The NSA might be spying on Tor users

In today's open source roundup: The NSA might be watching you if search for Tor or use it to browse the Web. Plus: GalliumOS is designed for Chromebooks and Chromeboxes. And Linux Mint 17.3 has been released

If you use Tor the NSA might be spying on you

Privacy and encryption have been two very hot topics for the last few years. The Tor browser can help protect your privacy while online, but it may come at the cost of being spied on by the NSA.

Patrick Tucker reports for Defense One:

Worried about the NSA monitoring you? If you take certain steps to mask your identity online, such as using the encryption service TOR, or even investigating an alternative to the buggy Windows operating system, you’re all but asking for “deep” monitoring by the NSA.

TOR is an encryption network developed by the U.S. Naval Research Laboratory in the 1990s. The military’s hope was to enable government workers to search the web without exposing their locations and identities. The system today is widely available, runs on open source code and is popular among privacy advocates as a more secure alternative to open Internet surfing, particularly in countries with repressive regimes. It works by encrypting the user’s address and routing the traffic through servers that are located around the world (so-called “onion routing.”) How does the NSA access it? Through a computer system called XKeyscore, one of the various agency surveillance tools that NSA leaker Edward Snowden disclosed last summer.

According to a recent report from the German media outlet Tagesschau, a group of TOR affiliates working with Tagesschau looked into the source code for XKeyscore. They found that nine servers running TOR, including one at the MIT Computer Science and Artificial Intelligence Laboratory, were under constant NSA surveillance. The code also revealed some of the behaviors that users could undertake to immediately be tagged or “fingerprinted” for so-called deep packet inspection, an investigation into the content of data packages you send across the Internet, such as emails, web searches and browsing history.

If you are located outside of the U.S., Canada, the U.K. or one of the so-called Five Eyes countries partnering with the NSA in its surveillance efforts, then visiting the TOR website triggers an automatic fingerprinting. In other words, simply investigating privacy-enhancing methods from outside of the United States is an act worthy of scrutiny and surveillance according to rules that make XKeyscore run. Another infraction: hating Windows.

More at Defense One

Linux redditors caught the Defense One article and weren't shy about sharing their thoughts about Tor and the NSA:

Onodera: ”Being fingerprinted or watched by the NSA means absolutely nothing, these guys watch 75% of the planet if I am to believe all these reports. If I wasn't watched before, I am now: I am critical about the war of Terror and find that the invasion of Iraq was never just. Potential terrorist right here, come and get me.”

LinuxPCMR: ”Who is the NSA not spying on?”

DarthRevan: ”This is the most idiot thing I've heard. So if you go to the TOR website using Tor then you're followed. If you search for Linux using TOR you're followed.

First of all why would I go to the TOR website if I am already using it? Shouldn't they monitor those who download TOR through any connection, not just TOR?

And why access Linux stuff through TOR? Why would you download Tails through TOR at the speed of a snail and not normally or through a VPN? Besides, most official Linux websites care about privacy so this should not be an issue.

Are these people even thinking about what they report?”

Mordnis: ”I don't see anything wrong with it. Tor is a really good way of staying hidden and it's reasonable to think that you're trying to hide something illegal if you're using Tor. But the thing is, they are most likely watching everyone, regardless of their search queries or browsing history, for the sake of mass surveillance, not for the sake of catching bad guys.”

Modernaliens: ”They're going to spy on you anyway, so yeah go ahead download that "pre-packaged" tor bundle.”

Xenawarriorprince: ”I don't understand why this is interesting. If they are capable of deciding whether or not you're to be added to the list, does that not imply that they are already spying on you?”

Karon000atwork: ”Maybe if you're on the list, the spying intensifies. So it could matter. Although I often feel that all this govt stuff are way beyond our reach anyways.”

Pizzacakemonster: ”If you want to be hardcore, use Sabily linux. ”

Boarhog: ”In the olden days, people used to run linux behind OpenBSD firewall, heh.”

More at Reddit

1 2 Page 1