it is naive to
assume that mass surveillance is not being employed.
A netflow is a relationship between one computer and another one; the word "connection" does not
really apply to packet-based networks. One thousand active “professional” Internet users create
between 30k-50k concurrent netflows with roughly 80 Mbps to 250 Mbps of sustained bandwidth
consumption. Occasional Internet users, the majority, create much less. The numbers appear huge at
first glance, but applying professional processing equipment and software can reduce those huge
numbers to an easier-to-handle set of information that can readily be acted upon. Communication
surveillance analysis uses the Escalation of Surveillance concept, executed by four basic methods:
Classification, Interpretation, Reaction, and Selection.
Escalation of Surveillance means that, depending on previous analysis, the computers reserve more
resources to spy on a specific target. How they do it depends on the rules given to the Reaction
component and can be exceptionally complex. The escalation process does not stop at the post-tap
analysis stage, but instead, it "trickles up" to the offsite analysis. Additionally, if a target becomes
interesting due to escalation, then other people in connection with the target become more interesting as
well. This is because of context classification, and it can be summed up as “guilty by association.”
Technology makes it possible to interconnect seamlessly and inexpensively the post-tap installations
and the semi-automatic creation and updating of reaction rules. Therefore, escalatation of resources
spent on ancillary target groups that are connected to an escalated target can happen almost in
realtime20.
When communications are tapped into, the first step for analysis is Classification. The two types of
classification are Content classification and Context classification.
Context classification defines what kind of data (protocol) is transferred and who transfers it. Context
classification on IP networks, such as the Internet, is trivial because the underlying protocols provide
all required information in a form that is easy for computers to read and understand. With the advent of
Deep Packet Inspection, the context classification even touches the application protocols (Layer 7
analysis) and payload (classical deep packet inspection). The result is not just having the conclusion
"XY reads a Google page", but also being able to state "XY searched for porn on Google.” The data
generated by context classification is ideal for storage and later data-mining. Such data sets are
relatively small and have a precise meaning. It is fair to assume that the majority of Internet
surveillance focuses on context.
Content classification defines what type of data is transferred and what meaning the data has. In most
cases, content classification only considers the type of data, such as pictures or movies, but in some
cases, the meaning of the data is of interest. Content classification is especially effective on unique
Internet traffic. The Google logo is transferred millions of times every day, however, it is not unique; it
is classified once, put into a reference table, and never revisited. The same goes for most web and p2p
content. Combined with context classification, a resulting data set would say "XY downloaded a nude
picture of Angelina Jolie from webpage Z". The resulting dataset will be less then 200 bytes, regardless
of picture size, and by the time the first 5 to 10 packets are transferred, the connection has already been
analyzed21. One real-life example of this technique is a Bundeskriminalamt22 operation under the
auspices of stopping child pornography. It references known child pornography images, generates a
reference, and then watches to see if those references appear in network traffic. The effect is that they
will instantly know if anyone on their network is sending or receiving such images. This technology is
not limited to images; a checksum of any dataset can be programmed into their scanner, such as
sensitive or politically embarassing documents uploaded to Wikileaks. If the content, however, is not
unique, then the Classification method fails, and the next method used is Interpretation.
-
some more:
Interpretation of unique data means that the data is translated into a form that data-mining can act
upon. For e-mail, that means that the text is analyzed by semantics analyzers23. Such an analyzer
running over this document will return something similar to "Analysis of Internet surveillance
feasibility and implementation." These tools are able to find out the most important words, places,
times, subjects, and people mentioned in the communication content in only a fraction of a second. The
resulting data set for analysis will be relatively small (around 2-5KB), machine readable, and easy to
store. After content/context analysis and interpretation are completed, the result is a data set that can be
reacted to. Further automated analysis, such as Writeprint24, can be performed for profile development
of specific targets, including author discovery of anonymous publications.
The next two steps are a dual-factor component, requiring both human presets and computer
processing. Reaction is programmed into the computer as a rule set, as it requires abilities beyond
those that a computer can intuitively choose or measure, reporting back if the traffic is interesting or
not. In the Selection process the data is combined with a vector that holds "points" for the various
interests the spying party associates with it. While the programming is a thing performed by humans,
the "interest vector" is computed automatically. Depending on the "interest vector", the data might be
thrown away, cached locally to be combined with additional data, or transferred to offsite storage and
processing. Both Reaction and Selection are completed very quickly, during which the parties of
communication are re-classified as well, which accomplishes Escalation.
Computers can make a lot of sense out of seemingly harmless data. They are able to correlate many
communication processes, and they are able to remember things of raised interest. Given the low cost
of processing required at different stages and the cheap storage available, it is likely that a historically
detailed profile25 of all communication of an individual is created.
III. IMPLICATIONS
The result of inexpensive Internet surveillance measures that do not require human intervention is a
collection of data for offsite analysis26 and reaction. It is entirely possible to automatically create
classification, interpretation, and reaction rules that preselect certain communication participants for
more in-depth surveillance without any human interaction.
If a person shows an unusual communication pattern, perhaps at the 80th percentile, then this person
becomes someone of greater interest to agencies conducting espionage. The communication patterns
that are analyzed could be over months, and include online hours, contacts of 1st and 2nd and 3rd
degrees, web search terms, and the interpreted content of all communication. The only thing that
effectively keeps spy organizations from automatically spying on you is if your total communication
profile, and the communication profile of the people in your social environment, are entirely
uninteresting to them both now and in the future.
It is feasible and realistic to expect that Internet mass surveillance of a certain scale and reach already
exists worldwide. The analytic capabilities of current technology is exceptional, and since the long-
term memory is inexpensive for data of interest, it is therefore likely to exist. That means that both
innocent actions and the actions of those in your social environment can trigger more in-depth
surveillance in an automatic fashion. The human and technical resources required for Internet mass
surveillance are not only within the reach of many parties, but they also constitute a small fraction of
their available resources. If it is assumed that there is any motivation for mass surveillance, then all
other factors aside, the economics suggest that it is performed on an astronomical scale not only by
nation states and their agencies, but also by corporations. Looking at the sales data available for
specialized surveillance and analysis equipment offered to the market, it is naive to assume that many
bytes of communication escape surveillance.
The distinguishing matter is not if individuals are being spied on by computers (because they certainly
are) but if they are also being spied on by people. Signals intelligence always has been a large portion
of an intelligence agency's budget, and it is more so after the American tragedy of September 11th.
International corporations that try to control information leakage, public image damage, competitive
analysis, and outright espionage are also increasing their signals intelligence budget. This is especially
true in times of economic turmoil, where there will be globally-heightened competitive intelligence
competition. Furthermore, intelligence gathering is the bread-and-butter of many “dot com” companies
that provide their services for free, such as Google, Yahoo, and MSN27. These companies and their
offerings are ubiquitous, so the issue is not if or why they do it, but how you become a person of
interest.
IV. THREAT ASSESSMENT
The specific motivation to select your communication for analysis does not have to be high at all. It is
an anticipated future interest and is visible in data retention and other “preventive” measures employed
by governments today. The motivation can be anything interesting to an agency, including web
searches about tax savings, e-mails from those with unpopular political opinions, interest into certain
technological trends, the layout of your stock portfolio, the grade you achieved in your chemistry
course, the position you hold in a company, and participation in a group of interest. The list of
“interesting” activities is innumerable, and the more interesting your activities, the more elevated you
are as a surveillance target. In fact, anyone reading this paper, especially those reading it online for a
longer time or increased frequency, would almost certainly elevate their status as a surveillance target.
Staying below the radar can be extremely hard if you are in any way different from the majority of the
populus.
When surveillance becomes trivial for an unrestrained party, then it will be done, and sadly, there is no
good reason that they should not do it if they are unrestrained. Most of the notions against the reality of
mass surveillance are based on "scarcity of resources and motivation" arguments. It has been
demonstrated in this document that there is no scarcity of resources to do surveillance or store its
results, only to act upon it by human resources. In our current world, there is no scarcity of motivation
to do it either. In fact, there is a whole industry and even political parties lobbying on the behalf of
surveillance. There are enough power-hungry people that want to stay in power and institutions that
exist to self-perpetuate. Someone once said that the Internet is not only the best tool for mass
communication but also the best tool for mass surveillance and control ever created. That person was
right.
V. CLANDESTINE INTELLIGENCE GATHERING
Clandestine intelligence gathering is spying performed by agencies and corporations that do not have
"lawful interception"28 privileges, lacking legal authority and legitimate access to infrastructure. This is
the traditional idea of espionage, where one country or company is spying on another or a target group.
The stages are similar to traditional surveillance; however, the methods used tend to be less traditional
since the spying organization involved does not have conventional communications access but also is
not confined by the rule of law.
Clandestine intelligence may be as insignificant as one auto dealer spying on another to gain an
advantage29, or as disturbing as a country spying on the government employees of a rival country to
cripple their defense infrastructure in preparation for a future war30.
Data collection for clandestine operations follows the path of least resistance, depending on the
objective. Because clandestine data collection is not lawful, it cannot be overtly employed, but instead,
it must be covertly deployed using either Open Source Intelligence (OSINT) or "covert intelligence"
techniques. Open Source Intelligence gathering "involves finding, selecting, and acquiring information
from publicly available sources and analyzing it to produce actionable intelligence... The term open
refers to overt, publicly available sources"31 as opposed to covert intelligence which refers to private,
classified, or illegal sources.
One example of an Open Source Intelligence gathering source is the Tor Network. The Tor Network is
an anonymity network that is participation-based and allows anyone to access communications traffic
of its users; however, it also attempts to obfuscate the origins of the traffic in order to render the user
anonymous. The inherent weakness of the Tor Network is that each node in the network acts like a
miniature IX, routing the traffic of other users and giving easy eavesdropping access to anyone who
wants to abuse it. The Tor Network provides an endless supply of interesting traffic, specifically
because the users are those who wish not to be observed or identified. Because this traffic is both
suspicious and interesting, it is the natural target of surveillance by both state agencies32 and hackers33.
In an Open Source Intelligence gathering model, the spying organization might operate Tor nodes and
perform traffic analysis to identify political dissidents34, capture sensitive government credentials35, and
even to deanonymize36 and correlate traffic back to reporters, bloggers, and governments agents.
Covert intelligence gathering for clandestine surveillance uses non-traditional methods to acquire
communications access. These are typically Black Ops programs which employ trojans37, bribery,
blackmail38, misdirection39, and infiltration40.
VI. END NOTES
This article exclusively deals with the possibilities and methods for passive surveillance of non-
participants of the communication being surveilled. There are numerous other methods of surveillance
and data collection existing on the Internet. Those include cookies, spyware, log file aggregation,
system fingerprinting, and many other methods.
VII. Q&A
Q: What about using word scrambling to defeat language analysis?
A: The technology used in most word processors is good enough to instantly reconstruct large portions
of a scrambled text. The approaches by systems working with semantic analysis, context and subject
discovery, as well as whole text probability, are even better. They might not be able to reconstruct
every single word, but rather, just enough of the content to make sense of it. The same is true for most
if not all "good advice" given by friends. Good security is not that easy. If advice does not include
strong cryptography, it is uninformed at best, and disinformation at worst.
Q: Are encryption users more likely to become targets?
A: As mentioned in the article, one of the methods used is to find out unusual traffic and content
patterns. Using e-mail encryption is something unusual for the normal population. There have been
several cases where the use of encryption increased the interest of investigating agencies. However, we
still think that it is a necessary and smart move to encrypt everything you can. Surely you cannot beat
context analysis with encryption alone, but content analysis and interpretation can be rendered much
less effective or even impossible.
The advice we would give is to encrypt all your communication every time. It is better to have a
consistent communication pattern than to only encrypt occasionally because the total amount of
valuable data collected will be lower. If you are only encrypting information you think is sensitive, then
it is also known which communications should be more heavily analyzed.
Q: Are people using anonymity networks more likely to become targets?
A: Yes. The total number of available anonymization services is small. Just a few thousand computers
in total are serving in publicly available anonymity networks. To target all traffic going to or from
those computers is trivial. However, only a really big adversary would be able to automatically trace
and connect the various relayed packets to each other, and those adversaries surely exist.
Looking at the network layouts of the more popular anonymization networks, it is actually not hard to
watch all traffic they relay. Some services make it hard to identify single communication events when
watching only a limited set of the total connections that exist; at the same time, this increases the
crowding effect (hiding in the crowd). With effectively executed crowding, you will be seen but not
necessarily identified.
Q: But company X said they use technology Y. Won't that protect me from all adversaries?
A: No. It is true that technologies exist to drastically increase your privacy on the Internet. However,
none of them protect you against an omnipotent attacker. Most are good for evading nosy marketing
groups, though few are good enough to hide yourself from the eyes of domestic security agencies.
However, none will protect you against a motivated attacker with global access to the Internet. If your
anonymization service is decent, then they will have a note in their website or documentation that
effectively states, "Do not rely on this technology if you require strong anonymity." If they aren't
decent, they will say, "We make you 100% anonymous on the Internet."
Q: What can be done?
A: Writing to your congressional representive will not stop spying. Politics and public opinion will not
help at all to reduce or even solve this problem, because politics and public naivete created the
problem. There are only seven things you can effectively do:
1. Accept that the world is not a place where everyone believes others should be free.
2. Use self-defense technology such as adequate anonymity services and best practices.
3. Use encryption on all your traffic, and support programs that employ opportunistic encryption.
Even weak and poorly-implemented encryption is better than plaintext, because it cripples
spying by reducing it to context analysis.
4. Call up your ISP and tell them you want a dynamic IP address, because static IP addresses are a
threat to your privacy. If you work at an ISP, insist that it assigns IP addresses dynamically, not
statically.
5. Prepend common data to the first 1k of your data transfers to defeat modern checksum analysis.
6. Fight against any force that wants you to give up your freedoms and privacy.
7. Teach others how to fight for their privacy as well.
Protecting your privacy does not come for free today, and it never has. One last word to the wise: those
that shout the loudest that they will protect you or those that do it for free are not necessarily those that
have your freedom and privacy in mind. There is no such thing as a free lunch!
VIII. ABOUT THE AUTHORS
Jonathan Logan works as a communication network consultant for Xero Networks AG and
Cryptohippie PA Inc. He can be reached via email at j.logan at cryptohippie.net (PGP Key:
0xE82210E6) Steve Topletz is the operations advisor for XeroBank, an anonymity service operated by
Xero Networks AG. The opinions expressed in this article are those of the authors and do not reflect
the views of Xero Networks AG, Cryptohippie PA Inc., their management, or their respective owners.
If you want to distribute this article, please contact the authors.
-
and finally
IX. EXHIBITS
Note: Figures used in calculations are designed to be rough and larger than actual costs, in order to
demonstrate maximum reasonable costs.
Exhibit A: (http://www.dtc.umn.edu/mints/home.php) 5000 ~ 8000 PB / month. Presume ~85th
percentile at 7500 Petabytes * 12 months = ~90 Exabytes (94,371,840,000 GB). Data warehousing
costs are approximated to $0.35 / GB / year, ($0.168 / GB hardware, $0.014 / GB power, $0.091 / GB
housing, $0.077 / GB maintenance; breakdown derived from classified source, traffic costs not
included). 94,371,840,000 GB * $0.35 / GB = $33,030,144,000 USD / year.
Exhibit B: 1% * (94,371,840,000 GB) x $0.02 / GB fiber-optic transfer x 2 destinations (collection and
endpoint) = $37,748,736 total fiber-optic transmission costs. Note that although internet traffic doubles,
unique traffic does not increase at the same rate, so 1% is a shrinking figure as total traffic increases.
Non-unique traffic is typically limited to personal communications such as VOIP, email, and instant
messaging.
Exhibit C: IBM BladeCenter PN41, 20 Gbps @ $90,000 = $4.5k / Gbps. Similar costs across the board
(90k wholesale, 106k ~ 120k retail) with other DPI / traffic analysis solutions (Narus, Sandvine, LSI,
Qosmos, Interphase, Ellacoya etc).
Exhibit D: ~90 Exabytes raw analysis / 1 year = ~24 Tbps (23.36) average usage (20Tbps domestic, 4
Tbps international) @ 20% utilization = 117 Tbps (@ 100% utilization) x $4.5k Gbps = $526,500,000
USD. Hardware has a yearly cost of 48% of costs before traffic (power, housing, maintenance). Costs
before traffic are $570,375,000 ($526,500,000 / 0.48 * 0.52), and traffic costs of $37,748,736 bring the
total to $1,134,623,736 for all costs post-tap / pre-analysis.
Exhibit E: Maximum 5000 tapping points worldwide x $3,000,000 / tap / year for physical surveillance,
compliance, black operations, tap installation, and maintenance, and upkeep costs. In Germany alone,
there are 30 major backbone loops, and 10 major IXs, which require multiple taps for total surveillance.
Exhibit F: The cost of Access is $2.27b, consisting of $527m for Traffic Analysis, and $1.5b in Tap
Installation and Management (Exhibit E). The cost of Storage is $570m (Exhibit D), favoring the larger
cost against the 1% of $33b (Exhibit A). The cost of Traffic is $38m, and the cost of Analysis can reach
as high as $1.5b. $2,270m + $570m + $38m + $1,500m = $4,378m.
-
So, apparently google got my gender wrong. Does that mean that when the NSA asks them google will give the NSA wrong information?
However, I don't recall if I explicitly lied to google about my gender. More than likely I did. In which case, google didn't get it wrong, though they are stupid if they trusted the info I gave them.
-
Roger Dingledines past ties to the NSA.
What ties are those?
-
Is there any way to actually hide our use of TOR? Surely, anyone using TOR is automatically 'flagged'? Especially in a police state like Australia where apparently that's a better use of public money than say something actually useful, like sporting facilities or more doctors or sorting out our embarassing education standards. No, being a police surveilance state is a great use of resources apparently.
What's the deal with using TOR and being flagged? Can LE work out what's happening in TOR? Is it better to just leave it on to make pattern analysis harder or something?
Really annoying we have to behave like this. Lets all hope and push for a more humane society that doesn't treat mature adults like naughty sinful children, at our own expense through our taxes. It's just ridiculous.
At least Silk Road cuts out all that crap on the streets. I hardly see gang warfare and child exploitation erupting around Silk Road. You'd think LE would be grateful for Silk Road for that reason alone? Will we ever have a free society where people are trusted to make their own decisions? Or even better, a society where people can feel safe to talk to doctors about their 'self medication' without fear of being labelled a criminal and destroying their entire life, career, family, you name it For F's sake.. At least then you'd see less harm and more responsible use at least.
How backward are we.
The only real reason for concern I see around Silk Road is exposure to children who make get on it. That's a real legitimate concern and a time bomb waiting to go off I'm sure. I have no idea how to solve that one.
-
Roger Dingledines past ties to the NSA.
What ties are those?
He worked for the NSA as an intern for a while, and implemented Tor shortly after leaving. I don't know what he did for the NSA, but I imagine something to do with traffic analysis. He still has a lot of friends in the NSA as well. He actually is fairly open about this, although I heard about it from Steve quite some time before I saw him admit it publicly. Actually two of the lead Tor developers have ties to US intelligence agencies, Dingledine to the NSA and Syverson to Naval Intelligence. I think Mathewson is the only lead developer without a US intelligence background.
-
So, after working for the NSA he wrote Tor for the navy?
You know, the politics of Tor developers suck big time. They are somewhat similar to your delusional comments about the NSA stopping terrists...
ps: and Dingledine tends to downplay/ignore the abilities of the US government. They also tend to talk about 'oppresive regimes' like china and iran and congratulate each other on their 'fight' against 'censorship' there....while seeming to forget what their own government (and employer) does.
-
Is there any way to actually hide our use of TOR? Surely, anyone using TOR is automatically 'flagged'? Especially in a police state like Australia where apparently that's a better use of public money than say something actually useful, like sporting facilities or more doctors or sorting out our embarassing education standards. No, being a police surveilance state is a great use of resources apparently.
What's the deal with using TOR and being flagged? Can LE work out what's happening in TOR? Is it better to just leave it on to make pattern analysis harder or something?
Really annoying we have to behave like this. Lets all hope and push for a more humane society that doesn't treat mature adults like naughty sinful children, at our own expense through our taxes. It's just ridiculous.
At least Silk Road cuts out all that crap on the streets. I hardly see gang warfare and child exploitation erupting around Silk Road. You'd think LE would be grateful for Silk Road for that reason alone? Will we ever have a free society where people are trusted to make their own decisions? Or even better, a society where people can feel safe to talk to doctors about their 'self medication' without fear of being labelled a criminal and destroying their entire life, career, family, you name it For F's sake.. At least then you'd see less harm and more responsible use at least.
How backward are we.
The only real reason for concern I see around Silk Road is exposure to children who make get on it. That's a real legitimate concern and a time bomb waiting to go off I'm sure. I have no idea how to solve that one.
Use public WiFi and you won't need to obscure your Tor use.
-
The theoretical concept for Tor was originally developed by Paul Syverson for the US navy, the publicly available Tor program that we are using today was implemented by Roger Dingledine sometime after he left the NSA, as well as Nick Mathewson. I don't think that Dingledine thinks that Tor is adequate to prevent the NSA from pwning people, nobody with an in depth understanding of anonymity networks and signals intelligence really thinks that Tor can resist the NSA.
I am not worried about the Tor developers. They seem to be very libertarian. I don't think that Dingledine is against liberty, in fact I think he is very strongly in favor of freedom of speech and liberty and freedom. I also think that the NSA is almost entirely focused on preventing terrorism, protecting the cyber infrastructure of the USA, and gathering intelligence on foreign governments and such. The NSA is not a police agency, I am not worried about them. If they wanted to shut down SR then SR wouldn't be here. Our security is no match for the NSA. If the FBI or DEA were capable of pwning SR, I think a lot of us would be in prison right now. That is enough for me to feel as if the NSA is not interested in acting as a police agency. In fact, the NSA has not even shut down any of the major child pornography sites on Tor, or even targeted the child molesters using Tor to post their child abuse images. Targeting drug users or CP users is far from their primary interest, and if doing so has even the slightest chance of compromising their ability to gather intelligence on terrorists or foreign agencies, you can rest assured that they are not going to do anything.
-
Use public WiFi and you won't need to obscure your Tor use.
Nice in theory but incredibly impracticle for most people. There are not exactly stacks of free wifi spots where I live.
Any other ideas about obscuring TOR use or should I even be concerned? Surely it's not just Silk Roaders and crims and terrorists that use TOR? If that is the case them I'm f'ed, I've already been flagged I'm sure.
-
The only real reason for concern I see around Silk Road is exposure to children who make get on it. That's a real legitimate concern and a time bomb waiting to go off I'm sure. I have no idea how to solve that one.
Well it's just as likely as a child talking to someone that can get them drugs at school. You can't shield children from the world around them, you must educate them about it. This thought terrifies most parents I've met oddly enough.
Nice in theory but incredibly impracticle for most people. There are not exactly stacks of free wifi spots where I live.
Who said anything about free? You can crack most wireless passwords fairly quickly. And if you have a high output antenna (7db+) you can pick up wifi from several distant locations and cycle through them regularly as well.
-
Is there any way to actually hide our use of TOR? Surely, anyone using TOR is automatically 'flagged'?
It's unlikely that Tor users are being flagged in Western countries. You come to this forum and see thousands of drug users on Tor, but you have a biased view. Millions of people use Tor for dozens of reasons. Picking out the drug users would be difficult without other evidence, in which case it's only the other evidence that matters. Using Tor isn't evidence of committing any specific crime. Some regimes detect and block access to Tor. They are mainly in the Middle East and China, although there are others, like Burma. Some people in Russia want to ban access to Tor, but that's another shithouse country under Putin. That isn't happening in any Western countries.
All the being said, your ability to hide your Tor use depends on the sophistication of your adversary. In some countries, using bridges is sufficient to bypass restrictions on accessing the Tor network. The Chinese government actively probes for and blocks bridges, including those that use the obfsproxy version 2 protocol. That's why the Tor developers have created a more sophisticated version 3 protocol. As far as I know, it is working. The Chinese government hasn't found a way to detect those bridges yet.
So even if you think your adversary is as sophisticated as the Chinese government, and actually cares about watching you, an obfs3 bridge *should* be enough to protect you, for now.
What's the deal with using TOR and being flagged? Can LE work out what's happening in TOR? Is it better to just leave it on to make pattern analysis harder or something?
They can "work out" what's happening if they can watch both ends of the circuits you build through the Tor network. For example, if they ran your entry guard and exit node, they could see who you are (your IP address) and what you are doing (the site you're visiting). That applies to clearnet sites. For hidden services, they would have to be positioned as either the hidden service's entry guard, an introduction point, or the hidden service directory. Given the size of the network and the long rotation period of entry guards, it's difficult to target a specific person to watch both ends of their circuits. An adversary can spin up relays and observe a few random people, though. Same with hidden services. They could spin up a bunch of relays and brute force a key to become a hidden service's directory, and then wait for people to randomly select their entry guards.
Bridges are a solution to this problem as well. Once you configure the browser bundle to use a few bridge IP addresses, it will always use them. So as long as those bridges are not malicious and stay that way, you won't rotate entry points and select malicious guards.
Really annoying we have to behave like this. Lets all hope and push for a more humane society that doesn't treat mature adults like naughty sinful children, at our own expense through our taxes. It's just ridiculous.
I can cheers to that!
-
It's unlikely that Tor users are being flagged in Western countries. You come to this forum and see thousands of drug users on Tor, but you have a biased view. Millions of people use Tor for dozens of reasons.
Security by obscurity is a good strategy then eh.. How popular is TOR now relative to 'criminal' activities? I'm hoping that many people use it for just porn or whatever. China and those type of countries are a complete joke, what a god awful society they are. No wonder they all look completely screwed in the head. It's so ironic that governments would use money given to it by its people to control and squash those very same people. It's just sick. And it's happening slowly in Western countries too. Think about that every time you pay tax, when you go to work each day, that you are working to support someone somewhere to invade your privacy, judge you, control you and try to ruin your life by dragging you out in to the open. Especially when it's just 'self harm' without harming others (and even then debatable). It's just totally sick. And we pay for it with our hard work and sacrfice every day like slavery. Right now some LE will probably be reading this, paid for by the same people he or she is trying desperately to ruin just out of pure spite and selfish career ambition, paid for by that person. I don't think many people really consider who pays for the millions of 'top secret' cleared spies in the USA when terrorism and possibly drugs (?) cause less death and harm than cars, ladders, MacDonalds and crappy junk foods, obesity, etc. Imagine what better use the USA could find for the 8 or 9 trillion dollars they spend on military and people squashing. Imagine if that money was spent on say actual real jobs, health etc for a change. No wonder America stinks and everyone's poor.
Think about this every time you drag yourself to work in a crappy job you hate and get yelled at all day, what you are paying for and why your economy stinks. Every LE officer monitoring this forum should think about this too, who paid for them to sit there eating junk food looking for ways to squash and humiliate people and destroy their lives and families - causing more harm by dragging them out in to the open than the drug use itself causes. Enjoy your doughnut LE person, paid for by us as you find someone else to squash and humiliate. We'd be better off paying for a doctor to do some actual real good for a change. We never have enough money for doctors and school teachers, but *always* have money for spies and LE surveillance. Just look at the USA. Medical system is a joke but at least they can boast about reading every private email in the world. Great achievement, land of the 'free'. More like 'land of the squashed'.
We all need to put a stop to this and demand our money be put to better use. We need more doctors and teachers, not more surveillance. Imagine if we sacked every LE officer on this forum and replaced them with doctors giving solid advice about harm reduction instead. We have probably thousands of LE reading this right now, but only one doctor I know of who can give an hour every now and then to exhaust himself answering hundreds of questions. Where is the sense in that? And he's probably doing it for free because the state thinks doctors are a waste of money. What a joke of a society we've allowed ourselves to become. And every time it's questioned or exposed, they commit more money to hunt it down and squash that too like a never ending cycle of spending more and more money on squashing people, squashing the squashers who don't want to squash any more, while have only ONE doctor, working for free, on this forum.
If we don't stand up against this, we will eventually have another Russia that collapsed not from being beaten in a war, but simply because they spent all their money on squashing until there was no money left for anything else and everyone just sat around being paranoid all day rather than inventing great new stuff or creating actual jobs. I read once that at the height of Russian squashing - every letter was read by the KGB (paid for by the squashed) and everyone was paid to spy on everyone else. America just sat back and let them spy themselves to death while the country rotted, they didn't have to do a thing.
And now we're doing it to ourselves, destroying our economy and jobs just to ensure that stuff that kills and harms less people than people falling of ladders or having car accidents or dying off legal and heavily marketed junk food and obesity is thoroughly and utterly squashed. But we have enough money to bomb and abuse people in Afghanistan and wage all sorts of hideously expensive 'proxy wars' around the world. While we haven't sent anyone to the moon in what - 30 years? We gave up on the moon, lost our dreams, our hopes, our ambitions as a species while we spie ourselves in to extinction. What will be left of our fossil record? A few half hearted attempts to land on the moon but a massive fossilised city building full of spies... Great... Meanwhile cancer rates are going through the roof - thanks to junk food and crappy lifestyles.
CANCER, and mostly PREVENTABLE cancer is causing MUCH more harm EVERY day than anything here, ever, period.
If we put 1/100th of that funding in to doctors giving advice here instead, you'd see 10 times more 'return'. Doctors giving advice on how to bring cancer rates back down from one in TWO (massive increase since even the 1980s - look it up) to what it was before, which was almost none... Ever heard of native tribes riddled with cancer?? Think about that.. Why are we all dropping like flies from cancer EVERY day while we pay for this crap????
I hope all you tax funded spies reading this feel great about your job now. You really take our money and make such a beautiful world with it.
So as for TOR, I hope the world rises up and everyone just starts using it (if the network can handle it) - get rid of Google, Facebook etc and all their relentless spying and selling of our deeply private details too.
As for hiding TOR, is this obfuscating bridge thing hard to set up? Does it look like 'normal' traffic to these spies we're paying for every day with our hard work and sacrifice?
-
As for hiding TOR, is this obfuscating bridge thing hard to set up? Does it look like 'normal' traffic to these spies we're paying for every day with our hard work and sacrifice?
You need a special browser bundle for it, which you can get here: https://www.torproject.org/projects/obfsproxy.html.en
They are listed under "Download the Pluggable Transports Tor Browser Bundle".
These special bundles will become the regular browser bundle in a few weeks (they are still experimental).
Then go here: https://bridges.torproject.org/bridges
Copy the "obfs3 <IP address>:<Port>" lines and add them in Onion Icon -> Settings -> Network -> My ISP blocks connections to the Tor network -> Add a bridge.
-
They seem to be very libertarian.
libertarians do not work for the american military.
The NSA is not a police agency, I am not worried about them. If they wanted to shut down SR then SR wouldn't be here.
I never said the NSA will shut down SR. What they will do is tell some other government monkeys how to find SR.
if doing so has even the slightest chance of compromising their ability to gather intelligence on terrorists or foreign agencies, you can rest assured that they are not going to do anything.
Again, terrorism does not exist, except for US terrorism (which is massive, but oddly it's not the terrorism you seem to have in mind)
Do you think these alleged terrorists discuss their plans on facebook and gmail? Or even Tor? Don't be silly.
Maybe one of the purposes of the NSA is to spy on 'foreign' governments, but their main purpose is to spy on ordinary sheep. both american sheep and foreign sheep.
-
libertarians do not work for the american military.
Lots of libertarians work for the US military. The US military is not a police force.
I never said the NSA will shut down SR. What they will do is tell some other government monkeys how to find SR.
Extremely unlikely.
Again, terrorism does not exist, except for US terrorism (which is massive, but oddly it's not the terrorism you seem to have in mind)
US commits terrorism but terrorism is also committed against the US and its allies, on a fairly regular basis. One of the reasons terrorism is not committed as frequently on US soil is due largely to the efforts of intelligence agencies.
Do you think these alleged terrorists discuss their plans on facebook and gmail? Or even Tor? Don't be silly.
Osama Bin Laden had a courier who used I believe USB devices to take communications from Osama to cyber cafes, after which he sent them via the internet to various terrorist contacts, got messages back and took them to Osama where he was hiding. I don't know if the messages were hidden with steganography or encryption or what the technical details are, but during Osama Bin Ladens time in hiding after 9/11, he frequently made indirect use of the internet to engage in communications with his terror network, and apparently many of his contacts also made either direct or indirect use of the internet to transfer their communications. I don't believe Osama was caught due to signals intelligence locating his courier, but rather was caught because somebody who knew who his courier was was tortured and revealed the information, after which his courier was located and followed back to the location Osama was staying at. It seems like the CIA was probably mostly responsible for this operation, but theoretically the NSA could have located his courier with signals intelligence.
Maybe one of the purposes of the NSA is to spy on 'foreign' governments, but their main purpose is to spy on ordinary sheep. both american sheep and foreign sheep.
The NSA doesn't give a fuck about ordinary sheep. They also extensively spy on foreign governments. Another one of their big responsibilities is securing the USA from cyber attack.
-
Yes, the NSA as an organization doesn't give a shit about most crime. However, the analysts are compelled to report crimes that they become aware of through surveillance. Snowden goes into length to explain this.
-
show me a link where it says that the NSA is compelled to report crime that they become aware of. The only thing I have seen is that they are legally allowed to report crime that they become aware of, I have seen nothing that says they are compelled to do anything.
-
show me a link where it says that the NSA is compelled to report crime that they become aware of. The only thing I have seen is that they are legally allowed to report crime that they become aware of, I have seen nothing that says they are compelled to do anything.
It is in the video interview with Snowden...Furthermore; you wouldn't even be able to find out through the discovery process if any evidence was obtained via the NSA, because of the legal subterfuge.This is mentioned in the various Guardian and Washington Post articles.
-
It doesn't make sense that the NSA reports on crime and yet there are high profile targets that use the internet and avoid arrest for years or indefinitely. I personally doubt Snowden if he truly claims that the NSA reports on all illegal activity that they intercept. It sounds like bullshit to me, for a variety of reasons. Without documented proof that they are compelled to report on criminal activity, I am completely unconvinced.
From The Guardian :
Even if upon examination a communication is found to be domestic – entirely within the US – the NSA can appeal to its director to keep what it has found if it contains "significant foreign intelligence information", "evidence of a crime", "technical data base information" (such as encrypted communications), or "information pertaining to a threat of serious harm to life or property".
Note that it says the NSA analysts may *appeal* to the NSA director to keep intercepted US internal communications that are *inadvertently* intercepted. It doesn't say that the NSA is compelled to report criminal activity to the police. It doesn't say that NSA analysts are compelled to report criminal activity to the NSA director. It says that they *can appeal* to keep the communications. I also note that they mention evidence of a crime and also information pertaining to a threat of serious harm to life or property. In general, anything they intercept that pertains to a threat of serious harm to life or property is evidence of a crime, and I imagine in the likely extremely rare cases that they exercise their ability to utilize US internal intercepts, that it will be in cases of domestic terrorism and similar things. I think people are taking this way out of proportion in assuming that the NSA is systematically sucking up US internal communications and then piping them off to the FBI for criminal investigations. That is not what the NSA does.
Furthermore, traffic metadata intercept of US internal communications has *always* been legal without a warrant. Even the FBI and the local police do not need warrants to intercept traffic metadata. The courts have never considered traffic metadata to be protected by the constitution, only payload data. The only difference between what the NSA is doing and what the FBI and local police are probably doing, is that the NSA is gathering *all* of the traffic metadata whereas the police only gather metadata when they think it will assist them in their current investigation.
-
You need a special browser bundle for it, which you can get here: https://www.torproject.org/projects/obfsproxy.html.en
Thanks, good advice, I'll check it out and look forward to it becoming the norm.
If this obsufcation thing is coming out in a few weeks that sounds good, I'll check it out now too.
US commits terrorism but terrorism is also committed against the US and its allies, on a fairly regular basis. One of the reasons terrorism is not committed as frequently on US soil is due largely to the efforts of intelligence agencies.
Yeah sure, remember America used to start wars all over the world to screw over the Russians too (which eventually backfired when the CIA trained militants in Afghanistan and Pakistan turned on America anyway), but it achieved little. Eventually Russia just bankruped itself by it's own sheer stupidity anyway, all America had to do was sit back and watch, and now the same clown Putin is back in power doing it all again and Russia is again a stinking shit hole full of miserable pissed off people. Nice one Putin.. Frigging genius... Lets see if you can really nail it this time around.
OMG!!!!!!! I just read this!!!!
http://www.cultureofsafety.com/safety-tips/ladder-safety/
Well now that we have nailed terrorism, what are we doing about ladders????? Ladders kill and maim far more Americans every year than terrorism both domestic and abroad. I hope America is also infiltrating clandestine ladder manufacturing operations... We simply should not stand for this either. In fact, ban ladders completely, then when Ladder Road appears on TOR, infiltrate that and shut it down too. We simply must, absolutely must, halt this terrible scourge of ladders that pose a real and present danger to children, to families, all around America. Every day. They lurk in your basement, in your schools, they are everywhere. And the government is doing nothing to stop the march of ladders wreaking death and misery across America! I am paralysed with fear!!!
It's terrible!
If there are over a million Americans with 'Top Secret' clearance, then by American logic, we should have at least TEN MILLION agents RIGHT NOW shutting down ladders everywhere! I mean, it's logical right?? American spends at least 9 Trillion Dollars on military and surveilance every year, so we should be spending at least 100 TRILLION DOLLARS on Ladder Defence!!!
Read this!!!! I'm shocked!!!!
More than 90,000 people receive emergency room treatment from ladder-related injuries every year
Elevated falls account for almost 700 occupational deaths annually
These deaths account for 15% of all occupational deaths
OSHA believes 100% of all ladder accidents could be prevented if proper attention to equipment and climber training were provided
Over the last 10 years the amount of ladder-related injuries has increased 50%
According the Bureau of Labor Statistics, 50% of all ladder-related accidents were due to individuals carrying items as they climbed
The most common type of ladder-related injury, with 32%, is fractures
Look, I know we need police, the military, intelligence and so on - that's not the issue.. There is legitimate need for all this, but the scale is now HUGE. It's just MASSIVE and they keep pushing harder and further to justify their existence and spending, like spying on the European Union offices?? WTF???? Is a small European country REALLY a massive threat to America?? France even does it... They're all doing it.. It's retarded and must cost a lot of money to do that, and when found out they can not come up with any good reason why they wasted time and money doing it. I wonder what else they blow money on for no reason except to just piss off their allies. And when you see ladders cause more harm than terrorism you have to question the scale it's grown to, if it's really necessary?? China will go bankrupt too if they keep this up, just like Russia did, you watch.. All those millions of soldiers and spies in China, doing absolutely nothing except trying to justify their own existence while the Chinese people just get sick of it and find ways around it anyway. I don't know why a Tibetan poet or whatever is a threat to world peace. Organised criminals with guns and terrorists with actual guns, yes, but poets??? Seriously??? WTF China??????
These institutions were founded to PROTECT individuals from harm and uphold their freedom, not to squash them with out of control surveilance and economies driven in to the ground to pay for it. We need some perspective back on this. The military and surveilance are about the only 'industries' left growing in America, sucking the life out of everything else and stopping America's economic growth by being just too out of proportion and far too wasteful. They need someone to go in like a shrewd minded business leader and cut out the fat, make it more efficient and effective, give people back the freedom they were sworn to defend in the first place and give all that wasted money back to the economy where free individuals can put it to better use, like say food, health and creating jobs and economy. I bet there is HEAPS of waste in there because they can waste money without the public watching. I bet they really go crazy while the rest of us have to beg and plead to get even a single dollar back from the IRS or our boss.
America can't even get a health system off the ground but hey, at least we 'infiiltrated' TOR even though no sane criminal would go anywhere near it. Or at least I hope not because I don't want that scum on TOR either. Wouldn't it be nice if TOR users themselves could hunt down and destroy sick minds on TOR, saving money and freeing up TOR for better uses like real freedom and privacy. Maybe that's where our money should go, pay and support TOR enthusiasts and hackers to hunt down and destroy sick minds that actually do want to hurt people, like pedos, rather than waste money hunting down people like us and hackers. Actually do some real good and we'd all have a lot of fun at the same time. We'd have a faster TOR and really feel safer and free then instead of paraonoid that our small time drug use will be dragged out in to the open, for what. Pay for doctors to sit here on this forum teaching people how not to harm themselves or others unintentionally. I doubt there are many dealers that actually want to go out and hurt people.
We have one doctor here, working for free, while we have probably thousands of LE's and DEA's and CIA's watching Silk Road and this forum I'm sure.
-
kmfkewm, It might have been covered in a release from the EFF or the ACLU. I am going to have to do some reviewing. I have read many articles the past few weeks pertaining the NSA situation, and I'm sure I read that aspect at some point.
-
"The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies."
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
I can provide additional citations if needed.I feel it is extremely naive to think that if an NSA analyst uncovered serious drug crimes, the information would not be forwarded to the appropriate Federal Agency.We all know the Feds aren't concerned with small time dealers/buyers. But if "20 ki's" comes up in a conversation or some other trigger word, you can bet the DEA will notified.
-
kmf seems to subscribe to some funny ideas, like : there are libertarians in the US military, the Tor programmers are libertarians, the NSA fights 'terrorism' and 'protects' the US from 'cyber attacks', and the NSA is bound by some kind of...what...'laws'?
-
"The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies."
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
I can provide additional citations if needed.I feel it is extremely naive to think that if an NSA analyst uncovered serious drug crimes, the information would not be forwarded to the appropriate Federal Agency.We all know the Feds aren't concerned with small time dealers/buyers. But if "20 ki's" comes up in a conversation or some other trigger word, you can bet the DEA will notified.
Of course the NSA shares intelligence with the CIA, they are both part of the intelligence community. The CIA is also not a police agency. The FBI is a hybrid agency, they act as both a police agency and a domestic intelligence agency. The FBI is the only federal police agency that also acts as a more traditional intelligence agency. This is because the FBI does domestic terrorism investigations as well as domestic counterintelligence. The FBI is a very big organization with several different highly specialized subgroups. It consists of agents with vastly different skill levels and abilities, and the counter terrorism and counter intelligence agents are the very best and they are essentially trained as intelligence agents. A typical FBI agent is not trained to carry out TEMPEST attacks in order to covertly gather the addresses of a vendors customers, the FBI counter intelligence agents are trained to carry out TEMPEST attacks for counter intelligence purposes. The NSA sharing intelligence with the FBI and CIA does not convince me that any of them are acting in a policing capacity in regards to this activity, of the three agencies only the FBI is a police agency at all, but due to the fact that the FBI also has specialized groups for counter intelligence and counter terrorism, I suspect that it is operating in an intelligence rather than in a police capacity when it comes to this specific set of operations. In other words, I do not think the NSA is sharing the collected information with arbitrary FBI agents, but rather is sharing it with FBI agents who are active in a counterintelligence or counter terrorism capacity.
It also says nothing about the NSA being compelled to share this information.
kmf seems to subscribe to some funny ideas, like : there are libertarians in the US military
Timoth McVeigh was in the US military and he is a prime example of an extremist militant libertarian who later actually blew up a federal building in protest of gun (and drug) laws, and particularly the federal police attack in Waco.
the Tor programmers are libertarians
I have heard the opinions of all of the Tor lead developers and all of them strike me as highly libertarian.
the NSA fights 'terrorism' and 'protects' the US from 'cyber attacks'
Both of these claims are true. An example of the NSA protecting the US from cyber attack is the creation and public release of SELinux, which is used to harden highly sensitive servers used by corporations and critical infrastructure.
and the NSA is bound by some kind of...what...'laws'?
Theoretically the NSA is bound by some laws, although apparently not to the extent that we thought they were, thanks to secret court interpretations. On the other hand, I never thought that the NSA was, in practice, bound by law. They are a major intelligence agency, they can do whatever the hell they want.
-
Timoth McVeigh was in the US military and he is a prime example of an extremist militant libertarian
a : The US military is not a libertarian organization. Actually it's just the opposite of a libertarian organization. People working for the US military are either murderers or enablers of murder.
b: McVeigh never was a libertarian. Libertarians do not kill innocent people. While blowing up a government building may not be a crime by libertarian standards, blowing up people who happen to be in, or near a government building, is just crazy murder ant not libertarian at all.
-
Timoth McVeigh was in the US military and he is a prime example of an extremist militant libertarian
a : The US military is not a libertarian organization. Actually it's just the opposite of a libertarian organization. People working for the US military are either murderers or enablers of murder.
The US military is largely an apolitical organization. It has members spanning the spectrum of political orientations, and many of its members are indeed libertarians. A lot of them become disillusioned about the U.S.A. at some point in their lives, like McVeigh did, and others differentiate between things like the police enforcing drug laws and soldiers in the military fighting enemy armies or terrorists. Of course innocents are killed by the US military, but that is largely an artifact of war. If the USA had no military force it is reasonable to assume that it would be stripped of much of its power and possibly invaded and taken over by foreign agencies. The US military has taken part in horrible actions certainly, but there are indeed many members who do not condone such things and who are indeed libertarians. On the other hand, there are no DEA agents who are libertarians, being a willing member of the DEA for the purpose of drug enforcement (as opposed to, for example, intelligence gathering as a mole) prohibits somebody from also being a libertarian.
b: McVeigh never was a libertarian. Libertarians do not kill innocent people. While blowing up a government building may not be a crime by libertarian standards, blowing up people who happen to be in, or near a government building, is just crazy murder ant not libertarian at all.
McVeigh was extremely libertarian. He was against drug criminalization, he was against gun control and he was against the federal government. In addition to this, he had a history of voting libertarian, which pretty conclusively labels him as politically libertarian. He targeted the Murrah federal building because it was used by the DEA as well as the ATF. He did later regret his target choice due to the innocent deaths he caused, and said if he had to do it over again that he would have sniped government officials and other similar targets instead. Although I also disagree with his choice of target, I can understand why he selected it. When the murderers in the US military, as you have called them, attack foreign countries and specific targets, they often bring about the deaths of innocents, something that is called collateral damage. You see, after having served in the military McVeigh actually became opposed to the concept of collateral damage, and I believe that he wanted to show the American population that collateral damage was something they should see as unacceptable. He did this by causing the deaths of innocents in addition to the primary targets of his bombing, namely federal law enforcement agents. To quote him:
Hypocrisy when it comes to the death of children? In Oklahoma City, it was family convenience that explained the presence of a day-care center placed between street level and the law enforcement agencies which occupied the upper floors of the building. Yet, when discussion shifts to Iraq, any day-care center in a government building instantly becomes “a shield.” Think about it.
(Actually, there is a difference here. The administration has admitted to knowledge of the presence of children in or near Iraqi government buildings, yet they still proceed with their plans to bomb —saying that they cannot be held responsible if children die. There is no such proof, however, that knowledge of the presence of children existed in relation to the Oklahoma City bombing.)
When considering morality and “mens rea” [criminal intent], in light of these facts, I ask: Who are the true barbarians? ...
I find it ironic, to say the least, that one of the aircraft used to drop such a bomb on Iraq is dubbed “The Spirit of Oklahoma.” This leads me to a final, and unspoken, moral hypocrisy regarding the use of weapons of mass destruction.
When a U.S. plane or cruise missile is used to bring destruction to a foreign people, this nation rewards the bombers with applause and praise. What a convenient way to absolve these killers of any responsibility for the destruction they leave in their wake.
Unfortunately, the morality of killing is not so superficial. The truth is, the use of a truck, a plane or a missile for the delivery of a weapon of mass destruction does not alter the nature of the act itself.
These are weapons of mass destruction — and the method of delivery matters little to those on the receiving end of such weapons.
Whether you wish to admit it or not, when you approve, morally, of the bombing of foreign targets by the U.S. military, you are approving of acts morally equivalent to the bombing in Oklahoma City ...
I agree that collateral damage should be minimized at all costs. I also agree that warring populations use things such as children as shields, and as a form of propaganda after they are attacked in such a way that the children die. I would also like to point out that the U.S. military in the past has fought in wars that most people accept as necessary and even as highly honorable, for example world war II. In the wars that received the least popular support, such as Vietnam, the government was forced to enslave people to fight for them via draft law. Of course, there were other organizations that opposed this, one that comes to mind being the Weather Underground Organization, which bombed several government buildings in protest of the slavery perpetuated onto the U.S. people by the government. Of course they are called terrorists for bombing government buildings, but the government is not a terrorist organization for forcing young men to die in a war that they did not want to fight.
-
McVeigh was extremely libertarian.
kfm, you don't have a fucking clue. Is your 'security' advice garbage like the political garbage you are posting here?
I can claim I'm a pink elephant but that doesn't make me a pink elephant. Likewise you can claim that your fucking american military nazis are 'libertarians' but that doesn't make them so.
I take it you are involved with these right wingers. You may be some kind of lowly clerk in some american miltary shithole and so you feel the need to lie to yourself about how 'libertarian' the murderers in the US military are. Laughable.
The US military is largely an apolitical organization.
Are you truly *that* fucking stupid? You can't be *that* fucking stupid.
-
kfm, you don't have a fucking clue. Is your 'security' advice garbage like the political garbage you are posting here?
I mean, if somebody votes libertarian, holds libertarian beliefs in regards to drug legalization, taxation and access to weapons, and they blow up a federal building in protest of the federal government, what exactly do you think we should call them? McVeigh was obviously a libertarian, and he even claimed to be one himself.
I can claim I'm a pink elephant but that doesn't make me a pink elephant.
Sure, just because somebody says they are a libertarian does not mean that they are. Lots of people claim to be libertarians while holding beliefs that are totally incompatible with libertarianism! On the other hand, McVeigh voted libertarian, which is a strong indicator that he himself is a libertarian, and additionally he held libertarian beliefs on at least three key points, gun control, drug legalization and the federal government.
Likewise you can claim that your fucking american military nazis are 'libertarians' but that doesn't make them so.
I don't think that American military Nazis are libertarians! Obviously American military Nazis are Nazis, national socialists. On the other hand, American Military Libertarians are quite obviously libertarians. I mean, there are crips in the military and there are bloods in the military, it doesn't mean that the military is the crips or the bloods. The U.S. military is a diverse organization and it has members spanning the political spectrum, from crips and bloods to aryan nations members and neo Nazis, republicans and democrats and libertarians as well. In fact, I know several libertarians who have served in the US military or related organizations. Many of them were blinded into thinking of America in idealistic terms, and only later found out that the constitution they risked their lives to defend was not actually respected by the American government. Disillusioned libertarians with military backgrounds are a dime a dozen. In the intelligence agencies there are quite a lot of libertarians as well, and in fact I know several libertarians who have backgrounds in state intelligence services, although most of them would describe themselves as having seen the light after their service. Others see a difference between acting as police agents in order to do things such as bust people with drugs, and acting as intelligence analysts in order to do things such as try to prevent a terrorist attack on their home country, or to make sure that their home country stays competitive against foreign agencies. It is probably pretty easy for an NSA agent to take this point of view, considering the fact that their job is not to spy on American citizens looking for criminals who have committed crimes against the state, but rather their job is to prevent terrorism and espionage, as well as to engage in espionage against foreign agencies. I mean, if I knew that Dingledine was a former DEA agent I would have a much different opinion regarding him, but him having formerly worked for the NSA actually does not scare me so much. In fact, I don't lump the entire US government together as being Nazis, my primary beefs are with the police agencies and the politicians. I recognize that the US needs a military as well as intelligence agencies, in order to protect the interests of the US. Ideally these agencies would be privatized and not funded via taxation, but in the mean time it is important that they exist for the well being of the people who live in the US and allied countries. Certainly the military could start enforcing drug laws (although I suppose they already do some operations to combat drug traffickers in the USA, although Obama has limited this at least somewhat), and the NSA could start acting as a criminal intelligence agency (which there has been absolutely no proof of, and plenty of proof against), but so far I see DEA agents kicking in our doors and sending us to prison, not Marines, and so far I see DEA and ICE agents engaging in intelligence operations to intercept our shipments and arrest us, not NSA agents. Also, libertarians are not against the idea of a centralized military and intelligence apparatus, nor are they against taxes being used to fund such a thing, which is actually one of the key things that differentiates them from anarchists, who are against all forms of taxation and all government provided services.
I take it you are involved with these right wingers. You may be some kind of lowly clerk in some american miltary shithole and so you feel the need to lie to yourself about how 'libertarian' the murderers in the US military are. Laughable.
I am not involved with the US military, although I know several people who have been in the past, mostly in intelligence capacities. I don't think any of them are murderers though, most did technical work in signals intelligence or measurement and signature intelligence. Most of them had a vastly different idea of what the US government was like when they first joined, and viewed it as respecting its constitution and the ideals once considered as American. Most of them probably would not have actually helped the government if they had at the time recognized its true colors, although several recognize that it is important to have a strong national defense, and that intelligence operations are required to prevent terrorist attacks and similar things. Really there is nothing inherently non-libertarian about serving in a military, although some of the actions taken by the military are against libertarianism certainly.
Are you truly *that* fucking stupid? You can't be *that* fucking stupid.
The US military consists of individuals spanning a very wide spectrum of political orientations. Although Republicans are probably over represented, libertarians are not lacking in the military. After all, they like guns and technology, and tend to be extremely intelligent ;).
-
Libertarian positions on military:
Military should defend against aggression; not world police
We support the maintenance of a sufficient military to defend the United States against aggression. The United States should both abandon its attempts to act as policeman for the world and avoid entangling alliances. We oppose any form of compulsory national service.
Source: National platform adopted at Denver L.P. convention , May 30, 2008
Reduce defense spending by half; just defend the US
Certainly America’s defense capability should be strong enough to defend the United States. However, the US now accounts for 37% of all the world’s military spending. Another 30% of world military spending is by countries in Western Europe along with Japan, South Korea, and Israel -- nations which pose no conceivable threat to the US.
Russia, our former Cold War adversary, certainly represents no military threat. Our military budget is $260 billion; Russia’s is less than $80 billion. China spends less than $7 billion on defense. The most commonly cited rogue states -- Iran, Iraq, Libya, Syria, North Korea, and Cuba spend a combined $15 billion. Nowhere are American vital interests under attack or even seriously threatened.
If the US were to pursue a policy of defending its own borders while avoiding foreign intervention, we could realistically reduce our defense budget to as little as $125 billion over the next five years.
Source: Libertarian Solutions; Michael Tanner on LP Web site , Nov 7, 2000
Build missile defense privately, with federal “reward”
The Defense Department has spent $100 billion and 17 years trying to create one, with very little progress. We must realize that the Defense Department is just another bureaucratic government agency-the Post Office in fatigues. It is the least efficient place to turn for a missile defense. [A Libertarian president would] post a reward of, say, $25 billion-to go to the first private company that actually produces a missile defense and proves that it works. I think we could have one within 3 or 4 years.
Source: LP 2000 campaign on-line, by Harry Browne , Nov 7, 2000
Oppose any form of national service
We call for the abolition of the Selective Service. We oppose any form of national service. We oppose adding women to the pool of those eligible for the draft because we believe that this step enlarges the number of people subjected to government tyranny. We support the immediate exoneration of all who have been accused or convicted of draft evasion or desertion. We call for the end of the Defense Department practice of discharging armed forces personnel for homosexual conduct.
Source: National Platform of the Libertarian Party , Jul 2, 2000
Eliminate nuclear weapons & bring all U.S. troops home
The potential use of nuclear weapons is the greatest threat to America. We call on the U.S. government to continue negotiations to the end that all such weapons will ultimately be eliminated. If Europeans want nuclear weapons on their soil, they should take full responsibility for them and pay the cost. We call for the withdrawal of American military personnel stationed abroad, including the countries of NATO Europe, Japan, the Philippines, Central America and South Korea.
Source: National Platform of the Libertarian Party , Jul 2, 2000
Support resistance to the draft
BE IT RESOLVED:
That the Libertarian Party National Committee unconditionally supports his right to resist, and will continue to support his struggle against the state in whatever form it takes consistent with libertarian values; and
That the Libertarian Party National Committee supports the right of all draft eligible youth to resist registration and the draft.
Actually I think that the ideal situation would be if the military and intelligence agencies and politicians were dominated by libertarians. My primary issue with government surveillance is that the government has powerful sections of it that are essentially modern day Nazis (DEA, ATF, IRS, ICE, etc). I think that the government has extreme potential to combat victim causing crime, if the NSA actually targeted criminals we would be seeing child molesters sent to prison faster, we would be seeing cyber thieves sent to prison faster, etc. It is kind of a double edged sword, on one hand it is good that the police agencies are incompetent because it allows The Jews to escape from their gas chambers, but on the other hand it is bad that they are incompetent because it allows truly bad people to do bad things. I rather like the idea of a Libertarian Pseudo-Orwellian Utopia, where everything is legal that doesn't cause victims, even things that are extremely unpopular (like viewing and possessing CP), but where the police agencies are so powerful and skilled that they can bring victim causing crime (rape, theft, molestation, etc) to its knees.
Legalize everything that does not cause victims to directly be created, be extremely liberal and leaning towards freedom with all things like age of consent, privatize the shit out of everything, eliminate taxation (hell, I would voluntarily help to fund a libertarian policing agency), and have an extremely powerful defense agency (or network of defense agencies) that can blow True Crime away and protect us from those who wish to cause us harm. Sounds good to me!
Essentially, those who do not restrict the freedom of others should be left free themselves, and those who wish to restrict the freedom of others should be ruthlessly incapacitated or if need be eliminated. In an ideal libertarian world nobody would care very much about an agency doing large scale intelligence operations with the goal of combating crime, because the only criminal things would be things that all rational people recognize as bad and in need of being stopped. This is actually why I am very much in favor of militant libertarianism, the only people who can complain about totalitarian libertarianism are those who wish to oppress others. Being forced into freedom is hardly being forced at all.
Of course I do not think that the NSA is a defender of libertarian ideals. I merely think that the NSA doesn't give a fuck about criminals in 99.9999999% of cases, nor do I think they share intelligence with people who do. Terrorism / Espionage != regular crime.
-
I mean, if somebody votes libertarian, holds libertarian beliefs in regards to drug legalization, taxation and access to weapons, and they blow up a federal building in protest of the federal government, what exactly do you think we should call them?
McVeigh should be called a murderous nutcase cause that's what he was.
Voting for the american LP doesn't mean much. Having libertarian beliefs wrt drugs, taxation and the like is one condition for being a libertarian. But a way more important condition is to actually respect the rights of your neighbors. And *murdering* and *maiming* hundreds of people like McVeigh did is just the opposite of respecting basic rights.
Did McVeigh claim to have libertarian beliefs? Maybe. Does that make him a libertarian, in light of his actions? No fucking way.
Lots of people claim to be libertarians while holding beliefs that are totally incompatible with libertarianism!
Or in the case of McVeigh and the rest of 'military'personnel' *do* things that are totally incompatible with libertarianism.
The U.S. military is a diverse organization and it has members spanning the political spectrum
Yes, but the purpose of the american military is to enforce american fascism. The US military is a nazi organization. I am not using 'nazi' in a literally historical sense. I'm using it as synonym for fascism.
Disillusioned libertarians with military backgrounds are a dime a dozen.
Same problem as above. You are talking about people who claimed to subscribe to a philosophy they actually didn't put in practice. You can't be a libertarian and at the same time be a tax-funded employee of a fascist organization whose purpose is to maintain US 'hegemony'.
I recognize that the US needs a military as well as intelligence agencies, in order to protect the interests of the US. Ideally these agencies would be privatized and not funded via taxation, but in the mean time it is important that they exist for the well being of the people who live in the US and allied countries.
There are two 'little' problems here. First problem is, the minimal state theory is nonsense. You must be familiar with the anarchist critics of the minimal state, I imagine?
The second problem is that even if we assume that a minimal government is workable in theory, the REAL US military has nothing to do with DEFENSE. It's a fucking, criminal, *offensive* organization.
I don't think any of them are murderers though, most did technical work in signals intelligence or measurement and signature intelligence.
I said murderes or enablers of murder. All the individuals who don't kill people directly, but help the murderes commit their crimes, are accomplices to different degrees and morally responsible.
Really there is nothing inherently non-libertarian about serving in a military
Of course there is. Especially in a military like the US military. An imperial army.
The US military is largely an apolitical organization.
The US military is the foundation of the US political system.
It's the ultimate enforcer of the criminal dictates of the US state. IF the american
serfs stopped obeing the ordinary pigs, then the politicians would call the military.
Not to mention, the US military doesn't usually kill americans, but they kill a lot of
people outside the US, where they show their true colors.
So, I'm not talking about individuals in the military being repugs or demoncrats or 'libertarians' or whatever. I'm talking about the political nature of the organization itself. Political in the sense of being deeply involved with power and statism.
As to the press releases of the LP, they are not completely bad. And they illustrate the fact that the US military IS an imperial military.
Still, libertarian principles and the existence of the state (and its military) are not compatible.
Legalize everything that does not cause victims to directly be created, be extremely liberal and leaning towards freedom with all things like age of consent, privatize the shit out of everything, eliminate taxation (hell, I would voluntarily help to fund a libertarian policing agency), and have an extremely powerful defense agency (or network of defense agencies) that can blow True Crime away and protect us from those who wish to cause us harm. Sounds good to me!
That can only work if done from the bottom up and with NO 'libertarian' state involved.
This is actually why I am very much in favor of militant libertarianism, the only people who can complain about totalitarian libertarianism are those who wish to oppress others.
Not sure what you mean by militant libertarianism. You said McVeigh was a 'militant libertarian', so your 'militant libertarianism' doesn't sound too enticing to me...
OK, by militant you mean some super-efficient 'private' 'police' who spies on everyone in the name of fighting real crime? Doesn't sound too enticing either, because, for starters, such scheme seems easy to abuse...leading back to statism,
-
Anyway, back to Tor. I'm not compelled to really trust the developers, except perhaps Appelbaum.
Although I don't think they are on the NSA secret payroll, I don't think they are real 'enemies' of the US state either. As a matter of fact, some of the things they do, like 'fighting' censorship in China is just what you'd expect from the typical brain dead american military jingo.
And while they 'fight' censorship in China, the NSA has turned the US into a total surveillance state and Tor is useless against that 'threat'. So, one wonders...
Or perhaps the Tor project people are more concerned with keeping their jobs than with a real fight against political control of the internet.
They are also wrong in assuming that a political problem can be solved using encryption...
-
how safe are obfuscating bridges to hide TOR use? Surely people using TOR get flagged? Or is it now fairly widespread so no point?
-
how safe are obfuscating bridges to hide TOR use? Surely people using TOR get flagged? Or is it now fairly widespread so no point?
The Tor Project estimates 500,000 daily Tor users. Based on TBB downloads, I estimate 3-5 million monthly users.
Many people use Tor for many reasons, certainly enough to give any random Tor user plausible deniability. I see no reason to be paranoid about using Tor unless you are a big time vendor, in which case LE could launch a correlation attack based on your online activity. If you are a big time vendor, you should be using bridges or VPNs, otherwise, I think it's overkill.
-
nah small time buyer only here, and I also use TOR just to piss off Google and all the other surveying marketing companies... I don't want them linking me searching for medical problems with my IP for example, it really annoys me how much even innocent data is gathered on us now where a database can know us better than we ever will - from our favourite toothbrush to bowel problems..
I think that's an overkill. So TOR has given me back a degre of human dignity at least. I hope others are catching on to TOR for that reason too.
For example imagine how devastated someone would be if say they were a young gay man on a forum or site and some marketing company correlated that and started sending gay spam, to their family.
I believe stuff like this has actually happened too.
And I've heard the BS "well if you are doing nothing wrong then you have nothing to worry about" but 'wrong' can be a very broad term (see China and North Korea for an extreme example) to even something not "wrong" but very "private" like the examples above.
I guess you're right, tax payer funded surveillance organisations should not be profiling or tagging every innocent user of TOR unless they have other reasons to be concerned, and a half smart terrorist probably wouldn't go near TOR anyway, they'd probably use something else like encoded pictures on Facebook or something. I don't know.
-
The Good News is that the NSA doesn't give a shit about us. If they did then we wouldn't be here. I know I am supposed to be uber paranoid about the NSA and ultra pissed off that they are illegally spying on me, but I am quite convinced that they are seriously only interested in stopping terrorist attacks and espionage. If they really wanted to act as a criminal intelligence agency and go after sites like SR, we wouldn't have a site like SR running for two years embarrassing the US police. I see that there are clear separations between the different levels of federal agency, and they are actually not particularly cliquish with each other between the different levels. I expect the NSA to lead to my arrest about as much as I expect an FBI agent to give me a traffic ticket. Perhaps this is just wishful thinking on my part, but I honestly doubt it.
The NSA harvests vasts quantities of data on all of us - including but not limited to congressman, judges, supreme court justices, presidential candidates ... they can know of a senator's penchant for young boys, or the depraved addictions of a supreme court justice. We know these agencies work closely with major multinationals and have the power and capacity to affect democratic institutions in ways that are largely hidden.
The agenda isn't only, or evenly primarily, about stopping terrorists.
-
The agenda isn't only, or evenly primarily, about stopping terrorists.
QFT. I believe it's more of a leverage tool than anything. God only knows what dirt about congressman and senators are inside that database...
-
Exit nodes are only used when browsing clearnet sites over TOR - hidden services, like SR, do not require the use of an exit node.
So...
DO NOT visit clearnet links while browsing SR, using the same session.
-
The Good News is that the NSA doesn't give a shit about us. If they did then we wouldn't be here. I know I am supposed to be uber paranoid about the NSA and ultra pissed off that they are illegally spying on me, but I am quite convinced that they are seriously only interested in stopping terrorist attacks and espionage. If they really wanted to act as a criminal intelligence agency and go after sites like SR, we wouldn't have a site like SR running for two years embarrassing the US police. I see that there are clear separations between the different levels of federal agency, and they are actually not particularly cliquish with each other between the different levels. I expect the NSA to lead to my arrest about as much as I expect an FBI agent to give me a traffic ticket. Perhaps this is just wishful thinking on my part, but I honestly doubt it.
The NSA harvests vasts quantities of data on all of us - including but not limited to congressman, judges, supreme court justices, presidential candidates ... they can know of a senator's penchant for young boys, or the depraved addictions of a supreme court justice. We know these agencies work closely with major multinationals and have the power and capacity to affect democratic institutions in ways that are largely hidden.
The agenda isn't only, or evenly primarily, about stopping terrorists.
Sure I think they are also interested in political blackmail, but I don't think they are interested in stopping the majority of criminals. I mean of the crimes that the NSA is interested in, I think terrorism and espionage top the list. I do think they are also interested in having control over the political system, and that certain targets may be blackmailed with information, but I don't think the NSA is going to gather communications of drug dealers and pipe them to the DEA in the name of fighting drug crime.
-
How can i find entry nodes in the us? how do i tell the dif is the real? is you go to bridges.torproject.org its just a list...
-
Google "IP geolocation tool".
-
what exactly does it mean to use encrypted google? can that be used from TOR?
-
Um encrypted google? If you want to search just use https://duckduckgo.com/
Or their TOR address - I think this is it http://3g2upl4pq6kufc4m.onion/
Taken from
http://search.slashdot.org/story/10/09/25/0242244/DuckDuckGo-Search-Engine-Erects-Tor-Hidden-Service
Google can bite my ass... Data hoovering arseholes. Wouldnt' surprise me if Google is infected with at least some of the ONE MILLION Top Secret cleared American spies.