Continue this for megabytes worth of bridges (xks-0001), and it'll totally mess up XKeyScore. It has no defense against getting flooded with information like this, as far as I can see.
Yet it would be trivial to defend against trivial attacks like this. They just need to set a length limit on ingested messages, clean up those regexes, and they're done. A clever NSA developer (of which I'm sure they have several) might implement a garden-variety spam filter.
We're trying to inject noise, but this noise is obvious. It's like a nation-state playing Cold War-era radio games by broadcasting "DOUBLE AGENT X COME HOME, DOUBLE AGENT Y COME HOME", etc. Sure it's noise, and it might distract them for five minutes, but it doesn't win the war.
Want to fight XKeyscore? Make the noise impossible to distinguish. Set up free email accounts that bounce randomly-generated "interesting" messages among themselves, in between notes to Mom about the World Cup. Get open source software that uses network communication to piggyback some keyword-laden (though non-incriminating) text onto messages it would send anyway. Run a Tor exit node that blocks illegal activity in your country (so you don't go to jail).
Or someone else should, at least. I'm busy. And now, I'm on a list.
We need to use the world's best anti-anti-spam technology. The stuff that generates random spam message texts to sneak past spam filters. Maybe combine something like SCIgen [1] with a corpus of "interesting" texts?
I'm guessing they care a lot about the network, not just the content. They'll realise you work in IT, tag you as "linux using trouble maker", then mostly ignore you. Unless you work for the NSA, then they'll kick you out, and maybe send some people over to search your home.
I am not a lawyer. I would imagine you could be charged with 'obstruction of justice' or some other such law if you did this in the US or as a US citizen. Something to think about before doing such a thing.
This is the federal obstruction of justice statute, could you point out the part that applies to jamming the illegal collection of inadmissible evidence by an agency that enforces no laws or regulations and conducts no criminal or administrative investigations or proceedings?
This is an unintentionally perfect demonstration of the concept of chilling effects. Someone should take a screenshot of this and put it into a textbook.
The fear of getting caught shouldn't be the only reason you don't do something. Either it's important enough to do, or there's multiple reasons doing something isn't a good idea.
He talks about how he and his associates were dissidents and had meetings and they agreed on a protocol to talk gibberish at the end. Fake, military sounding code words and stuff. It was a fun thing to do. Years later they discovered the amount of head-aches and resource drain they caused on the secret police who tried in vain to discover the meaning in this nonsense, thinking that perhaps there was some serious stuff going on.
That is why I hope one good thing comes out of it, and that is people might start taking cryptography slightly more seriously and they'll also start actively fighting back. This is one way and it is fun too. (for some strange value of "fun").
Another great Žižek story/parable about surveillance is the red ink one, which I think is also relevant here:
So what are we doing here? Let me tell you a wonderful, old joke from Communist times. A guy was sent from East Germany to work in Siberia. He knew his mail would be read by censors, so he told his friends: “Let’s establish a code. If a letter you get from me is written in blue ink, it is true what I say. If it is written in red ink, it is false.” After a month, his friends get the first letter. Everything is in blue. It says, this letter: “Everything is wonderful here. Stores are full of good food. Movie theatres show good films from the west. Apartments are large and luxurious. The only thing you cannot buy is red ink.” This is how we live. We have all the freedoms we want. But what we are missing is red ink: the language to articulate our non-freedom. The way we are taught to speak about freedom— war on terror and so on—falsifies freedom.
Absence of evidence is not evidence of absence. They may have stopped attacks but not revealed any information about this publicly, or engaged in misdirection as to their role using parallel construction.
Absence of evidence is indeed evidence of absence. It's absence of proof that is not proof of absence. It may or may not be strong evidence, depending on how likely evidence is, but it is evidence.
Then, the governing body of the United States, which is to say (nominally, anyway) the people of the United States are utterly unable to determine the effectiveness of this organization under their charge. Close it down.
that article: "The filename xkeyscorerules100.txt is implausible. Source files do not end in ".txt" and the term "rules" is an odd choice."
Looks to me like a typical sample config file that you rename xkeyscorerules100 after editing just like how you would create /etc/udev/rules.d/51-android.rules or SELinux custom module policy before compiling.
Yeah, there are so many reasons it could have a .txt extension the criticism is not plausible. The first thing I thought of was, somebody nontechnical in the reporting pipeline changed the extension to .txt so it would open automatically in a text editor on their OS. Or, they pasted the contents in notepad and saved it, which would automatically append the .txt extension.
This is a similar idea to something I've been working on for quite a long time (since June of last year, actually)[1]. I have experience with graph-generating software used by Five Eyes governments to map relationships, and I've been developing software that will dilute the effectiveness of those graphs by generating tons of noise across the system. Now it's a half-finished Chrome extension, but my hope was to build a complete set of browser extensions, and then bleed the design to Android/iOS to help dilute the graphs of people's phone behavior.
Tagging a bunch of harmless HNers as terrorists is going to get them nowhere.
The key is real, effective, targeting of that tiny minority who actually organise terrorist acts. Unless this is just some huge job creation scheme/security theatre for politicians.
"The key is real, effective, targeting of that tiny minority who..." that's what they want you to believe, bahahahaha :D. Ok, ok I'm not paranoid. But can "we" (common people) really know what "they" (elected and unelected officials) really want ? They have the power, they have the information, they define and pursue the "national interest", they keep it classified, they create secret tribunals, they pick the "national threats", they whack them because terrorists, they make the "no fly" lists, they pick the "extremists"...
At the bottom at this page is part of the evidence http://cryptome.org/2014/06/wl-harrison-hoax.htm . Every single time a anti-NSA story comes out he is first to try to defend the actions of the NSA. He is a provocateur and clearly biased.
So, if they're using a standard regex parser, and not cleaning the input, maybe some regex wizard can come up with some interesting Bobby Tables type fun.
You'd be wasting your time as there is no feedback as to whether your attempts have worked to frustrate their targeting, and that's the best case scenario. The worst case is that someone picks up on your efforts and casually flags you to make your life more difficult - extra searches at borders, no fly list, and so on.
Yet it would be trivial to defend against trivial attacks like this. They just need to set a length limit on ingested messages, clean up those regexes, and they're done. A clever NSA developer (of which I'm sure they have several) might implement a garden-variety spam filter.
We're trying to inject noise, but this noise is obvious. It's like a nation-state playing Cold War-era radio games by broadcasting "DOUBLE AGENT X COME HOME, DOUBLE AGENT Y COME HOME", etc. Sure it's noise, and it might distract them for five minutes, but it doesn't win the war.
Want to fight XKeyscore? Make the noise impossible to distinguish. Set up free email accounts that bounce randomly-generated "interesting" messages among themselves, in between notes to Mom about the World Cup. Get open source software that uses network communication to piggyback some keyword-laden (though non-incriminating) text onto messages it would send anyway. Run a Tor exit node that blocks illegal activity in your country (so you don't go to jail).
Or someone else should, at least. I'm busy. And now, I'm on a list.