Online privacy is a hot topic nowadays and around the world there is an increasing concern about internet censorship, eavesdropping and the surveillance that governmental organizations are applying over internet users. Ironically, having an interest in online privacy and searching information about this subject could get you noticed by the NSA or the GCHQ. A recent investigation from the ARD Network in Germany, found that the NSA and the GCHQ are not only directing their surveillance efforts towards Tor users but are also interested on any internet users that has visited the Tor website or that has looked up information about this network online.
According to the German broadcaster, they came to this conclusion after an investigation through which they obtained source code from XKeyscore, the program used by the NSA to collect data from users. The information obtained would indicate that any user that shows interest in the Tails Amnesiac Operating System (which would have been used by Edward Snowden himself) is listed as a potential threat. To make matters worst, the activities of users that consult the Linux Journal are also under suspicion.
Recognized security researcher and core member of the Tor project, Jacob Appelbaum, participated in the investigation. He and the rest of the team of experts analysed confidential data from XKeyscore, which source was not revealed. By analysing the code, the investigators also found that Tor exit pathways are also subject to monitoring, not only in the United States but also in Germany. The fact that Germany’s federal prosecutor recently opened an investigation into the apparent tapping of Angela Merkel’s mobile phone by the NSA, shows that there is already a growing concern and aversion towards the US agency.
As previous documents leaked by Edward Snowden revealed, the NSA has attempted to take over Tor. The NSA looked for ways to redirect the traffic in the Tor network and to monitor the duration of logins, as well as sign-outs. In some cases in which they were able to identify a user, they would even infect their PC with malware. However, they were disappointed by their failure to uncover the identity of all the network’s users. With Xkeyscore, they may be trying again to reach their objective by collecting every details of a user’s online activity. The fact that they are also directing their surveillance towards anyone that wants to find out more about online privacy and methods to protect it, is worrying at least.