Any internet users who use or even read about privacy services online will be targeted for surveillance by the NSA, according to a new report from German broadcaster ARD.
According to leaked source-code of the US spy agency’s ‘XKeyscore’ software, individuals who search for information about anonymising services such as Tor have their IP addresses logged by the NSA and can be flagged for further monitoring.
Tor, sometimes known as The Onion Router, is perhaps the most popular form of anonymising software used online. It bounces users’ browsing activities around a large network of computers known as nodes making it difficult to trace.
The free software was originally funded by the US military and still receives money from the US State Department. It’s used worldwide by political dissidents, human rights activists, journalists and the merely privacy-conscious.
The code leaked to ARD suggests that the NSA is continuing to look for methods to ‘crack’ Tor and to this end is recording traffic flowing in and out of two ‘directory servers’ for the service. Individuals involved with Tor have said this puts users “at risk”.
XKeyscore was previously described by former NSA-employer Edward Snowden as a tool that allows the agency to monitor “nearly everything a user does on the internet”. Snowden – or his leaks – have not been mentioned in ARD’s report, leaving some to suggest that there may be another whistleblower within the agency.
Other sites and services are also watched, including the website Linux Journal and Linux-based operating system Tails, the latter described by the NSA as a “a comsec mechanism advocated by extremists on extremist forums". Other programs targeted include HotSpotShield, FreeNet, Centurian, FreeProxies and MegaProxy.
The leaks are particularly worrying as they suggest the US government is still engaging in indiscriminate surveillance despite claiming to only target activity that threatens national security.
"They say 'We're not doing indiscriminate searches,' but this is indiscriminate," Kurt Opsahl, deputy general counsel for the Electronic Frontier Foundation, told Wired. "It's saying that anyone who is looking for those various [services] are suspicious persons."