On being targeted by the NSA

As quoted in the original article on Das Erste:

We've been thinking of state surveillance for years because of our work in places where journalists are threatened. Tor's anonymity is based on distributed trust, so observing traffic at one place in the Tor network, even a directory authority, isn't enough to break it. Tor has gone mainstream in the past few years, and its wide diversity of users -- from civic-minded individuals and ordinary consumers to activists, law enforcement, and companies -- is part of its security. Just learning that somebody visited the Tor or Tails website doesn't tell you whether that person is a journalist source, someone concerned that her Internet Service Provider will learn about her health conditions, or just someone irked that cat videos are blocked in her location.

Trying to make a list of Tor's millions of daily users certainly counts as widescale collection. Their attack on the bridge address distribution service shows their "collect all the things" mentality -- it's worth emphasizing that we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country. Does reading the contents of those mails violate the wiretap act? Now I understand how the Google engineers felt when they learned about the attacks on their infrastructure.


July 20, 2014


I think this is an interesting article on the relationsip between tor and the NSA:


Money quotes:

"In 2012, Tor co-founder Roger Dingledine revealed that the Tor Network is configured to prioritize speed and route traffic through through the fastest servers/nodes available. As a result, the vast bulk of Tor traffic runs through several dozen of the fastest and most dependable servers: “on today’s network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays.”

And now guess who runs the "fastest and most reliable" tor servers:

"In his e-mail, Snowden wrote that he personally ran one of the “major tor exits”–a 2 gbps server named “TheSignal” {from his office at NSA in Hawaii) –and was trying to persuade some unnamed coworkers at his office to set up additional servers. He didn’t say where he worked. But he wanted to know if Sandvik could send him a stack of official Tor stickers. (In some post-leak photos of Snowden you can see the Tor sticker on the back of his laptop, next to the EFF sticker)."

So the bottom-line is, when you use tor, your traffic is guaranteed to get through NSA servers

Fortunately, we've gotten more diversity in the Tor network since that time years ago.

I encourage you to explore https://compass.torproject.org/ and look at the set of relays currently running.

We have a long way to go in terms of good location diversity, and one of the critical things we've been learning in the past year is just how centralized the Internet is compared to a large adversary like the NSA:

In general, the article you quote is a smear story with twisted quotes and wrong facts. But I encourage you to read all about Tor and learn things for yourself, rather than trusting either it or me.


July 21, 2014


Some recent comments from Edward Snowden seem to endorse and amplify some of the comments above about the urgent need for encryption and opposition to NSA:




More reasons to fight NSA:


More reasons to use end-to-end encryption of emails:




Could this be relevant to the claim that people who live in FVEY nations see Tor circuits which repeatedly cross the same national border far more often than would be predicted by published node weights ("bad W")? Or the allegation that domestic phone calls and domestic internet traffic is often deliberately directed through FVEY national borders to create the legal pretext for collecting content. (For Canadians, some say this is a real phenomenon, due to the economics of peering, but if so it seems to work to the advantage of the enemy.)

Another example of how the IT community is reacting to the Snowden leaks:


But this comment (at the end) raises an eyebrow: "We are also very grateful for assistance from Dave Täht of CeroWRT and the Wi-Fi router hackers at Independent Security Evaluators (ISE)." ISE appears to be associated with at least one former NSA cyberintruder (who worked there breaking into computers for a decade, not comparable to Roger's summer internship). I am not saying don't talk to experienced former (?) NSA baddies, just be very careful in evaluating the possible motivations behind what they tell you. Remember what happened at NIST and Google when they trusted NSA to play nice, because they swore they would.

Both HMG and USG have long regarded spooks as possessing a "license to lie", even in sworn testimony. One of the most troubling aspects of the new Snooper's Charter in the UK is that this principle has been extended to a license to break ANY law. No exceptions. Together with US Attorney General Eric Holder's very pointed refusal to rule out drone strikes inside the USA, this suggests that HMG and USG are preparing the ground for lethal action should future street demonstrations be deemed to pose "existential threats" to the regime.

The US media has been giving much space to an internment camp located on the grounds of Lackland AFB, where large numbers of unaccompanied children are being held. (The right wing press is furiously demanding instant deportation on the grounds that these children are "disease-ridden", while the left wing press is pointing out that these are not terrorists but desperate children fleeing violence in their homelands, who have walked hundreds of miles, so of course they are infested with lice, which is easily cured.) Curiously, neither side seems to have noticed that another facility of interest located on the same AFB is an NSA facility which includes workspace for almost a thousand analysts and cyberspies, plus the backup facility for the Utah Data Center recently overflown by Greenpeace and EFF.

No news media, not even The Intercept, appear to have yet so much as hinted at the malevolent implications of the JTRIG tool known as HACIENDA, which is designed to "pull back" content from every vulnerable computer in an entire city or even an entire country (e.g. the Bahamas), after another JTRIG tool (nmap for doughnuts) has identified vulnerabilities by scanning all the computers in a target country. It seems reasonable to assume that JTRIG scans all US small office and personal devices as a favor for the USG, while NSA Texas scans all UK devices as a favor for HMG.


July 21, 2014


While discussing the effectiveness of Tor in making things harder for the spooks who want to watch every move made by every potential terrorist, i.e. every ordinary citizen going about his/her daily business, we should not lose sight of the fact that Tor can help foil huge numbers of other intrusive spies.

Tell all your friends: another reason to use Tor Browser Bundle is that it provides some protection against canvas fingerprinting:

Meet the Online Tracking Device That is Virtually Impossible to Block
A new kind of tracking tool, canvas fingerprinting, is being used to follow visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.
by Julia Angwin
ProPublica, July 21, 2014, 9 a.m.

Assuming you are not using TBB or Tails, and that you have enabled Javascript:

Reading the paper? You're being canvassed at these sites:

Looking for official health information? You're being canvassed:

Looking for a college? You're being canvassed:
4179 http://cuny.edu (City University of New York)
6557 http://ucdavis.edu (Univ. of California, Davis)
8369 http://ncsu.edu (North Carolina State University)
12256 http://uga.edu (University of Georgia)
43949 http://fitnyc.edu (Fashion Institute of Technology)

Looking to retire online? You're being canvassed:

Looking for other official information? You're being canvassed:

Trying to sound off? You're being canvassed:

Interested in overseas USG work? You're being canvassed:

Source for the websites is one of the cited researchers:

Yes indeed. We talked to Gunes last week at the PETS symposium. He's doing great stuff. I'm glad Mike Perry and the rest of the Tor Browser team are talking to him.

the interesting fact is that whitehouse.gov is using this. And youporn.

And now you have to think of these spooks at the upstream collection, where they listen to data in international fibers. From there, they get the communication of this canvas tracker, and when it sends your identity to the advertising company. NSA is known to use cookies, for example with google.

When they exchange intercepted nude photos, I'm sure that they also created, just for fun, a graph that shows which government site is most likely visited by regular youporn visitors...


July 21, 2014


"So the bottom-line is, when you use tor, your traffic is guaranteed to get through NSA servers".

I do not think that the facts do not support this conclusion.

The Snowden documents provide the most trustworthy account of what NSA and its allies were doing through early 2013, and these show that NSA and GCHQ ran only a few nodes. As already noted, in late 2012 GCHQ re-jiggered its infrastructure to incorporate Tor, but I see no indication that they did more than piggyback on the existing network. The JTRIG "Chinese menu" suggests they are running a thousand Tor browsers, not that they are running a thousand Tor nodes.

The documents do include a brief research project in which GCHQ ran about five nodes for a week or so, and I believe that Roger said somewhere that he knows which nodes they ran, and those nodes have not been operating for a long time now.

"In 2012, Tor co-founder Roger Dingledine revealed that the Tor Network is configured to prioritize speed and route traffic through through the fastest servers/nodes available."

This refers to circuits being built using existing nodes, with the choice of each node approximately weighted by its bandwidth. The precise way this is done is apparently too complicated for humans to grasp, but the basic idea is clear. One crucial point is that the Tor Project knows all about "Sybil attacks", and it checks the reported bandwidth of each node using its own servers to prevent such an attack.

Many design choices in Tor involve difficult tradeoffs. Often in order to thwart one type of attack, you try something which increases the risk of another type of attack. That is not really surprising if you know much about computer networks. I don't always agree with the design choices made by the Project, but these choices have been transparent, and have been discussed in public in advance. Anyone curious can find links at this website (torproject.org) to mailing lists like tor-dev where they can see lots of people discussing technical issues, with the goal of improving the security and anonymity of Tor users.

I believe that Roger has recently stated that he thinks that intelligence agencies could not run large numbers of nodes without being noticed. If I misunderstood, I hope he will correct me.

"As a result, the vast bulk of Tor traffic runs through several dozen of the fastest and most dependable servers"

Over the years I have gradually learned to distinguish the families known to operated by "friendlies" and I believe that the largest families are friendly. Some years ago, it was true that only a few dozen servers, operated by a handful of entitities, carried more than half of the traffic, but those entities were friendly, and things have improved since then. Not enough, but moving in the right direction.

"In his e-mail, Snowden wrote that he personally ran one of the “major tor exits”–a 2 gbps server named “TheSignal” {from his office at NSA in Hawaii)"

I'll have to check, but I believe it was called "TheSignul". In any case, you're greatly overestimating the fraction of the world's traffic which was carried by that node at its peak, and you're missing the point that Snowden is a known friendly operator. I would have thought that data diodes would rule out the delicious vision of Snowden literally running a Tor node from inside NSA Hawaii, so I hope someone will explain.

It might help to offer the public some RECENT statistics about large families of nodes in the current Tor network.

"The Snowden documents provide the most trustworthy account of what NSA and its allies were doing through early 2013, and these show that NSA and GCHQ ran only a few nodes."

No. Unfortunately, we have this information from the tor stinks slide


"Gchq runs tor nodes under newtons cradle. How many? on p. 4

and on p. 20:

"How many nodes do we have cooperative access to? Can we deploy similar code instructions to these nodes?"

So these guys, whoever they were, who wrote the TOR stinks presentation did not even have the clearance to know how many nodes the GCHQ operates.....

On the other hand, we have this statement of dingledine:


"But lately the Tor network has become noticeably faster, and I think it
has a lot to do with the growing amount of excess relay capacity relative
to network load:


At the same time, much of our performance improvement comes from better
load balancing -- that is, concentrating traffic on the relays that can
handle it better. The result though is a direct tradeoff with relay
diversity: on today's network, clients choose one of the fastest 5 exit
relays around 25-30% of the time, and 80% of their choices come from a
pool of 40-50 relays."

This is, against an adversary like the NSA quite toxic. Since they can deliver exit relays that are guaranteed to be under "the 5 fastest" for sure.

Here is the original article describing snowden running a major exit node called the signal:


"In his e-mail, Snowden wrote that he personally ran one of the “major tor exits”–a 2 gbps server named “TheSignal”"

Additionally, the NSA monitors Internet Exchange points, for example, de-cix: https://netzpolitik.org/2014/total-exklusiv-bnd-hat-zugriff-auf-deutsch…

this together with them monitoring some exit nodes makes the ingredience of the various ways of attacks described in

which can be used to de-anonymize 80% of the tor users in some weeks.

The question is how far is the NSA in doing this attack. Unfortunately, we still lack information on this.

The tor stinks slide writes:
"Gchq runs tor nodes under newtons cradle. How many? on p. 4

and on p. 20:

"How many nodes do we have cooperative access to? Can we deploy similar code instructions to these nodes?"

Information on how far NSA is in their attack can not come from agents who do not even know how many nodes NSA or GCHQ run.

However, even those agents state that they have a desired use for tor. Namely to use it as a honeypot:

"Critical mass of targets use Tor. Scaring them away might be counterproductive.
We can increase our success rate and provide more client IPs for individual Tor users."

So even those spooks who wrote the tor stinks slides advertise that users should go on and use tor, so that NSA and GCHQ have an attack vector where they can find many targets.


July 24, 2014


Lots of news to discuss.

Don't panic. We're in an arms race. The evidence clearly shows the good guys are winning. Our only argument is over which side is which!

" we have this information from the tor stinks slide"

Can you be specific? What do you believe is the number of nodes they are running, and on what basis?

There are four documents of interest which are now in the public domain:
* 2006: CES writeup
* 2007: Tor Stinks (original)
* Oct 2010: Op Mullenize
* Jun 2012: Tor Stinks (update)

Here are the numbered slides of the last with a few notes (indicated by %)

Tor Stinks
June 2012
Derived from: NSA/CSSM 1-52
Dated: 20070108
Declassify On: 20370101
% The original slides date to 2007; the updates to Jun 2012

We will never be able to de-anonymize all Tor users all the time.
With manual analysis we can de-anonymize a very small fraction of Tor users,
however, no success de-anonymizing a user in response to a TOPI request/on demand
% True in 2007; we infer this remained true in 2012

Remation II
Joint NSA GCHQ Counter-Tor workshop
Week one at MHS focus on analytics
Week two at GCHQ focus on exploitation
% MHS = Menwith Hill Station

Laundry List
* Analytics to denanonymize users
- Circuit reconstruction
- Goes inta goes outta/low latency (2)
- Cookie leakage
- Dumb users (EPIC FAIL)
- Node Lifespan (17)
* Technical Analysis/Research
- Hidden services (4, 5, 6, 7)
- Timing pattern (3)
- Torservers.net/Amazon AWS
* Exploitation
- QUANTUM attacks (1, 20, 22)
- Existing options (8 + 11)
- Shaping (9 + 16)
- Web server enabling (10)
- Nodes (14)
- Degrade user experience (13 + 18)
* Nodes
- Baseline our nodes (21)
- Tor node flooding
% This slide is the table of contents; I don't read the parenthetical notes as stating that the enemy ran 21 nodes in 2012.

Analytics: Circuit Reconstruction
* Current: access to very few nodes. Success rate neglible because all three Tor nodes in the circuit have to be in the set of nodes we have access to.
- Difficult to combine meaningfully with passive SIGINT
* Goal: expand number of nodes we have access to
- GCHQ runs Tor nodes under NEWTONS CRADLE (how many?)
- Other partners?
- Partial reconstruction (first hops or last hops)?
% True in 2007; we infer this remained true in 2012

Analytics: Goes Inta Goes Outta/Low Latency
Find possible alternative accounts for a target: look for connections to Tor, from the target's suspected country, near time of target's activity.
* Current: GHQH has working version (QUICKANT). R has alpha tested NSA's version. NSA's version produced no obvious candidate selectors.
* Goal: Figure out if QUICKANT works, compare methodologies. Gathering data for additional tests of NSA's version (consistent, random and heavy user)
% "Low latency" refers to data stream into any given entry node is usually rapidly followed by corresponding packets out at some exit node; this is well known and by itself does not de-anonymize anyone.
% Tor Project has long been aware that if Tor user x is the only user in country K, x is all too easily deanonymized using "upstream access"

Analytics: Cookie Leakage
Use cookies to identify Tor users when they are not using Tor
* Current: preliminary analysis shows that some cookies "survive" Tor user. Depends on how target is using Tor (Torbutton/Tor Browser Bundle clears out cookies).
* Goal: test with cookies associated with CT targets
- Idea: what if we seeded cookies to a target?
- Investigate Evercookie persistence
% Torbutton has been obsolete for a long time; both current TBB and Tails appear to provide good protection against Flash Evercookies. I don't know how they fare against GooglePrefID cookie. Julia Angwin says current TBB should resist canvas fingerprinting (maybe true only if disable Javascript)
% So as of 2012, TBB was good enough at preventing cookie leakage.

Analytics: Cookie Leakage
DoubleclickIDE seen on Tor and non-Tor IPs
[Example Redacted]
% This appears to be an old issue that never affected all Tor users

Analytics: Dumb Users (EPIC FAIL)
GCHQ QFD that looks at Tor users when they are not using Tor.
* Current: GCHQ has working QFD based on hard selector (email, web forum, etc) but does not include cookies.
* Goal: NSA investigating own version (GREAT EXPECTATIONS) that would include cookies.
% hard selector means specific IP, specific forum running VBulletin, etc.

Analytics: Node Lifespan
How do I know WHEN a particular IP was a Tor node as opposed to IF was a Tor node?
* Current: detection done once an hour by NTOC. RONIN stores "last seen" and nodes age off slowly with no accurate lifespan.
* Goal: working with RONIN to add more details on node lifespan.
% the desired service was provided (for LEAs) by Tor Project; this does not by itelf deanonymize individual Tor users

Analytics: DNS
How does Tor handle DNS requests? Are DNS requests going through Tor? Does this depend on how the target is using Tor?
* Current: still investigating.
% As of Jun 2012, the enemy apparently still did not understand how Tor works, which struck me as very odd. Comments?

Technical Analysis: Hidden Services
What do we know about Hidden Services?
* Current: No effort by NSA, some DSD and GCHQ work on ONIONBREATH.
* Goal:
- Harvest and enumerate .onion URLS
- Identify similar HS based on referer fields
- Distinguish HS from normal Tor clients
% ONIONBREATH seeks to identify users of hidden services
% referer field appears in clear text if you surf to an http site

Technical Analysis: Timing Pattern
Send packets back to the client that are detectable by passive adversaries to find client IPs for Tor users.
* Current: GCHQ has research paper and demonstrated capability in the lab.
* Goal: Can we expand to other owned nodes?
% Timing patterns form a well-studied class of deanonymization attacks on Tor users, so Tor Project devs have been working to resist them for many years.

Technical Analysis: torservers.net
Investigate the Amazon AWS cloud instances of Tor servers. How are IPs allocated and reassigned once bandwidth limit is reached? Impact on RONIN's ability to detect nodes?
* Current: GCHQ set up Tor nnodes on the AWS cloud during REMATION II.
% In 2012, someone at Tor Project said, GCHQ ran about a dozen nodes for about two weeks. Tor Project figured out which nodes they ran and said they are no longer operating.

Exploitation: QUANTUM
* QUANTUM to degrade/deny/disrupt Tor access?
* QUANTUMCOOKIE - forces clients to divulge stored cookies.
% It is well known that the attempts do degrade/deny/disrupt Tor access to certain sites have been successfully used to infer enemy "chatter", and indicated the location and purpose of at least one SEAL operation a week in advance, so this can work both ways.
% The figures diagram the basic QUANTUM attack, which only works on http destination servers:
% a Tor client sends an triply encrypted GET to some entry node, which emerges in cleartext from some exit node; NSA/GCHQ detects this cleartext packet "upstream" as it passes to destination server, and uses its global network to beat the genuine reply with a faked reply which maliciously redirects clients torbrowser to hotmail and/or Yahoo!; that is, the client torbrowser is tricked into sending a second triply encrypted GET request to yahoo.com contaning a Y_cookie, which emerges at exit router as a cleartext GET request "stained" with the Y-cookie; similarly for hotmail.com with MUID "staining"

Exploitation: Existing Options
Test current CNE techniques (FA and SHORTSHEET) against Torbutton and TBB users.
* Current: Torbutton and TBB prevent CNE success. Possible success against "vanilla" Tor/Vidalia.
* Goal: modification to initial CNE surveys? Ignore user-agents from Torbutton or TBB? Improve browser fingerprinting? Using javascript instead of Flash?
% CNE = Computer Network Exploitation, i.e. illicit remote intrusion
% Flash disabled by default in recent TBB/Tails, for good reason
% Javascript enabled by default but users can choose to disable it

Exploitation: Shaping
* Given CNE access to a target computer can we shape their traffic to "friendly" exit nodes?
* Route users to a separate "private" Tor network?
* Stain their traffic or user agent?
* Instruct target computer to use a service that connects outside Tor and reveal true IP?
* Current: Can stain user agent working on shaping.
% The bad guys are trying to use their global "upstream" access to traduce DNS lookup, and may also attack the controller on the client machine using CNE (see note to slide 19 below)

Exploitation: Web Server Enabling
Given CNE access to web server modify the server to enable a "timing/counting" attack similar to timing pattern idea.
* Current: GCHQ has a research paper and demonstrated the technique in the lab.
% In 2012, GCHQ could trojan test web servers running in a cyberrange; this does not by itself imply they could trojan every Tor user's client in the real world

Exploitation: Nodes
Can we exploit nodes?
Probably not. Legal and technical challenges.
% Evading US or UK laws is not a moral issue, but merely poses a "challenge". This reminds one of Bethmann's notorious dictum from August 1914: "neccessity knows no law" (which is how he "justified" invading Belgium on the way to France). This is the only slide which is obviously out of date since we know that starting about 2012, FBI, NSA, and GCHQ all started pressing hard for additional "authorities" to directly attack the computer of every Tor user (a population whose IPs they have mostly enumerated). FBI in particular is reported by the NY Times to have argued (in closed door sessions in the US Congress) that it "needs" to remotely illicitly intrude into computers used by US-based journalists and bloggers in order to protect them from non FVEY intelligence agencies [sic].

Exploitation: Degrade Tor experience
Given CNE access to a web server make it painful for Tor users?
Given CNE access to a network can we deny/degrate/disrupt Tor users?

Nodes: Baseline Our Nodes
How many nodes do have cooperative or direct access to? Can we deploy similar code to these nodes to aid with circuit reconstruction?
Can we do packet timing attacks using these nodes?
Can we use the nodes to shape traffic flow?
Can we use the nodes to deny/degrade/distrupt comms to certain sites?
% In 2007, they apparently didn't know how many Tor nodes were operated by FVEY partners or Second Party agencies (such as the German, Swedish, and Dutch intelligence agencies and police agencies).

Nodes: Tor Node FLooding
Could we set up a lot of really slow Tor nodes (advertisted as high bandwidth) to degrade the overall stability of the network.
% This is an odd comment, since such Sybil attacks are well known and appear to be well defended against.

Tor Stinks... But it could be Worse
* Critical mass of targets use Tor. Scaring them away from Tor might be counterproductive.
* We can increase our success rate and provide more client IPs for individual Tor users.
* Will never get 100% but we don't need to provide true IPs for every target every time they use Tor.
% The enemy wanted to try harder to enumerate the IPs used by everyone who uses Tor, each hour. We infer that as of 2012, they felt they would never de-anonymize all Tor users, but consoled themselves that they could still get some intelligence from monitoring the Tor network



July 24, 2014


"And now you have to think of these spooks at the upstream collection, where they listen to data in international fibers. From there, they get the communication of this canvas tracker, and when it sends your identity to the advertising company. NSA is known to use cookies, for example with google"

Yes. For us it is very important to note that according to the article by Julia Angwin, TBB users may be immune:

Meet the Online Tracking Device That is Virtually Impossible to Block
Julia Angwin
21 Jul 2014

She writes: "In June, the Tor Project added a feature to its privacy-protecting Web browser to notify users when a website attempts to use the canvas feature and sends a blank canvas image. But other Web browsers did not add notifications for canvas fingerprinting."

It may or may not be a coincidence that AddThis, LLC is based in McLean, VA, which is also home to the CIA. As I understand, the company was founded in 2006, and acquired by Clearspring Technologies, Inc in 2008, which then adopted the name AddThis.

It would be useful to use some of the statistical methods mentioned above to estimate the true number of sites which use AddThis canvas fingerprinting (the researchers only examined the top Alexa rated sites). Their complete list is available at their website.

An article at The Register stresses "HTML 5 canvas fingerprinting should not be confused with the type of supercookie that can be created by force-caching images and then using the HTML5 Canvas to read them back, as demonstrated by the evercookie project".


July 24, 2014


"I'll have to check, but I believe it was called "TheSignul"."

Is this the (no longer operating) node in question?

TLD: voxility.net
Nickname: TheSignul
Bandwidth: 15588


July 24, 2014


We should mention some major news for Tails users:

On 0days, exploits and disclosure
23 Jul 2014

Exodus Intelligence, LLC is located in Austin, TX, with offices in Midlands. It partners with NSS Labs and Syndis, an "offensive security" firm located in Iceland. Exodus was co-founded by Aaron Portnoy, who previously headed HP's TippingPoint ZDI (Zero Day Initiative) project. Portnoy is also well known for founding the Pwn2own competition.

Exodus sells pentesting, analysis, and mitigation to major corporations. The company employees about 150 "researchers", including a foreign national who earned 115K annually in 2012.

More controversially, Exodus also sells advanced malware. The company admits to buying 0-day exploits from unscrupulous malware authors, in addition to "developing" its own exploits for sale. The company appears to claim that they produce exploits, buy exploits, and reverse engineer exploits found in the wild in order to sell patches to their exclusive vendors, before the world generally gets to find out about the problem. But they also appear to hint that they are selling 0-days to customers which they know full well will "weaponize" them.

The fact that many (most?) multinational corporations appear to now actively engage in commercially motivated cyberwarfare would be consistent with the decline of the nation state as predicted by MOD.

Exodus certainly does appear to be trying to frighten many people into not using Tails.

But on closer examination, I am not sure that their position is really very different what Tails and Tor project have been saying all along:

Everyone should use Tails and TBB, but try to use them wisely. In particular, be aware that security and anonymity are constantly evolving. We are all in an arms race, and like any reasonably well matched arms race, at any time one side or the other surges ahead.

Exodus appears to be playing both sides of the fence, claiming to be responsibly disclosing vulnerabilities to vendors in private and giving them time to patch before going public. But to their corporate clients they seem to be saying "we are holding their best stuff back from the vendors, but you can buy them from us for your exclusive use as you see fit". Not nice at all, if so.

In this case the "vendor" in question is the Tails project, so Tails users have valid cause for concern.

But don't panic. It's quite possible that contrary to their hints so far, the vuls they found do not affect every Tails user, or even most.

The most serious hole they claim to have demonstrated appears to exploit the i2p client. About two years ago, there was a long discussion about the wisdom or not of including i2p in Tails at all, since most users apparently never try it. By default, I believe, an i2p server doesn't start until the user calls it. At this point, it appears to be possible that the hole found by Exodus won't be exploitable unless the user starts an i2p server. That would be good news if so, but leaves open the question of what they might be holding back from Tails (but selling to entities like the US Chamber of Commerce, or energy companies interested in spying on fracking protesters, or windfarm protesters, or Greenpeace members).

Exodus promises to release details next week (in which case, the Tail Project may need to produce Tails 1.1.2 much sooner than previously planned).

Further reading:


Tails-hacking Exodus: Here's video proof of our code-injection attack

If you just read the headlines, Tails and Tor might seem to be taking a beating. But if you dig deeper, things do not yet look so bad. This is the time of year when vulnerabilities in high profile projects are exposed; usually the problems are quickly patched. We should all know more next week.


July 26, 2014


Is the correct size of the Tails 1.1 iso 857M? I keep getting a BAD signature. The Tails website offers no advice on what to try next if you get a BAD signature.

Am I imagining things, or does Whisperback really send UNENCRYPTED email (from the exit node) with your system map and identifying information about your hardware? We know that TLAs interecept such debugging messages and use them for their own purposes.

If you're getting a bad signature, it likely means you didn't download it correctly. I fetch it via the torrent and I do fine each time.

My Tails 1.1 iso is 1099026432 bytes.

As for whisperback... maybe you should ask the Tails people if you have Tails questions. :)


July 29, 2014


Who wants to be a millionaire?

Why, ex-DIRNSA Gen. Keith Alexander, Retd, who has reportedly been making the rounds of the big banks asking for a 0.666 million dollar monthly salary to buy his expertise in cyberwarfare. And, at least one US lawmaker charges, zero-days found during Alexander's tenure by NSA's black hat contract computer crackers:



And who is offering a cool four million for zero-days which will subvert Tor?

Why, the Russian government:




Sounds like a match made in heaven. The revolving door is spinning like madly for those with expertise in authoritarian-enabling technologies.

Just one catch for the Geek: that's four million in Rubles, or a mere 0.1 million US dollars, apparently a one time payment not a monthly salary, so he might not feel he's being offered enough moolah to cough up the goods so devoutly desired by Putin's minions.

Well, one other catch; you need to be a Russian citizen to apply for this contract.

No doubt many in the USG are thinking that the State Department should promptly match the Russian offer by paying a handsome salary to Edward Snowden for working on IMPROVING Tor and other helpful tools.


July 29, 2014


"At this point, it appears to be possible that the hole found by Exodus won't be exploitable unless the user starts an i2p server. That would be good news if so"

Unfortunately, it turns out that if you are visiting a website compromised with malware designed to exploit the flaw, if you have left Javascript enabled in Tails 1.1 (the current version) or earlier, your Tor browser can be tricked into starting i2p, leading to deanonymization of that Tails session.

Until Tails 1.2 comes out, the only known fix is to either disable Javascript in about:config, or to boot Tails with a root password enabled and to purge i2p; see:



August 02, 2014


Shane Harris, who formerly wrote the Danger Room column at Wired, now writes for Foreign Policy, and he recently scored a major interview which has resulted in some welcome criticism of former DIRNSA Keith Alexander:

The NSA's Cyber-King Goes Corporate
Shane Harris
29 Jul 2014

Some biting commentary from Conor Friedersdorf in the Atlantic has been republished by nextgov:

Keith Alexander Wants to Patent Method For Detecting Cyber Threats -- Is That Ethical?
Army General Keith Alexander, head of the National Security Agency
Conor Friedersdorf
31 Jul 2014

Friedersdorf is unsparing in ridiculing Alexander's absurd claim that during his tenure at NSA, he was working in his spare time on innovations worth at least nine patents (says he), innovations which he never shared with his NSA minions but which he now wants to sell to the likes of Bank of America, Wells Fargo, and the US Chamber of Commerce for a million dollars per month:

"While responsible for countering cybersecurity threats to America, Alexander presides over what he characterizes as staggering cyber-thefts and hugely worrisome security vulnerabilities. After many years, he retires. And immediately, he has a dramatically better solution to this pressing national-security problem, one he never implemented in government but plans to patent and sell!

... We're supposed to believe that Alexander went home and developed much of a million-dollar-per-month cybersecurity technology in his spare time, while doing two different demanding national-security jobs, without using NSA resources or classified information, in a way that was somehow separate from his core duties, which included a cyber-security portfolio?

He'd now have us belief that in his spare time he was developing even better techniques than the ones he developed in government. Even if true that would be a scandal! Harris posed the obvious question: "Asked why he didn't share this new approach with the federal government when he was in charge of protecting its most important computer systems, Alexander said the key insight about using behavior models came from one of his business partners, whom he also declined to name, and that it takes an approach that the government hadn't considered. It's these methods that Alexander said he will seek to patent."

... If the limited facts on offer don't stink enough to prompt a congressional inquiry—ideally one that gets Alexander testifying under oath—what possible fact pattern would rouse the branch of government charged with oversight? At the very best, he is stoking a perception of impropriety so extreme that it speaks poorly of his character that he's chosen to retire in this fashion. If anything more nefarious is going on, hopefully either Congress or the press will be able to expose it. The stakes are certainly high enough to justify digging."

Amen to that!

At the DailyKos, a blogger wrote:

"[Alexander] is now offering his consulting services on security for the tiny sum of $1,000,000…per month. Looking at this situation and considering his expertise, it is hard not to see the obvious: he is offering his knowledge of classified government information and tactics for money. This is illegal, as Representative Alan Grayson has pointed out: "Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony. I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer to you." "