Fighting back against the NSA with HTTP
July 11, 2013 5 Comments
You’ve probably heard the news about PRISM, the NSA’s system for spying on basically everyone in the world. Want to flip them the birdy digitally while they watch your web traffic go along?
If you’re using Firefox, download the “Modify Headers” extension. I have version 0.7.1.1. Then in the preferences, click “Headers”, and select “Add” from the dropdown. I used “FUCK_THE_NSA” as the name, and “This copyright entitles me to receive a copy of all requests stored on demand. If you choose not to accept this license, your only recourse is to delete all stored requests with this signature” as the description. Click save, and click “enable”. Make sure the light is green.
Once you’ve enabled this plugin, here’s what the webserver will see when you connect to it, and subsequently what the NSA will see while sifting through your data:
GET / HTTP/1.1
Host: localhost:4567
User-Agent: lolz
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
FUCK_THE_NSA: This copyright entitles me to receive a copy of all requests stored on demand. If you choose not to accept this license, your only recourse is to delete all stored requests with this signature
Connection: keep-alive
I’ll be very interested to see if there is a way to word this such that it’s actually admissible in court.
aestetix 
I’m not a lawyer, but surely if you’re injecting a legal notice into a protocol that’s intended to be invisible to humans, it’s not binding? It’d be interesting to see the case history for acceptance of terms by acquiescence, too (“by reading this page you accept our terms and conditions” etc). I think you’d actually have to get the NSA to take an affirmative action after being exposed to a notice that a reasonable person would assume would be read by a human. Again, I’m not a lawyer, but if this kind of header was possible, all *kinds* of crazy stuff would be possible. Maybe not as crazy as a massive, unconstitutional spying operation, but still …
Not invisible to people reading whose job is to process it explicitly. 🙂
Exactly… doing so right now!
“I’ll be very interested to see if there is a way to word this such that it’s actually admissible in court.”
Sure. Because it’s possible to have a binding contract between parties not all of whom even know it exists, much less have agreed to it, and that’s why you’re going to bring the NSA to its knees with an HTTP header.
Also, the convention for HTTP header field naming is title case separated with hyphens, not all-caps and underscores, so it should really be “Fuck-The-NSA: […]”