The National Security Agency’s attempts to keep track of people outside the US who use encryption and anonymization software from the Tor Project also apparently captured the traffic of anyone reading a wide range of articles on Linux Journal, according to documents published by the German public television broadcaster ARD and provided by security researchers (and Tor contributors) Jacob Appelbaum, Aaron Gibsom, and Leif Ryge. The documents—which include what appears to be search rules for the NSA’s XKeyscore Internet surveillance system, indicate that the NSA also gathered up data on visitors to articles on the Linux Journal website.

In the Das Erste article, Appelbaum et al wrote that the rule “records details about visits to a popular Internet journal for Linux operating system users called ‘The Linux Journal—the Original Magazine of the Linux Community’" and called it an "extremist forum."

Included in the code is the following block of instructions:

// START_DEFINITION /*These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */ $TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and word('linux' or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor '); $TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*'); // END_DEFINITION

The pattern matches one particular article on Linux Journal, posted in August of 2011: “Linux Distro: Tails—You Can Never Be Too Paranoid.” It’s not clear from the document whether the NSA was referring to Linux Journal itself as an extremist forum. However, other rules targeted specific servers running Tor bridges and other anonymizing software, including servers in Germany, as well as individuals using Tor.