[mo]

That is not the case. The disclosures show some rules to match requests to Tor directory authorities (which most clients connect to to bootstrap) and the Tor website, amongst others (like some article at linuxjournal). It is unknown whether these are actual rules in deployment or just example rules from some demo slides, who can add or select rules for collection on what networks, how many rulesets there are and, maybe most importantly, how many rules your traffic has to match before it gets "flagged", and whether that results in full collection of the traffic or for a subset of the (meta)data.

[mattkrea]

While, in looking at the docs again (I Googled them just now having not seen them since the initial leak) you are mostly correct if you've seen the rest of their systems that have so far been made public I can't help but assume that you are flagged on these rules alone.

The most protective their systems got seems to be:

1) Login to Active Directory 2) Explain why you are targeting this person using a dropdown or <select> 3) Enter email or user ID 4) Wait for results?

This is is why, while you are correct, I would just like to say that it is safer to err on the side of caution and assume that you are targeted.

Edit: Here is the source that fingerprinted the torproject address I referred to meaning they fingerprint and then search for these requests. There are similar definitions for Tails.

// START_DEFINITION /* The fingerprint identifies sessions visiting the Tor Project website from non-fvey countries. */ fingerprint('anonymizer/tor/torpoject_visit')=http_host('www.torproject.org') and not(xff_cc('US' OR 'GB' OR 'CA' OR 'AU' OR 'NZ')); // END_DEFINITION