NSA -- Keeping Us Safe From Free Software

Source: NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance | Linux Journal


While it has been revealed before that the NSA captures just about all Internet traffic for a short time, the Tagesschau story provides new details about how the NSA’s XKEYSCORE program decides which traffic to keep indefinitely. XKEYSCORE uses specific selectors to flag traffic, and the article reveals that Web searches for Tor and Tails–software I’ve covered here in Linux Journal that helps to protect a user’s anonymity and privacy on the Internet–are among the selectors that will flag you as “extremist” and targeted for further surveillance. If you just consider how many Linux Journal readers have read our Tor and Tails coverage in the magazine, that alone would flag quite a few innocent people as extremist.

While that is troubling in itself, even more troubling to readers on this site is that linuxjournal.com has been flagged as a selector! DasErste.de has published the relevant XKEYSCORE source code, and if you look closely at the rule definitions, you will see linuxjournal.com/content/linux* listed alongside Tails and Tor. According to an article on DasErste.de, the NSA considers Linux Journal an “extremist forum”. This means that merely looking for any Linux content on Linux Journal, not just content about anonymizing software or encryption, is considered suspicious and means your Internet traffic may be stored indefinitely.

So apparently, being interested in Linux and security makes you ‘dangerous/extremist’ according to the NSA. The past revelations have certainly been troubling but reading this makes it seem like anyone even within the openSUSE community could be flagged as ‘dangerous’. What the hell… :mad:

PS: Does this count as politics? Wasn’t really sure

If everybody is “dangerous”, the “dangerous” doesn’t mean very much.

These things are going way out of bounds. I remember when i got into gnu/linux and started reading posts from other people, and i thought they were paranoid. Then i myself started understanding why. Then i started changing my habits, and people called me paranoid. Then Lavabit went down, and i was paranoid. Then Snowden happened, and people started patting me on the back.
Anyway, anyone who wants to maintain ones privacy on the web (or portions of it) has kudos from me.
And i hate it when people are saying, ‘pshh, you’re on the web already, why do you bother about privacy’. And i respond i’m maybe not a retard who posts everything about himself on facebook, so please, don’t request information i don’t want to share. And for a public image of me, i have my website.

Indeed.

This morning, I came across a post by Bruce Schneier:

where prosecutors are jumping to conclusions, based on web search history.

Whatever happened to common sense?

Ever hear of “yellow journalism”? When does opinion end and journalism begin with online magazines? The echo chamber grows louder and louder.

I looked at the post from your link to source; So what? The circumstantial evidence against this guy is overwhelming; I have two kids, one 28, the other 16; I drove them around in my car on hot days in a car seat all the time; if you care about your kid, trust me, you would never forget them in the car, that’s a fact. My kids were always on my mind. Plus the on-line evidence comes from a seized computer, not from some NSA metadata , big data, hadoop-R-python proprietary software based analysis.

I am not denying that within the range of probabilities from 0 to 1, there is some small positive likelihood that an ever intrusive government could lead to some sort of KGB style police state, but I have not read of any beyond these speculative hypotheticals.

So, just like print magazines.

Yes we live in drudge’s world now, where headlines always trump content and innuendo always trumps facts.

My grandmother used to say that the thing about common sense is that it is not so common.

You have fallen for propaganda that suggests “common” sense is “good” sense.

It is not.

Common” sense is all around you, and it is nonsense, not “good” sense.

Good” sense is uncommon and exists only in a select few individuals, such as you and I (and, perhaps, one or two others on this forum.). :wink:

Say I am doing an analysis using a small claims database as my source; I want all people who have hypertension, high cholesterol, and arthritis; Do you think I am going to examine everyone, or target my search to some population over say aged 50? If I look at all medical claims of people over aged 50, am I saying all people over aged 50 are automatically suspected of being sickly? No, but I can assure you that if you used everyone and did some frequencies by age band, the distribution would look rather lopsided towards the older groups, so why bother to examine anyone under 50?

The NSA is operating in similar fashion with its targeting; People need to get a grip and get over it; quit watching too many CSPAN interviews with Greenwald and other Washington Post reporters, such as Gellman, who are mainly trying to puff up their own careers.

These guys are rather interesting - they feed off of whistleblowers who end up paying the price, while they bask in the glow of a new book, or adoring college audience, giving speeches and interviews, completely ignoring the damage they are causing.

So?

How long have you been working for the US gov’t?

thats classified…

On 2014-07-06 17:56, BSDuser wrote:
>
> Fraser_Bell;2652584 Wrote:
>> So?
>>
>> How long have you been working for the US gov’t?
>
> thats classified…

ROTFL! X’-)

I suppose your point is that the NSA does something similar to what
SpamAssassin does: it analyzes emails, doing a myriad of tests on them.
Some raise the score, some lower it. The higher the score a mail gets,
the higher probability it has of being a spam. And sometimes it gets the
result wrong.

So, in that light, being interested in Linux rises the score a bit. I
suppose that watching certain international TV channels would rise it a
lot more.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

The problem with most people is they only know what is told to them at the moment; they seem to have little recall of the past, nor any sense of context. It’s 2014 and we just now realizing that our online world is being watched? OMG!! Are we really that naive?? Apparently Linux users ARE that naive?

People get fired everyday over remarks made on twitter or facebook, and no one seems to care. Whats the big deal if an NSA-like group is also scanning our online rants? Its all out there - even what we say here is easily searched by any employer or potential employer.

On 2014-07-07 04:36, BSDuser wrote:

> People get fired everyday over remarks made on twitter or facebook, and
> no one seems to care.

That’s very true.
But I do care.
I do not use facebook! :slight_smile:


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

Not me eigther. Maybe it’s time for someone to start a multi-poll if using anything like that and then why? Ok. I confess I use Skype for telephone functionality :.

Regards

From the NSA’s point of view, how can you find the criminal/terrorist/etc. you are looking for throughout the entire Internet? You look for things they may use and that should include encryption and sites that help with anonymity.

Doesn’t mean I condone it, but I understand their use.

If a woman is fearful of her belligerent ex-husband and she had reason to believe he would use a gun, she may just want to know if at any point he buys a gun because she knows she just might be the target.

Now, as for lumping Linux Journal in that pot, I think it is a case of “guilty by association”. On another hand, how many cyber-terrorists use Windows?

To find the “bad guys” you have to look at where they may be, even if they are only 1% of the population.

Out of the black-hat conventions, how many attendees have actively committed major cybercrimes? Probably a small number, but where do you have the best chance of finding and possibly apprehending them?

I don’t think it is the best course of action, and I don’t like the idea of somebody spying on me but then again I use Gmail :stuck_out_tongue: and Facebook :stuck_out_tongue: and Google+:P and Twitter:P.

On 2014-07-16 18:26, dragonbite wrote:

> Now, as for lumping Linux Journal in that pot, I think it is a case of
> “guilty by association”. On another hand, how many cyber-terrorists use
> Windows?

Many, and successful.

Think of the SCADA attack on Iranian nuclear facilities (I think SCADA
is the name, not sure). They first targeted Windows machines, spreading
and finding the ones that were the controllers for the industrial
control network, then modified the program on the real target, the
centrifuge motor controllers, so that they speed for a short time a bit
over their design limits, and getting damaged. That done, the virus was
supposed to erase itself.

But, despite being targeted for a specific industrial installation by an
“unknown” enemy, it got out on the wild, attacking other computers in
many countries.

Another successful and very sophisticated attack was made against
Windows machines in sensitive goverment and business places, extracting
crucial and sensitive information that was sent somewhere else. It got
installed as a Microsoft Upgrade, I think, but I have the details of
this one foggy. I don’t even remember the name. I do remember that it
was very complex, including dozens of libraries.

Whether this one was cyber-terrorism or not, depends whom you ask, or
what “side” of the world you live in. However, other groups, this time
undoubtedly “bad guys”, got hold of the code (developed by some
“unknown” government for “good use”) and used it for their own nasty
purposes instead.

That’s just two samples of successful and serious cyber-war attacks,
using Windows. And no, you can not design them if you are very
proficient in Linux, even a world recognized authority in Linux. You
need to be real good at Windows internals to create them, with lots of
money and manpower.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

I was thinking more of the people making the programs, do they use Windows, rather than the target. Windows being the target is not surprising, but for the writers themselves do they use Windows?

I could be wrong, too.