Jump to content
Not connected, Your IP: 34.201.18.139
giganerd

FYI: XKeyscore: Accessing a TOR directory server makes you an "extremist"

Recommended Posts

The owner of one of the TOR directory servers himself confirmed he had seen the source code of XKeyscore and saw his server's IP hardcoded in there. The server is located in Nürnberg, Germany, and is called Gabelmoo.

 

Id est: XKeyscore logged every attempt to access his server. Additionally, comments made in the source code show that everyone who is accessing the directory server is made an "extremist" - at least in the terminology of the NSA.

 

In the source code the student hasn't seen any proof that TOR relay servers are exposed to the same risk. This task might be allotted to another application...

 

Source#1
 

Source#2

 

excellent addition by sheivoko - the XKeyscore rules!


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Leaked XKeyscore selectors:

http://daserste.ndr.de/panorama/xkeyscorerules100.txt

If this document is authentic, any interest in Tor will mark you as an extremist:

 

- Asking bridges@torproject.org for a bridge IP:

"Database Tor bridge information extracted from confirmation emails"

Which means that the NSA gains knowledge about the non-public entry nodes and those who use them.

Isn't it unbelievable that dissidents using Tor in China, Iran, repressive countries all over the world become NSA targets? Marked as extremists by the land of the free?

 

- Googling for..

"('tails' or 'Amnesiac Incognito Live System') and word('linux'

or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor ');

$TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');"

Welcome to the NSA database, extremist!

 

- Using Tor hidden services:

* Aggregate Tor hidden service addresses seen in raw traffic.

If you run hidden services, don't consider them "hidden". Expect exploitation attempts.

 

Do not let them scare you off Tor. Yes, it's scary, but if you think about the rotten goals of NSA/GCHQ/BND, it's not a shocking revelation - it had to be expected. So, the only conclusion should be: Use the heck out of Tor, now more than ever! You can't escape ubiquitous surveillance, but you can make it harder! Run nodes! Fund nodes! Stop voting for parties that don't act against the surveillance state! Make yourself heard!


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Leaked XKeyscore selectors:

http://daserste.ndr.de/panorama/xkeyscorerules100.txt

If this document is authentic, any interest in Tor will mark you as an extremist:

 

- Asking bridges@torproject.org for a bridge IP:

"Database Tor bridge information extracted from confirmation emails"

Which means that the NSA gains knowledge about the non-public entry nodes and those who use them.

Isn't it unbelievable that dissidents using Tor in China, Iran, repressive countries all over the world become NSA targets? Marked as extremists by the land of the free?

 

- Googling for..

>

"('tails' or 'Amnesiac Incognito Live System') and word('linux'

or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor ');

$TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');"

Welcome to the NSA database, extremist!

 

- Using Tor hidden services:

* Aggregate Tor hidden service addresses seen in raw traffic.

If you run hidden services, don't consider them "hidden". Expect exploitation attempts.

 

Do not let them scare you off Tor. Yes, it's scary, but if you think about the rotten goals of NSA/GCHQ/BND, it's not a shocking revelation - it had to be expected. So, the only conclusion should be: Use the heck out of Tor, now more than ever! You can't escape ubiquitous surveillance, but you can make it harder! Run nodes! Fund nodes! Stop voting for parties that don't act against the surveillance state! Make yourself heard!

 

 

EXCELLENT ADDITION!


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...