If they would be after something specific they would filter more specifically. But since the filters are so broad I don't think this is a problem at all. Actually it seems we are already doing that. Which probably happened yesterday.įlooding the database with bogus crap seems to be a rather simple task. Assumptions on exploiting this however are flawed with the exception of the email blunder - if that is active or unless it's fixed. It seems a rather impossible task to not get flagged one way or the other in one topic or another. But if this is actually a set of rules for XKeyScore it's extremely broad and one can only guess how easily one could end up in any of the other topics the NSA is most certainly monitoring. This doesn't seem to be true for TAILS or whatever is done in the mixminion processor. While it seems to be that visits to exclude you from special treatment. What might be interesting for the 5-eyes folks. And that server seems to be hosting more than just that documentation on. So it looks like if you are visiting you will end up in whatever is done here. They however are monitoring every host that sports mixminion and specifically a server over at MIT that is hosting a mixminion documentation. It's handled externally and there's no comment to guess from. It's hard to say what they are actually doing here. Mixminion, an anonymous remailer, is also on the to-monitor list. If it is actually active on a live system. faking emails from with expected content and bogus IP addresses would not be loved by this filter.īut they are easy to clean from the database once the problem is fixed. So if anyone is up for some funny business. The no-no part is that the system seems to directly digest these IPs into a database without further checking. The filter in question filters emails from Basically these emails contain an IP list of TOR bridges. There's a major no-no in the TOR section. But it makes sense in the context of trying to monitor TOR. They are also filtering for hidden TOR nodes in raw traffic. In context of TOR it's interesting to mention that they are not just monitoring TOR directory servers. Otherwise I couldn't possibly guess why they are specifically filtered. I suspect Linux Journal was just mentioned by one of those extremists on extremist forums. As a matter of fact I could come up with a truckload of sites better suited for a honorary mention. I have checked the site for information on tails and it's nothing you wouldn't expect to find on a truckload of other sites. The specific filtering for seems to be rather awkward. It's basically trying to sort out people who are looking for information on TAILS. It is basically filtering for an undisclosed filter related to TAILS documents, web searches, requested URLs or page titles. The actual filter however is as broad as it can possibly get. extremists on extremist forums advocate the use of TAILS. The comment actually doesn't label TAILS users as extremists. While this is in the file it's not TOR but TAILS. One of the major allegations was that TOR users are automatically flagged as extremists. The most interesting information we can derive from this is not that TOR is apparently a prime target but how the system works in general. Mostly because there's an active dummy rule in the set, which would be a stark blunder if this would be a live configuration. I'm unsure if this is a fraction of an actual live configuration or just a development version to test certain aspects of the system. It looks astounding familiar if you are used to configure deep packet inspection tools. It's pretty much unclear how this was obtained or if this actually is a set of rules for XKeyScore at all. a configuration file if you prefer that term.
In fact the released code appears to be a set of rules for a deep packet inspection tool. It's nevertheless interesting.Īpparently everything that remotely looks like code has to be source code for journalists. I suspected sloppy language and that seems to be true. When German media reported that they gained access to the source code of XKeyScore I was highly skeptical about source code because what they claimed did not make much sense.