This GCHQ document from March 2010 presents a checklist of factors analysts should consider before going ahead with an operation to infiltrate a communications network, by physical or other means. Among the concerns raised is the risk that British actions may enable US authorities to conduct operations “which we would not consider permissible”: see the Boing Boing article Doxxing Sherlock, 2 February 2016.
This GCHQ research paper from 6 November 2009 outlines what kinds of data the agency can extract from internet radio stations and their listenership, grouped by country: see the Intercept article Profiled: From Radio to Porn, British Spies Track Web Users’ Online Identities, 25 September 2015.
This undated joint GCHQ/CSEC presentation provides an overview of “exploring and exploiting leaky mobile apps”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
This GCHQ paper dated 13 June 2011 proposes an attack to deanonymise Tor users: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This undated GCHQ presentation proposes a deanonymisation attack against Tor users based on the collection of data from exit nodes owned by the agency: see the Der Spiegel story Prying Eyes: Inside the NSA’s War on Internet Security, 28 December 2014.
This page from GCHQ’s internal GCWiki, last edited in May 2012, provides background information on the agency’s “internet buffer business capability”: see the Der Spiegel article The NSA in Germany: Snowden’s Documents Available for Download, 18 June 2014.
This GCHQ presentation from 2012 outlines the agency’s ability to monitor internet use major social media networks in real time, using tools called Squeaky Dolphin, Fire Ant and Anticrisis Girl: see the NBC News article Snowden docs reveal British spies snooped on YouTube and Facebook, 27 January 2014.