new story published on the German site
Tagesschau and followed up by
BoingBoing and
DasErste.de has uncovered some shocking details about who the NSA targets for surveillance including visitors to
Linux Journal itself.
While it has been revealed before that the NSA captures just about all Internet traffic for a short time, the Tagesschau story provides new details about how the NSA's XKEYSCORE program decides which traffic to keep indefinitely. XKEYSCORE uses specific selectors to flag traffic, and the article reveals that Web searches for Tor and Tails--software I've covered here in
Linux Journal that helps to protect a user's anonymity and privacy on the Internet--are among the selectors that will flag you as "extremist" and targeted for further surveillance. If you just consider how many
Linux Journal readers have read our Tor and Tails coverage in the magazine, that alone would flag quite a few innocent people as extremist.
While that is troubling in itself, even more troubling to readers on this site is that linuxjournal.com has been flagged as a selector! DasErste.de has published the relevant XKEYSCORE
source code, and if you look closely at the rule definitions, you will see linuxjournal.com/content/linux* listed alongside Tails and Tor. According to an article on
DasErste.de, the NSA considers
Linux Journal an "extremist forum". This means that merely looking for any Linux content on
Linux Journal, not just content about anonymizing software or encryption, is considered suspicious and means your Internet traffic may be stored indefinitely.
One of the biggest questions these new revelations raise is why. Up until this point, I would imagine most
Linux Journal readers had considered the NSA revelations as troubling but figured the NSA would never be interested in them personally. Now we know that just visiting this site makes you a target. While we may never know for sure what it is about
Linux Journal in particular, the Boing Boing article speculates that it might be to separate out people on the Internet who know how to be private from those who don't so it can capture communications from everyone with privacy know-how. If that's true, it seems to go much further to target anyone with Linux know-how.
It's bad news to all of us who use and read about Linux on a daily basis, but fortunately we aren't completely helpless. Earlier in the year I started a series on security, privacy and anonymity in my Hack and / column that included articles on how to use the Tor browser bundle and Tails. With either piece of software in place, you can browse
Linux Journal (and the rest of the Internet) in private.
Thumbnail photo credit:
Digitale Gesellschaft
______________________
Kyle Rankin is a director of engineering operations in the San Francisco Bay Area, the author of a number of books including
DevOps Troubleshooting and
The Official Ubuntu Server Book, and is a columnist for
Linux Journal.
