When I first became a regular user of Linux, several years ago, I tried out different text editors and quickly discovered that emacs was my best choice. By coincidence, about that time I ran into an old emacs manual written by Richard Stallman in the dollar section of a used booksore. In that edition, near the end of the book, was a section on “Mail Amusements.” This documented the command “M-x spook” which adds “a line of randomly chosen keywords to an outgoing mail message. The keywords are chosen from a list of words that suggest you are discussing something subversive.” (I note that the term “spook” in those days meant “spy.”) Stallman notes in the current edition of the manual,
The idea behind this feature is the suspicion that the NSA and other intelligence agencies snoop on all electronic mail messages that contain keywords suggesting they might find them interesting. (The agencies say that they don’t, but that’s what they would say.) The idea is that if lots of people add suspicious words to their messages, the agencies will get so busy with spurious input that they will have to give up reading it all. Whether or not this is true, it at least amuses some people.
It is amazing to see how things change over time. But this, unfortunately, is not a good example of change over time. As I’m sure every Linux user knows by now, the National Security Agency has included “Linux Journal” (the journal and the site, apparently) as an indicator for potential extremist activity. If you subscribe to the journal, visit the site, mention it in an email, or anything like that, your internet traffic will be subject to additional special attention.
Apparently the NSA captures all, or very nearly all, of the Internet traffic for just long enough to sort through it for key indicators, which they use to pull out a subset of traffic for longer term storage and possible investigation. If you visit Linux Journal’s web site, your internet traffic, apparently, is subject to this treatment.
Well, this should be obvious. Linux users are extreme. Linux is extreme. If I was the NSA I’d be keeping a close eye on the Linux community because that is where a major national intelligence agency is most likely to find useful, and extremely good, security related ideas. GNU/Linux, FOSS, OpenSource – these are all keywords I’d be watching because this is where the cutting edge is. LAMP systems are the most secure servers used on the Internet, by and large. Linux-like operating systems are the preferred systems for devices that need both reliability and security. I’m sure the NSA itself uses Linux as its primary operating system because it is the most adaptable and secure one they can get. If not, they probably use a cousin or hybrid of some sort.
Also, penguins. Penguins are known to be extreme. They wear tuxedos, who does that anymore? They live on the Antarctic Continent. I can’t think of anything more extreme than this. The adoption of Tux the Penguin as the symbolic mascot of GNU/Linux is a huge red flag for the entire intelligence community.
I do find it amusing that people are a bit up in arms over this. Did anyone ever seriously consider the idea that the Linux community and their Penguin friends would not be the subject of special NSA attention? It would be rather disappointing were it not. Stallman added M-x spook to emacs decades ago. We’ve known for years that the NSA snoops on everything and everyone. Linux is a widely used extremely important operating system. Linux Journal is a key publication used by a wide range of Linux
extremists, er, users and developers. Of course the NSA is watching.
Kyle Rankin at Linux Journal who is a known Linux user notes that there is a more specific reason the NSA would view the Linux community as a hotbed of potential extremism. This is where things like Tor and Tails exist as projects and are mostly used. These are, of course, technologies to be more anonymous on the internet. Tor comes form a project originally funded by the US Naval Research Laboratory and DARPA with early work on it supported by the radical Electronic Frontier Foundation. It has also been funded by the US State Department and the National Science Foundation. The original idea was to allow communications over the internet to be untraceable so sailors (or others) could write home and keep their lips tight (loose lips sink ships and all that). With subversive beginnings and evil intent such as this, naturally the NSA would want to keep an eye on it.
I’m sorry to tell that if you’ve been reading this blog post you are probably on the NSA list of extremists. I use the terms “Linux Journal,” “Linux,” and “Penguin” several times in this blog post. And you are looking at this blog post in your browser. You are so screwed.
I would like to challenge the OpenSource/FOSS/GNU/Linux community to take up Stallman’s initiative and bring it to the next level. Let us M-x spook the spooks. Apps, browser add-ins, cron scripts, and other small scale technologies could be used to add subversive terms such as Linux Journal and Penguin to all of our Internet traffic, all the time. The NSA would quickly run out of disk space and someone would tell them to get back to work and do something useful. Real extremists just made a radical extremist Caliphate in the Middle East forchristakes. I would think the NSA would be more focused on such things than on Linux Journal, or Linux. I can see keeping an eye on the Penguins, though.
Do we have a secret Penguin handshake?
Yes we do.
Next time I have to send some extremist Linux message to another agen..er, Linux user, I'll be sure to use the new modem attachment for my shoe phone. It's cleverly disguised as a shoelace...
With the advent of modern crypto-browsers like the Tor Project, Linux does not have that same edgy quality ascribed to its users that it once had.
A fun project would be a Raspberry Pi TOR server that I could use to send my almost a terabyte of digital photos (of Penguins) to myself. Suitably encrypted, natch.
What could be more extremist than using free software? God damn commies! ;)
NSA wrote it, RedHat (and others) use it.
Your tax dollars at work. Therefore, the NSA is a bunch of extremists too!
I knew it... I just knew it. Now I'm going to have to wrap my monitor in aluminum foil.
Heh, Roland beat me to it: SE Linux. The source code was downloadable from the NSA website as of a few years ago; I have a copy around somewhere.
I have to say though, the level of narcissism around the whole NSA story is getting annoying. All these people thinking they're so important that they've got NSA files. Clue: No, you're not important enough to be worth more than a microsecond of attention from any of the three-letter agencies: less attention than you get from a traffic cop watching the cars go through an intersection.
If you're really concerned about privacy and the liberties it protects, take a close look at Google and Facebook. They make NSA look like small business by comparison, content-scraping and dossier-keeping included. They are unregulated and unaccountable, and you don't get to vote for their boss every four years.
@G: True, but whereas I can (and do) "opt out" of things like Facebook and avoid their significant yet lightly-regulated data acquisition, I am not granted the same opt-out privileges with the NSA.
And whereas Facebook, et al, are held to the laws of the land (good or bad or incomplete as they may be), the NSA has been operating outside of the law (or conducting "legal theatre" with the FISC and their worn-out rubber stamps).
Yeah but it's abuse just waiting to happen
because checks and balances
because politics and ideology
because mission creep
because power corrupts
If you think it can't happen here, then don't bother with vigilance. Eventually you'll get to see if anything happens to what's left of your democracy.
Damn you, Laden! I was clean until now, and then I read your post. Now I have to start all over again.
Eagle! Mule! Elephant! Bull! Bear! rinse and repeat.
Funny how some people never kick upwards but always downwards. In this case someone telling others what to do.
@G: One other point: Google and Facebook might use some of these techniques, but their aim is to fatten their wallets with the results.
For all we know, the NSA will use the information they gain to "erase" political undesirables -- something that Google, Facebook, et al won't do, lest they "kill the golden goose".
Excuse me, there's a group thumping a battering ram at my door... I need to go now8g47ysg;o0auf14jjsttttttttttttttttttttttttttttt
Brainstorms @ 12: There is no "opting out", unless you run a bunch of privacy apps, that will also show you exactly how much cyber-stalking is going on by those entities. Ixquick search "persistent cookies," "Local stored objects," and the like, and/or go to EFF.org and look for their documents on the subject.
If you correspond with anyone who uses GMail or call anyone who uses Google Voice, you're also being intercepted and scraped, and it's not always obvious when someone is using one of those.
BJD @ 15: "kick down," baloney, unless you think I'm richer than Mark Zuckerberg.
Brainstorms @16: The fact that their aim is to fatten up their wallets also gives them incentives that NSA does not have. As for "erasing political undesirables," that's paranoid conspiracy nonsense promoted by people who think themselves important enough to be considered threats. As for Google & Facebook not doing bad-things with their data, Ixquick-search either of them plus the word "privacy" and read up.
I could post well over fifty links here with specific stories from credible mainstream media and credible tech blogs, going into excruciating detail, but posting links gets these comments stuck in the spam queue so you'll have to do the search.
It is so simple to avoid this kind of problem. If web magazines would REALLY appreciate end-users privacy they would start using SSL on all of the web pages (www, forum, etc)! You know beside the content of web page SSL also encrypts URL address too (except full domain name). SSL should be implement properly, look at ssllabs.com/ssltest/ to get A+ grade.
Can we totally avoid NSA spying? No. But we can make it harder for them (like encrypting web pages with SSL) and make them to spend more money. On massive scale this would have huge effect. But you know it is easier to cry like a baby... solution is simple dumb asses.
Anyone who thinks that thwarting the NSA with technological tricks is a simple matter is very naive. For some background, James Bamford has written extensively on the organization. And follow the news. They have their fingers in everything that signals, have more money than God, and aggressively hoover up talent like an army of manic hoarders.
A couple of decades ago they were measuring the computing power of their farms in acres. Now it's hard to even imagine what. So yeah, in its various forms and incarnations, it looks like the idea, the genie of Total Information Awareness is now permanently out of the bottle.
@Obstreperous Applesauce, I am perfectly aware we as average Joe can't really measure with agencies, but this particular problem could be easily solved with SSL (the problem was to scan the URL address on international network link). The reaction of article authors are in my humble opinion unprofessional. They intentionally try to fire the _emotions_ on people instead of actually provide some kind of professional answer. They are using 'shouting in the desert' principle instead of acting proactive and start implementing some security/privacy features. It will not solve whole of the problem (at all), but the message should be 'we care' about end-user privacy, so we are doing our best in this direction to put one little tiny stone in the mosaic of privacy and so educate people to make the same step into more private world, you know to have first step of security/privacy is to close windows and lock the door - I am not talking about sophisticated security measures, just the one that is obvious and very easy to implement.
P.S. There is just one (local in my country) magazine that has done this kind of measures and implemented SSL on all services they provide. Did they win no, they show that they care.
From those links it does appear as if this is at least partially faked.
Ok, I think I see where you're coming from now.
The article is humorous. Personally, I like humorous. It's not always easy to get people to care about something, and there are a lot of ways to do it. Different strokes... They're not necessarily mutually exclusive.
Good, its about time they started rounding up some of the sweaty linux loons, bleating about 'freedom'
I use windows with wow nothing but freeware and open source software, and guess what? It does what I want and guess what else ? I design embedded systems, and quess what else as well and also, I dont need to prove that I know about computers by typing commands into a terminal.
Well, good for you, me, good for you. You sure showed us.
Did you update your virus checker this AM? Of course you did, or you wouldn't have been able to write that email!
Ooh, how manly. Where do you design these "embedded systems?" In your mother's basement?
BTW, be careful of that freeware. It's not as free as you think.