0:00:00.000,0:00:10.019
<i>silent 31C3 preroll titles</i>

0:00:10.019,0:00:15.509
<i>applause</i>

0:00:15.509,0:00:19.400
Roger: Okay, hi everybody! I’m Roger[br]Dingledine, and this is Jake Appelbaum.

0:00:19.400,0:00:21.910
And we’re here to tell you more[br]about what’s going on with Tor

0:00:21.910,0:00:26.070
over the past year. We actually wanted[br]to start out asking Laura to give us

0:00:26.070,0:00:29.540
a little bit of context from her[br]perspective, about Citizenfour,

0:00:29.540,0:00:33.510
and the value of these sorts[br]of tools to journalists.

0:00:33.510,0:00:39.530
<i>applause</i>

0:00:39.530,0:00:46.150
Laura: So. Am I live? Okay. Roger and Jake[br]asked me to say a few things about Tor,

0:00:46.150,0:00:49.660
and what does it mean for investigative[br]journalists. And I can say that certainly

0:00:49.660,0:00:54.020
the work that I’ve done, on working with[br]disclosures by Edward Snowden, and

0:00:54.020,0:00:58.600
first communicating with him would not[br]have been possible. Without the work

0:00:58.600,0:01:03.340
that these 2 people do. And that everybody[br][does] who contributes to the Tor network.

0:01:03.340,0:01:06.460
So I’m deeply grateful to everyone here.

0:01:06.460,0:01:12.950
<i>applause</i>

0:01:12.950,0:01:17.050
When I was communicating with Snowden[br]for several months before I met him

0:01:17.050,0:01:21.520
in Hongkong we talked often about the Tor[br]network, and it’s something that actually

0:01:21.520,0:01:26.780
he feels is vital for online[br]privacy. And, to sort of

0:01:26.780,0:01:31.299
defeat surveillance. It’s really our[br]only tool to be able to do that. And

0:01:31.299,0:01:35.610
I just wanted to tell one story about what[br]happens when journalists don’t use it.

0:01:35.610,0:01:39.159
I can’t go into lots of details, but[br]there’s a very well known investigative

0:01:39.159,0:01:42.969
journalist who was working on a story.[br]He had a source. And the source was

0:01:42.969,0:01:48.060
in the Intelligence community. And he had[br]done some research on his computer,

0:01:48.060,0:01:53.460
not using Tor. And I was with him when[br]he got a phone call. And on the phone,

0:01:53.460,0:01:57.490
the person was saying: “What the fuck were[br]you doing looking up this, this and this?”

0:01:57.490,0:02:00.640
And this is an example of what[br]happens when Intelligence agencies

0:02:00.640,0:02:05.030
target journalists. So without Tor[br]we literally can’t do the work that

0:02:05.030,0:02:09.218
we need to do. So thank you,[br]and please support Tor! Thanks!

0:02:09.218,0:02:11.058
<i>applause</i>

0:02:11.058,0:02:17.180
Roger: Well, thank you![br]<i>continued applause</i>

0:02:17.180,0:02:22.100
Jacob: So to follow-up on what Laura[br]has just said: We think it’s important

0:02:22.100,0:02:25.970
to really expand, not just into the[br]technical world, or to talk about

0:02:25.970,0:02:31.000
the political issues in some abstract[br]sense. But also to reach out to culture.

0:02:31.000,0:02:34.100
So in this case, this is a picture in the[br]Reina Sofia which is one of the largest

0:02:34.100,0:02:37.650
museums in Spain. And that in the middle[br]is Mason Juday, and Trevor Paglen,

0:02:37.650,0:02:41.730
and that’s me on the right. And the only[br]time you’ll ever find me on the right!

0:02:41.730,0:02:46.930
And so it is the case that this is[br]a Tor relay. It’s actually 2 Tor relays

0:02:46.930,0:02:51.350
running on the open hardware device[br]Novena, made by bunny and Sean.

0:02:51.350,0:02:55.360
And it’s actually running as a middle[br]relay now, but it may in some point

0:02:55.360,0:02:59.659
with one configuration change become[br]an exit relay. And it is the case that

0:02:59.659,0:03:06.260
the Reina Sofia is hosting this Tor relay.[br]So, now, if… so we live in capitalism…

0:03:06.260,0:03:11.209
<i>applause</i>

0:03:11.209,0:03:14.900
So it is the case that if the Police wanna[br]seize this relay they got to buy it

0:03:14.900,0:03:17.220
like every other piece[br]of art in the museum.

0:03:17.220,0:03:24.340
<i>laughter and applause</i>

0:03:24.340,0:03:27.299
And part of the reason that we’re[br]doing this kind of stuff – at least

0:03:27.299,0:03:31.480
that piece of art which I did with Trevor[br]and Mason and Leif Ryge who is also

0:03:31.480,0:03:35.519
in this room, and Aaron Gibson, also in[br]this room – is because we think that

0:03:35.519,0:03:39.780
culture is important. And we think that[br]it’s important to tie the issue of anonymity

0:03:39.780,0:03:43.459
not just as an abstract idea but as an[br]actual thing that is representative

0:03:43.459,0:03:47.490
not only of our culture but of the world[br]we want to live in, overall. For all the

0:03:47.490,0:03:51.930
cultures of the world. And so, for that[br]reason we also have quite recently

0:03:51.930,0:03:56.920
been thinking a lot about social norms.[br]And it is the case that there’s a person

0:03:56.920,0:04:01.040
in our community, and many persons in our[br]community that have come under attack.

0:04:01.040,0:04:05.440
And have been deeply harassed.[br]And we think that that sucks!

0:04:05.440,0:04:09.319
And we don’t like that. Even though we[br]promote anonymity without any question,

0:04:09.319,0:04:12.859
i.e. no backdoors ever, and we’ll[br]get back to that in a minute,

0:04:12.859,0:04:16.070
it is the case that we really[br]want to promote ‘being

0:04:16.070,0:04:18.940
excellent to each other’. In the[br]sort of spirit of Noisebridge!

0:04:18.940,0:04:25.679
<i>applause</i>

0:04:25.679,0:04:28.830
And it’s still a little bit American-centric[br]but you can get the basic idea.

0:04:28.830,0:04:33.099
It applies to Europe as well. Just replace[br]‘First Amendment’ with some of your local law.

0:04:33.099,0:04:36.950
Or a local constitutional right. It isn’t[br]the case that we’re saying that you

0:04:36.950,0:04:39.820
shouldn’t have the right to say things.[br]But we are saying “Get the fuck out

0:04:39.820,0:04:43.169
of our community if you’re going[br]to be abusive to women!”

0:04:43.169,0:04:50.539
<i>applause and cheers</i>

0:04:50.539,0:04:55.150
And you’ll note that I used the word[br]‘Fuck’ to say it. And I’m sorry about that.

0:04:55.150,0:04:58.630
Because the point is we all make mistakes.[br]And we want to make sure that while

0:04:58.630,0:05:03.130
it’s true that we have transgressions we[br]want to make sure that we can find

0:05:03.130,0:05:07.050
a place of reconciliation, and we can[br]work towards conflict resolution.

0:05:07.050,0:05:10.880
And it’s important at the same time to[br]recognize that there are people who’s

0:05:10.880,0:05:15.659
real lives are harmed by harassment[br]online. In this case one of the people

0:05:15.659,0:05:19.830
is in this audience. And I hope that they[br]won’t mind being named. But we want

0:05:19.830,0:05:23.740
to give her a shoutout and say[br]that we stand behind her 100%.

0:05:23.740,0:05:25.260
Roger: Yeah, so, …

0:05:25.260,0:05:33.059
<i>applause</i>

0:05:33.059,0:05:37.690
So one of our developers on core Tor,[br]Andrea, has been harassed on Twitter

0:05:37.690,0:05:42.440
and elsewhere, really a lot more[br]than should happen to anybody.

0:05:42.440,0:05:45.880
And there are a couple of points[br]to make here. One of them is:

0:05:45.880,0:05:49.919
She’s a woman, and women online[br]have been harassed for basically

0:05:49.919,0:05:54.440
since ‘online’ has existed. Not just[br]women, other minorities, pretty much

0:05:54.440,0:05:59.110
all over the place. Especially recently[br]things have been getting worse.

0:05:59.110,0:06:04.820
The other important point to realize:[br]she’s not just being attacked because

0:06:04.820,0:06:08.390
she happens to be there. She’s being[br]attacked because they’re trying to attack

0:06:08.390,0:06:13.310
the Tor project and all the other people[br]in Tor. So, yes, she may be the focus

0:06:13.310,0:06:17.409
of some of the attacks but we - the rest[br]of the Tor community, the rest of the

0:06:17.409,0:06:22.270
security community - need to stand up[br]and take on some of this burden of

0:06:22.270,0:06:26.090
communicating and interacting,[br]and talking about these issues.

0:06:26.090,0:06:29.130
We can’t just leave it[br]to her to defend herself.

0:06:29.130,0:06:38.240
<i>applause</i>

0:06:38.240,0:06:41.770
Jacob: And so we want to set a particular[br]standard which is that there are

0:06:41.770,0:06:44.209
lots of journalists that have a lot of[br]questions. And we really think that

0:06:44.209,0:06:47.970
there are a lot of legitimate questions to[br]ask. E.g. I think it sucks that we take

0:06:47.970,0:06:52.050
Department of Defense money, sometimes.[br]And sometimes I also think it’s good that

0:06:52.050,0:06:55.140
people have the ability to feed[br]themselves, and have the ability

0:06:55.140,0:06:59.270
to actually have a home and a family. Now,[br]I don’t have those things, really. I mean

0:06:59.270,0:07:02.510
I can feed myself, but I don’t have a home[br]or a family in the same way that, say,

0:07:02.510,0:07:07.520
the family people on side of Tor do. And[br]they need to be paid. It is the case that

0:07:07.520,0:07:12.060
that is true. And that raises questions.[br]Like I, personally, wouldn’t ever take

0:07:12.060,0:07:16.710
CIA money. And I think that nobody should.[br]And I don’t think the CIA should exist.

0:07:16.710,0:07:18.260
But we have a diversity…

0:07:18.260,0:07:22.300
<i>applause</i>

0:07:22.300,0:07:26.150
…we have a diversity of funding because[br]we have a diversity of users. And so that

0:07:26.150,0:07:29.500
raises a lot of questions. And I think[br]people should ask those questions.

0:07:29.500,0:07:32.489
And Roger, and the rest of the Tor[br]community feels that way, too. But

0:07:32.489,0:07:36.700
it’s important that we don’t single out[br]a specific person. And, in particular,

0:07:36.700,0:07:40.270
to single out Andrea, again. She[br]does not deserve all the heat about

0:07:40.270,0:07:43.969
some of the decisions that the[br]Tor project as a non-profit makes.

0:07:43.969,0:07:48.510
She is a developer who is integral to[br]Tor. If it was not for her a significant

0:07:48.510,0:07:52.039
portion of Tor would not exist. It[br]would not be as bug free as it is.

0:07:52.039,0:07:56.839
And it would not be getting better all the[br]time. So we want people to reach out

0:07:56.839,0:08:02.019
to this alias, if they actually want[br]to talk, and have a forum where

0:08:02.019,0:08:06.020
the whole of Tor can really respond, and[br]think about these things in a positive way,

0:08:06.020,0:08:10.029
and really engage with the press. In a way[br]that we can manage; because at the moment

0:08:10.029,0:08:14.419
we get, I would say, 5 (on[br]average) press requests every day.

0:08:14.419,0:08:19.140
That’s really a lot. And it is also the[br]case that 4 of those requests

0:08:19.140,0:08:23.950
are very well phrased, extremely[br]reasonable questions. And one of them is,

0:08:23.950,0:08:28.339
you know: “Why to[br]choose to run Tor?” And

0:08:28.339,0:08:32.089
we should address all of them. We[br]really should. And at the same time

0:08:32.089,0:08:35.190
we have to recognize that some of these[br]people that are kind of harassing,

0:08:35.190,0:08:37.840
they might trigger me. That one will[br]trigger me, and I would probably

0:08:37.840,0:08:40.650
write back with something kind of shitty.[br]So we want to distribute the work in a way

0:08:40.650,0:08:44.049
where people will be nice. Even to the[br]people that are unreasonable. Because

0:08:44.049,0:08:48.460
at the core – we need to be held to[br]account, and we need people to look to us

0:08:48.460,0:08:52.090
about these things, and to ask us these[br]hard questions. And so this is the address

0:08:52.090,0:08:55.580
to reach out to: [press@torproject.org].[br]Not harassing Andrea online on Twitter.

0:08:55.580,0:09:00.690
Not coming after individual developers.[br]Not posting crazy stuff on the mailing list.

0:09:00.690,0:09:04.520
Wait until we’ve actually talked to you,[br]then post the crazy stuff on the mailing list.

0:09:04.520,0:09:07.510
Or wherever you’re going to post it. And[br]then hopefully we can actually answer

0:09:07.510,0:09:11.830
the questions in a good faith-, helpful[br]way. There’s no reason to talk about

0:09:11.830,0:09:15.210
conspiracy theories, we can just[br]talk about the business plans.

0:09:15.210,0:09:19.380
And into that point wanna make it clear:

0:09:19.380,0:09:23.330
stop being an asshole to people in the[br]community. But this is not negotiable.

0:09:23.330,0:09:27.210
We’re not saying because we don’t want[br]you to harass people that we’re going

0:09:27.210,0:09:30.800
to backdoor Tor. That will never happen.[br]You will find a bullet in the back of my head

0:09:30.800,0:09:35.410
before that happens. And maybe Roger’s,[br]too. Depending on the order of operations.

0:09:35.410,0:09:44.550
<i>laughter and applause</i>

0:09:44.550,0:09:48.240
Roger: Okay, so we’re going to talk[br]a little bit about the various things

0:09:48.240,0:09:52.760
we’ve done over the past year. To[br]give you a very brief introduction to Tor:

0:09:52.760,0:09:56.820
Tor is an anonymity system. You’ve got[br]Alice, the client over there. She builds

0:09:56.820,0:10:00.760
a path through 3 different relays[br]around the world. And the idea is

0:10:00.760,0:10:04.030
that somebody watching her local[br]network connection can’t figure out

0:10:04.030,0:10:07.830
what destination she’s going to. And[br]somebody watching the destinations

0:10:07.830,0:10:11.750
can’t figure out where she’s coming[br]from. And we have quite a few relays

0:10:11.750,0:10:16.440
at this point. Here’s a… the red line is[br]the graph of the number of relays

0:10:16.440,0:10:20.560
we’ve had over the past year. For those[br]of you who remember ‘Heartbleed’

0:10:20.560,0:10:24.450
you can see the big drop in April when[br]we removed a bunch of relays that

0:10:24.450,0:10:29.390
had insecure keys. But this is not the[br]interesting graph. The interesting graph

0:10:29.390,0:10:35.870
is ‘capacity over the past year’. And[br]we’ve gone from a little over 6 GBps

0:10:35.870,0:10:39.990
of capacity up to more[br]than 12 GBps of capacity.

0:10:39.990,0:10:48.140
<i>applause</i>

0:10:48.140,0:10:51.820
And as long as we can make the difference[br]between those 2 lines big enough then

0:10:51.820,0:10:56.200
Tor performance is pretty good. But we rely[br]on all of you to keep on running relays,

0:10:56.200,0:11:01.180
and make them faster etc. so that we[br]can handle all the users who need Tor.

0:11:01.180,0:11:06.350
Okay, another topic. Deterministic[br]builds. Mike Perry and Seth Schoen

0:11:06.350,0:11:10.250
did a great talk a few days ago. So you[br]should go watch the stream on that!

0:11:10.250,0:11:15.100
The very short version is: We have[br]a way of building Tor Browser so that

0:11:15.100,0:11:19.230
everybody can build Tor Browser[br]and produce the same binary.

0:11:19.230,0:11:22.940
And that way you don’t have to worry about[br]problems on your build machine and you can

0:11:22.940,0:11:27.660
actually check that the program we give[br]you, really is based on the source code

0:11:27.660,0:11:29.470
that we say that it is.

0:11:29.470,0:11:33.910
Jacob: And this is of course important[br]because we really don’t want to be

0:11:33.910,0:11:37.940
a focal point where someone comes[br]after us and says: “You have to produce

0:11:37.940,0:11:41.670
a backdoored version”. So it’s very[br]important because we do receive

0:11:41.670,0:11:46.430
a lot of pressure, from a lot of different[br]groups. And we never want to cave.

0:11:46.430,0:11:50.310
And here’s how we think it is the[br]case that we will never cave:

0:11:50.310,0:11:54.470
Free Software, open specifications,[br]reproducible builds,

0:11:54.470,0:11:57.920
things that can be verified[br]with cryptographic signatures.

0:11:57.920,0:12:01.650
That will not only keep us honest[br]against the – what do you call it –

0:12:01.650,0:12:04.870
the angels of our better nature.[br]I don’t believe in angels. But anyway.

0:12:04.870,0:12:09.100
The point is that it will keep us honest.[br]But it will also keep other people at bay.

0:12:09.100,0:12:13.360
From trying to do something harmful to[br]us. Because when something happens

0:12:13.360,0:12:17.860
you will be able to immediately find it.[br]And Mike Perry, by the way, is incredible.

0:12:17.860,0:12:24.730
He probably hates that I’m saying his name[br]right now. Sorry, Mike! Are you here?

0:12:24.730,0:12:27.340
<i>laughter</i>[br]Bastard! <i>laughs</i>

0:12:27.340,0:12:32.020
But Mike Perry is a machine. He also[br]has a heart! But he’s a machine.

0:12:32.020,0:12:36.010
And he’s incredible. And he has been[br]working non-stop on this. And he is really

0:12:36.010,0:12:40.420
ground-breaking in not only doing[br]this for Firefox but really thinking

0:12:40.420,0:12:43.720
about these hard problems, and[br]understanding that if he was just building

0:12:43.720,0:12:47.810
this browser by himself, and he was[br]doing it in a non-verifiable way

0:12:47.810,0:12:51.210
that it would really, actually be[br]a serious problem. Because we distribute

0:12:51.210,0:12:55.930
this software. And so, I mean[br]there is a reason that the NSA

0:12:55.930,0:12:59.890
calls Mike Perry a “worthy adversary”.[br]And it is because he’s amazing!

0:12:59.890,0:13:02.260
<i>applause</i>[br]So let’s give it up for Mike Perry!

0:13:02.260,0:13:07.600
<i>ongoing applause</i>

0:13:07.600,0:13:11.870
Roger: Not only that, but his work, along[br]with Bitcoin’s work has pushed Debian

0:13:11.870,0:13:16.500
and Fedora, and other groups to work[br]on reproducible builds as well. So,

0:13:16.500,0:13:20.520
hopefully the whole security[br]community will get better!

0:13:20.520,0:13:24.810
<i>applause</i>

0:13:24.810,0:13:28.700
Jacob: And to the point about Citizenfour.[br]One of the things that’s been happening

0:13:28.700,0:13:33.390
quite recently is that really respectable[br]nice people like the people at Mozilla

0:13:33.390,0:13:37.440
have decided that they really want[br]us to work together. Which is great.

0:13:37.440,0:13:41.250
Because we wanted to, and we have[br]respected their work for a very long time.

0:13:41.250,0:13:46.779
And so Tor is now partnering with Mozilla.[br]And that means that Mozilla, as a group,

0:13:46.779,0:13:50.400
will be running Tor relays. At first[br]middle nodes, and then, hopefully,

0:13:50.400,0:13:56.770
we believe, exit relays. And that is[br]huge because Mozilla is at the forefront

0:13:56.770,0:14:02.370
of doing a lot of work for end users. Just[br]everyday regular people wanting privacy.

0:14:02.370,0:14:07.589
Things like DoNotTrack e.g.[br]are a way to try to experiment.

0:14:07.589,0:14:11.510
Things like the Tor Browser a way to[br]experiment even further. To really bring

0:14:11.510,0:14:16.400
Privacy-by-Design. And it’s amazing[br]that Mozilla is doing that. And

0:14:16.400,0:14:20.500
we’ve made a partnership with them, and[br]we’re hopeful, cautiously optimistic even,

0:14:20.500,0:14:23.680
that this is going to produce some very[br]good results where our communities can

0:14:23.680,0:14:28.450
sort of fuse, and give Privacy-by-Design[br]software to every person on the planet

0:14:28.450,0:14:31.210
with no exceptions whatsoever.

0:14:31.210,0:14:37.860
<i>applause</i>

0:14:37.860,0:14:42.010
Now we also have a couple of things[br]that we would like to talk about,

0:14:42.010,0:14:44.960
just generally, that are a little bit[br]technical. But at the same time

0:14:44.960,0:14:49.070
we wanna keep it accessible because[br]we think that this talk, well, it’s useful

0:14:49.070,0:14:51.841
to talk about technical details. The most[br]important thing is somebody who has

0:14:51.841,0:14:55.260
never heard of the Tor community before,[br]who watches this video, we want them

0:14:55.260,0:15:00.730
to understand some of the[br]details, and enough, let’s say,

0:15:00.730,0:15:04.650
technical understanding that they’ll be[br]able to go and look it up if they want to,

0:15:04.650,0:15:07.510
but they’ll also understand we’re not[br]just glossing over, completely.

0:15:07.510,0:15:10.320
So, pluggable transports are very[br]important. Right now, the way

0:15:10.320,0:15:15.540
that Tor works is that we connect with an[br]SSL/TLS connection. The protocol SSL/TLS,

0:15:15.540,0:15:19.750
one of the 2, depending on the client[br]library, and the server library. And

0:15:19.750,0:15:23.180
that looks like an SSL connection, for[br]the most part. But as some of you know

0:15:23.180,0:15:28.470
there are people on this planet[br]they collect SSL and TLS data,

0:15:28.470,0:15:32.440
about everything flowing across the[br]internet. That’s really a problem.

0:15:32.440,0:15:36.550
It turns out we thought in some cases[br]that it was just censorship that mattered.

0:15:36.550,0:15:40.410
But it turns out broad classification[br]of traffic is really, actually, a problem

0:15:40.410,0:15:44.960
not just for blocking but also for later[br]doing identification of traffic flows.

0:15:44.960,0:15:47.740
So I’ve already lost the non-technical[br]people in the audience, so, let me

0:15:47.740,0:15:51.580
rephrase that and say: We have these other[br]ways of connecting to the Tor network.

0:15:51.580,0:15:55.740
And they don’t look just like a secure[br]banking transaction. They look instead

0:15:55.740,0:16:01.250
like DNS, or HTTP – that is your regular[br]web browsing or name resolution.

0:16:01.250,0:16:04.990
And we have a lot of different pluggable[br]transports. And some of them are cool.

0:16:04.990,0:16:08.040
Some of them make it look like you’re[br]connecting to Google. When in fact you’re

0:16:08.040,0:16:11.180
connecting to the Tor Project. And it’s[br]because you, in fact, are connecting

0:16:11.180,0:16:16.660
to Google. Leif Ryge, are you[br]in the room, here? Maybe, no?

0:16:16.660,0:16:19.960
This is really… you guys,[br]and your anonymity!

0:16:19.960,0:16:23.890
<i>laughter</i>[br]It is the case…

0:16:23.890,0:16:27.070
he showed this to me, I mentioned this to[br]some other people and David Fifield,

0:16:27.070,0:16:30.870
I think, either independently rediscovered[br]it. There’s also the GoAgent people

0:16:30.870,0:16:35.390
that discovered this. You can connect[br]to Google with an SSL connection,

0:16:35.390,0:16:38.430
and the certificate will say:[br]dadada.google.com. And you of course

0:16:38.430,0:16:42.740
verify it. And it is of course signed,[br]probably by Adam Langley, personally.

0:16:42.740,0:16:48.120
And… maybe it’s just the Google[br]CAs. And then you give it a different

0:16:48.120,0:16:53.270
HTTP host header. So you say: actually[br]I wanna talk to Appspot. I wanna talk

0:16:53.270,0:16:58.470
to torbridge.appspot.com.[br]And inside of the TLS connection,

0:16:58.470,0:17:01.149
which looks like it’s a connection to[br]Google which is one of the most popular

0:17:01.149,0:17:05.119
websites on the internet you then make[br]essentially an encrypted connection

0:17:05.119,0:17:09.980
through that. And then from there[br]to the Tor network. Using Google,

0:17:09.980,0:17:13.859
but also Cloudflare – they don’t[br]just provide you with captchas!

0:17:13.859,0:17:19.329
<i>laughter and applause</i>[br]<i>laughs</i>

0:17:19.329,0:17:23.170
Poor Cloudflare guy! We were joking[br]we should stand outside his office

0:17:23.170,0:17:26.009
and make him answer[br]captchas to get in the door!

0:17:26.009,0:17:30.460
<i>laughter and applause</i>

0:17:30.460,0:17:34.260
All of those people clapping wish you[br]would solve the Cloudflare captcha issue!

0:17:34.260,0:17:39.810
So it also works with other compute[br]clusters. And other CDNs.

0:17:39.810,0:17:43.300
And so this is really awesome because[br]it means that now you can connect

0:17:43.300,0:17:47.280
through those CDNs to the Tor network,[br]using Meek (?) and other pluggable transports

0:17:47.280,0:17:52.620
like that. So that’s a huge win.[br]And deploying it by default

0:17:52.620,0:17:54.140
– I think we have another slide for that…

0:17:54.140,0:17:58.270
Roger: Nope, that’s it![br]We’ve got a different one, yes.

0:17:58.270,0:18:03.440
So, one of the neat things about Meek (?) is:[br]because it works on all these different

0:18:03.440,0:18:07.910
sorts of providers – Akamai[br]and all the CDNs out there –

0:18:07.910,0:18:12.840
a lot of those are still reachable from[br]places like China. Lots of our pluggable

0:18:12.840,0:18:16.370
transports don’t work so well in China,[br]but meek does, at this point.

0:18:16.370,0:18:20.200
So there are a lot of happy users.[br]Here’s a graph of an earlier

0:18:20.200,0:18:24.230
pluggable transport that we had,[br]called ‘obfs3’. It still works in China,

0:18:24.230,0:18:28.030
and Iran, and Syria and lots[br]of places around the world.

0:18:28.030,0:18:31.920
But the sort of blue/aqua line is

0:18:31.920,0:18:36.540
how much use we’ve seen of[br]obfs3. And you can tell exactly

0:18:36.540,0:18:41.590
when we put out the new Tor browser[br]release that had obfs3 built-in

0:18:41.590,0:18:46.890
and easy-to-use by ordinary people.[br]So one of the really important pushes

0:18:46.890,0:18:50.850
we’ve been doing is trying to make[br]– rather than trying to explain

0:18:50.850,0:18:54.090
how pluggable transports work, and[br]teach you everything – just make them

0:18:54.090,0:18:57.370
really simple. Make them part of Tor[br]browser, you just click on “My Tor

0:18:57.370,0:19:01.690
isn’t working so I wanna use some[br]other way to make my Tor work”.

0:19:01.690,0:19:06.260
And we’ve got 10.000 people at this[br]point who are happily using obfs3.

0:19:06.260,0:19:10.930
I think a lot of them are in[br]Syria and Iran at this point.

0:19:10.930,0:19:17.640
<i>applause</i>

0:19:17.640,0:19:21.150
Something else we’ve been doing over[br]the past year is working really hard

0:19:21.150,0:19:26.020
on improving the robustness,[br]and testing infrastructure,

0:19:26.020,0:19:29.960
and unit tests for the core Tor[br]source code. So Nick Mathewson

0:19:29.960,0:19:34.230
and Andrea Shepard in particular[br]have been really working on robustness

0:19:34.230,0:19:39.700
to make this something we can rely[br]on, as a building block in tails,

0:19:39.700,0:19:43.770
in Tor browser, in all the other[br]applications that rely on Tor.

0:19:43.770,0:19:47.190
So in the background things were[br]getting a lot stronger. Hopefully that

0:19:47.190,0:19:51.960
will serve us very well[br]in the battles to come.

0:19:51.960,0:19:59.220
<i>applause</i>

0:19:59.220,0:20:02.280
Jacob: So this fine gentleman[br]who was a teen heartthrob

0:20:02.280,0:20:03.980
on Italian television many years ago…

0:20:03.980,0:20:06.530
Arturo: Thank you for doxing me![br]Jacob: Sorry.

0:20:06.530,0:20:08.260
<i>both laugh</i>

0:20:08.260,0:20:10.450
If only you’d been using Tor!

0:20:10.450,0:20:16.020
Arturo: Yeah, TV over Tor. So…[br]A project that we started a couple

0:20:16.020,0:20:23.620
of years ago with Jake is sort of related[br]I guess to the Tor project’s goals of

0:20:23.620,0:20:29.740
increasing privacy and having a better[br]understanding on how people’s lives

0:20:29.740,0:20:35.380
are impacted through technology. And this[br]project is called OONI, or the ‘Open

0:20:35.380,0:20:40.010
Observatory of Network Interference’. And[br]what it is, before being a piece of software

0:20:40.010,0:20:46.080
is a set of principles, and best practices[br]and specifications written in English

0:20:46.080,0:20:52.860
for how it is best to conduct network[br]related measurements. That sort of

0:20:52.860,0:20:57.510
measurements that we’re interested in[br]running have to do with identifying

0:20:57.510,0:21:04.130
network irregularities. These are symptoms[br]that can be a sign of presence of

0:21:04.130,0:21:10.710
surveillance or censorship, on the network[br]that you’re testing. And we use

0:21:10.710,0:21:15.860
a methodology that has been peer-reviewed,[br]of which we have published a paper.

0:21:15.860,0:21:21.200
It’s implemented using free software. And[br]all of the data that we collect is made

0:21:21.200,0:21:26.800
available to the public. So that you can[br]look at it, analyze it and draw your

0:21:26.800,0:21:33.160
own conclusions from it.[br]<i>applause</i>

0:21:33.160,0:21:37.560
And so we believe that this effort is[br]something that is helpful and useful

0:21:37.560,0:21:43.179
to people such as journalists, researchers,[br]activists or just simple citizens that are

0:21:43.179,0:21:48.679
interested in being more aware, and have[br]a better understanding that is based

0:21:48.679,0:21:55.559
on facts instead of just anecdotes, on[br]what is the reality of internet censorship

0:21:55.559,0:22:00.059
in their country. And we believe that[br]historical data is especially important

0:22:00.059,0:22:05.660
because it gives us an understanding of[br]how these censorship and surveillance

0:22:05.660,0:22:12.670
apparatuses evolve over time. So[br]I would like to invite you all to run

0:22:12.670,0:22:21.730
Ooniprobe today, if you copy and paste[br]this command line inside of a Debian-based

0:22:21.730,0:22:26.730
system. Obviously… perhaps you should[br]read what is inside it before running it.

0:22:26.730,0:22:31.310
<i>applause</i>

0:22:31.310,0:22:34.630
But once you do that you will have[br]a Ooniprobe setup and you will be

0:22:34.630,0:22:40.570
collecting measurements for your country.[br]If instead you would like to have

0:22:40.570,0:22:46.890
an actual hardware device we have a very[br]limited number of them. But if you’re

0:22:46.890,0:22:49.799
from an interesting country and you’re[br]interested in running Ooniprobe

0:22:49.799,0:22:54.420
we can give you a little Raspberry Pi with[br]an LCD screen that you can take home,

0:22:54.420,0:23:00.860
connect to your network and adopt[br]a Ooniprobe in your home network.

0:23:00.860,0:23:09.130
To learn more about this you should come[br]later today at Noisy Square, at 6 P.M.

0:23:09.130,0:23:11.750
to learn more about it.

0:23:11.750,0:23:13.020
Roger: Thank you!

0:23:13.020,0:23:17.500
<i>applause</i>

0:23:17.500,0:23:20.570
Jacob: And, just to finish up here,[br]I mean, OONI is a human rights

0:23:20.570,0:23:26.070
observation project which Arturo and[br]Aaron Gibson – also somewhere in the room,

0:23:26.070,0:23:32.130
I’m sure he won’t stand up so I won’t even[br]ask him. It’s great! Because we went from

0:23:32.130,0:23:35.400
a world where there was no open[br]measurement, with only secret tools,

0:23:35.400,0:23:39.110
essentially, where people acted like[br]secret agents, going in the countries

0:23:39.110,0:23:42.320
to do measurements. There wasn’t really[br]an understanding of the risks that

0:23:42.320,0:23:45.860
were involved, how the tests function,[br]where non-technical people could have

0:23:45.860,0:23:50.830
reasonable explanations. And now we have[br]open measurement tools, we have open data

0:23:50.830,0:23:55.080
standards, we have really like a framework[br]for understanding this as a human right

0:23:55.080,0:23:59.250
to observe the world around you. And then[br]also to share that data, and to actually

0:23:59.250,0:24:03.290
discuss that data, what it means. And to[br]be able to set standards for it.

0:24:03.290,0:24:06.330
And hopefully that means that people have[br]informed consent when they engage

0:24:06.330,0:24:10.600
in something that could be risky, like running[br]Ooni in a place like… that is dangerous

0:24:10.600,0:24:13.030
like the United States or Cuba,[br]or something like China.

0:24:13.030,0:24:18.000
<i>applause</i>[br]And so, Arturo personally though, is

0:24:18.000,0:24:21.610
the heart and soul of Ooni. And it is[br]really important that we see that

0:24:21.610,0:24:25.580
the Tor community is huge. It’s really[br]huge, it’s made up of a lot of people

0:24:25.580,0:24:29.670
doing a lot of different things. And part[br]of Ooni is Tor. We need Tor to be able

0:24:29.670,0:24:33.929
to have a secure communications channel[br]back to another system, we need that

0:24:33.929,0:24:38.230
so that people can log into these[br]Ooniprobes e.g. over Tor Hidden Services.

0:24:38.230,0:24:42.610
That kind of fusion of things where we[br]have anonymity but at the same time

0:24:42.610,0:24:45.980
we have this data set that is in some[br]cases identifying, in some cases

0:24:45.980,0:24:49.910
it’s not identifying, depending on the[br]test. We need an anonymous communications

0:24:49.910,0:24:53.630
channel to do that kind of human rights[br]observation. And so… just so we can

0:24:53.630,0:24:57.070
make Arturo a little… feel a little[br]appreciated I just wanna give him

0:24:57.070,0:25:00.500
another round of applause, for making this[br]human rights observation project.

0:25:00.500,0:25:08.240
<i>applause</i>[br]<i>Jacob joins the applause</i>

0:25:08.240,0:25:12.990
Roger: So I encourage all of you not only[br]to run Ooniprobe in interesting places,

0:25:12.990,0:25:17.660
and in boring places because they might[br]become interesting. But also to help write

0:25:17.660,0:25:22.500
new tests, and work on the design of these[br]things, so that we can detect and notice

0:25:22.500,0:25:27.289
new problems on the internet more quickly.[br]Something else we’ve been up to over

0:25:27.289,0:25:32.920
the past year is Tor Weekly News. We were[br]really excited by Linux Weekly News etc.

0:25:32.920,0:25:37.990
and… so every week there’s a new[br]blog post and mail that summarizes

0:25:37.990,0:25:41.820
what’s happened over the past week.[br]We encourage you to look at all these.

0:25:41.820,0:25:45.870
A special shout-out to harmony and[br]lunar for helping to make this happen

0:25:45.870,0:25:47.950
over the past year. Thank you!

0:25:47.950,0:25:52.679
<i>applause</i>

0:25:52.679,0:25:57.370
Jacob: Finally there’s a Tor list you can[br]be on, that you really wanna be on!

0:25:57.370,0:26:01.460
Roger: Being on lists is good. One of the[br]other features we’ve been really excited

0:26:01.460,0:26:06.590
about over the past year: EFF has been[br]helping with Outreach. EFF ran

0:26:06.590,0:26:10.820
a Tor relay challenge to try to get a lot[br]of people running relays. And I think

0:26:10.820,0:26:17.150
they have several thousand relays that[br]signed up because of the relay challenge.

0:26:17.150,0:26:19.549
Pushing a lot of traffic.[br]So that’s really great!

0:26:19.549,0:26:23.339
<i>applause</i>

0:26:23.339,0:26:27.040
And at the same time not only did they[br]get a lot of more people running relays

0:26:27.040,0:26:31.750
but they also did some great advocacy[br]and outreach for getting more exit relays

0:26:31.750,0:26:36.440
in universities, and basically teaching[br]people why Tor is important. We all need

0:26:36.440,0:26:40.200
to be doing more of that! We’ll[br]touch on that a little bit more later.

0:26:40.200,0:26:44.190
So you all I hope remember what was[br]going on in Turkey, earlier this year.

0:26:44.190,0:26:48.419
Here’s a cool graph of Tor use in Turkey[br]when they started to block Youtube

0:26:48.419,0:26:52.170
and other things. Then people realized,[br]I need to get some tools to get around

0:26:52.170,0:26:56.830
that censorship. But you probably[br]weren’t paying attention when Iraq

0:26:56.830,0:27:01.430
filtered Facebook, and suddenly a lot of[br]people in Iraq needed to get some sort

0:27:01.430,0:27:05.570
of way to get around their censorship. So[br]there are a bunch of interesting graphs

0:27:05.570,0:27:10.470
like this on the Tor Metrics project, of[br]what’s been going on over the past year.

0:27:10.470,0:27:13.290
Jacob: And we actually…[br]– if you could go back, yeah.

0:27:13.290,0:27:17.510
One thing that’s really interesting about[br]this is: Karsten Loesing who is, I think,

0:27:17.510,0:27:20.530
also not going to stand up, maybe you[br]will? Are you here? I don’t see you,

0:27:20.530,0:27:25.929
Karsten? No? No, okay. He does all[br]the metrics, this anonymous, shadowy

0:27:25.929,0:27:29.650
metrics figure. And if you go to[br]metrics.torproject.org you’ll see

0:27:29.650,0:27:33.830
open data that is properly anonymized[br]– you would expect that from us –

0:27:33.830,0:27:38.539
as well as actual documents that explain[br]the anonymity, the counting techniques,

0:27:38.539,0:27:42.140
that explain the privacy conserving[br]statistics. And you can see these graphs,

0:27:42.140,0:27:46.050
you can generate them based on certain[br]parameters. If you are interested

0:27:46.050,0:27:50.320
in seeing e.g. geopolitical events,[br]and how they tie in to the internet,

0:27:50.320,0:27:54.870
this project is part of what inspired[br]Ooni. This is how we get statistics

0:27:54.870,0:27:58.289
and interesting things about the Tor[br]network itself. From Tor clients,

0:27:58.289,0:28:02.150
from Tor relays, from Tor bridges.[br]And it tells you all sorts of things.

0:28:02.150,0:28:08.700
Platform information, version number of[br]the software, which country someone

0:28:08.700,0:28:13.440
might be connecting from etc. Where[br]they’re hosted… If you are interested

0:28:13.440,0:28:17.900
looking at this website and finding spikes[br]like this you may in fact be able to

0:28:17.900,0:28:22.590
find out that there is a censorship event[br]in that country, and we haven’t noticed it.

0:28:22.590,0:28:26.410
There are a lot of countries in the world[br]if we split it up by country. And sometimes

0:28:26.410,0:28:31.460
50.000 Tor users fall off the Tor network[br]because another American company has sold

0:28:31.460,0:28:36.780
that country censorship equipment. We[br]need help finding these events, and then

0:28:36.780,0:28:41.340
understanding their context. So if in your[br]country something like that happens

0:28:41.340,0:28:45.830
looking at this data can help us not only[br]to advocate for anonymity in such a place

0:28:45.830,0:28:48.910
but it can help us to also technically[br]realize we need to fix a thing,

0:28:48.910,0:28:51.799
change a thing… And it’s through this[br]data that we can have a dialog

0:28:51.799,0:28:55.550
about those things. So if you have no[br]technical ability at all but you’re

0:28:55.550,0:28:59.260
interested and understand where you[br]come from – look at this data set, try

0:28:59.260,0:29:03.450
to understand it, and then reach out to us[br]and hopefully we can learn about that.

0:29:03.450,0:29:06.289
That’s how we learn about this, that’s how[br]we learned about the previous thing.

0:29:06.289,0:29:09.860
And many years ago we gave a Tor talk[br]about how countries and governments

0:29:09.860,0:29:15.470
and corporations try to censor Tor. And[br]of course, a lot has happened since then.

0:29:15.470,0:29:18.510
There’s a lot of those things, and very[br]difficult to keep up with them. So

0:29:18.510,0:29:22.820
we really need the community’s help to[br]contextualize, to explain and define

0:29:22.820,0:29:25.750
these things.

0:29:25.750,0:29:30.970
Roger: Okay. Next section of the talk,[br]‘things that excited journalists over

0:29:30.970,0:29:35.270
the past year’. That actually turned out[br]to be not-so-big a deal. And we’re gonna

0:29:35.270,0:29:39.220
try to blow through a lot of them quickly,[br]so that we can get to the stuff that

0:29:39.220,0:29:45.669
actually was a big deal. So I guess in[br]August or something there was going to be

0:29:45.669,0:29:50.190
a Blackhat talk about how you can[br]just totally break Tor, and then

0:29:50.190,0:29:55.080
the Blackhat talk got pulled. Turns out[br]that it was a group at CMU who were

0:29:55.080,0:30:00.200
doing some research on Tor. And I begged[br]them for a long time to get a little bit

0:30:00.200,0:30:04.720
of information about what attack they had.[br]Eventually they sent me a little bit of

0:30:04.720,0:30:08.510
information. And then we were all[br]thinking about how to fix it. And then

0:30:08.510,0:30:12.280
Nick Mathewson, one of the Tor developers,[br]said: “Why don’t I just deploy

0:30:12.280,0:30:17.490
a detection thing on the real Tor network,[br]just in case somebody is doing this?” And

0:30:17.490,0:30:21.210
then it turns out somebody was doing this.[br]And then I sent mail to the Cert (?) people

0:30:21.210,0:30:25.789
saying: “Hey, are you, like, are you like[br]running those 100 relays that are doing

0:30:25.789,0:30:31.690
this attack on Tor users right now?” And[br]I never heard back from them after that.

0:30:31.690,0:30:36.570
So that’s sort of a… this is a sad[br]story for a lot of different reasons.

0:30:36.570,0:30:41.070
But I guess the good news is we identified[br]the relays that were doing the attack,

0:30:41.070,0:30:45.020
we cut them out of the network, and we[br]deployed a defense that will first of all

0:30:45.020,0:30:49.000
make that particular attack not[br]work anymore. And also detect it

0:30:49.000,0:30:52.010
when somebody else is trying[br]to do an attack like this.

0:30:52.010,0:30:53.610
Jacob: This, of course, is…

0:30:53.610,0:30:59.720
<i>applause</i>

0:30:59.720,0:31:05.020
This is a hard lesson, for 2 reasons.[br]The first reason is that that it’s awful

0:31:05.020,0:31:07.750
to do those kinds of attacks on the real[br]Tor network. And there’s a question about

0:31:07.750,0:31:12.530
responsibility. But the second lesson is[br]that when these kinds of things happen,

0:31:12.530,0:31:17.179
and we have the ability to actually[br]understand them we can respond to them.

0:31:17.179,0:31:21.370
It’s really awful that the talk[br]was pulled, and it is really awful

0:31:21.370,0:31:24.640
that these people were not able to give[br]us more information. And it’s also really

0:31:24.640,0:31:28.030
awful that they were apparently carrying[br]out the attack. And there were lots

0:31:28.030,0:31:31.831
of open questions about it. But in general[br]we believe that we’ve mitigated the attack

0:31:31.831,0:31:36.450
which is important. But we also[br]advocated for that talk to go forward.

0:31:36.450,0:31:40.549
Because we think that, of course, the[br]answer to even really frustrating speech

0:31:40.549,0:31:45.710
is more speech! So we wanna know more[br]about it. It somehow is very disturbing

0:31:45.710,0:31:49.090
that that talk was pulled. And they should[br]be able to present their research,

0:31:49.090,0:31:52.650
even if there’s anger on our face it’s[br]important for our users to know as much

0:31:52.650,0:31:57.520
as we can, so that we can move[br]forward with protecting Tor users.

0:31:57.520,0:32:02.500
Roger: Okay, so, another exciting[br]topic from a couple of months ago:

0:32:02.500,0:32:04.630
Russia apparently put out[br]a call-for-research work…

0:32:04.630,0:32:06.990
<i>loud splashing noise from Jake[br]opening a loaded water bottle</i>

0:32:06.990,0:32:10.580
…to come up with attacks on Tor.[br]Jacob: It’s another attack on Tor!

0:32:10.580,0:32:14.970
Roger: Enjoy your water, Jake.[br]I hope that was worth it. <i>laughs</i>

0:32:14.970,0:32:16.530
Jacob: <i>laughs</i> It was really[br]worth it. Was very thirsty.

0:32:16.530,0:32:19.919
Roger: So Russia put out a[br]call-for-research proposals

0:32:19.919,0:32:25.930
on attacking Tor. Somebody mistranslated[br]that phrase from Russian into ‘prize’,

0:32:25.930,0:32:31.200
or ‘bounty’, or ‘contest’. And then we had[br]all these articles, saying “Russia is

0:32:31.200,0:32:36.080
holding a contest to break Tor” when[br]actually, no, they just wanted somebody

0:32:36.080,0:32:41.560
to work on research on Tor attacks.[br]So this would be like the U.S. National

0:32:41.560,0:32:46.730
Science Foundation holds a contest[br]for Tor research. That’s not actually

0:32:46.730,0:32:50.280
how government funding works.[br]Mistranslations cause a lot of

0:32:50.280,0:32:55.030
exciting journalist articles but as[br]far as I can tell it turned out to be

0:32:55.030,0:32:59.850
basically nothing. Also it was basically[br]‘no money’. So, maybe something

0:32:59.850,0:33:03.069
will come of this, we’ll see. Something[br]else that’s been bothering me a lot,

0:33:03.069,0:33:08.260
lately: Cryptowall, now called[br]‘Cryptolocker’. So, there are jerks

0:33:08.260,0:33:12.230
out there who break into your[br]mobile phone of some sort,

0:33:12.230,0:33:17.159
give you malware, viruses, something[br]like that. They encrypt your files,

0:33:17.159,0:33:22.050
and then they send you basically a ransom[br]note saying “We’ve encrypted your file,

0:33:22.050,0:33:27.320
if you want it back send some Bitcoin over[br]here!” So this is bad, so far. But then

0:33:27.320,0:33:31.320
the part that really upsets me is they[br]say: “And if you don’t know how to do this

0:33:31.320,0:33:35.960
go to our website torproject.org and[br]download the Tor Browser in order

0:33:35.960,0:33:42.620
to pay us”. Fuck them! I do not want[br]people doing this with our software!

0:33:42.620,0:33:49.220
<i>applause</i>

0:33:49.220,0:33:51.890
Jacob: Yeah, fuck them. I mean I don’t[br]really have a lot to contribute to that.

0:33:51.890,0:33:56.510
I mean it’s really… Hidden Services have[br]a really bad rap, and it’s frustrating,

0:33:56.510,0:33:59.900
right? There’s a… of course this[br]quantitative and qualitative analysis

0:33:59.900,0:34:03.890
that we can have here. And the reality[br]of the situation is that one Globaleaks

0:34:03.890,0:34:08.270
leaking interface is ‘one.onion’ (?), for[br]example. What is the value of that?

0:34:08.270,0:34:13.540
Versus 10.000 Hidden Services run by these[br]jerks? And it’s very hard to understand

0:34:13.540,0:34:16.989
the social value of these things, except[br]to say that we really need things like

0:34:16.989,0:34:21.710
Hidden Services. And jackasses like this[br]are really making it hard for us to defend

0:34:21.710,0:34:26.199
the right to publish anonymously. And so,[br]if you know who these people are please

0:34:26.199,0:34:30.549
ask them to stop! I don’t even know[br]what the ask is there. But they really

0:34:30.549,0:34:33.109
should stop. Or maybe there’s some[br]interesting things that you can do.

0:34:33.109,0:34:37.159
I don’t know. But we really, really[br]don’t like that this is someone’s

0:34:37.159,0:34:41.229
first introduction to Tor! That they think[br]that we’re responsible for this. We

0:34:41.229,0:34:44.549
most certainly are not responsible for[br]these things. We certainly do not deploy

0:34:44.549,0:34:51.000
malware. And Hidden Services are actually[br]very important for a lot of people.

0:34:51.000,0:34:53.930
These people are not those people!

0:34:53.930,0:34:59.949
<i>applause</i>

0:34:59.949,0:35:03.539
Roger: Another ‘exciting’ story,[br]a month or 2 ago, was,

0:35:03.539,0:35:08.289
“81% of Tor users can be de-anonymized…”[br]and then some more words, depending on

0:35:08.289,0:35:13.210
which article you read. So it turns out[br]that one of our friends, Sambuddho, who is

0:35:13.210,0:35:19.309
a professor in India now, did some work[br]on analyzing traffic correlation attacks

0:35:19.309,0:35:24.210
in the lab. He found, in the lab, that[br]some of his attacks worked sometime,

0:35:24.210,0:35:29.410
great… And then some journalists found it,[br]and said: “Ah! This must be the reason why

0:35:29.410,0:35:33.849
Tor is insecure today”. So he wrote[br]an article, it got Slashdot, it got

0:35:33.849,0:35:38.210
all the other news stories. And suddenly[br]everybody knew that Tor was broken

0:35:38.210,0:35:43.759
because “81% of Tor users…”.[br]So it turns out that Sambuddho himself

0:35:43.759,0:35:47.699
stood up and said actually: “No, you[br]misunderstood my article”. But

0:35:47.699,0:35:51.910
that didn’t matter because nobody listened[br]to the author of the paper at that point.

0:35:51.910,0:35:57.390
So I guess there’s a broader issue that[br]we’re struggling with here, in terms of

0:35:57.390,0:36:02.430
how to explain the details of these[br]things because traffic correlation attacks

0:36:02.430,0:36:08.560
are a big deal. They probably do work[br]if you have enough traffic around

0:36:08.560,0:36:12.079
the internet, and you’re looking at the[br]right places. You probably can do

0:36:12.079,0:36:17.549
the attack. But that paper did not do the[br]attack. So I keep finding myself saying:

0:36:17.549,0:36:21.880
“No no no, you’re misunderstanding the[br]paper, the paper doesn’t tell us anything,

0:36:21.880,0:36:25.749
but the attack is real! But the paper[br]doesn’t tell us anything”. And this is

0:36:25.749,0:36:30.049
really confusing to journalists because[br]it sounds like I’m disagreeing with myself

0:36:30.049,0:36:35.059
with these 2 different sentences. So we[br]need to come up with some way to

0:36:35.059,0:36:39.770
be able to explain: “Here are all of the[br]real attacks, that are really actually

0:36:39.770,0:36:44.979
worrisome, and it’s great that researchers[br]are working on them. And they probably

0:36:44.979,0:36:50.839
are a big deal, in some way. But no, that[br]paper that you’re pointing at right now

0:36:50.839,0:36:55.839
is not the reason why they’re a big[br]deal”. We also saw this in the context

0:36:55.839,0:36:59.790
of an NSA paper which was published[br]a couple of days ago, thanks to

0:36:59.790,0:37:02.690
some other folks.[br]Jacob: Sad, ‘some other folks’!

0:37:02.690,0:37:04.950
Roger: ‘Some other folks’. I won’t specify

0:37:04.950,0:37:10.020
exactly which other folks. And they[br]similarly had a traffic correlation attack.

0:37:10.020,0:37:15.579
And in the paper it’s really a bad one.[br]It’s the same as the paper that was

0:37:15.579,0:37:20.140
published in 2003, in the open literature.[br]There was a much better paper

0:37:20.140,0:37:25.309
published in 2004, in the open literature,[br]that apparently these folks didn’t read.

0:37:25.309,0:37:29.619
So I don’t wanna say traffic correlation[br]attacks don’t work, but all these papers

0:37:29.619,0:37:35.609
that we’re looking at don’t show…[br]aren’t very good papers.

0:37:35.609,0:37:39.120
Jacob: So one of the solutions to a lot[br]of journalists that don’t understand

0:37:39.120,0:37:42.710
technology is that it’s actually quite[br]easy to be a journalist by comparison

0:37:42.710,0:37:47.319
to being a technologist. It’s possible[br]to write about things in a factually

0:37:47.319,0:37:51.359
correct way, sometimes you don’t always[br]reach the right audiences, that can

0:37:51.359,0:37:55.489
actually be difficult. It depends. So you[br]have to write for different reading

0:37:55.489,0:37:59.390
comprehension levels, e.g. And we tried[br]to write for people who understand

0:37:59.390,0:38:03.249
the internet. At least when I write as[br]a journalist. And so, when I sometimes

0:38:03.249,0:38:07.210
take off my Tor hat I put on my journalistic[br]hat. And part of the reason is that

0:38:07.210,0:38:10.369
in order to even tell you about some[br]of the things that we learn, if I don’t

0:38:10.369,0:38:14.599
put on my journalistic hat I get a nice[br]pair of handcuffs. So it’s very important

0:38:14.599,0:38:17.719
to have journalistic protection so that we[br]can inform you about these things.

0:38:17.719,0:38:23.430
So e.g. it is the case that XKeyscore[br]rules – we published some of them.

0:38:23.430,0:38:28.589
Not ‘we’, Tor. But me and this set of[br]people at the top, of this by-line here.

0:38:28.589,0:38:33.420
In NDR. Some of you know NDR, it’s a very[br]large German publication. I also publish

0:38:33.420,0:38:37.730
with Der Spiegel, as a journalist. In this[br]case we published XKeyscore rules.

0:38:37.730,0:38:41.609
Where we specifically learned an important[br]lesson. And the important lesson was,

0:38:41.609,0:38:44.660
even if you’re a journalist explaining[br]things exactly technically correctly

0:38:44.660,0:38:47.739
– people will still get it wrong. It’s just[br]not the journalists that get it wrong.

0:38:47.739,0:38:50.640
It’s the readers. Very frustrating.

0:38:50.640,0:38:55.079
People decided that because the NSA[br]definitely has XKeyscore rules that is

0:38:55.079,0:38:58.529
rules for surveilling the internet, where[br]they’re looking at big traffic buffers.

0:38:58.529,0:39:03.890
TEMPORA e.g. the British surveillance[br]system that is built on XKeyscore.

0:39:03.890,0:39:08.190
With a – probably – week-long buffer of[br]all internet traffic. That’s a big buffer,

0:39:08.190,0:39:15.249
by the way. Doing these XKeyscore[br]rules, running across that traffic set,

0:39:15.249,0:39:18.130
they would find that people were[br]connecting to directory authorities.

0:39:18.130,0:39:20.959
One of those directory authorities is[br]mine, actually, quite ironically. And

0:39:20.959,0:39:25.760
then Sebastian Hahn, and other people[br]in this audience. And some people said:

0:39:25.760,0:39:30.839
“Oh, don’t use Tor because the NSA will[br]be monitoring you!” That is exactly

0:39:30.839,0:39:35.660
the wrong take-away. Because there are[br]XKeyscore rules on the order of tens of

0:39:35.660,0:39:39.890
thousands, from what we can tell.[br]So everything you do is going through

0:39:39.890,0:39:43.000
these giant surveillance systems. And[br]what you’ll learn when you monitor

0:39:43.000,0:39:48.579
someone using Tor is that they’re[br]using Tor potentially, in that buffer.

0:39:48.579,0:39:51.299
Which is different than ‘they learn[br]for sure that you were going to

0:39:51.299,0:39:55.769
the Chaos Computer Club’s web site’,[br]or that you were going to a dating site.

0:39:55.769,0:39:59.430
So it’s the difference between ‘they learn[br]some keeny (?) bit of information about you’,

0:39:59.430,0:40:02.920
that you’re using an anonymity[br]system, versus ‘they learned exactly

0:40:02.920,0:40:06.469
what you were doing on the internet’. Now[br]if there were only a few XKeyscore rules

0:40:06.469,0:40:10.849
at all, and it was just that about Tor[br]then that conclusion people reach

0:40:10.849,0:40:15.260
would be correct. But it’s exactly not[br]true. The XKeyscore system is so powerful

0:40:15.260,0:40:18.900
that if you have a logo for a company,[br]so anyone here that runs a company,

0:40:18.900,0:40:23.440
and you put a logo inside of a document,[br]the XKeyscore system can find that logo

0:40:23.440,0:40:28.489
in all of the documents flowing across the[br]internet in real-time. And alert someone

0:40:28.489,0:40:34.079
that someone has sent a .DOC or a PDF with[br]that image inside of it. And alert them.

0:40:34.079,0:40:38.229
So that they can intercept it. So the[br]lesson is not “Don’t use Tor because

0:40:38.229,0:40:43.200
XKeyscore may put your metadata into[br]a database, in the so-called ‘corporate

0:40:43.200,0:40:47.930
repositories’”. The lesson is “Holy shit,[br]there’s this gigantic buffering system

0:40:47.930,0:40:52.259
which has search capabilities that even[br]allow you to search inside of documents.

0:40:52.259,0:40:55.740
Really, really advanced capabilities where[br]they can select that traffic and put it

0:40:55.740,0:41:00.069
somewhere else”. “Use an anonymity[br]system!” And also: “Look, they’re

0:41:00.069,0:41:04.789
targeting anonymity systems, even in the[br]United States, which, at least for the NSA

0:41:04.789,0:41:08.239
they’re not supposed to be doing those[br]kinds of things”. They literately were

0:41:08.239,0:41:11.369
caught lying here. They’re doing[br]bulk internet surveillance even

0:41:11.369,0:41:16.109
in the United States. Using these[br]kinds of systems. That’s really scary.

0:41:16.109,0:41:19.680
But the real big lesson to take away from[br]that is, actually, that they’re doing this

0:41:19.680,0:41:22.440
for all the protocols that they can[br]write fingerprints for. And they have

0:41:22.440,0:41:28.770
a generic language where they can actually[br]describe protocols. And so we published

0:41:28.770,0:41:32.529
a number of those, we = NDR. And I would[br]really recommend you read and understand

0:41:32.529,0:41:35.749
that. But the lesson, again, is not[br]“Oh no, they’re going to detect you’re

0:41:35.749,0:41:40.190
using Tor”. We have never said that Tor[br]can e.g. protect you against someone

0:41:40.190,0:41:45.130
seeing that you’re using it. Especially in[br]the long term. But rather the point is

0:41:45.130,0:41:49.509
exactly the scariest point. This mass[br]internet surveillance is real. And

0:41:49.509,0:41:55.579
it is the case that it is real-time.[br]And it’s a real problem.

0:41:55.579,0:42:02.540
<i>applause</i>

0:42:02.540,0:42:05.910
Roger: If you’re using Tor they see that[br]you’re using Tor. If you’re not using Tor

0:42:05.910,0:42:09.630
they see exactly where you’re going.[br]You end up in a list of people who went

0:42:09.630,0:42:13.150
to ‘this’ website, or ‘this’ website,[br]or used ‘this’ service, or sent

0:42:13.150,0:42:18.589
‘this’ document. And the diversity of[br]Tor users is part of the safety, where,

0:42:18.589,0:42:21.779
just because they know you’re using[br]Tor doesn’t tell them that much.

0:42:21.779,0:42:24.890
One of the other things I’ve been[br]wrestling with after looking at a bunch

0:42:24.890,0:42:29.039
of these documents lately is the whole[br]‘how do we protect against pervasive

0:42:29.039,0:42:33.079
surveillance’. And this is an entire talk[br]on its own. We’ve been doing some

0:42:33.079,0:42:39.380
design changes. We pushed out some changes[br]in Tor that protect you more against

0:42:39.380,0:42:42.980
pervasive surveillance. We – for the[br]technical people out there – we’ve reduced

0:42:42.980,0:42:47.799
the number of guard relays that you use[br]by default from 3 to 1. So there are

0:42:47.799,0:42:52.609
fewer places on the internet that get to[br]see your Tor traffic. That’s a good start.

0:42:52.609,0:42:56.009
One of the other lessons we’ve been[br]realizing: The internet is more centralized

0:42:56.009,0:43:01.479
than we’d like. So it’s easy to say[br]“Oh, we just need more exit relays,

0:43:01.479,0:43:05.230
and then we’ll have more protection[br]against these things”. But if we put

0:43:05.230,0:43:09.450
another exit relay in that same data[br]sensor (?) in Frankfurt that they’re

0:43:09.450,0:43:13.719
already watching that’s not actually going[br]to give us more safety against these

0:43:13.719,0:43:18.950
pervasive surveillance adversaries.[br]Something else I realized: so we used

0:43:18.950,0:43:23.119
to talk about how Tor does these two[br]different things. We’ve got anonymity,

0:43:23.119,0:43:27.059
we’re trying to protect against somebody[br]trying to learn what you’re doing, and

0:43:27.059,0:43:30.470
we’ve got circumvention, censorship[br]circumvention. We’re trying to protect

0:43:30.470,0:43:33.589
against somebody trying to prevent[br]you from going somewhere.

0:43:33.589,0:43:37.980
But it turns out in the surveillance[br]case they do deep packet inspection

0:43:37.980,0:43:42.200
to figure out what protocol you’re[br]doing, to find out what you’re up to.

0:43:42.200,0:43:45.710
And in the censorship case they do[br]deep packet inspection to figure out

0:43:45.710,0:43:49.730
what protocol you’re using, to decide[br]whether to block it. So it’s actually…

0:43:49.730,0:43:55.049
these fields are much more related[br]than we had realized before. And

0:43:55.049,0:43:59.140
it took us a while, I’m really happy that[br]we have these documents to look at,

0:43:59.140,0:44:03.599
so that we have a better understanding[br]of how this global surveillance

0:44:03.599,0:44:10.660
and censorship works. Long ago, so in[br]2007, I ended up doing a talk at the NSA,

0:44:10.660,0:44:14.619
to try to convince them that we were not[br]the bad guys. And you can read the notes

0:44:14.619,0:44:18.530
that they took about my talk at the[br]NSA. Because they’re published

0:44:18.530,0:44:22.660
in the Washington Post. So I encourage you[br]to go read what the NSA thought of my talk

0:44:22.660,0:44:28.440
to them. That same year I ended up going[br]to GCHQ, to give a talk to them, to try

0:44:28.440,0:44:31.799
to convince them that we were not the[br]bad people. And I thought to myself:

0:44:31.799,0:44:35.230
“I don’t want to give them anything[br]useful. I don’t want to talk about

0:44:35.230,0:44:39.599
anonymity, because I know they’re going[br]to try to break anonymity. So I’m going

0:44:39.599,0:44:43.270
to give them a talk that has nothing to do[br]with anything that they should care about.

0:44:43.270,0:44:48.359
I’m going to talk about the censorship[br]arms race in China, and DPI, and stuff

0:44:48.359,0:44:53.509
like that, that they shouldn’t care[br]about at all”. Boy, were we wrong!

0:44:53.509,0:44:59.420
<i>applause</i>

0:44:59.420,0:45:03.389
So the other thing to think about here,[br]there are a bunch of different pluggable

0:45:03.389,0:45:08.300
transports that could come in handy[br]against the surveillance adversary.

0:45:08.300,0:45:12.380
We have, so far, been thinking of[br]pluggable transports in terms of

0:45:12.380,0:45:16.140
‘there’s somebody trying to censor your[br]connection, they’re doing DPI, or they’re

0:45:16.140,0:45:20.590
looking for addresses, and they’re trying[br]to block things’. One of the things

0:45:20.590,0:45:24.680
we learned from this past summer’s[br]documents: imagine an adversary

0:45:24.680,0:45:29.140
who builds a list of all the public Tor[br]relays. And then they build a list of

0:45:29.140,0:45:33.059
all of the IP addresses that connect[br]to those Tor relays. Now they know

0:45:33.059,0:45:36.421
all the bridges, and many of the users.[br]And now they build a list of all the

0:45:36.421,0:45:41.400
IP addresses that connect to those IP[br]addresses. And they go a few hops out,

0:45:41.400,0:45:46.610
and now they know all the public relays,[br]all the bridges, all the users, all of

0:45:46.610,0:45:50.079
the other things that are connected to[br]Tor. And they can keep track of which ones

0:45:50.079,0:45:55.849
they should log traffic for, for the next[br]6 months, rather than the next week.

0:45:55.849,0:46:00.599
That’s a really scary adversary. Some of[br]the pluggable transports we’ve been

0:46:00.599,0:46:06.009
working on could actually come in handy[br]here. So ‘Flash proxy’ is one of the ones

0:46:06.009,0:46:10.709
you heard about in last year’s talk. The[br]basic idea of a Flash proxy is to get

0:46:10.709,0:46:16.940
users running web browsers to volunteer[br]running web-RTC, or something like that

0:46:16.940,0:46:22.150
to basically be a short-lived bridge[br]between the censored user and

0:46:22.150,0:46:26.979
the Tor Network. So the idea is that you[br]get millions of people running browsers,

0:46:26.979,0:46:31.450
and then you can proxy from inside China,[br]or Syria, or America, or wherever

0:46:31.450,0:46:36.650
the problem is, through the browser into[br]the Tor Network. But from the surveillance

0:46:36.650,0:46:42.170
perspective suddenly they end up with[br]an enormous list of millions of people

0:46:42.170,0:46:46.209
around the world that are[br]basically buffering the Tor user

0:46:46.209,0:46:50.089
from the Tor Network. So if they[br]start with this list of IP addresses,

0:46:50.089,0:46:52.710
and they’re trying to build a list of[br]everything, now they end up

0:46:52.710,0:46:56.210
with millions of IP addresses[br]that have nothing to do with Tor.

0:46:56.210,0:46:59.640
And they have to realize, at the time[br]they’re watching, that they want to go

0:46:59.640,0:47:03.769
one more hop out. So I don’t[br]know if that will work. But this is

0:47:03.769,0:47:08.680
an interesting research area that more[br]people need to look at: How can we,

0:47:08.680,0:47:12.880
against an adversary who’s trying to build[br]a list of everybody who has anything to do

0:47:12.880,0:47:17.749
with Tor, how can we have[br]Tor users not end up on that list.

0:47:17.749,0:47:22.729
What sort of transports or tunneling[br]through Google app spot (?),

0:47:22.729,0:47:27.440
or other tools like that can we use[br]to break that chain, so it’s not as easy

0:47:27.440,0:47:32.709
for them to track down[br]where all the users are.

0:47:32.709,0:47:36.500
Okay, Silk Road 2, we’ve had a lot[br]of questions about. I think it’s called

0:47:36.500,0:47:41.099
Operation Onimous (?). I actually talked[br]to an American law enforcement person

0:47:41.099,0:47:46.250
who was involved in this. And he[br]told me, from his perspective, exactly

0:47:46.250,0:47:50.720
how it happened. Apparently the[br]Silk Road 2 guy wrote his name down

0:47:50.720,0:47:54.979
somewhere. So they brought him in,[br]and started asking him questions. And

0:47:54.979,0:47:58.760
as soon as they started asking him[br]questions he started naming names.

0:47:58.760,0:48:02.479
And they counted up to 16 names, and[br]they went and arrested all those people,

0:48:02.479,0:48:05.730
and collected their computers. And then[br]they put out a press release, saying

0:48:05.730,0:48:10.140
that they had an amazing Tor attack.

0:48:10.140,0:48:13.019
<i>applause</i>

0:48:13.019,0:48:18.069
So there are a couple of lessons here. One[br]of them is: Yes, it’s another case where

0:48:18.069,0:48:25.250
opsec failed. But the other lesson that[br]we learn is: These large law enforcement

0:48:25.250,0:48:32.729
adversaries are happy to use press spin[br]and lies, and whatever else it takes

0:48:32.729,0:48:36.779
to try to scare people away from[br]having safety on the internet.

0:48:36.779,0:48:40.390
Jacob: This is a really… to me,[br]especially, if I take off my Tor hat

0:48:40.390,0:48:44.820
and put on my journalistic hat, as if[br]I can actually take off hats etc., but

0:48:44.820,0:48:49.019
it’s really terrifying that journalists[br]don’t actually ask hard questions

0:48:49.019,0:48:54.950
about that. You know, the Europol people[br]that spoke to the press, they talked

0:48:54.950,0:48:59.119
about this as if they had some incredible[br]attack, they talked about 0-day,

0:48:59.119,0:49:02.999
they talked about how, you know,[br]they had broken Tor, “You’re not safe

0:49:02.999,0:49:05.750
on the Dark Web”. We don’t even use the[br]term ‘Dark Web’. That’s how you know

0:49:05.750,0:49:13.509
that they’re full of shit. But it’s…[br]<i>applause</i>

0:49:13.509,0:49:18.480
That’s sort of like when people have Tor[br]in all caps (?)(?)(?)(?)(?)(?), dark web,

0:49:18.480,0:49:22.809
that kind of stuff, this is a bad sign. But[br]the way they talk about it, it was clear

0:49:22.809,0:49:27.230
that they, as far as we can tell, they[br]don’t have that. But they really hyped it.

0:49:27.230,0:49:32.529
As much as they possibly could. I mean,[br]it is, effectively, and I think it is even

0:49:32.529,0:49:36.970
technically a psychological operation[br]against the civilian population. They

0:49:36.970,0:49:41.589
want to scare you into believing that Tor[br]doesn’t work. Because, in fact, it does work,

0:49:41.589,0:49:45.999
and it is a problem for them. So any time[br]they can ever have some kind of win-it-all

0:49:45.999,0:49:49.489
they always spin it as if they’re great,[br]powerful adversaries, and it’s

0:49:49.489,0:49:54.189
us-versus-them. And that’s exactly wrong.[br]It is not us-versus-them. Because we all

0:49:54.189,0:49:57.900
need anonymity. We all absolutely need[br]that. And they shouldn’t be treating us

0:49:57.900,0:50:02.819
as adversaries. They, in fact, are also[br]Tor users, quite ironically. So it is

0:50:02.819,0:50:06.150
interesting though, because they know that[br]they haven’t done that. But they don’t

0:50:06.150,0:50:09.059
want you to know that they haven’t done[br]that. In fact, they want you to know

0:50:09.059,0:50:11.529
the opposite. Of course we could be[br]wrong. They could have some

0:50:11.529,0:50:17.989
super-secret exploit, but as far as we can[br]tell that just is not the case. So, what’s

0:50:17.989,0:50:20.920
to be learned from this? We used to think[br]it was just American law enforcement

0:50:20.920,0:50:24.709
that were scary jerks. Now it’s also[br]European. I don’t know if that’s

0:50:24.709,0:50:28.670
the right buzzing(?). But hopefully some[br]of you will go and work at Europol,

0:50:28.670,0:50:31.929
and tell us what’s really going on.

0:50:31.929,0:50:37.739
<i>applause</i>

0:50:37.739,0:50:42.799
Roger: Speaking of Hidden Services. We[br]have a new design in mind, that will have

0:50:42.799,0:50:47.839
some stronger crypto properties, and make[br]it harder to enumerate Hidden Services.

0:50:47.839,0:50:52.059
It won’t solve some of the big anonymity[br]questions that are still open research

0:50:52.059,0:50:55.640
questions. But there are a lot of[br]improvements we’d like to make,

0:50:55.640,0:50:59.789
to make the crypto more secure, and[br]performance changes etc. And we’d been

0:50:59.789,0:51:04.529
thinking about doing some sort of crowd[br]funding, kickstarter-like thing, to make

0:51:04.529,0:51:08.630
Hidden Services work better. We’ve got[br]a funder who cares about understanding

0:51:08.630,0:51:12.790
Hidden Services, but that’s not the same[br]as actually making them more secure.

0:51:12.790,0:51:17.329
So we’d love to chat with you after this[br]about how to make one of those

0:51:17.329,0:51:19.839
kickstarters actually work.

0:51:19.839,0:51:25.529
Jacob: Right, so, if you have questions[br]we have some amount of time for questions.

0:51:25.529,0:51:28.489
And while you line up at the microphone[br]I’ll tell you a quick story. So if you

0:51:28.489,0:51:31.120
have questions please line up at the[br]microphone, so we can do this.

0:51:31.120,0:51:34.010
This is a picture of a man who was[br]assassinated in San Francisco.

0:51:34.010,0:51:36.509
His name is Harvey Milk. Anybody[br]here – ever hear of Harvey Milk?

0:51:36.509,0:51:38.809
<i>applause</i>

0:51:38.809,0:51:43.319
Great. Harvey Milk was basically the[br]first out-gay politician in, I think,

0:51:43.319,0:51:47.569
the United States. He was a city council[br]member in San Francisco. And this was

0:51:47.569,0:51:52.059
during a huge fever pitch apora (?) where…[br]basically it was the battle between:

0:51:52.059,0:51:56.999
“Are people who are gay people or not?”[br]And what he said is: Go home and

0:51:56.999,0:52:00.190
tell your brothers, your mothers, your[br]sisters, your family members and

0:52:00.190,0:52:03.890
your co-workers that you’re gay. Tell[br]them that, so that when they advocate

0:52:03.890,0:52:08.549
for violence against gay people, when[br]they advocate for harm against you

0:52:08.549,0:52:13.609
that they know they’re talking about you.[br]Not an abstract boogieman. But someone

0:52:13.609,0:52:18.790
that they actually know, and that they[br]love. We need every person in this room,

0:52:18.790,0:52:22.699
every person watching this video later to[br]go home and talk about how you needed

0:52:22.699,0:52:26.749
anonymity, for 5 or 10 minutes. How you[br]needed it every day to do your job.

0:52:26.749,0:52:30.949
We need people to reach out. Now that’s[br]a sad story with Harvey Milk which is

0:52:30.949,0:52:33.760
that he and mayor Moscone of San[br]Francisco were actually killed by

0:52:33.760,0:52:38.539
a very crazy person, that was also in city[br]government, in the American traditional

0:52:38.539,0:52:43.549
extreme gun violence. He was shot and[br]killed. And that person actually got away

0:52:43.549,0:52:48.049
with it. The so-called ‘Twinkie defense’.[br]So we’re not trying to draw that parallel.

0:52:48.049,0:52:53.220
Just to be clear please don’t shoot us and[br]kill us! Not even funny, unfortunately.

0:52:53.220,0:52:57.890
But to understand that we are really[br]under threat, a lot of pressure. There’s

0:52:57.890,0:53:02.410
a lot of pressure. We get pressure from[br]law enforcement investigation agencies

0:53:02.410,0:53:08.239
to backdoor Tor, and we tell them:[br]“No”, and that takes a lot of stress

0:53:08.239,0:53:12.079
and dumps it on us. And we need support[br]from a lot of people, to tell them

0:53:12.079,0:53:16.459
to back off. It can’t just be us that[br]say that. Or we will lose some day.

0:53:16.459,0:53:20.499
And there are also very scary adversaries[br]that do not care at all about the law.

0:53:20.499,0:53:25.000
Not that those guys care about the law but[br]really don’t care about the law at all.

0:53:25.000,0:53:29.430
And we need people to understand how[br]important anonymity is, and make sure

0:53:29.430,0:53:35.040
that that goes into every conversation.[br]So really, go home and teach your friends

0:53:35.040,0:53:38.489
and your family members about your[br]need for anonymity. This lesson

0:53:38.489,0:53:42.299
from Harvey Milk was very useful. It is[br]the case that now, in California where

0:53:42.299,0:53:46.180
there is a huge fever pitch (?) battle about[br]this that you can e.g. be gay and be

0:53:46.180,0:53:50.760
a school teacher. That was one of the[br]battles that Harvey Milk helped win.

0:53:50.760,0:53:58.759
<i>applause</i>

0:53:58.759,0:54:02.520
So, with that I think[br]that we have time for…

0:54:02.520,0:54:06.200
Herald: Yeah, we have like 10 minutes left[br]for questions. So, thank you so much

0:54:06.200,0:54:09.689
for the talk! It’s really inspiring.[br]Thank you for keeping up the work!

0:54:09.689,0:54:17.259
<i>applause</i>

0:54:17.259,0:54:20.233
Really! Although you do this every year[br]it never gets old. And I think your…

0:54:20.233,0:54:24.119
every year you give people the chance to[br]leave the Congress with a feeling of hope

0:54:24.119,0:54:26.869
and purpose. So, thank you so much for[br]everything you do and every minute

0:54:26.869,0:54:30.489
you spend on this project. So we start[br]with a question from the internet.

0:54:30.489,0:54:32.339
<i>applause</i>

0:54:32.339,0:54:34.739
Jacob: We’d like to take a few questions[br]from the internet all at once,

0:54:34.739,0:54:36.889
if possible, so we can try to answer[br]them as quickly as possible.

0:54:36.889,0:54:38.469
Signal Angel: Okay.[br]Herald: Alright.

0:54:38.469,0:54:41.569
Signal Angel: So, the first one: Yesterday[br]you said that SSH is broken. So

0:54:41.569,0:54:45.719
what should we use to safely[br]administrate our Tor relays?

0:54:45.719,0:54:49.950
Jacob: Hah! That’s great. So,[br]first of all! Next set of questions!

0:54:49.950,0:54:53.259
Signal Angel: So the next one is: How much[br]money would be needed to get independent

0:54:53.259,0:54:56.170
from Government funding,[br]and is that even desired?

0:54:56.170,0:54:59.229
Jacob: Ah, do you want me to do both?[br]Roger: Sure.

0:54:59.229,0:55:00.529
Jacob: Okay.[br]Signal Angel: Hope so.

0:55:00.529,0:55:05.579
Jacob: Okay. First question: Consider[br]using a Tor Hidden Service, and then

0:55:05.579,0:55:09.079
SSH’ing into that Tor Hidden Service.[br]Composition of cryptographic components

0:55:09.079,0:55:15.680
is probably very important. A detail about[br]SSH: We don’t know what is going on.

0:55:15.680,0:55:19.299
We only know what was claimed in those[br]documents. That’s a really scary claim.

0:55:19.299,0:55:24.170
This creates a political problem. The U.S.[br]Congress and other political bodies

0:55:24.170,0:55:27.680
should really be asking the secret[br]services if they really have a database

0:55:27.680,0:55:31.160
called CAPRI OS where they store[br]SSH decrypts. And how they populate

0:55:31.160,0:55:35.209
that database. Because that is critical[br]infrastructure. We can’t solve that problem

0:55:35.209,0:55:39.259
with the knowledge that we have right now.[br]But we know now: There is a problem.

0:55:39.259,0:55:42.520
What is that problem? So, composition[br]of those systems: It seems to be,

0:55:42.520,0:55:45.899
the documents say that they haven’t broken[br]the crypto in Tor Hidden Services. So

0:55:45.899,0:55:51.499
put those two together. And also consider[br]that cryptography only buys you time.

0:55:51.499,0:55:55.640
It really isn’t the case that all the[br]crypto we have today is going to be good

0:55:55.640,0:55:59.579
maybe in 150 years. If Sci-Fi quantum[br]computers ever come out, and they

0:55:59.579,0:56:03.119
actually work, Shor’s algorithm and[br]other things really seem to suggest

0:56:03.119,0:56:07.160
we have a lot of trouble ahead. And the[br]second part, about money: Yeah, we would

0:56:07.160,0:56:10.999
love to replace Government funding. I mean[br]at least I would. But that isn’t to say

0:56:10.999,0:56:14.549
that we don’t respect that there are[br]people that do fund us to do good things.

0:56:14.549,0:56:20.099
We do take money from agencies who e.g.[br]the Department of Human Rights and Labor,

0:56:20.099,0:56:22.470
at the State Department. They’re sort of[br]like the advertising arm for the

0:56:22.470,0:56:26.519
gun-running part of the State Department,[br]as Julian Assange would say. And they

0:56:26.519,0:56:30.029
actually care about Human Rights. They[br]care that you have access to anonymity.

0:56:30.029,0:56:35.039
It’s weird because the State Department[br]– the rest of it – might not care. But,

0:56:35.039,0:56:38.670
we really, really would like to off-set[br]that money. But we’d like to grow.

0:56:38.670,0:56:42.959
We’d like to be able to hire 100 people[br]in this room to work on this full-time.

0:56:42.959,0:56:47.999
Because the planet needs anonymity. But[br]that requires that we find that money.

0:56:47.999,0:56:52.219
And the best place at the moment is by[br]writing grant proposals. And that is how

0:56:52.219,0:56:55.539
we have in fact done that. And that[br]allows us also to operate openly.

0:56:55.539,0:56:59.599
So we don’t have e.g. clearances. And we[br]try to publish everything we can about it.

0:56:59.599,0:57:03.539
And if you ever write a FOIA we always[br]tell the agency that has received the

0:57:03.539,0:57:09.480
Freedom Of Information request: Give the[br]requestor everything. Give it all to them.

0:57:09.480,0:57:13.280
We have nothing to hide about this, we[br]want you to see that. We want you to see

0:57:13.280,0:57:17.059
that when a government agency has paid[br]us money that we have done it for THIS

0:57:17.059,0:57:20.700
line item, and THIS line item. And we’ve[br]done it as well as we could do it, and

0:57:20.700,0:57:24.420
it is in line with the open research, and[br]we have really done a good thing,

0:57:24.420,0:57:26.250
that helps people.

0:57:26.250,0:57:30.979
Roger: So I’d love to diversify our[br]funding. I’d love to have foundations,

0:57:30.979,0:57:37.929
I’d love to have the EFF model where[br]individuals fund because we do great things

0:57:37.929,0:57:42.839
– look at what we did over the past year –[br]and in fact, right here: Look at what we

0:57:42.839,0:57:46.660
did over the past year. We’ve done so[br]amazing things, we’re gonna do some more

0:57:46.660,0:57:50.849
amazing things next year. We need your[br]help to actually make all of this happen.

0:57:50.849,0:57:55.229
Jacob: Anybody here[br]a Bitcoin millionaire?

0:57:55.229,0:57:57.340
Because we now take Bitcoin!

0:57:57.340,0:58:02.630
<i>applause</i>

0:58:02.630,0:58:05.260
Herald: Alright, let’s take[br]a question from microphone 1.

0:58:05.260,0:58:09.180
Question: Just a short question:[br]is there a follow-up on the

0:58:09.180,0:58:14.539
Thomas White tor-talk mailing list thing?

0:58:14.539,0:58:18.579
Roger: So, Thomas White runs a few exit[br]relays. Some of them are quite large,

0:58:18.579,0:58:24.519
I’m very happy he does that. It is quite[br]normal for exit relays to come and go.

0:58:24.519,0:58:29.470
He is in England, and as far as I can tell[br]England is not a very good place to be

0:58:29.470,0:58:36.249
these days. But he’s trying to fix his[br]country from inside which is really great.

0:58:36.249,0:58:40.920
Basically the short version is: It’s not[br]a big deal. He runs some exit relays,

0:58:40.920,0:58:45.160
somebody tries to take them down, there[br]are 6000 relays in the network right now,

0:58:45.160,0:58:48.609
they go up and down, it’s normal.

0:58:48.609,0:58:52.630
Question: Is this related to the Tor[br]blog post, that Thomas White thing,

0:58:52.630,0:58:55.380
where you said there’s an upcoming…

0:58:55.380,0:58:59.630
Roger: It is unrelated, except for the[br]fact that everybody was watching.

0:58:59.630,0:59:03.130
So then, when he wrote a tor-talk mail[br]saying “Hey, I’m concerned about my

0:59:03.130,0:59:06.760
exit relays”, suddenly all the journalists[br]said: “Oh my god, they must be

0:59:06.760,0:59:09.069
the same thing!” So, no, unrelated!

0:59:09.069,0:59:11.180
Jacob: There are a lot of people that[br]have been attacking the Tor network.

0:59:11.180,0:59:13.940
You’ve probably seen there’ve been[br]Denial-of-Service attacks, and things

0:59:13.940,0:59:18.029
like that on the Tor directory[br]authorities. This is what I was saying

0:59:18.029,0:59:22.319
one or two slides ago when I said “Please[br]tell people the value of Tor, and that

0:59:22.319,0:59:26.789
you need it”. Because when people do[br]Denial-of-Service attacks, when they see

0:59:26.789,0:59:30.709
servers, we really need, in a peer2peer[br]network way, to draw up more relays

0:59:30.709,0:59:34.449
to actually increase the bandwidth[br]capacity, to increase the exit capacity.

0:59:34.449,0:59:38.609
And it’s very important to do that. Right?[br]I mean it’s very, very serious that

0:59:38.609,0:59:41.670
those things happen. But it’s also[br]important that the design of the network

0:59:41.670,0:59:45.099
is designed with the expectation that[br]thieves will steal computer systems,

0:59:45.099,0:59:50.749
that jerks will denial-of-service them[br]etc. So if you can run an exit relay,

0:59:50.749,0:59:53.789
thank you! Thank you for doing that.[br]Next question?

0:59:53.789,0:59:55.869
<i>applause</i>[br]Herald: Yeah. Let’s take a question

0:59:55.869,0:59:56.890
from microphone 2.

0:59:56.890,1:00:00.979
Question: First of all a quick shoutout to[br]your Ooni friend. Please don’t ask people

1:00:00.979,1:00:06.299
to run arbitrary code over the internet.[br]Curl-piper’s age (?) is not good style.

1:00:06.299,1:00:09.829
Roger: There’s a deb (?) that we’re working[br]on also that should be a lot better.

1:00:09.829,1:00:13.000
Jacob: Yeah, ‘apt-get install ooniprobe’[br]will also work.

1:00:13.000,1:00:18.510
Question: Do you have any plans[br]of implementing IPv6, finally?

1:00:18.510,1:00:24.839
Jacob: So there is IPv6, so Linus[br]Nordberg, one of the finest Tor people

1:00:24.839,1:00:32.029
I’ve ever met, he, in fact, helped add[br]IPv6 support, initial IPv6 support

1:00:32.029,1:00:36.809
to the Tor network. So, e.g. you can,[br]in fact, exit through the Tor network

1:00:36.809,1:00:42.660
with IPv4 or IPv6. It is the case that the[br]Tor relays in the network still all need

1:00:42.660,1:00:48.559
IPv4, not just IPv6. My Tor directory[br]authority which runs in California,

1:00:48.559,1:00:52.619
it has an IPv4 and an IPv6 address,[br]so if you have an IPv6 address you can

1:00:52.619,1:00:55.799
bootstrap, you can connect to that.[br]You could do some interesting

1:00:55.799,1:00:59.469
pluggable-transport stuff as well. So[br]that is on the road map. This is another

1:00:59.469,1:01:03.460
example of: If you really care about that[br]issue please send us your Bitcoins!

1:01:03.460,1:01:07.619
And it would be really fantastic because[br]we really want that! But right now,

1:01:07.619,1:01:12.640
you can use Tor as a v4-v6 gateway.[br]You really can do that, and we would

1:01:12.640,1:01:15.980
encourage that. It’s another example[br]of some kind of neat feature of Tor

1:01:15.980,1:01:18.289
which you would never think an[br]anonymity system would have.

1:01:18.289,1:01:23.079
Roger: And in Iran, right now, where IPv6[br]is not censored because the soft…

1:01:23.079,1:01:26.931
the censorship stuff they have from[br]America and Europe didn’t think

1:01:26.931,1:01:30.779
to censor IPv6…[br]<i>laughter and applause</i>

1:01:30.779,1:01:34.989
<i>applause</i>

1:01:34.989,1:01:41.079
so you can use a bridge right now in Iran[br]that connects over IPv6. Works great.

1:01:41.079,1:01:43.769
Jacob: Yeah. Next question?[br]Herald: Alright, microphone 4!

1:01:43.769,1:01:46.869
Question: So we heard lots of really[br]encouraging success stories about Tor

1:01:46.869,1:01:50.890
working against a global passive[br]adversary. But we know that Tor

1:01:50.890,1:01:54.819
wasn’t designed for this use case.[br]The question is: What needs to happen

1:01:54.819,1:01:59.099
in order for Tor to actually being[br]able to handle this, officially?

1:01:59.099,1:02:01.890
Is this just research, or some[br]more development work?

1:02:01.890,1:02:06.779
Roger: There’s a lot of really hard open[br]research questions there. So if you’re…

1:02:06.779,1:02:10.890
so, I get… basically one of the[br]issues is what we call the

1:02:10.890,1:02:15.190
end-to-end traffic correlation attack. So[br]if you can see the flow over here coming

1:02:15.190,1:02:18.699
into the Tor network, and you can see the[br]corresponding flow over here, coming out

1:02:18.699,1:02:23.020
of it, then you do some simple statistics,[br]and you say: “Hey, wait a minute, these

1:02:23.020,1:02:27.359
line up!” And there are a bunch of[br]different directions on how to make that

1:02:27.359,1:02:32.680
harder. Basically what you want to[br]do is drive up the false-positive rate.

1:02:32.680,1:02:37.660
So you see a flow here, and there are[br]actually 1000 flows that look like they

1:02:37.660,1:02:41.779
sort of match. And maybe you can do[br]that by adding a little bit of padding,

1:02:41.779,1:02:46.619
or delays, or batching or something. The[br]research, as we understand it right now,

1:02:46.619,1:02:51.049
means that you have to add hours[br]of delay, not seconds of delay.

1:02:51.049,1:02:56.739
That’s kind of crummy. So another way[br]of phrasing that: Imagine a graph,

1:02:56.739,1:03:02.670
the X axis is how much overhead[br]we’re adding. And the Y axis is

1:03:02.670,1:03:06.739
how much security we get against the[br]end-to-end correlation attack. We have

1:03:06.739,1:03:13.049
zero data points on that graph. We have[br]no idea what the curve looks like.

1:03:13.049,1:03:16.249
Jacob: There’s also another point which[br]is: Roger has an assumption. He says

1:03:16.249,1:03:20.809
if we have a high false-positive rate,[br]that that’s a good thing. Well, maybe,

1:03:20.809,1:03:23.440
maybe actually, that’s exactly the[br]wrong thing. Maybe the result is

1:03:23.440,1:03:27.630
that 1000 people get rounded up instead[br]of 1. The reality is that there is

1:03:27.630,1:03:31.030
no system that – as far as we know –[br]is actually safer than that. Of course

1:03:31.030,1:03:34.300
we would say that, we work on Tor. But as[br]an example: One of the XKeyscore things

1:03:34.300,1:03:37.890
that I’ve seen in this research which[br]we published in the NDR story is that

1:03:37.890,1:03:41.180
they were doing an attack on Hotspot Shield[br]where they were actually doing

1:03:41.180,1:03:45.299
traffic correlation where they were able[br]to de-anonymize VPN users because of

1:03:45.299,1:03:49.190
it’s a single hop. And then they were[br]also able to do Quantuminsert to attack

1:03:49.190,1:03:54.390
specific users using the VPN. We haven’t[br]seen evidence of them doing that to Tor.

1:03:54.390,1:03:57.680
That also doesn’t mean that every VPN[br]is broken. It just means that VPN

1:03:57.680,1:04:00.729
has a different threat model. There’s[br]lot of attacks that are like that, and

1:04:00.729,1:04:05.400
the problem is the internet is a dangerous[br]place. So, I mean, Banksy said it best:

1:04:05.400,1:04:09.229
He said, in the future people will be[br]anonymous for 15 minutes. And

1:04:09.229,1:04:13.249
I think he may have over-estimated[br]that. Depending on the attacker.

1:04:13.249,1:04:17.209
Roger: There’s a conference called the[br]Privacy Enhancing Technology Symposium,

1:04:17.209,1:04:21.390
petsymposium.org where all of the[br]Anonymous Communications researchers

1:04:21.390,1:04:26.619
get together each year to consider exactly[br]these sorts of research questions. So,

1:04:26.619,1:04:30.359
it’s not just an engineering question,[br]there’s a lot of basic science left

1:04:30.359,1:04:33.199
in terms of how to make[br]these things harder.

1:04:33.199,1:04:35.219
Herald: Alright, the last question[br]is one from the internet.

1:04:35.219,1:04:40.259
Signal Angel: Okay, so, does running[br]a Ooniprobe involve any legal risks?

1:04:40.259,1:04:43.249
Jacob: Okay, so, great! We can take[br]different questions, cause we’re gonna say

1:04:43.249,1:04:44.519
“Talk to Arturo!”

1:04:44.519,1:04:46.899
Herald: Alright, so, microphone 3!

1:04:46.899,1:04:51.549
Question: Okay, as a new[br]Tor relay operator I’ve got…

1:04:51.549,1:04:57.829
<i>applause</i>[br]Jacob: Take a bow!

1:04:57.829,1:05:04.209
Question: So, since about 2 months I run[br]3 relays, rather high bandwidth, and

1:05:04.209,1:05:10.380
on 2 of these I had quite strange things[br]happen. One case: A kernel crash in the

1:05:10.380,1:05:16.640
Intel e1000 driver, the other one having[br]the top-of-the-rack switch just reboot,

1:05:16.640,1:05:22.199
which is by the way a Juniper switch.[br]So I’m kind of concerned about this

1:05:22.199,1:05:26.390
operational security. You[br]know, could you trust that?

1:05:26.390,1:05:31.779
Jacob: Yeah, absolutely. So the short[br]version of it is: Agencies like the NSA,

1:05:31.779,1:05:34.920
depending on where you’re located, might[br]compromise something like your Juniper

1:05:34.920,1:05:38.859
switch upstream. They sit on Zerodays[br]for critical infrastructure, that includes

1:05:38.859,1:05:44.740
core routers, and switches. But[br]it may not be such a big thing.

1:05:44.740,1:05:49.670
It really depends on where you’re located.[br]It could also be that the hardware sucks.

1:05:49.670,1:05:52.790
<i>laughter</i>[br]And that the software is not good. And

1:05:52.790,1:05:56.839
when you, of course, are pushing,[br]let’s say gigabits of traffic through it

1:05:56.839,1:06:01.789
it falls over. It’s really hard to know.[br]That’s a really good question,

1:06:01.789,1:06:07.080
which is very specific, and kind of[br]hard for us to address without data.

1:06:07.080,1:06:13.070
Question: Sorry, I’m concerned that the[br]attack, like this, you know, they could,

1:06:13.070,1:06:17.939
actually, compromise the machine without[br]knowing, or compromise the exact uplink.

1:06:17.939,1:06:21.650
And this would actually be a viable[br]attack, like very low-key,

1:06:21.650,1:06:24.489
you don’t see it, as [an] operator,[br]maybe, if you’re not very careful.

1:06:24.489,1:06:28.079
And you can watch all the traffic[br]going inside, going outside the box.

1:06:28.079,1:06:32.769
Jacob: It would be fantastic[br]if you can prove that theory.

1:06:32.769,1:06:36.959
Because, of course, if you can, maybe we[br]can find other information that allows us

1:06:36.959,1:06:41.019
to stop those types of things to[br]happen, or e.g. can in some way

1:06:41.019,1:06:45.660
allow us to fix the problems that are[br]being exploited. The reality is that

1:06:45.660,1:06:48.630
general purpose computers[br]are quite frankly not very secure,

1:06:48.630,1:06:51.759
and special purpose computers[br]aren’t doing much better.

1:06:51.759,1:06:55.140
Roger: I worry not only about active[br]attacks like that but about passive attacks

1:06:55.140,1:06:59.269
where they already have some sort of[br]surveillance device up-stream from you

1:06:59.269,1:07:03.939
in you co-location facility, or something[br]like that. So, yes. These are all

1:07:03.939,1:07:09.859
really big concerns. One of the defenses[br]that Tor has is diversity around the world.

1:07:09.859,1:07:14.199
So, hopefully they won’t be able to do[br]that to all of the relays. But yeah,

1:07:14.199,1:07:16.769
this is a big issue. We should[br]keep talking about it.

1:07:16.769,1:07:20.589
Herald: Alright, I just wanna come back[br]to the question before, for a second.

1:07:20.589,1:07:22.719
Because there was a question from the[br]internet. So the people are not able

1:07:22.719,1:07:27.949
to talk. Ooniprobe guy, hey, could you[br]maybe answer the question, like,

1:07:27.949,1:07:30.640
right now, or maybe on Twitter,[br]or post a link or something?

1:07:30.640,1:07:33.390
Because I happen to believe that[br]it’s a very important question.

1:07:33.390,1:07:35.640
You remember the question?[br]If there are legal restric…

1:07:35.640,1:07:40.809
Arturo: Yeah well, I mean the thing is[br]that we don’t really know like what are

1:07:40.809,1:07:43.049
the… who was it that[br]was asking the question?

1:07:43.049,1:07:46.049
Jacob: The internet?[br]Arturo: Ah, the internet. Okay.

1:07:46.049,1:07:51.099
<i>laughter and applause</i>[br]<i>Jacob laughs</i>

1:07:51.099,1:07:58.660
So I guess we can’t know all of the[br]legal risks involved in every country.

1:07:58.660,1:08:02.609
It is definitely the case that in some[br]countries you may get in trouble

1:08:02.609,1:08:11.039
for visiting some websites that are[br]considered illegal. So, I can go

1:08:11.039,1:08:16.189
in more detail into this if you[br]come later to Noisy Square at 6.

1:08:16.189,1:08:17.670
Herald: The internet can’t[br]come, that’s the problem!

1:08:17.670,1:08:20.240
Arturo: Ah, the internet can’t come, shit![br]Okay! <i>laughter</i>

1:08:20.240,1:08:26.790
So,… <i>laughs</i>[br]<i>applause</i>

1:08:26.790,1:08:29.440
Jacob: There’re a lot of jokes in that!

1:08:29.440,1:08:33.770
Arturo: The short answer is that you[br]should look at the test specifications,

1:08:33.770,1:08:38.920
that are written in English, and they have[br]at the bottom some notes that detail

1:08:38.920,1:08:46.190
what can be some of the risks involved.[br]But we are not lawyers. So we don’t know

1:08:46.190,1:08:50.939
what are the risks for all of the[br]countries. So you should probably speak

1:08:50.939,1:08:56.399
to somebody that knows about these things[br]in your country. And it’s experimental

1:08:56.399,1:09:03.069
software, and there are not many people[br]that are doing this. So we generally can’t

1:09:03.069,1:09:08.209
say. Hope that answers your question.[br]Question: Thanks a lot, yeah, thanks.

1:09:08.209,1:09:11.420
Herald: Alright, I guess, just to sum[br]it up: Be careful whatever you do.

1:09:11.420,1:09:15.719
<i>laughter and applause</i>[br]Alright, so, Jake was just asking

1:09:15.719,1:09:19.740
if maybe we could just gather a couple[br]of questions, and then ask about them

1:09:19.740,1:09:21.730
outside. Did I get that right?[br]Jacob: Yeah, so if everyone who is

1:09:21.730,1:09:25.459
at a microphone, disperse to the correct[br]microphone, if you could just ask all your

1:09:25.459,1:09:29.080
questions, then everyone else who’s here[br]that wants to hear the answers will know

1:09:29.080,1:09:32.040
that you should stick around and talk[br]to us afterwards. We won’t answer

1:09:32.040,1:09:34.660
all these questions unless there’s[br]a really burning one. But that way

1:09:34.660,1:09:37.000
the guys that are standing at the[br]microphone, or the gals that are

1:09:37.000,1:09:40.470
standing at the microphone or other, can[br]actually ask them right now, and if you’re

1:09:40.470,1:09:43.399
interested come and find us right[br]afterwards. We’re going to probably

1:09:43.399,1:09:46.880
go to the tea house upstairs, or[br]maybe I shouldn’t have said that.

1:09:46.880,1:09:49.089
<i>laughter</i>[br]Herald: Alright, so we’re gonna do it

1:09:49.089,1:09:51.449
like this. We’re gonna rush through this.[br]And we’re just gonna hear a lot of

1:09:51.449,1:09:55.920
interesting questions, but no answers. If[br]you wanna hear the answers stay tuned

1:09:55.920,1:10:00.090
and don’t switch the channel. So we take[br]a couple of questions. Microphone 5.

1:10:00.090,1:10:03.600
And be quick about it.[br]Question: In regards to robustness and

1:10:03.600,1:10:07.190
the Mozilla partnership: Are there any[br]thoughts about incrementally replacing

1:10:07.190,1:10:10.540
the C++ infrastructure[br]with Rust? Eventually?

1:10:10.540,1:10:14.680
Herald: Microphone 4![br]Is it open, microphone 4?

1:10:14.680,1:10:22.980
Question: Can you compare Tor with JAP[br]from TU Dresden in aspects of anonymity?

1:10:22.980,1:10:25.790
Herald: Okay, the other[br]guy at microphone 4!

1:10:25.790,1:10:29.740
Question: To your knowledge has anyone got[br]into trouble for running a non-exit relay?

1:10:29.740,1:10:32.950
And do you have any tips for people that[br]wanna help by running a non-exit relay?

1:10:32.950,1:10:34.860
Herald: Okay, microphone 1, 2 guys.

1:10:34.860,1:10:39.020
Question: I have a question, or[br]a suggestion for the funding problematic.

1:10:39.020,1:10:43.660
Have you… you’re teaming up with Mozilla,[br]have you ever considered like producing

1:10:43.660,1:10:47.960
own smartphones, because there’s a huge[br]margin. I also think there’s a problem

1:10:47.960,1:10:55.500
like… why most people don’t use[br]cryptography is because there’s no

1:10:55.500,1:11:01.010
easy-to-use, out-of-the-box, cool product[br]that’s like… that goes out and has a story

1:11:01.010,1:11:02.810
or anything, like the marketing on Apple.

1:11:02.810,1:11:05.310
Herald: Alright, the other[br]guy at microphone 1.

1:11:05.310,1:11:09.900
Question: So a couple of minutes before[br]the talk started someone did a Sibyl (?)

1:11:09.900,1:11:14.110
attack on Tor. And we should fix that[br]a.s.a.p. So please don’t disappear

1:11:14.110,1:11:17.450
for the next few hours.[br]<i>Jacob rages, laughing, theatrically</i>

1:11:17.450,1:11:19.030
Thanks!

1:11:19.030,1:11:21.840
Roger: It never ends.[br]Jacob: It never ends!

1:11:21.840,1:11:24.320
Herald: Alright. Two questions[br]from microphone 3.

1:11:24.320,1:11:27.870
Question: So when they took[br]down Silkroad they took

1:11:27.870,1:11:31.670
a lot of Bitcoins with them. I wonder[br]what the [U.S.] Government is doing

1:11:31.670,1:11:34.690
with the large amount of anonymized cash.

1:11:34.690,1:11:37.220
Roger: They auctioned it off.[br]Jacob: They sell it. Next question.

1:11:37.220,1:11:39.240
Question: And I think they[br]should give it to you.

1:11:39.240,1:11:41.810
Herald: Alright. Last question![br]Jacob: I fully agree!

1:11:41.810,1:11:45.810
Question: So to combat against the[br]‘misinformed journalists’ thing

1:11:45.810,1:11:50.550
why not have a dashboard, very[br]prominently displayed on the Tor Project

1:11:50.550,1:11:54.730
listing all of the academic, open[br]like known problems with Tor,

1:11:54.730,1:11:58.290
and always have the journalists go there[br]first to get the source of information,

1:11:58.290,1:12:00.400
rather than misunderstanding[br]academic research.

1:12:00.400,1:12:02.760
Jacob: Fantastic, so if you wanna know…

1:12:02.760,1:12:04.790
Herald: Alright, if you found any of these[br]questions interesting, and you’re also

1:12:04.790,1:12:08.940
interested in the answers stick around, go[br]to Noisy Square, speak to these two guys,

1:12:08.940,1:12:12.100
and get all your answers. Other than[br]that, you heard it a Brillion times, but:

1:12:12.100,1:12:15.980
go home, start a relay! My friends and I[br]did two years ago, after Jake’s keynote.

1:12:15.980,1:12:18.760
It’s really not that hard. You can make[br]a difference. And thank you so much,

1:12:18.760,1:12:20.300
for Roger and Jake, as every year!

1:12:20.300,1:12:27.500
<i>applause</i>

1:12:27.500,1:12:29.250
<i>silent postroll titles</i>

1:12:29.250,1:12:38.826
<i>subtitles created by c3subtitles.de[br]in the year 2017. Join, and help us!</i>