Jake Appelbaum et. al, are reporting on XKEYSCORE selection rules that target users — and people who just visit the websites of — Tor, Tails, and other sites. This isn’t just metadata; this is “full take” content that’s stored forever.
This code demonstrates the ease with which an XKeyscore rule can analyze the full content of intercepted connections. The fingerprint first checks every message using the “email_address” function to see if the message is to or from “firstname.lastname@example.org”. Next, if the address matched, it uses the “email_body” function to search the full content of the email for a particular piece of text – in this case, “https://bridges.torproject.org/”. If the “email_body” function finds what it is looking for, it passes the full email text to a C++ program which extracts the bridge addresses and stores them in a database.
From this leak, it appears that almost anyone who tried to create online privacy and anonymity is seeing their online data being captured by the NSA. As one person said, they are separating sheep from goats – those who do not protect their privacy and those who can.
Separate the goats out and then only concentrate on them.
But what is really fascinating and possibly very important – several people believe this leak comes from another source than Snowden. If so, this is big.