Dolphins in the NSA Dragnet

There's an old quote from Jamie Zawinkski that goes: "Some people, when confronted with a problem, think ‘I know, I'll use regular expressions.’ Now they have two problems." Even people like me who like regular expressions laugh at the truth in that quote, because we've seen the consequences when someone doesn't think through the implications of a poorly written pattern. When some people write a bad pattern, they end up with extra lines in a log file. When the NSA does it, they capture and retain Internet traffic on untold numbers of innocent people.

As I mentioned in "NSA: Linux Journal is an ‘extremist forum’ and its readers get flagged for extra surveillance”, the NSA has been flagging certain Internet traffic as extremist based on specific patterns. Alongside patterns that match anyone who was searching for information about the Tor and Tails projects was the following pattern:

linuxjournal.com/content/linux*

While the general consensus seems to be that all of these patterns were overreaching, even if you think it's reasonable to label people who are curious about Tor or Tails as extremist, you would have a hard time lumping Linux Journal in the same category. A number of news outlets have speculated that the above pattern was intended to match the following URL:

http://linuxjournal.com/content/linux-distro-tales-you-can-never-be-too…

This link goes to a short blog post by Michael Reed in 2011 that provides a brief overview of Tails. The blog post wasn't even intended as a HOWTO, and it instead links to the official Tails Web site if you want more details on how to download or install the distribution. Although that article is innocent enough (I can only imagine what they must think of my more in-depth Tor and Tails HOWTOs we recently published), to catch that post they flagged 186 other posts along the way.

At the end of this article, I have posted the complete list of 187 posts on linuxjournal.com that match the pattern, but I figured I'd pick out a few articles to give you a sense of the depth and breadth of the content swept up in this dragnet, like this one:

"Linux Foundation Collaboration Summit - Austin, Texas - April 8th to 10th, 2008" published February 13, 2008 by Jon maddog Hall
http://www.linuxjournal.com/content/linux-foundation-collaboration-summ…

This is one of the older articles in the list and one of many about the Linux Foundation. This post announces a summit sponsored by the Linux Foundation that aimed to bring together "leaders of the development, ISV, distro, end user, non-profit and vendor communities...to discuss the present and future directions of Free and Open Source Software." This is only one of the many articles in the list about Linux conferences (as you might imagine, many Linux conferences and articles about them tend to start with the word Linux). This means anyone who might have been interested in Linux World, LinuxCon or linux.conf.au was also caught in the dragnet.

On the other side of the date spectrum is this recent article:

"Linux Containers and the Future Cloud" published June 10, 2014 by Rami Rosen
http://www.linuxjournal.com/content/linux-containers-and-future-cloud

This article is less than a month old and discusses the recent trend of Linux containers. This is a big topic these days with the growing popularity of Docker to help package up software into a self-contained filesystem without the overhead associated with para-virtualization solutions like Xen and KVM. The article starts with the history of Linux containers, then describes a few container projects and explains how to use Docker to create LXC containers. So readers who wanted to get more information on this new container technology they keep hearing about presumably end up under deep surveillance.

The last article I want to highlight signaled a turning point in the history of Linux Journal itself:

"Linux Journal Goes 100% Digital" published August 19, 2011 by Doc Searls
http://www.linuxjournal.com/content/linux-journal-goes-100-digital

This article announced the incredibly controversial decision that Linux Journal was to stop the publication of a physical magazine and go all-digital. Although I imagine some readers thought the decision itself was extreme, they probably never thought reading the article would make them extremists. What's more, this article made big news across the tech sector with a number of other popular news outlets linking to it. While by this point Linux Journal regulars were already caught in the dragnet, the wide exposure of this story brought a whole new wave of visitors into our growing extremist club.

As you can see with the handful of articles I picked out of the list, and with the complete list below, the articles that would flag you for extra surveillance are representative of the wide range of ordinary Linux coverage you would find in every issue of Linux Journal. If extremists interested in a short blog post about Tails were truly the tuna the NSA wanted to catch, they sure dragged in a lot of Linux-using dolphins in the process.

Are you an extremist? Get the shirt!

http://linuxjournal.com/content/linux-ace-acer
http://linuxjournal.com/content/linux-advanced-routing-tutorial
http://linuxjournal.com/content/linux-amsterdam
http://linuxjournal.com/content/linux-and-foss-slowing-economy
http://linuxjournal.com/content/linux-and-plethorization
http://linuxjournal.com/content/linux-application-crashing
http://linuxjournal.com/content/linux-arpeggiators-part-1
http://linuxjournal.com/content/linux-arpeggiators-part-2
http://linuxjournal.com/content/linux-audio-christmas
http://linuxjournal.com/content/linux-audio-conference-2011-report-mayn…
http://linuxjournal.com/content/linux-audio-plugin-update
http://linuxjournal.com/content/linux-audio-update
http://linuxjournal.com/content/linux-audio-update-fall-fashions
http://linuxjournal.com/content/linux-azure—-strange-place-find-penguin
http://linuxjournal.com/content/linux-based-web-hosting-provider
http://linuxjournal.com/content/linux-booot-problem
http://linuxjournal.com/content/linux-containers-and-future-cloud
http://linuxjournal.com/content/linux-desktop-view-linuxcon
http://linuxjournal.com/content/linux-desktop-weve-arrived
http://linuxjournal.com/content/linux-desktop-who-cares
http://linuxjournal.com/content/linux-desktops-next-challenge-layer-8
http://linuxjournal.com/content/linux-distribution-lightweight-portable…
http://linuxjournal.com/content/linux-distro-linux-console
http://linuxjournal.com/content/linux-distro-tales-you-can-never-be-too…
http://linuxjournal.com/content/linux-does-not-mean-home
http://linuxjournal.com/content/linux-education-concepts-not-applicatio…
http://linuxjournal.com/content/linux-even-rootkits-are-open-source
http://linuxjournal.com/content/linux-everywhereso-where-do-we-go-here
http://linuxjournal.com/content/linux-finds-its-face
http://linuxjournal.com/content/linux-fingernail
http://linuxjournal.com/content/linux-folders
http://linuxjournal.com/content/linux-foundation-announces-linuxcon-key…
http://linuxjournal.com/content/linux-foundation-collaboration-summit-a…
http://linuxjournal.com/content/linux-foundation-embrace-individuals-op…
http://linuxjournal.com/content/linux-foundation-launches-linux-lovers-…
http://linuxjournal.com/content/linux-foundation-offers-conference-us-a…
http://linuxjournal.com/content/linux-foundation-releases-linuxcon-2010…
http://linuxjournal.com/content/linux-foundation-rolls-out-third-beta-d…
http://linuxjournal.com/content/linux-foundation-tabulates-votes
http://linuxjournal.com/content/linux-foundation-takes-bite-out-sun
http://linuxjournal.com/content/linux-foundation-takes-summit-end
http://linuxjournal.com/content/linux-foundation-takes-training-online
http://linuxjournal.com/content/linux-foundation-unveils-plans-upcoming…
http://linuxjournal.com/content/linux-foundation-will-train-you-free
http://linuxjournal.com/content/linux-foundation-works-find-work-linux-…
http://linuxjournal.com/content/linux-foundations-new-tab
http://linuxjournal.com/content/linux-fund-brings-spend-and-support-mod…
http://linuxjournal.com/content/linux-fund-releases-visa-uk-businesses
http://linuxjournal.com/content/linux-gaming-openclonk
http://linuxjournal.com/content/linux-gaming-projects-need-little-tlc-o…
http://linuxjournal.com/content/linux-gets-faster-splashtop
http://linuxjournal.com/content/linux-graphics-news
http://linuxjournal.com/content/linux-graphics-news-0
http://linuxjournal.com/content/linux-graphics-news-1
http://linuxjournal.com/content/linux-graphics-news-2
http://linuxjournal.com/content/linux-guy
http://linuxjournal.com/content/linux-heavyweights-develop-joint-secure…
http://linuxjournal.com/content/linux-heavyweights-develop-secure-boot-…
http://linuxjournal.com/content/linux-help-neuroscientists
http://linuxjournal.com/content/linux-home-entertainment-center
http://linuxjournal.com/content/linux-journal-2010-wall-calendars-now-a…
http://linuxjournal.com/content/linux-journal-android-app-and-epub-now-…
http://linuxjournal.com/content/linux-journal-announces-contest-prizes-…
http://linuxjournal.com/content/linux-journal-announces-rebuilding-worl…
http://linuxjournal.com/content/linux-journal-announces-winners-its-200…
http://linuxjournal.com/content/linux-journal-appoints-mark-irgang-asso…
http://linuxjournal.com/content/linux-journal-archives
http://linuxjournal.com/content/linux-journal-be-taken-over-pirates-arr…
http://linuxjournal.com/content/linux-journal-daily-giveaway
http://linuxjournal.com/content/linux-journal-daily-tip-video-problem
http://linuxjournal.com/content/linux-journal-digital-edition
http://linuxjournal.com/content/linux-journal-editor-doc-searls-keynote…
http://linuxjournal.com/content/linux-journal-flickr-pool
http://linuxjournal.com/content/linux-journal-flickr-pool-roundup
http://linuxjournal.com/content/linux-journal-flickr-pool-roundup-0
http://linuxjournal.com/content/linux-journal-goes-100-digital
http://linuxjournal.com/content/linux-journal-hiring-digital-media-sale…
http://linuxjournal.com/content/linux-journal-insider-february-2010-lin…
http://linuxjournal.com/content/linux-journal-insider-january-2010-linu…
http://linuxjournal.com/content/linux-journal-insider-march-2010-linux-…
http://linuxjournal.com/content/linux-journal-international-subscriber-…
http://linuxjournal.com/content/linux-journal-live-10022008
http://linuxjournal.com/content/linux-journal-meetup
http://linuxjournal.com/content/linux-journal-readers-choice-awards-2013
http://linuxjournal.com/content/linux-journal-scripting-games
http://linuxjournal.com/content/linux-journal-seeking-content-editor
http://linuxjournal.com/content/linux-journal-swag
http://linuxjournal.com/content/linux-journal-turns-15
http://linuxjournal.com/content/linux-journal-turns-15-0
http://linuxjournal.com/content/linux-kernel-news-december-2013
http://linuxjournal.com/content/linux-kernel-news-january-and-february-…
http://linuxjournal.com/content/linux-kernel-news-june-2013
http://linuxjournal.com/content/linux-kernel-news-november-2013
http://linuxjournal.com/content/linux-kernel-news-october-2013
http://linuxjournal.com/content/linux-kernel-poll
http://linuxjournal.com/content/linux-kernel-summit
http://linuxjournal.com/content/linux-konferenca
http://linuxjournal.com/content/linux-label
http://linuxjournal.com/content/linux-laptops-and-notebooks-pre-install…
http://linuxjournal.com/content/linux-leader-expounds-his-colorful-comm…
http://linuxjournal.com/content/linux-loser-says-symbian
http://linuxjournal.com/content/linux-mac
http://linuxjournal.com/content/linux-makes-phones-even-cheaper
http://linuxjournal.com/content/linux-market-share
http://linuxjournal.com/content/linux-mint-12-offers-traditional-gnome-…
http://linuxjournal.com/content/linux-mint-debian-edition-released
http://linuxjournal.com/content/linux-mint-fail
http://linuxjournal.com/content/linux-native-task-management-check
http://linuxjournal.com/content/linux-now-slave-corporate-masters
http://linuxjournal.com/content/linux-numbers
http://linuxjournal.com/content/linux-odyssey-2010-logging-software
http://linuxjournal.com/content/linux-plumbers-conference
http://linuxjournal.com/content/linux-portable
http://linuxjournal.com/content/linux-powered-lan-gaming-house
http://linuxjournal.com/content/linux-powered-motorcycle-blogging
http://linuxjournal.com/content/linux-product-insider
http://linuxjournal.com/content/linux-product-insider-0
http://linuxjournal.com/content/linux-product-insider-1
http://linuxjournal.com/content/linux-product-insider-2
http://linuxjournal.com/content/linux-product-insider-astaro-joins-gree…
http://linuxjournal.com/content/linux-product-insider-audiophile-device…
http://linuxjournal.com/content/linux-product-insider-california-star-c…
http://linuxjournal.com/content/linux-product-insider-cherrypal-green-pc
http://linuxjournal.com/content/linux-product-insider-crossover-linux-70
http://linuxjournal.com/content/linux-product-insider-emfirst-lego-leag…
http://linuxjournal.com/content/linux-product-insider-instant-internet-…
http://linuxjournal.com/content/linux-product-insider-ironkey-secure-fl…
http://linuxjournal.com/content/linux-product-insider-linux-foundation’s-end-user-collaboration-summit
http://linuxjournal.com/content/linux-product-insider-march-6-2008
http://linuxjournal.com/content/linux-product-insider-memopal-online-ba…
http://linuxjournal.com/content/linux-product-insider-myah-os-30
http://linuxjournal.com/content/linux-product-insider-online-dictionary…
http://linuxjournal.com/content/linux-product-insider-pdf-gets-iso-stan…
http://linuxjournal.com/content/linux-product-insider-penumbra-black-pl…
http://linuxjournal.com/content/linux-product-insider-rhel-52
http://linuxjournal.com/content/linux-product-insider-robot-gizmo-gadge…
http://linuxjournal.com/content/linux-product-insider-rogcon-game-conve…
http://linuxjournal.com/content/linux-product-insider-skywayusas-rural-…
http://linuxjournal.com/content/linux-product-insider-trolltechs-qt-44
http://linuxjournal.com/content/linux-product-insider-your-marks-get-se…
http://linuxjournal.com/content/linux-product-insider-”free-penguins”-virtualization-schools-initiative
http://linuxjournal.com/content/linux-robot-more-hardware-ideas
http://linuxjournal.com/content/linux-robot-watch-space
http://linuxjournal.com/content/linux-rules-literally
http://linuxjournal.com/content/linux-safe-lactose-intolerant
http://linuxjournal.com/content/linux-sexy-smart-and-cheap-perfect-date
http://linuxjournal.com/content/linux-showdown
http://linuxjournal.com/content/linux-small-devices-samsung-sgh-i200
http://linuxjournal.com/content/linux-spotlight-sabayon-linux-53
http://linuxjournal.com/content/linux-state-government
http://linuxjournal.com/content/linux-suse-mssql-how-set-odbc-data-sour…
http://linuxjournal.com/content/linux-system-recovery-after-overriding-…
http://linuxjournal.com/content/linux-systems-capacity-planning
http://linuxjournal.com/content/linux-turns-17
http://linuxjournal.com/content/linux-users-vs-linux-culture
http://linuxjournal.com/content/linux-users-why-did-you-switch
http://linuxjournal.com/content/linux-viet-nam
http://linuxjournal.com/content/linux-vs-because-linux
http://linuxjournal.com/content/linux-vs-bullshit
http://linuxjournal.com/content/linux-where-crapware-goes-die
http://linuxjournal.com/content/linux-workplace-poll
http://linuxjournal.com/content/linux-world-jaipur-company-job-opening
http://linuxjournal.com/content/linux-you-get-what-you-paid-when-you-bo…
http://linuxjournal.com/content/linuxcon
http://linuxjournal.com/content/linuxcon-0
http://linuxjournal.com/content/linuxcon-day-2-lies-damn-lies-and-stati…
http://linuxjournal.com/content/linuxcon-day-3-now-get-out-there-and-do…
http://linuxjournal.com/content/linuxconfau-2010-lca2010
http://linuxjournal.com/content/linuxconfau-2011-day-one
http://linuxjournal.com/content/linuxconfau-2011-day-two
http://linuxjournal.com/content/linuxconfau-callsforpapers
http://linuxjournal.com/content/linuxconfau-day-four
http://linuxjournal.com/content/linuxconfau-day-four-0
http://linuxjournal.com/content/linuxconfau-day-one
http://linuxjournal.com/content/linuxconfau-day-one-0
http://linuxjournal.com/content/linuxconfau-day-three
http://linuxjournal.com/content/linuxconfau-day-three-0
http://linuxjournal.com/content/linuxconfau-day-two
http://linuxjournal.com/content/linuxconfau-getting-ready
http://linuxjournal.com/content/linuxconfau-penguin-dinner
http://linuxjournal.com/content/linuxdays-2009
http://linuxjournal.com/content/linuxdna-supercharges-linux-intel-cc-co…
http://linuxjournal.com/content/linuxfest-northwest
http://linuxjournal.com/content/linuxjournalcom-reader-survey
http://linuxjournal.com/content/linuxmce-latest-smarthome-darling
http://linuxjournal.com/content/linuxsampler-project
http://linuxjournal.com/content/linuxworld-sheds-its-conference-cocoon

Kyle Rankin is a Tech Editor and columnist at Linux Journal and the Chief Security Officer at Purism. He is the author of Linux Hardening in Hostile Networks, DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks and Ubuntu Hacks, and also a contributor to a number of other O'Reilly books. Rankin speaks frequently on security and open-source software including at BsidesLV, O'Reilly Security Conference, OSCON, SCALE, CactusCon, Linux World Expo and Penguicon. You can follow him at @kylerankin.

Load Disqus comments