Jvitak

You knew this was coming, right? Read the rest

Jake Appelbaum et. al, are reporting on XKEYSCORE selection rules that target users -- and people who just visit the websites of -- Tor, Tails, and other sites. This isn't just metadata; this is "full take" content that's stored forever.

This code demonstrates the ease with which an XKeyscore rule can analyze the full content of intercepted connections. The fingerprint first checks every message using the "email_address" function to see if the message is to or from "bridges@torproject.org". Next, if the address matched, it uses the "email_body" function to search the full content of the email for a particular piece of text - in this case, "https://bridges.torproject.org/". If the "email_body" function finds what it is looking for, it passes the full email text to a C++ program which extracts the bridge addresses and stores them in a database.

[...]

It is interesting to note that this rule specifically avoids fingerprinting users believed to be located in Five Eyes countries, while other rules make no such distinction. For instance, the following fingerprint targets users visiting the Tails and Linux Journal websites, or performing certain web searches related to Tails, and makes no distinction about the country of the user.

[...]

There are also rules that target users of numerous other privacy-focused internet services, including HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion as well as its predecessor MixMaster. The appid rule for MixMinion is extremely broad as it matches all traffic to or from the IP address 128.31.0.34, a server located on the MIT campus.

It's hard to tell how extensive this is. It's possible that anyone who clicked on this link -- with the embedded torproject.org URL above -- is currently being monitored by the NSA. It's possible that this only will happen to people who receive the link in e-mail, which will mean every Crypto-Gram subscriber in a couple of weeks. And I don't know what else the NSA harvests about people who it selects in this manner.

Whatever the case, this is very disturbing.

EDITED TO ADD (7/3): The BoingBoing story says that this was first published on Tagesschau. Can someone who can read German please figure out where this originated.

And, since Cory said it, I do not believe that this came from the Snowden documents. I also don't believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there.

EDITED TO ADD (7/3): More news stories. Thread on Reddit. I don't expect this to get much coverage in the US mainstream media.

EDITED TO ADD (7/3): Here is the code. In part:

// START_DEFINITION /* These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */

$TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and
word('linux'
or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or '
tor ');
$TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');
// END_DEFINITION

// START_DEFINITION
/*
This fingerprint identifies users searching for the TAILs (The Amnesic
Incognito Live System) software program, viewing documents relating to
TAILs,
or viewing websites that detail TAILs.
*/
fingerprint('ct_mo/TAILS')=
fingerprint('documents/comsec/tails_doc') or web_search($TAILS_terms) or
url($TAILS_websites) or html_title($TAILS_websites);
// END_DEFINITION

Hacker News and Slashdot threads. ArsTechnica and Wired articles.

EDITED TO ADD (7/4): EFF points out that it is illegal to target someone for surveillance solely based on their reading:

The idea that it is suspicious to install, or even simply want to learn more about, tools that might help to protect your privacy and security underlies these definitions -- and it’s a problem. Everyone needs privacy and security, online and off. It isn't suspicious to buy curtains for your home or lock your front door. So merely reading about curtains certainly shouldn’t qualify you for extra scrutiny.

Even the U.S. Foreign Intelligence Surveillance Court recognizes this, as the FISA prohibits targeting people or conducting investigations based solely on activities protected by the First Amendment. Regardless of whether the NSA is relying on FISA to authorize this activity or conducting the spying overseas, it is deeply problematic.

Just like mentions of Nazis spiked on Twitter when Germany played America and Algeria , the chart above from Redditor honkeyponk shows Americans dissed Belgium by tweeting "waffle" over and over and over.

Read more...

My latest column in Locus magazine, Security in Numbers, looks at the impossibility of being secure on your own -- if you use the Internet to talk to other people, they have to care about security, too. Read the rest

Blue Jays manager John Gibbons used MLB's instant replay in an unusual but clever decision in the top of the second of Thursday's game against the Athletics.

Read more...

Michelle Wie won the first major of her career on Sunday, shooting a final-round 70 to claim the U.S. Open title. Afterward, she got together with some friends to celebrate the victory, and oh man did they have they have a party.

Read more...

It's a TV ad for Volvo trucks; a clever way to demonstrate the vehicles' precise computer-aided steering. [Video Link]

barlevg writes "The Washington Post reports that, according to documents obtained from Edward Snowden, through their so-called 'MUSCULAR' initiative, the National Security Agency has exploited a weakness in the transfers between data centers, which Google and others pay a premium to send over secure fiber optic cables. The leaked documents include a post-it note as part of an internal NSA Powerpoint presentation showing a diagram of Google network traffic, an arrow pointing to the Google front-end server with text reading, 'SSL Added and Removed Here' with a smiley face. When shown the sketch by The Post and asked for comment, two engineers with close ties to Google responded with strings of profanity." Also in can't-trust-the-government-not-to-spy news, an anonymous reader writes: "According to recent reports, the National Security Agency collects 'one-end foreign' Internet metadata as it passes through the United States. The notion is that purely domestic communications should receive greater protection, and that ordinary Americans won't send much personal information outside the country. A researcher at Stanford put this hypothesis to the test... and found that popular U.S. websites routinely pass browsing activity to international servers. Even the House of Representatives website was sending traffic to London. When the NSA vacuums up international Internet metadata, then, it's also snooping on domestic web browsing by millions of Americans."

Read more of this story at Slashdot.

Updating their 2010 and 2011 offerings, Pop Chart Lab has released "The Magnificent Multitude of Beer," a 60'' x 40'' print/chart detailing dozens of brewing styles and sub-styles, as well as over 500 individual beers (click here for a larger version).

Read more...

Twitter is reportedly seeking a line of credit between $500 million and $1 billion leading up to the company's IPO, according to the New York Post. The tactic is similar to one used by Facebook during it's pre-IPO run in 2012, and the money could be used to help Twitter expand even further in the months immediately before hitting the market

A Twitter spokesperson declined to comment on the report

JP Morgan Chase and Morgan Stanley are in talks with Twitter to provide the line of credit, according to the Post. The newspaper also reports that sources close to the situation confirmed a Twitter IPO will happen before the U.S. Thanksgiving. Twitter announced earlier this month that it filed S-1 documents with the U.S. Securities and Exchange Commission, but an official IPO date has not been set Read more...

More about Facebook, Twitter, Morgan Stanley, Jp Morgan, and Business

Jake Butt is over 6 feet tall and 237 pounds of pure muscle. He's a freshman playing a key role for a top-20 football team in the Michigan Wolverines. And he's got a very bright future to look forward to after choosing to play for the Wolverines over a host of national programs, including Stanford and UCLA

But his last name is also Butt. To make matters worse, he plays the tight-end position — making him, yes, a tight end named Butt

This has, in the immature world of college sports, predictably led to many sophomoric jokes at Butt's expense. But Butt took a go-to move out of the pubic relations handbook this weekend by getting ahead of the story, and mocking his critics' juvenile humor in one fantastic Twitter post: Read more...

More about College Sports, Entertainment, and Sports

Apple's iPhone 5S barely even hit the market in Australia, but the folks from iFixit have already gotten their hands on one. And, of course, they tore it to bits

The highlights of the teardown include Apple's proprietary pentalobe screws, a cable that connects the new Touch ID sensor with the Lightning port assembly (making the device a bit more harder to open than the iPhone 5), and the new, 8.8-megapixel camera

The rest of the device's innards are eerily similar to the ones in iPhone 5, sans the slightly bigger battery and the new A7 chip

All in all, iFixit gives the iPhone 5S 6 out of 10 points in repairability. Check out the entire teardown here and share your thoughts in the comments Read more...

More about Apple, Teardown, Ifixit, Tech, and Mobile

cold fjord writes "The Houston Chronicle reports, 'A newly declassified opinion from the government's secret surveillance court says no company that has received an order to turn over bulk telephone records has challenged the directive. The opinion by Foreign Intelligence Surveillance Court Judge Claire Eagan, made public Tuesday, spells out her reasons for reauthorizing the phone records collection "of specified telephone service providers" for three months. ... 'Indeed, no recipient of any Section 215 order has challenged the legality of such an order, despite the explicit statutory mechanism for doing so.'" Relatedly, the UN Human Rights Council is discussing the surveillance situation.

Read more of this story at Slashdot.

This isn't a music video for Seal's "Fly Like an Eagle," but it may as well be.

Some beautiful soul attached a camera to an eagle's back and captured the majestic flight that a human's large, dense bones will never experience

The video, uploaded by YouTube user Srachi, leaves us with so many unanswered questions, such as "why?" and "Is that eagle in contact with Jimmy Kimmel?" (Or worse, that fake baby-snatching eagle.)

The only information Srachi reveals is that the video was allegedly filmed in the Mer de Glace area of France. Watch — and let the tears flow from all its beauty. Read more...

More about Youtube, Viral Videos, Eagles, Gopro, and Watercooler

The launch of the next-generation iPhones are top of mind for Apple fans this week, but we have good news for those patiently awaiting tablets, too: Leaked images of the iPad mini 2 in a "space gray" casing have surfaced

The iPad mini 2, which is expected to launch on Oct. 15 alongside a new standard-size iPad, will come in Apple's new space gray color, according to French website Nowhereelse.fr. The new iPhone 5S will be also available in space gray, along with the iPod.

Nowhereelse.fr has a good track record of getting its hands on leaked Apple parts and was among the first to report the fingerprint sensor technology on the iPhone 5S. Read more...

More about Mobile, Apple, Tech, Gadgets, and Ipad Mini

Think you're a big fantasy football player? Think you've got all the insights on hot pickups, who to start and who to sit? Heck, maybe you're even as hardcore as the guy who recently brought his laptop to the movies to draft in the dark

But we can guarantee with some certainty that your fantasy football league isn't nearly as high-stakes as one in Nebraska that's simply called, "The Tattoo League."

The league's premise is simple but dastardly, as shown in the video, above, which originally aired on ESPN's Sunday NFL Countdown. Here's how one player named Adam, who manages a team called "Bieber's Entourage," sums it up: Read more...

More about Fantasy Sports, Nfl, Entertainment, and Sports

Read 5 remaining paragraphs | Comments

C0R1D4N writes "A New Jersey Appeals Court has ruled that both sides of a texting conversation which resulted in a car accident could be held liable. The ruling came as part of a case in which the driver of a truck received a text message shortly before striking a motorcycle carrying two passengers. The court ruled that while in this case, the person sending the text wasn't liable, they could be if the circumstances were a little different. '...a person sending text messages has a duty not to text someone who is driving if the texter knows, or has special reason to know, the recipient will view the text while driving.'"

Read more of this story at Slashdot.

Apple recently filed a new patent that describes the possibility of controlling 2D objects on a touchscreen and moving them into three dimensions.

The patent, published last Tuesday, is called "Working with 3D Objects," and it explains how users will lift their fingers from their devices, such as an iPad or iPhone, to turn objects into 3D renderings

According to the patent, users can manipulate those 3D renderings using gestures. As you can see in the video above, you select an object on a touchscreen with your fingers, then move your hand up from the screen, thus "lifting" the object and making it 3D. Read more...

More about Apple, 3d, Patent, Tech, and Dev Design

The White Sox are last in the AL Central, and last in the AL in runs scored. Perhaps they should have thought of this strategy sooner.

Read more...

President Obama, who gives great speeches about his commitment to protect the privacy of Americans, is pushing the Supreme Court to reverse a lower court ruling that disallows warrantless searches of cellphones. Why? Because bad people use cell phones and they must be stopped at all costs.

Civil libertarians are shuddering at the prospect of this Court getting their hands on this issue. The Obama Administration is again pitching its case to the most conservative members of the Court like Thomas, Scalia, Alito, and Roberts. It is an irony missed by many. While Democrats often discuss the need for a Democratic president to make appointments on the Court, the Obama Administration routinely relies on the right wing of the Court for its efforts to strip privacy rights and civil liberties.

Obama Administration Asks Supreme Court To Reverse First Circuit To Allow Warrantless Searches Of Cellphones

David Burnham, in 1983: THE SILENT POWER OF THE N.S.A.

No laws define the limits of the N.S.A.'s power. No Congressional committee subjects the agency's budget to a systematic, informed and skeptical review. With unknown billions of Federal dollars, the agency purchases the most sophisticated communications and computer equipment in the world. But truly to comprehend the growing reach of this formidable organization, it is necessary to recall once again how the computers that power the N.S.A. are also gradually changing lives of Americans - the way they bank, obtain benefits from the Government and communicate with family and friends. Every day, in almost every area of culture and commerce, systems and procedures are being adopted by private companies and organizations as well as by the nation's security leaders that make it easier for the N.S.A. to dominate American society should it ever decide such action is necessary.

Want to know what your favorite college football team made from its appearance in EA Sports' NCAA Football series last year? Average its Associated Press poll ranking over the past 10 seasons. If it's 25 or higher, congratulations. They probably earned about $75,000.

Read more...

Hello, and welcome back to today’s episode of “Why? LOL BECAUSE WE CAN.”

Tired of your dumb old microwave that just shoots friggin’ radio waves at food to cook it? Stupid thing probably can’t even play animated GIFs or send Snapchats or download the Fergie. What’s the point?

In the coolest mod I’ve seen in ages, developer Nathan Broadbent has hacked away at his microwave to add stuff that any self-respecting microwave manufacturer of the year 2013 should have probably added themselves. Voice commands! Barcodes that pre-set cooking times! A SELF SETTING CLOCK.

Meet the Raspberry Picrowave. As you might’ve gathered from the name, it’s a Microwave mashed up with a Raspberry Pi, the $25 micro-computer adored by modders, hackers, and geeks ’round the world

Here’s what it can do so far:

• Clock sets/updates itself across the Internet
• A barcode scanner pulls cooking instructions from an online database. Such a database didn’t actually exist, so he’s building one himself, adding directions as he goes.
• Voice Commands, like “Microwave, Twenty seconds, Low.” (Alas, Nathan says his kitchen’s acoustics screw this up a bit.)
• Custom sound effects (because beeps are for chumps).
• You can control the microwave from your phone. The only uses I can think of for this are: when you know you’ll want microwaved popcorn later and can preload a bag, or when you want to convince your friends that you’re the biggest geek on the planet because you have a microwave that you can control with your phone.
• It tweets when it’s done cooking, because of course it does.

If nothing else, man oh man do I want that self-setting clock. My (two-year old) microwave uses the most ridiculous and impossibly obfuscated series of button presses for clock setting, so a power outage at my house generally means at least three months of the microwave swearing that it’s blink-thirty.

Stuffing a Pi into your microwave is cool and all, but the scale of the project gets a whole lot more impressive once he starts getting into the deeper details, from wiring the Pi into the microwave’s power supply, to designing a new control panel, to etching and producing a custom PCB that fits in the place of the original.

While Edward Snowden is still stuck somewhere inside Moscow's Sheremyetevo airport, details about his past keep emerging

In 2010, while working at Dell as an National Security Agency contractor, Snowden earned a certificate as an "ethical hacker," and learned some of the skills that most likely helped him siphon off the top secret documents that have revealed multiple NSA surveillance programs over the last month.

According to the New York Times, Snowden took a course and received a certification from the International Council of E-Commerce Consultants (EC-Council) as a "Certified Ethical Hacker." Read more...

More about Privacy, Surveillance, Us World, Us, and World

Read 7 remaining paragraphs | Comments

I realize you're going to spend Independence Day happily drinking whatever cold adult beverage you're served, because you're polite and you're an alcoholic. And I trust you'll have a fine old time no matter what you drink. But that doesn't mean America's shitbrews are all the same. The list below breaks down 36 of them, from worst to least-worst.

Read more...

It’s the only qualification necessary to be the ambassador to Siberia. Yes. Just Siberia.

Finding RSS feeds isn't always as easy as it should be, and if you're trying to stick with just a single topic it's even harder. Instant RSS Search is a tool that helps you find feeds of just the content you're looking for.

Read more...

Two weeks ago, the Guardian published two new Snowden documents. These outline how the NSA's data-collection procedures allow it to collect lots of data on Americans, and how the FISA court fails to provide oversight over these procedures.

The documents are complicated, but I strongly recommend that people read both the Guardian analysis and the EFF analysis -- and possibly the USA Today story.

Frustratingly, this has not become a major news story. It isn't being widely reported in the media, and most people don't know about it. At this point, the only aspect of the Snowden story that is in the news is the personal story. The press seems to have had its fill of the far more important policy issues.

I don't know what there is that can be done about this, but it's how we all lose.