Entries Tagged "filtering"

Page 1 of 2

Yahoo Scanned Everyone's E-mails for the NSA

News here and here.

Other companies have been quick to deny that they did the same thing, but I generally don’t believe those carefully worded statements about what they have and haven’t done. We do know that the NSA uses bribery, coercion, threat, legal compulsion, and outright theft to get what they want. We just don’t know which one they use in which case.

EDITED TO ADD (10/7): More news. This and this, too.

EDITED TO ADD (10/17): A related story.

Posted on October 6, 2016 at 1:58 PMView Comments

Evading Internet Censorship

This research project by Brandon Wiley — the tool is called “Dust” — looks really interesting. Here’s the description of his Defcon talk:

Abstract: The greatest danger to free speech on the Internet today is filtering of traffic using protocol fingerprinting. Protocols such as SSL, Tor, BitTorrent, and VPNs are being summarily blocked, regardless of their legal and ethical uses. Fortunately, it is possible to bypass this filtering by reencoding traffic into a form which cannot be correctly fingerprinted by the filtering hardware. I will be presenting a tool called Dust which provides an engine for reencoding traffic into a variety of forms. By developing a good model of how filtering hardware differentiates traffic into different protocols, a profile can be created which allows Dust to reencode arbitrary traffic to bypass the filters.

Dust is different than other approaches because it is not simply another obfuscated protocol. It is an engine which can encode traffic according to the given specifications. As the filters change their algorithms for protocol detection, rather than developing a new protocol, Dust can just be reconfigured to use different parameters. In fact, Dust can be automatically reconfigured using examples of what traffic is blocked and what traffic gets through. Using machine learning a new profile is created which will reencode traffic so that it resembles that which gets through and not that which is blocked. Dust has been created with the goal of defeating real filtering hardware currently deployed for the purpose of censoring free speech on the Internet. In this talk I will discuss how the real filtering hardware work and how to effectively defeat it.

EDITED TO ADD (9/11): Papers about Dust. Dust source code.

Posted on August 28, 2013 at 7:07 AMView Comments

More on NSA Data Collection

There’s an article from Wednesday’s Wall Street Journal that gives more details about the NSA’s data collection efforts.

The system has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans. In some cases, it retains the written content of emails sent between citizens within the U.S. and also filters domestic phone calls made with Internet technology, these people say.


The programs, code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others, filter and gather information at major telecommunications companies. Blarney, for instance, was established with AT&T Inc….

This filtering takes place at more than a dozen locations at major Internet junctions in the U.S., officials say. Previously, any NSA filtering of this kind was largely believed to be happening near points where undersea or other foreign cables enter the country.


The systems operate like this: The NSA asks telecom companies to send it various streams of Internet traffic it believes most likely to contain foreign intelligence. This is the first cut of the data. These requests don’t ask for all Internet traffic. Rather, they focus on certain areas of interest, according to a person familiar with the legal process. “It’s still a large amount of data, but not everything in the world,” this person says.

The second cut is done by NSA. It briefly copies the traffic and decides which communications to keep based on what it calls “strong selectors”—say, an email address, or a large block of computer addresses that correspond to an organization it is interested in. In making these decisions, the NSA can look at content of communications as well as information about who is sending the data. One U.S. official says the agency doesn’t itself “access” all the traffic within the surveillance system. The agency defines access as “things we actually touch,” this person says, pointing out that the telecom companies do the first stage of filtering.

The surveillance system is built on relationships with telecommunications carriers that together cover about 75% of U.S. Internet communications. They must hand over what the NSA asks for under orders from the secret Foreign Intelligence Surveillance Court. The firms search Internet traffic based on the NSA’s criteria, current and former officials say.

The NSA seems to have finally found a PR agency with a TS/SI clearance, since there was a response to this story. They’ve also had a conference call with the press, and the Director of National Intelligence is on Twitter and Tumblr.

I am completely croggled by the fact that the NSA apparently had absolutely no contingency plans for this sort of thing.

Posted on August 27, 2013 at 1:19 PMView Comments

Details on NSA/FBI Eavesdropping

We’re starting to see Internet companies talk about the mechanics of how the US government spies on their users. Here, a Utah ISP owner describes his experiences with NSA eavesdropping:

We had to facilitate them to set up a duplicate port to tap in to monitor that customer’s traffic. It was a 2U (two-unit) PC that we ran a mirrored ethernet port to.

[What we ended up with was] a little box in our systems room that was capturing all the traffic to this customer. Everything they were sending and receiving.

Declan McCullagh explains how the NSA coerces companies to cooperate with its surveillance efforts. Basically, they want to avoid what happened with the Utah ISP.

Some Internet companies have reluctantly agreed to work with the government to conduct legally authorized surveillance on the theory that negotiations are less objectionable than the alternative — federal agents showing up unannounced with a court order to install their own surveillance device on a sensitive internal network. Those devices, the companies fear, could disrupt operations, introduce security vulnerabilities, or intercept more than is legally permitted.

“Nobody wants it on-premises,” said a representative of a large Internet company who has negotiated surveillance requests with government officials. “Nobody wants a box in their network…[Companies often] find ways to give tools to minimize disclosures, to protect users, to keep the government off the premises, and to come to some reasonable compromise on the capabilities.”

Precedents were established a decade or so ago when the government obtained legal orders compelling companies to install custom eavesdropping hardware on their networks.

And Brewster Kahle of the Internet Archive explains how he successfully fought a National Security Letter.

Posted on July 25, 2013 at 12:27 PMView Comments

US Department of Defense Censors Snowden Story

The US Department of Defense is blocking sites that are reporting about the Snowden documents. I presume they’re not censoring sites that are smearing him personally. Note that the DoD is only blocking those sites on its own network, not on the Internet at large. The blocking is being done by automatic filters, presumably the same ones used to block porn or other sites it deems inappropriate.

Anyone know if my blog is being censored? I’m kinda curious.

Posted on July 3, 2013 at 6:02 AMView Comments

Internet Safety Talking Points for Schools

A surprisingly sensible list.

E. Why are you penalizing the 95% for the 5%? You don’t do this in other areas of discipline at school. Even though you know some students will use their voices or bodies inappropriately in school, you don’t ban everyone from speaking or moving. You know some students may show up drunk to the prom, yet you don’t cancel the prom because of a few rule breakers. Instead, you assume that most students will act appropriately most of the time and then you enforce reasonable expectations and policies for the occasional few that don’t. To use a historical analogy, it’s the difference between DUI-style policies and flat-out Prohibition (which, if you recall, failed miserably). Just as you don’t put entire schools on lockdown every time there’s a fight in the cafeteria, you need to stop penalizing entire student bodies because of statistically-infrequent, worst-case scenarios.


G. The ‘online predators will prey on your schoolchildren’ argument is a false bogeyman, a scare tactic that is fed to us by the media, politicians, law enforcement, and computer security vendors. The number of reported incidents in the news of this occurring is zero.

H. Federal laws do not require your draconian filtering. You can’t point the finger somewhere else. You have to own it yourself.

I. Students and teachers rise to the level of the expectations that you have for them. If you expect the worst, that’s what you’ll get.

J. Schools that ‘loosen up’ with students and teachers find that they have no more problems than they did before. And, often, they have fewer problems because folks aren’t trying to get around the restrictions.

K. There’s a difference between a teachable moment and a punishable moment. Lean toward the former as much as possible.


O. Schools with mindsets of enabling powerful student learning usually block much less than those that don’t. Their first reaction is ‘how can we make this work?’ rather than ‘we need to keep this out.’

Posted on August 24, 2012 at 1:18 PMView Comments

Blue Coat Products Enable Web Censorship in Syria

It’s illegal for Blue Coat to sell its technology for this purpose, but there are lots of third-parties who are willing to act as middlemen:

“Blue Coat does not sell to Syria. We comply with US export laws and we do not allow our partners to sell to embargoed countries,” [Blue Coat spokesman Steve] Schick told the Bureau. “In addition, we do not allow any of our resellers, regardless of their location in the world, to sell to an embargoed country, such as Syria.”

However, Schick did not rule out the possibility that the equipment could have been bought via a third party re-seller, noting that Blue Coat equipment can be found on websites like eBay.

Bet you anything that the Syrian Blue Coat products are registered, and that they receive all the normal code and filter updates.

EDITED TO ADD (11/14): The Wall Street Journal confirms it:

The appliances do have Blue Coat service and support contracts. The company says it has now cut off contracts for the devices.

Posted on October 24, 2011 at 1:39 PMView Comments

Tor Arms Race

Iran blocks Tor, and Tor releases a workaround on the same day.

How did the filter work technically? Tor tries to make its traffic look like a web browser talking to an https web server, but if you look carefully enough you can tell some differences. In this case, the characteristic of Tor’s SSL handshake they looked at was the expiry time for our SSL session certificates: we rotate the session certificates every two hours, whereas normal SSL certificates you get from a certificate authority typically last a year or more. The fix was to simply write a larger expiration time on the certificates, so our certs have more plausible expiry times.

Posted on September 26, 2011 at 6:41 AMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.