1. 80
  1.  

  2. 7

    The sole question and the fact that she felt that she has to justify if „is it legal” raised my eyebrows tbh. I didn’t think that anonymity is perceived illegal on its own.

    1. 9

      I’m not sure it is perceived as illegal (yet) but I do think it is at least seen as deeply suspicious.

      Employers have consistently run credit checks against applicants - many now regard a lack of presence on social media as a red flag. And heck, just visiting the Tor project page or searching for encryption and privacy software flags you to the NSA

      I truly do hope we haven’t crossed over to people thinking anonymous publishing is inherently illegal.

      1. 4

        many now regard a lack of presence on social media as a red flag.

        I find this statement worrisome. I stopped using social media (Twitter and Facebook, at least) because of the effects it had on my mental health – do you know what do I risk if I am “flagged” as a non-social media user? Besides the strange looks, I mean.

        1. 4

          I wouldn’t worry about it. I’ve never heard of anyone getting “flagged” for not using social media. I don’t doubt that they exist in some capacity, but I see no evidence that it’s a normal thing to do.

          1. 1

            Whereas many people have gotten reprimanded or fired for posts on social media. I think using it is higher risk.

        2. 3

          And heck, just visiting the Tor project page or searching for encryption and privacy software flags you to the NSA

          Just FYI - and please take this in the spirit of transparency in which it’s meant - the article doesn’t say that at all. What it says is that this Tor server admin found his server’s IP address listed in XKeyscore.

          The only thing we can concretely infer from this is that this Tor server in question is itself a discrete target of XKeyscore. I think extrapolating to say that if you even search for Tor you’ll be targeted seems like a very far fetch indeed.

          From the Wikipedia article on XKeyscore: According to a slide from an XKeyscore presentation, NSA collection sites select and forward less than 5% of the internet traffic to the PINWALE database for internet content.[18]

          Does your analysis differ?

          1. 4

            It differs significantly. From the actual XKeyscore rules as linked in the article:

            // START_DEFINITION
            /*
            The fingerprint identifies sessions visiting the Tor Project website from
            non-fvey countries.
            */
            fingerprint('anonymizer/tor/torpoject_visit')=http_host('www.torproject.org')
            and not(xff_cc('US' OR 'GB' OR 'CA' OR 'AU' OR 'NZ'));
            

            Another comment on a rule:

            This fingerprint identifies users searching for the TAILs (The Amnesic
            Incognito Live System) software program, viewing documents relating to TAILs,
            or viewing websites that detail TAILs
            
            1. 2

              Thanks very much. Super interesting, I’ll need to read that in depth.

              Kind of a pity he didn’t also leak a query log, be interesting to see just how narrow band the average XKeyscore search was :)

              1. 3

                That’s why they call it mass, not selective, surveillance. They grab as many as they can justify. One of their slides basically considered anyone using privacy tech to be a potential enemy. Another thing you might find helpful is the three hops rule. If one person on Lobsters is interesting, then all people on Lobsters are under surveillance and their friends/families one hop out. Social media makes that more interesting.

                1. 2

                  At the end of the day, the fingerprinting hurts only privacy advocates, journalists or people who want to avoid being tracked or having their privacy breached.

                  For criminals, terrorists and “bad guys”, it’s rather easy to avoid all this and bypass the fingerprinting, as privacy is not their main concern, but rather long distance communication and information exchange. They can do this on gaming platforms, big community sites, live streaming sites with chat, ebay, craigslist and just “blend in”. Obviously, for people that want to protect their privacy while browsing the internet, this method is useless.

                  Seems just a little bit unfair and I’d be interested to find out some statistics from the data collection like: “This year we’ve collected, tagged and flagged data belonging to XXX milion people. Out of this surveillance effort we have managed to apprehend, identify or kill XXX bad guys.”. At least I would know the “benefits” of having my privacy breached.

                  1. 1

                    It would be noce. Except they keep lying about stuff they didnt achieve instead. My favorite example to disprove their BS is Boston Bombers. Main one was on social media talking shit, visiting places raising flags, etc. Easiest guy to catch but NSA had nothing.

      2. 1

        I suppose the name of the game is revealing as little as possible.

        How much information does mailing something in the post reveal? Does the postal service keep track of which post-box or processing center a package started off from?

        Perhaps you’d also want your updates to the page to be done at random times, so you don’t reveal the time when you’re generally awake?

        Perhaps some stenography so your writing style can’t be used to identify you?

        1. 1

          I don’t understand your last sentence. At first I thought you typo’d stenography for steganography, but even if I substitute one for the other, I don’t get it.

          1. 1

            Oops, I think I used the wrong words. I meant to say that you can be fingerprinted by the way that you write. If there’s a large corpus of text with your writing elsewhere, it’s possible to figure out within a margin of error who the writer is, therefore breaking anonymization.

            1. 1
              1. 1

                Countermeasures: https://github.com/psal/anonymouth (I searched for a minute to find newer alternatives but didn’t come across any–maybe you will.)

                1. 1

                  There you go!