POWERFUL SURVEILLANCE TOOL: NSA's XKeyscore can track encrypted VPN sessions and their participants, can capture metadata on who's using PGP encryption in email or who's encrypting Word documents, which can later be decrypted. - AFP
A training slide on page 24 of the National Security Agency's 2008 presentation on the program, as revealed on Wednesday by The Guardian (via Edward Snowden), states it quite baldly:
According to Ars Technica's Sean Gallagher, the vulnerability "fingerprints" are added to serve as a filtering criteria for XKeyscore's application engines, comprised of "a worldwide distributed cluster of Linux servers attached to the NSA's Internet backbone tap points."
