For the latest version: http://that1archive.neocities.org/subfolder1/gchq-cryptome-slide.html A few days ago, a new Snowden slide <https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-users-online-identities/> was released that appeared to show that the GCHQ was monitoring Cryptome in near-real-time by examining the browsing data of one of the websites' visitors. John and Deborah of Cryptome later verified that the information in their slides matched their logs, seemingly verifying the legitimacy of the slide itself and the information presented about KARMA POLICE. However, after examining the slide and all the information available, I realized that it was possible to create the slide (or one like it) with accurate data without any of the sources cited/assumed/alleged. To demonstrate this, I put together some comparable information. To respect the privacy of visitors to Cryptome, the end of each IP address is redacted and I've provided only a little information about several users instead of focusing on one user to provide detailed information about. A few notes before getting into the data: 1. I didn't receive this information from anyone in law enforcement or the intelligence, nor stolen through malicious hacking, social engineering, or electronic intrusion. Neither is it the result of surveillance directed against Cryptome or its users, or of any other illegal action. It was compiled from my legitimate archives. 2. I have confirmed that the information was available to others by locating pre-existing sources online. 3. This is not meant to accuse any one of forging a document, simply pointing out that it can't necessarily be verified by confirming the information with Cryptome's server logs. 4. If the slide *is* a mockup, it could be an internal mockup produced by GCHQ, a deliberate piece of disinformation from within or without GCHQ, a document altered by Snowden, his friends/"friends" in Russia, or anyone else in the chain of custody. Given that Snowden didn't review all of the documents he handed over, he might not recognize if one had been altered, embellished, forged, or taken out of context prior to publication. Or it could be genuine - proving that something could be a fake isn't quite the same as proving it's a fake. 5. If the document was forged, the only group I have reason to suspect are the chekist security agencies who have access to both the documents and to Snowden. 6. This was the result of a few rushed hours of work in a single afternoon, and thus may contain minor mistakes. 7. The times should be Eastern/US, but this is an unverified assumption. 8. These comments are unrelated to my debunking <https://cpunks.org/pipermail/cypherpunks/2015-October/009565.html> of the MITM attack against Cryptome which was seemingly implied <https://cryptome.org/2015/09/gchq-illegal-spying-us.htm> by this slide. Visitor IP correlated with page, time and date *IP: *212.48.158.* *Date: *2010-02-10 *Time: *23:06:15 *URL: *http://cryptome.org/cartome/foucault.htm Note that I manually translated the time and date from a time code, so it may be slightly incorrect. The original timestamp was 20100210230615. Twelve Days of Cryptomas In case I mistranslated the timestamp or anyone thinks that it was a fluke, here are twelve time and dates along with the redacted IP address that visited Cryptome at that time. These time and dates were originally rendered in a human readable format, so there is no danger that I mistranslated them. - December 25 2009 16:22 - 74.208.77.* - December 26 2009 18:19 - 65.98.224.* - December 27 2009 22:23 - 208.80.193.* - December 28 2009 21:51 - 69.113.197.* - December 29 2009 18:28 - 76.92.164.* - December 30 2009 03:30 - 88.80.205.* - December 31 2009 23:59 - 210.107.62.* - January 01 2010 00:13 - 71.56.6.* - January 02 2010 14:14 - 91.98.9.* - January 03 2010 01:23 - 88.87.4.* - January 04 2010 23:22 - 79.224.172.* - January 05 2010 06:16 - 65.55.110.*Internet search strings used to find Cryptome Finally, a semi-obscure phrase from the that was put into a search engine - complete with the original typo. "architectural engineering in miidle east" - it may appear in the logs as "architectural+engineering+in+miidle+east" Conclusion All of this information should be readily verifiable by John and Deborah at Cryptome, demonstrating that each of the pieces of the slide could have been created without the benefit of a surveillance program or large budget. In other words, the guilty knowledge implied by the accuracy of the slide can imply things other than being guilt of surveillance.