GitHub - f13end/NSABlocklist: HOSTS file to block all known NSA / GCHQ / C.I.A. / F.B.I. spying servers

NSABlocklist© project original created under the ISC license 2015 - present by CHEF-KOCH.

Project Overview

This isn't yet another hosts file or DNSBL that claims to secure the web, it's specially designed to stop known NSA / GCHQ / C.I.A. or F.B.I. servers from being connecting to you without permission, of course the IPs also can be used for Bot Revolt or other tools. The list is not designed to block common malware, spyware/ads or anything that is already available on the net via a proper designed hosts for such special case. This hosts or the super ranges lists could block some of your sites/servers you may need, so you'll be warned!

My list is original based on 2007 published Wikileaks + Cryptome documents and includes my own modifications from 2008, 2012, 2014, 2015, 2019 & 2020.

Current Status: 2,45 Mio files (not everything upload [yet]). I need to wait for GitHub approval in order to bulk upload bigger file set (100MB+ files).

Mass surveillance is official illegal

According to EGMR mass surveillance is now official against human rights.

You still can help keep the fight up against any surveillance programs!

This project includes

A 'HOSTS' file that includes all Servers/DNS domains that are known to be involved in spying. The confirmation is given within the Research link(s) at the bottom and with my own tests.
An 'Super Ranges.txt' file which includes a list of known IP ranges that are compromised (be careful with that!).
An 'LICENSE' File to shows the MIT license.
The 'README' (this) file that includes the latest news, updates and explanations,...
An 'problematic.txt' file which includes DNS/PTRs that are possible problematic for you.
The 'Mail.txt' file in case you want to speak with me over encrypted email.
An 'test' folder for IPv6 only domains. It also contains an 'html' folder for html formatted entries, an 'onion' folder for suspect or faked .onions and an 'Tor' folder for a quick guide how to run an non-exit relay in around 10 minutes.
The 'References.txt' which contains relevant information about spying or additional topics which may related to reveal surveillance.
Under the release page you will find complete collections/dumps.
Information on hardware based attacks.

Any problems, questions or something wrong?

Feel free to open an issue ticket and I will look at it asap. I will reject all requests/discussions without any evidence.

Pull requests or ideas are in general always welcome!

Important Project Notice

I do not accept donations in this project, I'm not doing this because I want money, I'm doing this because I didn't found a proper list on the entire Internet and of course I want to share my knowledge with everyone for free. I always think that such information should be available for everyone on the world.
The project has no political orientation, there will be no political leaks/information since this is not the main mission here.
Please keep in mind that updates/encryption/knowledge is our only real weapon against NSA and other agencies. The more you know the better you can build strategies and new systems to defeat mass surveillance.
Please keep in mind that links to e.g. videos aren't valid because there (in most cases) doesn't include a source, date or author. Any information without proper research in it will automatically rejected and labeled as 'invalid' since it's impossible to verify if it's a legimate leak or not.

Do you hate the NSA or other agencies?

I do not hate the NSA or other agencies but I really don't like that everyone is automatically under the microscope (mass surveillance) and of course that there is no 'opt-out' or transparency except lies and more lies (and some excuses ...yeah, we are doing this because terrorism, go f$ck yourself with such statements!)
Everyone have something to hide, passwords, private data, accounts, other meta-data, [...]

Known Project / HOST problems

An HOSTS file is no guarantee that if the NSA is already 'in your system/network' - to protect you - it's just too late.
HOSTS files are no guarantee that NSA or any other attacker/organization could simply bypass it via 0day or other vulnerabilities on your system/router.
HOSTS files can't protect against attacks directly in hardware, e.g. if the router is already compromised or comes with backdoors this list will be easily bypassed anyway.
Due the complex of the entire file I can't explain every single IP/Domain/PTR record. If something was changed, feel free to open a pull request or send me an eMail.
The HOSTS file may present an attack vector for malicious software because the file could be modified to redirect the entire traffic e.g. adware/trojans can do this. Ensure that the file was marked as read-only and you're not logged in as administrator.
Trace-route analysis especially on IPv4 networks are sometimes outdated (due the mass of requests).
Be careful when blocking IP addresses, as IP addresses change frequently and can block people you don't intend to block.
NSA and other agencies can spy on traffic directly from supercomputers like infamous Echelon connected directly to some backbone without revealing any IP. This is an common problem, only strong and proper implemented encryption helps.

Programs + Websites to inspect monitoring & capture data traffic

IPduh
Robtex
ZMap - The Internet Scanner
IP Address Details (ipinfo.io)
Tracert nsa.gov, see how TRACERT command works
GlobalLeaks [Open-source anonymous whistleblowing software]
Freedom Box
DenyHosts
Decode Your HTTP Traffic with Open Source Sysdig (sysdig.com)
Courage Foundation
shodan.io
censys.io
... others

Anti-DPI (Deep packet inspection (DPI)) tools & projects

NSA Resources and public program(s)

Project History

Edward Snowden documents compilations

Edward Snowden never leaked all documents! I demand that he release all of the files.

Anti-NSA programs, resources & networks

NSA has (officially) stopped collecting location data from US cellphones without a warrant

Intelligence agencies stopped the practice last year.

Known compromised ISP Providers

AT&T helped to spy on an array of Internet traffic | The New York Times & via ProPublica
Telecom US / T-Mobile / Deutsche Telekom
Vodafone (DNS Hijacking, DPI)
E-Plus / O2
Alphabet (Goolgle) 'Project Fi alias T-Com' [Apr. 2015, needs a special Fi SIM for Nexus 6 XT1103 only (atm)]
Digital Ocean, Inc.s
TM Net, Internet Service Provider
REN
Verizon
TNG
Spint
Sprint
Unicom (GFW)
CERNET (GFW)
Embarq
Telecom Egypt
Türk Telekom
Belgacom
Tor has a community based good/bad ISP list
Wind Mobile (DNS Hijacking)
Wind (DNS Hijacking)
Ote (DNS Hijacking)
Hol (DNS Hijacking)
Forthnet (DNS Hijacking)
Cyta (DNS Hijacking)
Cosmote (DNS Hijacking)

Compromised ISP's (needs more research and evidence)

Easybell
L8NT
Charter
Suddenlink

ISP which are known to fight for privacy and a free internet

Bahnhof (Swedish)
Sonic (US)

Blockchain monitoring projects

OAKSTAR (sub-project MONKEYROCKET)
SHIFTINGSHADOW
ORANGECRUSH
YATCHSHOP
ORANGEBLOSSOM
SILVERZEPHYR
BLUEZEPHYR
COBALTFALCON

Video Resources

USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers

Tips directly provided by nsa.gov

NSA IA Guidance incl. several PDF's.

Compromised Backbone Providers

AT&T
ATM S.A.
Cable & Wireless
Global Crossing
Comcast
Cox Communications
Sprint Nextel
Level 3 / Level 2 / Level 1
NTT Communications
SAVVIS Communications
Net By Net Holding LLC
Verizon Communications
ATM-Telekom
IBM

VPN providers which aren't secure, logging or selling your data to 3rd-parties

Known to be compromised or spying

Hola (might sells data, according to their privacy policy)
HotSpotShield
Hide My Ass
ProXPN
PureVPN (proof)
EarthVPN
Betternet
Slickvpn (keeps logs)
IPVanish (keeps logs)
Opera VPN (might sells data, according to their privacy policy)
Psiphon (might sells data, according to their privacy policy)
Onavo Protect (might sells data, according to their privacy policy)
ZPN (might sells data, according to their privacy policy)
HoxxVPN (might sells data, according to their privacy policy)
FinchVPN (might sells data, according to their privacy policy)
TouchVPN (might sells data, according to their privacy policy)
TurboVPN
VPN Proxy Master
Snap VPN
X-VPN 5M
VPN 360 1M
VPN – Super Unlimited Proxy
Free VPN by FreeVPN.org
Secure VPN
VPN – Master Proxy
HotspotVPN
SkyVPN
VPN Patron
VPN for iPhone
YogaVPN
VPN Guru
Hola
Hotspot Shield
Betternet
TouchVPN
Shield VPN
VPN Wifi Proxy Security Master
Victory VPN
Storm VPN (unclear)
SuperVPN Free VPN Client
VPN Private
Thunder VPN
VPN Melon
Super VPN
#VPN
Psiphon
AnchorFree
StackPath
Avast (owns three brands: HideMyAss, Avast Secureline VPN, AVG Secure VPN, and Zen VPN)
Kape and Gaditek
NordVPN (compromised)

Controversial

Based on the following review these VPN services are marked as controversial.

Opera VPN
Hoxx VPN
Betternet
Hola VPN
SecureVPN
Ace VPN
VPN Unlimited
Ra4w VPN
Speedify
AzireVPN
Ivacy
BTGuard VPN
Zenmate
DotVPN
VPN.ht
F-Secure Freedome
Kaspersky VPN
Anonymizer VPN
Norton Wifi Privacy
SurfEasy
Encrypt Me
TigerVPN
AVG VPN
PureVPN
HideMyAss!
Browsec VPN
BitDefender VPN
Hide All IP
ProxPN
ZoogVPN
VPN ac
OneVPN
Cactus VPN
SaferVPN
SpyOFF
VPNTunnel
SwitchVPN
VyprVPN
Buffered
BolehVPN
Avira Phantom
PrivateTunnel
HotSpot Shield
LiquidVPN
TunnelBear
PrivateVPN
StrongVPN
SlickVPN
Astrill VPN
FrootVPN
VPNArea
Goose VPN
Celo VPN
PersonalVPN
AirVPN
AnonymousVPN.org
Avast Secureline
IVPN
TorGuard
FastestVPN
BlackVPN
VPNSecure Me
WindScribe
ibVPN (almost no servers)
Trust Zone
CyberGhost
Betternet VPN

VPN providers who claim to keep no logs

The claim is made via Interviews & privacy policy inspection, more details are here.

AirVPN
Avira
AzireVPN
BolehVPN
CactusVPN
CyberGhost
ExpressVPN
HeadVPN
Hide.me
HideIPVPN
ibVPN
IVPN
Mullvad
NordVPN
OVPN
Perfect Privacy
Private Internet Access
PrivateVPN
ProtonVPN
SlickVPN
Surfshark
SwitchVPN
TorGuard
Trust.Zone
VPN.ac
VPNArea
VPNhub
WhatTheServer
Windscribe

VPN Recommendation:

Worth to read, VPN Guide: Legality, Jurisdictions & Internet Censorship

See here for a more detailed comparison chart - keep in mind that this chart is not 100% correct but since everyone can submit findings it's more or less reliable.

Other services providers + social media platforms

Facebook
PushTalk / PalTalk
Google Inc. alias Alphabet
Amazon
~~MySpace~~
~~Google+~~
Microsoft
Apple
Wikipedia, well it's for all
Automattic, Inc
LLC
Yahoo
Twitter (FBI records)
Cookie based tracking - NSA uses advertisers’ cookies to track specific web browsers

Official Government mass surveillance projects & laws

(Official) Discontinued surveillance programs projects

U.S. Terrorist Surveillance Program
Multistate Anti-Terrorism Information Exchange (MATRIX)
ThinThread
Trailblazer Project
Customer Proprietary Network Information / CPNI (metadata) - can be deactivated on Android 5.1+ and e.g. Wifi networks

European Union

Data Retention Directive
INDECT
Schengen Information System

Australia

Status: unclear, needs confirmation + evidence

China

Golden Shield Project
Monitoring Bureau -> Status: unclear, needs confirmation + evidence
Public Information Network Security -> Status: unclear, needs confirmation + evidence

Korea

Allmost all ISP's blocking /controlling HTTP/HTPS (DPI)

France

Frenchelon

Germany

Nachrichtendienstliches Informationssystem
Project 6
RAMPART-A with BND / NSA (needs more evidence)

India

Central Monitoring System (CMS)
DRDO NETRA
NATGRID

Russia

SORM
Yarovaya Law
other systems rumored - Status: unclear, needs confirmation + evidence

Sweden

Titan traffic database
X-Keyscore

Switzerland

Onyx

United Kingdom

Impact Nominal Index
Interception Modernisation Programme
Mastering the Internet (MTI)
UK National DNA Database (NDNAD)
Tempora
Royal Concierge

United States

Boundless Informant (needs confirmation)
BULLRUN
Carnivore
Comprehensive National Cybersecurity Initiative
DCSNet
Fairview
Financial Crimes Enforcement Network
ICREACH
Magic Lantern (needs confirmation)
Main Core
MAINWAY
Media monitoring services
MUSCULAR
MYSTIC
Nationwide Suspicious Activity Reporting Initiative
NSA ANT catalog
PRISM
Room 641A via AT&T
Sentry Eagle
Special Collection Service
Stellar Wind (code name)
Tailored Access Operations
Terrorist Finance Tracking Program
Turbulence (NSA)
US Intelligence Community (IC)
Utah Data Center
X-Keyscore

Possible Iran (unconfirmed + needs more evidence)

GhostNet
Stuxnet

Spying programs

Traceroute "Packaged Goods" / "Treasure Map"
VOIP: Hammerchant
WEALTHYCLUSTER
APEX
COMSAT
IRRITANT HORN (hijacks Google Play Store contained apps)
HACIENDA

Hardware Recommendations

Phone: Librem 5
Laptop: Librem 13 with Pureboot and Librem Key OR NitroKey
BitCoin/Monero conversation: XMR.to

Software Recommendations and defense steps Checklist

THANK YOU!

A special thanks goes to everyone who fights for internet security & privacy!

Name		Name	Last commit message	Last commit date
Latest commit History 473 Commits
.github		.github
Campaigns against surveillance		Campaigns against surveillance
Documents		Documents
HOSTS		HOSTS
Tests		Tests
Vimeo (Stream On)		Vimeo (Stream On)
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
LICENSE		LICENSE
README.md		README.md
References.md		References.md
Todo.md		Todo.md

License

f13end/NSABlocklist

Folders and files

Latest commit

History

Repository files navigation