When I first became a regular user of Linux, several years ago, I tried out different text editors and quickly discovered that emacs was my best choice. By coincidence, about that time I ran into an old emacs manual written by Richard Stallman in the dollar section of a used booksore. In that edition, near the end of the book, was a section on “Mail Amusements.” This documented the command “M-x spook” which adds “a line of randomly chosen keywords to an outgoing mail message. The keywords are chosen from a list of words that suggest you are discussing something subversive.” (I note that the term “spook” in those days meant “spy.”) Stallman notes in the current edition of the manual,

The idea behind this feature is the suspicion that the NSA and other intelligence agencies snoop on all electronic mail messages that contain keywords suggesting they might find them interesting. (The agencies say that they don’t, but that’s what they would say.) The idea is that if lots of people add suspicious words to their messages, the agencies will get so busy with spurious input that they will have to give up reading it all. Whether or not this is true, it at least amuses some people.

It is amazing to see how things change over time. But this, unfortunately, is not a good example of change over time. As I’m sure every Linux user knows by now, the National Security Agency has included “Linux Journal” (the journal and the site, apparently) as an indicator for potential extremist activity. If you subscribe to the journal, visit the site, mention it in an email, or anything like that, your internet traffic will be subject to additional special attention.

Apparently the NSA captures all, or very nearly all, of the Internet traffic for just long enough to sort through it for key indicators, which they use to pull out a subset of traffic for longer term storage and possible investigation. If you visit Linux Journal’s web site, your internet traffic, apparently, is subject to this treatment.

Why?

Well, this should be obvious. Linux users are extreme. Linux is extreme. If I was the NSA I’d be keeping a close eye on the Linux community because that is where a major national intelligence agency is most likely to find useful, and extremely good, security related ideas. GNU/Linux, FOSS, OpenSource – these are all keywords I’d be watching because this is where the cutting edge is. LAMP systems are the most secure servers used on the Internet, by and large. Linux-like operating systems are the preferred systems for devices that need both reliability and security. I’m sure the NSA itself uses Linux as its primary operating system because it is the most adaptable and secure one they can get. If not, they probably use a cousin or hybrid of some sort.

Also, penguins. Penguins are known to be extreme. They wear tuxedos, who does that anymore? They live on the Antarctic Continent. I can’t think of anything more extreme than this. The adoption of Tux the Penguin as the symbolic mascot of GNU/Linux is a huge red flag for the entire intelligence community.

I do find it amusing that people are a bit up in arms over this. Did anyone ever seriously consider the idea that the Linux community and their Penguin friends would not be the subject of special NSA attention? It would be rather disappointing were it not. Stallman added M-x spook to emacs decades ago. We’ve known for years that the NSA snoops on everything and everyone. Linux is a widely used extremely important operating system. Linux Journal is a key publication used by a wide range of Linux extremists, er, users and developers. Of course the NSA is watching.

Kyle Rankin at Linux Journal who is a known Linux user notes that there is a more specific reason the NSA would view the Linux community as a hotbed of potential extremism. This is where things like Tor and Tails exist as projects and are mostly used. These are, of course, technologies to be more anonymous on the internet. Tor comes form a project originally funded by the US Naval Research Laboratory and DARPA with early work on it supported by the radical Electronic Frontier Foundation. It has also been funded by the US State Department and the National Science Foundation. The original idea was to allow communications over the internet to be untraceable so sailors (or others) could write home and keep their lips tight (loose lips sink ships and all that). With subversive beginnings and evil intent such as this, naturally the NSA would want to keep an eye on it.

I’m sorry to tell that if you’ve been reading this blog post you are probably on the NSA list of extremists. I use the terms “Linux Journal,” “Linux,” and “Penguin” several times in this blog post. And you are looking at this blog post in your browser. You are so screwed.

I would like to challenge the OpenSource/FOSS/GNU/Linux community to take up Stallman’s initiative and bring it to the next level. Let us M-x spook the spooks. Apps, browser add-ins, cron scripts, and other small scale technologies could be used to add subversive terms such as Linux Journal and Penguin to all of our Internet traffic, all the time. The NSA would quickly run out of disk space and someone would tell them to get back to work and do something useful. Real extremists just made a radical extremist Caliphate in the Middle East forchristakes. I would think the NSA would be more focused on such things than on Linux Journal, or Linux. I can see keeping an eye on the Penguins, though.

UPDATE: Charles Johnson send me THIS and THIS. This whole thing could be fake. Go have a look and tell me what you think.

Comments

  1. #1 Brainstorms
    July 7, 2014

    Do we have a secret Penguin handshake?

  2. #2 Greg Laden
    July 7, 2014

    Yes we do.

  3. #3 Brainstorms
    July 7, 2014

    Next time I have to send some extremist Linux message to another agen..er, Linux user, I’ll be sure to use the new modem attachment for my shoe phone. It’s cleverly disguised as a shoelace…

  4. #4 Robby
    July 7, 2014

    With the advent of modern crypto-browsers like the Tor Project, Linux does not have that same edgy quality ascribed to its users that it once had.

  5. #5 Peter Smith
    July 8, 2014

    dccff28314d9ae4ed262cfc6f35e5153
    c4d4d037d7d0a05e8f526d18aa25fb5e
    01545fa976c8367b4f0d59169ac4866c
    08d25bf879e353686a974b7b14ae7d81
    b31731ea6cdbebe1d02f8193db420886
    0bc7243aacd5f80f8110dcf3165dffd0
    5174d847970b88e0749995b6525b4b7a
    633effb1dca398d25a08bc8d2f692892
    d9287f5c622613495830863be647b12a
    4d096ec8c076b03fd4d9872ef2670bbc

  6. #6 Walrus
    England
    July 8, 2014

    A fun project would be a Raspberry Pi TOR server that I could use to send my almost a terabyte of digital photos (of Penguins) to myself. Suitably encrypted, natch.

  7. #7 Dunc
    July 8, 2014

    What could be more extremist than using free software? God damn commies! ;)

  8. #8 Roland
    lakes of Titan
    July 8, 2014

    http://en.wikipedia.org/wiki/Selinux
    NSA wrote it, RedHat (and others) use it.
    Your tax dollars at work. Therefore, the NSA is a bunch of extremists too!

  9. #9 Richard Chapman
    July 8, 2014

    I knew it… I just knew it. Now I’m going to have to wrap my monitor in aluminum foil.

  10. #11 G
    July 8, 2014

    Heh, Roland beat me to it: SE Linux. The source code was downloadable from the NSA website as of a few years ago; I have a copy around somewhere.

    I have to say though, the level of narcissism around the whole NSA story is getting annoying. All these people thinking they’re so important that they’ve got NSA files. Clue: No, you’re not important enough to be worth more than a microsecond of attention from any of the three-letter agencies: less attention than you get from a traffic cop watching the cars go through an intersection.

    If you’re really concerned about privacy and the liberties it protects, take a close look at Google and Facebook. They make NSA look like small business by comparison, content-scraping and dossier-keeping included. They are unregulated and unaccountable, and you don’t get to vote for their boss every four years.

  11. #12 Brainstorms
    July 8, 2014

    @G: True, but whereas I can (and do) “opt out” of things like Facebook and avoid their significant yet lightly-regulated data acquisition, I am not granted the same opt-out privileges with the NSA.

    And whereas Facebook, et al, are held to the laws of the land (good or bad or incomplete as they may be), the NSA has been operating outside of the law (or conducting “legal theatre” with the FISC and their worn-out rubber stamps).

  12. #13 Obstreperous Applesauce
    July 8, 2014

    G
    Yeah but it’s abuse just waiting to happen

    because checks and balances
    because politics and ideology
    because mission creep
    because power corrupts

    If you think it can’t happen here, then don’t bother with vigilance. Eventually you’ll get to see if anything happens to what’s left of your democracy.

  13. #14 arjaybe
    July 8, 2014

    Damn you, Laden! I was clean until now, and then I read your post. Now I have to start all over again.

    Eagle! Mule! Elephant! Bull! Bear! rinse and repeat.

    rjb

  14. #15 bjd
    netherlands
    July 8, 2014

    @G
    Funny how some people never kick upwards but always downwards. In this case someone telling others what to do.

  15. #16 Brainstorms
    July 8, 2014

    @G: One other point: Google and Facebook might use some of these techniques, but their aim is to fatten their wallets with the results.

    For all we know, the NSA will use the information they gain to “erase” political undesirables — something that Google, Facebook, et al won’t do, lest they “kill the golden goose”.

    Excuse me, there’s a group thumping a battering ram at my door… I need to go now8g47ysg;o0auf14jjsttttttttttttttttttttttttttttt

  16. #17 G
    July 8, 2014

    Brainstorms @ 12: There is no “opting out”, unless you run a bunch of privacy apps, that will also show you exactly how much cyber-stalking is going on by those entities. Ixquick search “persistent cookies,” “Local stored objects,” and the like, and/or go to EFF.org and look for their documents on the subject.

    If you correspond with anyone who uses GMail or call anyone who uses Google Voice, you’re also being intercepted and scraped, and it’s not always obvious when someone is using one of those.

    BJD @ 15: “kick down,” baloney, unless you think I’m richer than Mark Zuckerberg.

    Brainstorms @16: The fact that their aim is to fatten up their wallets also gives them incentives that NSA does not have. As for “erasing political undesirables,” that’s paranoid conspiracy nonsense promoted by people who think themselves important enough to be considered threats. As for Google & Facebook not doing bad-things with their data, Ixquick-search either of them plus the word “privacy” and read up.

    I could post well over fifty links here with specific stories from credible mainstream media and credible tech blogs, going into excruciating detail, but posting links gets these comments stuck in the spam queue so you’ll have to do the search.

  17. […] three of his Tails Above the Rest series. But after all the coverage, fear, and outrage Greg Laden is reporting that the whole thing could be a fake. The original post offers up this posted evidence of its […]

  18. #19 security
    July 9, 2014

    It is so simple to avoid this kind of problem. If web magazines would REALLY appreciate end-users privacy they would start using SSL on all of the web pages (www, forum, etc)! You know beside the content of web page SSL also encrypts URL address too (except full domain name). SSL should be implement properly, look at ssllabs.com/ssltest/ to get A+ grade.

    Can we totally avoid NSA spying? No. But we can make it harder for them (like encrypting web pages with SSL) and make them to spend more money. On massive scale this would have huge effect. But you know it is easier to cry like a baby… solution is simple dumb asses.

  19. #20 Obstreperous Applesauce
    July 9, 2014

    Anyone who thinks that thwarting the NSA with technological tricks is a simple matter is very naive. For some background, James Bamford has written extensively on the organization. And follow the news. They have their fingers in everything that signals, have more money than God, and aggressively hoover up talent like an army of manic hoarders.

    A couple of decades ago they were measuring the computing power of their farms in acres. Now it’s hard to even imagine what. So yeah, in its various forms and incarnations, it looks like the idea, the genie of Total Information Awareness is now permanently out of the bottle.

  20. #21 security
    July 10, 2014

    @Obstreperous Applesauce, I am perfectly aware we as average Joe can’t really measure with agencies, but this particular problem could be easily solved with SSL (the problem was to scan the URL address on international network link). The reaction of article authors are in my humble opinion unprofessional. They intentionally try to fire the _emotions_ on people instead of actually provide some kind of professional answer. They are using ‘shouting in the desert’ principle instead of acting proactive and start implementing some security/privacy features. It will not solve whole of the problem (at all), but the message should be ‘we care’ about end-user privacy, so we are doing our best in this direction to put one little tiny stone in the mosaic of privacy and so educate people to make the same step into more private world, you know to have first step of security/privacy is to close windows and lock the door – I am not talking about sophisticated security measures, just the one that is obvious and very easy to implement.

    P.S. There is just one (local in my country) magazine that has done this kind of measures and implemented SSL on all services they provide. Did they win no, they show that they care.

  21. #22 arjaybe
    July 10, 2014

    From those links it does appear as if this is at least partially faked.

    rjb

  22. #23 Obstreperous Applesauce
    July 10, 2014

    Security,
    Ok, I think I see where you’re coming from now.

    The article is humorous. Personally, I like humorous. It’s not always easy to get people to care about something, and there are a lot of ways to do it. Different strokes… They’re not necessarily mutually exclusive.

  23. #24 me
    @home
    July 27, 2014

    Good, its about time they started rounding up some of the sweaty linux loons, bleating about ‘freedom’
    I use windows with wow nothing but freeware and open source software, and guess what? It does what I want and guess what else ? I design embedded systems, and quess what else as well and also, I dont need to prove that I know about computers by typing commands into a terminal.

  24. #25 Greg Laden
    July 27, 2014

    Well, good for you, me, good for you. You sure showed us.

    Did you update your virus checker this AM? Of course you did, or you wouldn’t have been able to write that email!

  25. #26 arjaybe
    July 27, 2014

    @me

    Ooh, how manly. Where do you design these “embedded systems?” In your mother’s basement?

    BTW, be careful of that freeware. It’s not as free as you think.

    rjb