One leaked snippet reveals a fingerprint designed to target users of the Tor browser. The logic is simple but effective: if a user accesses a specific Tor directory authority, the system captures their IP address and timestamps it. This highlights a key function of XKeyscore: passive fingerprinting. It waits for a target to make a mistake or reveal a behavior, then logs it for an analyst to review later.
The exclusive source reveals a scoring algorithm (0 to 255) that rates "suspicion of obfuscation." Any score above 200 automatically triggers a of any WebRTC audio in the session. xkeyscore source code exclusive
Reports on leaked source code for , the NSA's expansive surveillance tool, reveal that the system automatically targets and "fingerprints" users who simply search for or use privacy-enhancing tools. Key Findings from Leaked Code Investigations by German media outlets Tagesschau One leaked snippet reveals a fingerprint designed to
NSA Press Statement in response to allegations about NSA operations It waits for a target to make a
Regarding the source code, I must clarify that XKeyscore is a classified tool, and its source code is not publicly available. However, there have been reports and leaks about the tool's capabilities and architecture.
A 2014 investigation by Tagesschau and NDR, based on leaked source code, revealed that the NSA's XKeyscore program specifically targeted users of privacy tools like Tor and Tails. The report highlighted that the NSA monitored individuals, including German student Sebastian Hahn, who operated anonymity servers [1].
While the full underlying codebase for XKeyscore has never been publicly released in its entirety, several "exclusive" reports revealed significant portions of its logic: