NDR show that one of the “fingerprints” that automatically tags internet users is tied to a Tor directory server in Germany, with others targeting visitors to the Tor Project website – effectively meaning that XKeyScore is attempting to track the IP address of everyone who uses the onion router to anonymise their online activity. The Tor Project is based in the United States and primarily funded by US government agencies.
Other rules track users who looking for information about the live operating system Tails – described in the XKeyScore source code as “a comsec mechanism advocated by extremists on extremist forums” and visiting the Linux Journal website (described as an “extremist forum”).
Revelations from the documents disclosed by Edward Snowden detail the NSA’s attempts to unmask Tor users with FoxAcid malware. Today’s publication goes further, revealing that the NSA is targeting everyone who attempts to keep their online activity anonymous, on an indiscriminate basis. Users of Tor include journalists, human rights workers and those trying to circumvent online censorship. Many private individuals have good reason for wanting to keep their online activity anonymous.
The source of today’s disclosure is unclear; NDR have not stated that the source code was part of the documents released by Edward Snowden.