Hacker News new | past | comments | ask | show | jobs | submit login

/* These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */

That's an interesting definition. It might cover legitimate extremists, but a quick look at Wikipedia tells me that TAILs has also been used by some pretty respectable Pulitzer Prize winners.

These comments provide an interesting and ultimately disheartening insight to how the people designing these surveillance systems view privacy software (and, by extension, privacy?).




That doesn't make sense to me. It's a definition that relates to the people they're looking for. That it's explicitly more specific than "all Tails users" really doesn't seem disheartening to me.

That Tails is used by people other than extremists doesn't invalidate the comment, by someone interested in "comsec mechanisms used by extremists", that it is, in addition to anything else it may be, a "comsec mechanism advocated by extremists in extremist forums".

It's not like "legitimate extremists" have some totally parallel universe of software that's only used by them. It's fundamental to most of these tools that they'll be used by different people in different ways, and that some of those people will be by some standard or another "bad guys".


The description is not exclusive, I'm not arguing that. Your last point makes a lot of sense; most people/groups who do nasty things do it using off-the-shelf components. My issue is with the description painting TAILs in broad strokes as comsec for extremists. Yes, they've got National Security in the name, so they're looking at the software from a national security perspective. There is a wide gap, however, between describing software and its dangerous potential and describing software only in context of its dangerous potential.

If an analyst who hasn't heard of TAILs reads that description, it would sound to them like the program is something that's passed around extremist forums in much the same way malware toolkits are disseminated in warez forums, rather than what it is, which is a Debian fork that routes things through Tor. I say this because that was my first impression, which seemed off, leading me to google, then to wikipedia, and then back here in a huff.

Now, some examples (in order of ascending silliness) of why describing something in the context of one use case is harmful when many use cases exist:

* A lot of people use nmap to explore their home networks or as part of their jobs, potentially in the computer security industry. A lot of crackers also use nmap to case out potential targets. Calling nmap a "network scanning utility advocated by computer hackers" makes illegalizing nmap sound a lot more attractive than it actually would be, even if the statement is true.

* In the real world, certain products are systematically abused for less-than-kosher purposes. Still, we never refer to canned air as a household inhalant without mentioning its dusting use-case first. Potassium nitrate is fertilizer first, rocket fuel second, and only tangentially mentioned as an oxidizer for explosives. Other oxidizers, even the ones that are illegal for consumer sale, are written about the same way.

* Reductio ad absurdum: There's a lot of general purpose software everyone uses. I wouldn't be wrong if I said "Microsoft Word is a text management tool used by terrorist groups to hatch evil plots" or "SMS is a communications technology used by insurgents to detonate bombs" or, extending the idiom, "The Quran is a book used by militant Islamist groups to justify killing and brutalizing civilians." These descriptions are all, however, deeply misleading.


I say this because that was my first impression, which seemed off, leading me to google, then to wikipedia, and then back here in a huff.

I'm not sure I understand why you think an NSA analyst (who, inexplicably, is editing an XKEYSCORE rule file regarding Tor and Tails while being completely ignorant about Tor and Tails) is incapable of doing this same kind of information-gathering.

I'm not going to act like I think the NSA only hires the best and the brightest, but your example presumes the existence of an analyst that's all of: grossly undereducated for his duties, too mentally incompetent to be aware of it, and so far on the literal-minded end of the autism spectrum that they could be replaced by a shell script.

I believe any such analyst, if they existed, would have been promoted to management before they could cause any serious harm.


I'm sure a legitimate extremist would want to use something like TAILs.

I'm more worried about the fact they are tracking people who access articles about tails by the media than I am about that particular component. If you read one article on linuxjournal containing 'tails' you are flagged:

$TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and word('linux' or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor '); $TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');

So they aren't really "monitoring extremists" they are monitoring anyone with an interest in security [even if its just a hobby].


We have no context for what "flagged" or "monitoring" means, though. There's no indication that these rules are taken to mean anything in isolation beyond what is frankly common sense. The idea that just Googling Tails means you're monitored is a narrative leap.

If I write an email about Viagra, the recipient's spam filter is undoubtedly going to consider it to have a non-zero probability of being spam. That doesn't mean it will be blocked, in the end. Nor does it mean that the spam filter is wrong to take notice.


I think the fact that they can tag us based on what we searched or read is chilling. It's even more chilling that now the argument has been flipped from being appalled that our right to privacy has been utterly destroyed online, to arguing if it's right to be flagged for further review for simply searching or reading about specific subjects.


Yes. But do you honestly expect them to provide that context so we can be sure?


My point is that they (the authors of the article) don't have that context. They're just covering up the lack of information with FUD.


Yes, and the NSA would refuse to give the context...so you have to make assumptions about information about them.


I think those assumptions are not supported by the available evidence[1], and that the authors they know this. Who cares what the NSA says? I'm looking at the same thing the authors are presenting and drawing different conclusions.

[1] Including the abundance of evidence already available about XKEYSCORE.


You have every right to disagree. :)

I think erring on the side of the assumption that is bad for everyone is more likely to be true. Especially since its consistent with the NSA's overreach in other areas.

For instance:

http://thehill.com/policy/technology/318515-nsa-admits-analy...

or

http://www.nytimes.com/2013/08/16/us/nsa-often-broke-rules-o...

If they break the law over 2,500 times a year with no apparent consequences, do you honestly think its likely you are right? If so, good on you.

Personally, I'd rather assume things are more in line with the other abuses than dismiss them out of hand.

In what way is the assumption that they are tagging/tracking the sessions not consistent with:

http://www.nsa.gov/public_info/press_room/2013/30_July_2013....

?

The fact some are US-based? But we already know they violate that regularly, 'accidentally'.

The volume of data? We already know they have datacenters large enough to store and analyze it.

I'm genuinely curious why you draw those conclusions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: