According to a report by CNET’s Seth Rosenblatt, one of the ways the spooks allegedly do this is via ads that leave behind tracking cookies – the same kind of tracking cookies used by hundreds of ad networks on across the Web, including on the site you are now reading.
The system that the NSA uses to locate and identify Tor users begins, at least sometimes, with the buying of ads on networks like Google's AdSense.
"Just because you're using Tor doesn't mean that your browser isn't storing cookies," said Jeremiah Grossman, … who also specializes in browser vulnerabilities….
"The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other Web users," he wrote.
The NSA buys ads from ad display companies like Google and seeds them around Tor's access points….
The NSA, he said, is not spending much money on it since Internet ads are so cheap. Grossman speculated that an ad campaign would only cost around $1,000 to seed ads with the NSA's cookies around the Web.
Most tracking cookies are simply unique series of letters and numbers that serve to identify your machine (and really, just your browser) to other machines on the Internet. Your IP address is also a unique number. But while Tor can obscure your IP address, it has no effect on browser cookies. Hence, this technique.
Exactly how this works is unclear. (I, for one, would like a little more clarification about what the phrase “seeds them around Tor’s access points” actually means. The notion that a Tor node would be a regular site that displays Google ads seems rather unlikely to me. But I digress.)
The good news, such as it is: Running Tor on a virtual machines – like the NinjaStik I wrote about a while back – negates any effect a tracking cookie might have.
Who’s hacking whom?
Google ads aren’t the NSA’s only method, or even its preferred one, for identifying Tor users. As security wonk Bruce Schneier details at some length in The Guardian, the spooks have a whole toolkit of hacker toys they can deploy to identify and infect the machines of potential threats – by intercepting traffic, rerouting it to spoofed sites (including fake Googles), and sending back malware, for example. In other words, they are behaving like very skilled cybercriminals.
The NSA’s response to all these revelations is invariably the same: We have strict oversight. We are only targeting non Americans and/or overseas communications. We are only interested in hunting terrorists and other threats to our nation. Tools like Tor are being used by the bad guys, so we have the right to break them.
But regardless of the pious statements that emanate from Director of National Intelligence James Clapper at regular intervals, and ignoring the direct lies that have occasionally dropped from Clapper’s lips, the fact remains that it’s the spooks – and only the spooks – who determine what a credible threat is. And to do that they have to spy on millions of others who are not and never will be a credible threat. Like the tens of thousands of political dissidents, human rights workers, journalists and others who use Tor, because to do otherwise could pose a genuine threat to their safety.
If you use Tor – or email encryption – you go to the top of the list of possible threats, and so does anyone you communicate with. You are assumed guilty until classified otherwise, in a process that is utterly opaque. That’s now how this country is supposed to work.
Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.