For the latest version: http://that1archive.neocities.org/subfolder1/gchq-cryptome-slide.html

A few days ago, a new Snowden slide was released that appeared to show that the GCHQ was monitoring Cryptome in near-real-time by examining the browsing data of one of the websites' visitors. John and Deborah of Cryptome later verified that the information in their slides matched their logs, seemingly verifying the legitimacy of the slide itself and the information presented about KARMA POLICE.

 

However, after examining the slide and all the information available, I realized that it was possible to create the slide (or one like it) with accurate data without any of the sources cited/assumed/alleged. To demonstrate this, I put together some comparable information. To respect the privacy of visitors to Cryptome, the end of each IP address is redacted and I've provided only a little information about several users instead of focusing on one user to provide detailed information about.

A few notes before getting into the data:

1. I didn't receive this information from anyone in law enforcement or the intelligence, nor stolen through malicious hacking, social engineering, or electronic intrusion. Neither is it the result of surveillance directed against Cryptome or its users, or of any other illegal action. It was compiled from my legitimate archives.
2. I have confirmed that the information was available to others by locating pre-existing sources online.
3. This is not meant to accuse any one of forging a document, simply pointing out that it can't necessarily be verified by confirming the information with Cryptome's server logs.
4. If the slide is a mockup, it could be an internal mockup produced by GCHQ, a deliberate piece of disinformation from within or without GCHQ, a document altered by Snowden, his friends/"friends" in Russia, or anyone else in the chain of custody. Given that Snowden didn't review all of the documents he handed over, he might not recognize if one had been altered, embellished, forged, or taken out of context prior to publication. Or it could be genuine - proving that something could be a fake isn't quite the same as proving it's a fake.
5. If the document was forged, the only group I have reason to suspect are the chekist security agencies who have access to both the documents and to Snowden.
6. This was the result of a few rushed hours of work in a single afternoon, and thus may contain minor mistakes.
7. The times should be Eastern/US, but this is an unverified assumption.
8. These comments are unrelated to my debunking of the MITM attack against Cryptome which was seemingly implied by this slide.

Visitor IP correlated with page, time and date

IP: 212.48.158.* 
Date: 2010-02-10 
Time: 23:06:15 
URL: http://cryptome.org/cartome/foucault.htm 

Note that I manually translated the time and date from a time code, so it may be slightly incorrect. The original timestamp was 20100210230615.

Twelve Days of Cryptomas

In case I mistranslated the timestamp or anyone thinks that it was a fluke, here are twelve time and dates along with the redacted IP address that visited Cryptome at that time. These time and dates were originally rendered in a human readable format, so there is no danger that I mistranslated them.

Internet search strings used to find Cryptome

Finally, a semi-obscure phrase from the that was put into a search engine - complete with the original typo.

"architectural engineering in miidle east" - it may appear in the logs as "architectural+engineering+in+miidle+east"

Conclusion

All of this information should be readily verifiable by John and Deborah at Cryptome, demonstrating that each of the pieces of the slide could have been created without the benefit of a surveillance program or large budget. In other words, the guilty knowledge implied by the accuracy of the slide can imply things other than being guilt of surveillance.