0:00:09.559,0:00:13.359
Herald: So now, the next talk that[br]we have here for one hour from 8:30
0:00:13.359,0:00:17.689
’til 9:30 PM is “The Tor Network[br]– we’re living in interesting times”.
0:00:17.689,0:00:21.499
I don’t know how many of you are familiar[br]with the works of Terry Pratchett.
0:00:21.499,0:00:26.680
But anyways, in the novels of Terry[br]Pratchett there is the saying:
0:00:26.680,0:00:30.509
“And may you live in interesting[br]times!” that is actually a curse
0:00:30.509,0:00:33.780
for someone that you especially[br]dislike; because it usually means
0:00:33.780,0:00:36.700
that you’re in a lot of trouble. So[br]I guess we’re all very excited
0:00:36.700,0:00:40.610
for this year’s ‘Tor Talk’ by the[br]everlasting Dream Team:
0:00:40.610,0:00:44.210
Jacob Appelbaum and Roger[br]Dingledine! There you go!
0:00:44.210,0:00:46.969
cheers and applause[br]Give it up!
0:00:46.969,0:00:54.659
huge applause
0:00:54.659,0:00:58.320
Jacob Appelbaum: So, thanks very much[br]to the guy who brought me a Mate.
0:00:58.320,0:01:00.979
I learned his name is Alexander. It’s[br]never a good idea to take drugs
0:01:00.979,0:01:04.589
from strangers, so I introduced[br]myself before I drank it. Thank you.
0:01:04.589,0:01:07.370
laughter
0:01:07.370,0:01:11.010
First I wanted to say that following up[br]after Glenn Greenwald is a great honor
0:01:11.010,0:01:15.250
and a really difficult thing to do, that’s[br]a really tough act to follow, and
0:01:15.250,0:01:18.860
he’s pretty much one of,[br]I think, our heroes. So, it’s
0:01:18.860,0:01:22.729
really great to be able to share the stage[br]with him, even for just a brief moment.
0:01:22.729,0:01:25.500
And I wanted to do something a little[br]unconventional when we started
0:01:25.500,0:01:28.660
and Roger agreed. Which is that we[br]want people who have questions
0:01:28.660,0:01:32.439
– since I suspect some things happened[br]this year that arouse a lot of questions
0:01:32.439,0:01:37.000
in people – we’d like you to write those[br]questions down, pass them to an Angel
0:01:37.000,0:01:40.940
or to just bring them to the front[br]of the stage as soon as possible
0:01:40.940,0:01:44.870
during the talk, so that we can answer as[br]many of your questions as is possible.
0:01:44.870,0:01:47.939
This is a lot of stuff that happened,[br]there’s a lot of confusion, and we wanna
0:01:47.939,0:01:51.689
make sure that people feel like[br]we are actually answering
0:01:51.689,0:01:55.620
those questions in a useful way.[br]And if you wanna do that, it’d be great,
0:01:55.620,0:01:59.100
and otherwise, we’re gonna try to have[br]the second half of our talk be mostly
0:01:59.100,0:02:03.429
space for questioning.[br]So with that, here is Roger.
0:02:03.429,0:02:06.659
Roger Dingledine: Okay, so, a lot of[br]things have happened over this past year,
0:02:06.659,0:02:09.220
and we’re gonna try to cover[br]as many of them as we can.
0:02:09.220,0:02:12.600
Here’s a great quote[br]from either NSA or GCHQ,
0:02:12.600,0:02:14.930
I’m actually not sure which one it is.
0:02:14.930,0:02:17.600
But we’re gonna start a little bit[br]earlier in the process than this
0:02:17.600,0:02:20.840
and work our way up to that.[br]So, we’re in a war,
0:02:20.840,0:02:23.530
or rather, conflict of perception here.
0:02:23.530,0:02:26.080
There are a lot – I mean,[br]you saw Glenn’s talk earlier
0:02:26.080,0:02:29.040
– there are a lot of large media[br]organizations out there
0:02:29.040,0:02:32.500
that are trying to present Tor[br]in lots of different ways,
0:02:32.500,0:02:35.500
and we all here understand[br]the value that Tor provides
0:02:35.500,0:02:38.520
to the world, but there are a growing[br]number of people around the world
0:02:38.520,0:02:41.520
who are learning about Tor[br]not from our website, or from
0:02:41.520,0:02:44.780
seeing one of these talks or from[br]learning it from somebody who uses it
0:02:44.780,0:02:48.890
and teaches them how to use it.[br]But they read the Time Magazine
0:02:48.890,0:02:52.690
or Economist or whatever the[br]mainstream newspapers are,
0:02:52.690,0:02:57.140
and part of our challenge is how do we[br]help you, and help the rest of the world
0:02:57.140,0:03:01.370
do outreach and education, so that[br]people can understand what Tor is for
0:03:01.370,0:03:05.280
and how it works and what[br]sorts of people actually use it.
0:03:05.280,0:03:09.370
So, e.g. GCHQ has been given instructions
0:03:09.370,0:03:13.230
to try to kill Tor by, I mean, who knows,[br]maybe they thought of it on their own,
0:03:13.230,0:03:17.590
maybe we can imagine some nearby[br]governments asked them to do it.
0:03:17.590,0:03:21.150
And part of the challenge…[br]they say: “we have to kill it
0:03:21.150,0:03:24.780
because of child porn”. And it[br]turns out that we actually do know
0:03:24.780,0:03:29.150
that some people around the[br]world are using Tor for child porn.
0:03:29.150,0:03:33.080
E.g. we have talked to[br]a lot of federal agencies
0:03:33.080,0:03:35.550
who use Tor to fetch child porn.[br]subdued laughter
0:03:35.550,0:03:37.970
I talked to people in the[br]FBI who use Tor every day
0:03:37.970,0:03:42.660
to safely reach the websites[br]that they want to investigate.
0:03:42.660,0:03:46.740
The most crazy example of this is[br]actually the Internet Watch Foundation.
0:03:46.740,0:03:49.770
How many people here have heard[br]of the Internet Watch Foundation?
0:03:49.770,0:03:53.560
I see a very small number of hands.[br]They are the censorship wing
0:03:53.560,0:03:57.580
of the British Government. They are the[br]sort of quasi-government organization
0:03:57.580,0:04:02.510
who is tasked with coming up with the[br]blacklist for the internet for England.
0:04:02.510,0:04:07.310
And, we got email from them a few years[br]ago, saying – not what you’d expect,
0:04:07.310,0:04:10.650
you’d expect “Hey, can you please shut[br]this thing down, can you turn it off,
0:04:10.650,0:04:13.880
it’s a big hassle for us!” – the[br]question they asked me was:
0:04:13.880,0:04:17.740
“How can we make Tor faster?”[br]laughter, applause
0:04:17.740,0:04:21.149
It turns out that they need Tor,[br]because people report URLs to them,
0:04:21.149,0:04:24.980
they need to fetch them somehow.[br]It turns out that when you go the URL
0:04:24.980,0:04:27.790
with the allegedly bad stuff on[br]it and you’re coming from
0:04:27.790,0:04:32.270
the Internet Watch Foundation’s[br]IP address, they give you kittens!
0:04:32.270,0:04:35.730
laughter[br]Who would have known?
0:04:35.730,0:04:40.050
laughter, applause
0:04:40.050,0:04:44.700
So it turns out that these censors[br]need an anonymity system
0:04:44.700,0:04:50.320
in order to censor their internet.[br]laughter Fun times.
0:04:52.890,0:04:56.670
So another challenge here: at the[br]same point, one of my side hobbies
0:04:56.670,0:05:01.220
is teaching law enforcement how the[br]internet works, and how security works
0:05:01.220,0:05:05.530
and how Tor works. So, yeah, their job[br]does suck, but it’s actually not our fault
0:05:05.530,0:05:09.610
that their job sucks. There are a lot[br]of different challenges to successfully
0:05:09.610,0:05:13.210
being a good, honest law[br]enforcement person these days.
0:05:13.210,0:05:17.120
So, e.g. I went to Amsterdam and Brussels
0:05:17.120,0:05:21.120
in January of this past year to try to[br]teach various law enforcement groups.
0:05:21.120,0:05:24.790
And I ended up having a four-hour[br]debate with the Dutch regional Police,
0:05:24.790,0:05:28.860
and then another four-hour debate[br]with a Belgian cybercrime unit,
0:05:28.860,0:05:32.180
and then another four-hour debate[br]with the Dutch national Police.
0:05:32.180,0:05:36.500
And there are a lot of good-meaning, smart[br]people in each of these organizations,
0:05:36.500,0:05:41.400
but they end up, as a group, doing[br]sometimes quite bad things.
0:05:41.400,0:05:45.160
So part of our challenge is: how do we[br]teach them that Tor is not the enemy
0:05:45.160,0:05:50.840
for them? And there are a couple of[br]stories that I’ve been trying to refine
0:05:50.840,0:05:55.870
using on them. One of them they always[br]pull out, the “But what about child porn?
0:05:55.870,0:06:00.280
What about bad people? What about some[br]creep using Tor to do bad things?”.
0:06:00.280,0:06:04.510
And one of the arguments that I tried on[br]them was, “Okay, so on the one hand
0:06:04.510,0:06:08.370
we have a girl in Syria[br]who is alive right now
0:06:08.370,0:06:12.650
because of Tor. Because her family[br]was able to communicate safely
0:06:12.650,0:06:17.010
and the Syrian military didn’t[br]break in and murder all of them.
0:06:17.010,0:06:19.950
On the other hand, we have a girl[br]in America who is getting hassled
0:06:19.950,0:06:24.310
by some creep on the internet[br]who is stalking her over Tor.”
0:06:24.310,0:06:29.370
So the question is, how do we balance,[br]how do we value these things?
0:06:29.370,0:06:31.400
How do we assign a value[br]to the girl in Syria?
0:06:31.400,0:06:33.570
How do we assign a value[br]to the girl in America
0:06:33.570,0:06:36.700
so that we can decide which[br]one of these is more important?
0:06:36.700,0:06:40.060
And actually the answer is, you[br]don’t get to make that choice,
0:06:40.060,0:06:43.260
that’s not the right question to ask.[br]Because if we take Tor away
0:06:43.260,0:06:46.850
from the girl in Syria, she’s[br]going to die. If we take Tor away
0:06:46.850,0:06:51.300
from the creep in America, he’s got a lot[br]of other options for how he can be a creep
0:06:51.300,0:06:54.620
and start stalking people.[br]So if you’re a bad person,
0:06:54.620,0:06:58.240
for various definitions of ‘bad person’,[br]and you’re willing to break laws
0:06:58.240,0:07:01.860
or go around social norms,[br]you’ve got a lot of other options
0:07:01.860,0:07:06.309
besides what Tor provides. Whereas there[br]are very few tools out there like Tor
0:07:06.309,0:07:11.000
for honest, I’d like to say law-abiding,
0:07:11.000,0:07:15.700
but let’s go with civilization-abiding[br]citizens out there.
0:07:15.700,0:07:21.110
applause
0:07:21.110,0:07:24.940
Jacob: And it’s important to understand[br]that this hypothetical thing is actually
0:07:24.940,0:07:28.410
also true for certain values.[br]So at our Tor developer meeting
0:07:28.410,0:07:33.790
that we had in Munich recently,[br]that Syrian woman came to us,
0:07:33.790,0:07:38.100
and thanked us for Tor. She said:[br]“I’m from a city called Homs.
0:07:38.100,0:07:41.940
You might have heard about it,[br]it’s not a city anymore. I used Tor.
0:07:41.940,0:07:45.150
My family used Tor. We were able to[br]keep ourselves safe on the internet
0:07:45.150,0:07:49.480
thanks to Tor. So I wanted to come[br]here to Munich to tell you this.
0:07:49.480,0:07:52.550
Thank you for the work that you’re[br]doing.” And for people who
0:07:52.550,0:07:56.040
– this was their first dev meeting –[br]they were completely blown away
0:07:56.040,0:07:58.810
to meet this person. “Wow,[br]the stuff that we’re working on,
0:07:58.810,0:08:02.590
it really does matter, there[br]are real people behind it”.
0:08:02.590,0:08:06.260
And we were all, I think, very touched[br]by it, and all of us know someone
0:08:06.260,0:08:10.420
who has been on the receiving end[br]of people being jerks on the internet.
0:08:10.420,0:08:12.880
So this is a real thing where there[br]are real people involved, and
0:08:12.880,0:08:16.440
it’s really important to understand[br]that if you remove the option
0:08:16.440,0:08:20.130
for that woman in Syria – or you[br]here in Germany, now that we know
0:08:20.130,0:08:23.430
what Edward Snowden has told the world…
0:08:23.430,0:08:27.090
Those bad guys, those jerks[br]– for different values of that –
0:08:27.090,0:08:31.210
they always have options. But very[br]rarely do all of us have options
0:08:31.210,0:08:35.349
that will actually keep us safe.[br]And Tor is certainly not the only one,
0:08:35.349,0:08:38.850
but right now, and we hope in this[br]talk you’ll see that we’re making
0:08:38.850,0:08:41.580
the right trade-off by working on Tor.
0:08:41.580,0:08:45.449
Roger: One of the other talks that I give[br]to them, one of the other stories
0:08:45.449,0:08:49.970
that I give to them, one of the big[br]questions they always ask me is:
0:08:49.970,0:08:53.690
“But what about terrorists?[br]Aren’t you helping terrorists?”
0:08:53.690,0:08:58.160
And we can and we should talk about[br]“What do you mean by terrorists?”
0:08:58.160,0:09:00.689
because in China they have a very[br]different definition of terrorists
0:09:00.689,0:09:04.290
and in Gaza they have a very[br]different definition of terrorists, and
0:09:04.290,0:09:07.040
in America, they are always thinking[br]of a small number of people
0:09:07.040,0:09:11.009
in some Middle-Eastern country who are[br]trying to blow up buildings or something –
0:09:11.009,0:09:12.709
Jacob: Mohammed Badguy,[br]I think is his name.
0:09:12.709,0:09:15.600
Roger: Yes, that –[br]Jacob: In the NSA slides.
0:09:15.600,0:09:19.770
Roger: Yes. So, scenario 1:
0:09:19.770,0:09:23.490
I want to build a tool that[br]works for millions of people,
0:09:23.490,0:09:26.759
it will work for the next year,[br]and I can tell you how it works,
0:09:26.759,0:09:30.489
so you can help me evaluate[br]it. That’s Tor’s problem.
0:09:30.489,0:09:34.769
Scenario 2: I want to build a tool that[br]will work for the next 2 weeks,
0:09:34.769,0:09:38.480
it will work for 20 people and I’m[br]not going to tell you about it.
0:09:38.480,0:09:41.740
There are so many more[br]ways of solving scenario 2
0:09:41.740,0:09:45.220
than solving scenario 1. The bad[br]guys – for all sorts of definitions –
0:09:45.220,0:09:49.509
the bad guys have a lot more[br]options on how they can keep safe.
0:09:49.509,0:09:52.329
They don’t have to scale,[br]it doesn’t have to last forever,
0:09:52.329,0:09:55.170
they don’t want peer review, they[br]don’t want anybody to even know
0:09:55.170,0:09:58.690
that it’s happening. So the[br]challenge that Tor has is
0:09:58.690,0:10:02.920
we wanna build something that works for[br]everybody and that everybody can analyze
0:10:02.920,0:10:07.090
and learn about. That’s a much harder[br]problem, there are far fewer ways
0:10:07.090,0:10:12.000
of solving that. So, the terrorists,[br]they got a lot of options.
0:10:12.000,0:10:15.809
That sucks. We need to build tools that[br]can keep the rest of the world safe.
0:10:15.809,0:10:19.339
Jacob: And it’s important, really, to try[br]to have some good rhetorical arguments,
0:10:19.339,0:10:23.209
I think. I mean, we sort of[br]put a few facts up here.
0:10:23.209,0:10:26.829
One interesting point to mention[br]is that people who really
0:10:26.829,0:10:29.740
don’t want anonymity to exist[br]in a practical sense, maybe
0:10:29.740,0:10:32.839
not even in a theoretical, Human[br]Rights sense either, but definitely
0:10:32.839,0:10:36.879
in a practical sense, they’re not really[br]having honest conversations about it.
0:10:36.879,0:10:40.440
E.g. this DoJ study – the Department[br]of Justice in the United States – they
0:10:40.440,0:10:44.300
actually started to do a study where they[br]classified traffic leaving Tor exit nodes.
0:10:44.300,0:10:47.700
Which… it’s interesting that they[br]were basically probably wiretapping
0:10:47.700,0:10:50.709
an exit node to do that study. And[br]I wonder how they went about that – but
0:10:50.709,0:10:54.680
nonetheless, they came up with the[br]number 3% of the traffic being bad.
0:10:54.680,0:10:58.089
And then they aborted the study because[br]they received many DMCA takedown notices.
0:10:58.089,0:10:59.899
laughter[br]Roger: Yes, they –
0:10:59.899,0:11:03.000
Jacob: Apparently even the DMCA[br]is a problem to finding out answers!
0:11:03.000,0:11:04.130
That plague of society! (?)
0:11:04.130,0:11:05.689
Roger: interrupts They asked a[br]university to run the Tor exit for them
0:11:05.689,0:11:08.429
and they were just starting out[br]doing their study, and then
0:11:08.429,0:11:11.980
the university started getting[br]DMCA takedowns and said:
0:11:11.980,0:11:14.759
“Well, we have to stop, the[br]lawyers told us to stop!”,
0:11:14.759,0:11:18.579
and the Department of Justice said:[br]“We’re the Department of Justice,
0:11:18.579,0:11:21.100
keep doing it”, and then they[br]turned it off. laughter
0:11:21.100,0:11:25.060
So, not sure how the balance of power[br]goes there, but the initial results
0:11:25.060,0:11:28.100
they were looking towards[br]were about 3% of the traffic
0:11:28.100,0:11:31.470
coming out of that Tor exit node was bad,
0:11:31.470,0:11:35.409
but I haven’t figured out what they mean[br]by ‘bad’. But I’ll take it if it’s 3%.
0:11:35.409,0:11:41.019
Jacob: And I personally don’t[br]like to use the word ‘war’
0:11:41.019,0:11:45.739
when talking about the internet.[br]And I particularly dislike
0:11:45.739,0:11:48.709
when we talk about actual[br]issues of terrorism.
0:11:48.709,0:11:51.920
And I think that we should talk about it[br]in terms of perception and conflict.
0:11:51.920,0:11:55.169
And one of the most frustrating[br]things is: the BBC
0:11:55.169,0:11:58.430
actually has articles on their[br]website instructing people
0:11:58.430,0:12:02.119
how to use the Silk Road and[br]Tor together to buy drugs.
0:12:02.119,0:12:07.189
We very, very seriously do[br]not ever advocate that,
0:12:07.189,0:12:10.009
for a bunch of reasons… Not the[br]least of which is that even though
0:12:10.009,0:12:13.240
Bitcoin is amazing, it’s not[br]an anonymous currency.
0:12:13.240,0:12:16.250
And it isn’t the case that these websites[br]are necessarily a good idea and…
0:12:16.250,0:12:19.949
but it won’t be Tor, I think, that will be[br]the weakest link. But the fact that
0:12:19.949,0:12:24.949
the BBC promotes that – it’s because[br]they generally have “A man bites dog”.
0:12:24.949,0:12:28.920
You could say that that’s their[br]entire Tor related ecosystem.
0:12:28.920,0:12:31.500
Anything that could be just[br]kind of a little bit interesting,
0:12:31.500,0:12:33.870
they’ll run with it. So they have[br]something to say about it.
0:12:33.870,0:12:37.320
And in this case they literally were[br]promoting and pushing for people
0:12:37.320,0:12:41.750
to buy drugs. Which is crazy to me, to[br]imagine that. And that really impacts
0:12:41.750,0:12:45.540
the way that people perceive the[br]Tor Project and the Tor Network.
0:12:45.540,0:12:48.160
And what we’re trying to do[br]is not that particular thing.
0:12:48.160,0:12:51.699
That is a sort of side effect that occurs.[br]What we want is for every person
0:12:51.699,0:12:55.959
to have the right to speak freely and the[br]right to read anonymously on the internet.
0:12:55.959,0:12:59.740
Roger: And we also need to keep in[br]mind the different incentive structures
0:12:59.740,0:13:04.519
that they have. So BBC posted their[br]first article about Silk Road and Tor.
0:13:04.519,0:13:07.800
And the comment section was[br]packed with “Oh, wow, thanks!
0:13:07.800,0:13:11.200
Oh, this is great! Oh, I don’t have to go[br]to the street corner and getting shot!
0:13:11.200,0:13:14.659
Oh! Wow! Thanks! This is great!” Just[br]comment after comment, of people saying:
0:13:14.659,0:13:18.239
“Thank you for telling me about this!”[br]And then a week later they posted
0:13:18.239,0:13:23.000
a follow-up article saying “And we[br]bought some, and it was really good!”
0:13:23.000,0:13:25.870
laughter and applause
0:13:25.870,0:13:29.820
So what motivation are they doing here?
0:13:29.820,0:13:33.179
So their goal in this case is: “Let’s get[br]more clicks. Doesn’t matter what it takes,
0:13:33.179,0:13:35.920
doesn’t matter what we[br]destroy while we’re doing it.”
0:13:35.920,0:13:39.870
Jacob: So that has some serious problems,[br]obviously. Because then there are
0:13:39.870,0:13:44.199
different structures that exist to attack[br]– as part of the War on Some Drugs –
0:13:44.199,0:13:47.970
and they want to show that their[br]mission is of course impacted by Tor.
0:13:47.970,0:13:50.459
They want to have an enemy that[br]they can paint a target on. They want
0:13:50.459,0:13:55.150
something sexy that they can get funding[br]for. So here’s a little funny story
0:13:55.150,0:13:59.049
about an agent, as it says in the last[br]point, who showed this massive drop
0:13:59.049,0:14:02.000
in the Tor Network load after Silk[br]Road was busted. Right? Because
0:14:02.000,0:14:04.950
everybody realizes of course that all[br]of the anonymity traffic in the world
0:14:04.950,0:14:06.260
must be for elicit (?) things.[br]
0:14:06.260,0:14:08.010
Roger: So this was at a particular meeting
0:14:08.010,0:14:11.551
where they were trying to get more funding[br]for this. This is a US Government person
0:14:11.551,0:14:15.620
who basically said: “I evaluated[br]the Tor Network load
0:14:15.620,0:14:19.820
during the Silk Road bust. And[br]I saw 50% network load drop
0:14:19.820,0:14:23.599
when the Silk Road bust happened.”[br]So I started out with him
0:14:23.599,0:14:27.639
arguing: “Actually, you know, when[br]there’s a huge amount of publicity about
0:14:27.639,0:14:30.969
– I don’t know – if Tor is broken, we can[br]understand, that would be reasonable,
0:14:30.969,0:14:34.540
that some Tor people would stop using[br]Tor for a little while, in order to wait
0:14:34.540,0:14:37.979
for more facts to come out and then will[br]be more prepared for it.” But then
0:14:37.979,0:14:41.579
I thought: “You know, wait a minute, we[br]got the Tor Metrics database. We have
0:14:41.579,0:14:45.120
all of this data of load on the network.”
0:14:45.120,0:14:48.759
So then I went: “Let’s go actually[br]see if there was a 50% drop on
0:14:48.759,0:14:52.579
the Tor Network!” So the green[br]line here is the capacity
0:14:52.579,0:14:56.739
of the Tor Network over time. So the[br]amount of bytes that relays can push
0:14:56.739,0:15:00.119
if we were loading it down[br]completely. And the purple line is
0:15:00.119,0:15:04.050
the number of bytes that are actually[br]handled on the network over time.
0:15:04.050,0:15:08.590
Jacob: Can you guess? If you don’t[br]look at the date at the bottom,
0:15:08.590,0:15:12.150
can you show what that[br]agent was talking about?
0:15:12.150,0:15:16.060
Or is the agent totally full of shit?[br]laughter
0:15:16.060,0:15:21.529
Just a… hypothetical question, but if you[br]have a theo… anyone? Shout it out! Yeah!
0:15:21.529,0:15:23.379
[unintelligible from audience]
0:15:23.379,0:15:29.580
Oh that’s right! It didn’t go down by 50%![br]laughter
0:15:29.580,0:15:33.559
Wow! He was completely wrong!
0:15:33.559,0:15:37.410
But just for the record, that’s[br]where he said there was a drop!
0:15:37.410,0:15:45.509
laughter and applause
0:15:45.509,0:15:48.690
Roger: And while we’ve talked you had[br]to read these graphs. Here is a graph
0:15:48.690,0:15:52.459
of the overall network growth[br]over the past 3 or 4 years.
0:15:52.459,0:15:56.369
So the green line, again, is the amount of[br]capacity. And we’ve seen a bunch of people
0:15:56.369,0:16:00.239
adding fast relays recently,[br]after the Snowden issues.
0:16:00.239,0:16:03.800
And we’ll talk a little bit later about[br]what other reasons people are running
0:16:03.800,0:16:10.240
more capacity lately, as the[br]load on the network goes up.
0:16:10.240,0:16:14.349
Okay. And then there is the[br]‘Dark Web’. Or the ‘Deep Web’.
0:16:14.349,0:16:17.770
Or the Whatever-else-the-hell-you-call-it[br]Web. And again,
0:16:17.770,0:16:22.470
this comes back to media trying to[br]produce as many articles as they can.
0:16:22.470,0:16:27.119
So here’s the basic… I’ll give you[br]the primer on this ‘Dark Web’ thing.
0:16:27.119,0:16:32.910
Statement 1: “The Dark Web is every web[br]page out there that Google can’t index.”
0:16:32.910,0:16:36.710
That’s the definition of the Dark Web.[br]laughter and applause
0:16:36.710,0:16:40.209
applause
0:16:40.209,0:16:45.120
So every Corporate database,[br]every Government database,
0:16:45.120,0:16:48.869
everything that you access with a[br]web browser at work or whatever,
0:16:48.869,0:16:52.439
all those things that Google can’t get to,[br]that is the Dark Web. That’s statement 1.
0:16:52.439,0:16:57.799
Statement 2: “90+X% of web[br]pages are in the Dark Web.”
0:16:57.799,0:17:01.090
So these were both well-known[br]facts a year ago.
0:17:01.090,0:17:04.770
Statement 3, that the media has[br]added this year: “The only way
0:17:04.770,0:17:10.500
to access the Dark Web is through Tor.”[br]laughter, some applause
0:17:10.500,0:17:13.930
These 3 statements together[br]sell more and more articles
0:17:13.930,0:17:16.730
because it’s great, people buy them,[br]they’re all shocked: “Oh my god,
0:17:16.730,0:17:20.009
the web is bigger than I thought,[br]and it’s all because of Tor”.
0:17:20.009,0:17:25.429
laughter and applause
0:17:25.429,0:17:30.340
Jacob: So, really… the reality of this[br]is that it’s not actually the case.
0:17:30.340,0:17:33.810
Obviously that’s a completely laughable[br]thing. And for everyone that’s here –
0:17:33.810,0:17:37.059
not necessarily people watching on the[br]video stream – but for everyone here,
0:17:37.059,0:17:40.780
I think, you realize how ridiculous[br]that is. That entire setup
0:17:40.780,0:17:45.080
is obviously a kind of ‘clickbait’, if[br]you would call it something like that.
0:17:45.080,0:17:48.550
There are a few high-profile Hidden[br]Services. And actually, this is
0:17:48.550,0:17:51.540
a show of hands: raise your hand[br]if you run a Tor Hidden Service!
0:17:51.540,0:17:53.250
few hands go up
0:17:53.250,0:17:57.230
Right. So, no one’s ever heard of your[br]Tor Hidden Service. Almost certainly.
0:17:57.230,0:18:01.250
And these are the ones that people have[br]heard of. And this is something which is
0:18:01.250,0:18:06.229
kind of a fascinating reality[br]which is that these 4 sites,
0:18:06.229,0:18:10.190
or these 4 entities have[br]produced most of the stories
0:18:10.190,0:18:13.801
related to the deep gaping[br]whatever web, that
0:18:13.801,0:18:18.710
if you wanna call it the Dark Web. And,[br]in fact, for the most part, it’s been…
0:18:18.710,0:18:22.240
I would say the Top one[br]e.g., with Wikileaks,
0:18:22.240,0:18:26.040
it’s a positive example. And,[br]in fact, with GlobaLeaks,
0:18:26.040,0:18:29.380
which is something that Arturo Filastò[br]and a number of other really great
0:18:29.380,0:18:33.409
Italian hackers here have been working[br]on, GlobaLeaks, they’re deploying
0:18:33.409,0:18:36.350
more and more Hidden Services that you[br]also haven’t heard about. For localized
0:18:36.350,0:18:40.410
corruption, reporting and whistleblowing.[br]But the news doesn’t report about
0:18:40.410,0:18:43.790
Arturo’s great work. The news[br]reports are on The Farmer’s Market,
0:18:43.790,0:18:48.370
on Freedom Hosting and[br]on Silk Road. And those things
0:18:48.370,0:18:51.640
also bring out a disproportionate[br]amount of incredible negative attention.
0:18:51.640,0:18:55.090
In the case of freedom hosting, we[br]have a developer, Mike Perry, who’s
0:18:55.090,0:18:58.430
kind of the most incredible[br]evil genius alive today.
0:18:58.430,0:19:02.700
I think he’s probably at about 2 Mike[br]Perrys right now. That’ll be my guess.
0:19:02.700,0:19:06.460
And he was relentlessly attacked.
0:19:06.460,0:19:10.429
Because he happened to have[br]a registration for a company
0:19:10.429,0:19:14.690
which had an F and an H in the name.
0:19:14.690,0:19:18.140
Wasn’t actually even close[br]to what’s up there now.
0:19:18.140,0:19:21.889
And he was relentlessly attacked because[br]the topics that the other sites have
0:19:21.889,0:19:25.770
as part of their customer base or as part[br]of the things that they’re pushing online,
0:19:25.770,0:19:29.400
they really pull on people’s[br]hearts in a big way.
0:19:29.400,0:19:32.500
And that sort of created[br]a lot of stress. I mean,
0:19:32.500,0:19:35.470
the first issue, Wikileaks, created a[br]lot of stress for people working on Tor
0:19:35.470,0:19:38.960
in various different ways. But for Mike[br]Perry, he was personally targeted,
0:19:38.960,0:19:42.840
in sort of Co-Intel-Pro style[br]harassment. And really sad,
0:19:42.840,0:19:46.690
in a really sad series of events.[br]And of course, the news
0:19:46.690,0:19:50.250
also picked up on that, in some[br]negative ways. And they really, really
0:19:50.250,0:19:52.740
picked up on that. And that’s a really[br]big part of I think you could call it
0:19:52.740,0:19:57.130
a kind of cultural conflict[br]that we’re in, right now.
0:19:57.130,0:19:59.440
The farmer’s market has also[br]quite an interesting story.
0:19:59.440,0:20:00.880
Which I think you wanted to tell.
0:20:00.880,0:20:05.230
Roger: Yeah, so, I actually heard from[br]a DEA person who was involved
0:20:05.230,0:20:09.149
in the eventual bust of[br]the Farmer’s Market story.
0:20:09.149,0:20:12.880
Long ago there was a website on[br]the internet, and they sold drugs.
0:20:12.880,0:20:16.629
Oh my god. And there were people[br]who bought drugs from this website
0:20:16.629,0:20:21.280
and Tor was nowhere in the story. It[br]was some website in South East Asia.
0:20:21.280,0:20:24.590
And the DEA wanted to take[br]it down. So they learned…
0:20:24.590,0:20:28.139
I mean the website was public. It was[br]a public web server. So they sent
0:20:28.139,0:20:31.779
some sort of letter to the country that it[br]was in. And the country that it was in
0:20:31.779,0:20:35.189
said: “Screw you!”. And then they said:[br]“Okay, well, I guess we can’t take down
0:20:35.189,0:20:39.479
the web server”. So then they started to[br]try to investigate the people behind it.
0:20:39.479,0:20:42.789
And it turns out the people[br]behind it used Hushmail.
0:20:42.789,0:20:46.820
So they were happily communicating[br]with each other very safely.
0:20:46.820,0:20:50.380
So the folks in the US[br]sent a letter to Canada.
0:20:50.380,0:20:53.470
And then Canada made Hushmail basically[br]give them the entire database
0:20:53.470,0:20:58.290
of all the emails that these people[br]had sent. And then, a year or 2 later,
0:20:58.290,0:21:01.320
these people discovered Tor. And they’re[br]like: “Hey we should switch our website
0:21:01.320,0:21:05.169
over to Tor and then it will be safe.[br]That sounds good!”. The DEA people
0:21:05.169,0:21:08.580
were watching them the whole time[br]looking for a good time to bust them.
0:21:08.580,0:21:11.389
And then they switched over to Tor, and[br]then 6 months later it was a good time
0:21:11.389,0:21:15.349
to bust them. So then there were all[br]these newspaper articles about how
0:21:15.349,0:21:18.880
Tor Hidden Services are[br]obviously broken. And
0:21:18.880,0:21:21.870
the first time I heard the story[br]I was thinking in myself:
0:21:21.870,0:21:25.869
“Idiot drug sellers use Paypal[br]– get busted – end of story”.
0:21:25.869,0:21:26.829
laughing
0:21:26.829,0:21:30.320
But they were actually using Paypal[br]correctly. They had innocent people
0:21:30.320,0:21:33.720
around the world who were receiving[br]Paypal payments and turning it into some
0:21:33.720,0:21:38.120
Panama based e-currency or[br]something. So the better lesson
0:21:38.120,0:21:42.330
of the story is: “Idiot drug sellers[br]use Hushmail – get busted”.
0:21:42.330,0:21:45.010
So there are a lot of different[br]pieces of all of these.
0:21:45.010,0:21:48.069
Jacob: Don’t use Hushmail![br]laughter
0:21:48.069,0:21:51.959
Seriously! It’s a bad idea! And[br]don’t use things where they have
0:21:51.960,0:21:55.269
a habit of backdooring their[br]service or cooperating
0:21:55.269,0:21:57.860
with so called ‘lawful interception[br]orders’. Because it tells you that
0:21:57.860,0:22:03.410
their system is not secure. And it’s clear[br]that Hushmail falls into that category.
0:22:03.410,0:22:07.220
They fundamentally have chosen that[br]that is what they would like to do.
0:22:07.220,0:22:10.679
And they should have that reputation.[br]And we should respect them exactly
0:22:10.679,0:22:14.040
as much as they deserve for that. So[br]don’t use their service. If you can.
0:22:14.040,0:22:17.229
Especially if you’re gonna do[br]this kind of stuff. laughter
0:22:17.229,0:22:20.260
Or maybe what I mean is: guys,[br]do that – use Hushmail.
0:22:20.260,0:22:25.620
But everybody else, protect yourself![br]laughter
0:22:25.620,0:22:29.860
So, the thing is that[br]not every single person
0:22:29.860,0:22:33.350
is actually stupid enough to use Hushmail.
0:22:33.350,0:22:36.690
So as a result, we had started to[br]see some pretty crazy stuff happen.
0:22:36.690,0:22:39.940
Which we of course knew would happen and[br]we always understood that this would be
0:22:39.940,0:22:44.389
a vector. So, in this case,[br]this year we saw,
0:22:44.389,0:22:48.659
I think, one of the probably not[br]the most interesting exploits
0:22:48.659,0:22:52.480
that we’ve ever seen. But one[br]of the most interesting exploits
0:22:52.480,0:22:56.400
we’ve ever seen deployed[br]against a broad scale of users.
0:22:56.400,0:23:00.149
And we’re not exactly sure[br]who was behind it. Though
0:23:00.149,0:23:04.250
there was an FBI person who went[br]to court in Ireland and did in fact
0:23:04.250,0:23:08.250
claim that they were behind it. The IP[br]space that the exploit connected back to
0:23:08.250,0:23:13.789
was either SAIC or NSA.[br]And I had an exchange
0:23:13.789,0:23:18.200
with one of the guys behind the VUPEN[br]exploit company. And he has
0:23:18.200,0:23:21.980
on a couple of occasions mentioned[br]writing exploits for Tor Browser.
0:23:21.980,0:23:25.480
And what he really means is Firefox. And
0:23:25.480,0:23:28.390
this is a serious problem of course. If[br]they want to target a person, though,
0:23:28.390,0:23:33.240
the first they have to actually find them.[br]So traditionally, if you’re not using Tor,
0:23:33.240,0:23:36.960
they go to your house, they plug in some[br]gear. They go to the ISP upstream,
0:23:36.960,0:23:39.619
and they plug in some gear. Or they do[br]some interception with an IMSI catcher,
0:23:39.619,0:23:43.339
and things like that. Most of these[br]techniques, I’ll talk about on Monday
0:23:43.340,0:23:48.310
with Claudio. If you’re interested.[br]But basically it’s the same.
0:23:48.310,0:23:51.380
They find out who you are,[br]then they begin to target you,
0:23:51.380,0:23:54.559
then they serve you an exploit.[br]This year one of the differences is
0:23:54.559,0:23:58.759
that they had actually taken over a Tor[br]Hidden Service. And started to serve up
0:23:58.759,0:24:02.329
an exploit from that. Just trying[br]to exploit every single person
0:24:02.330,0:24:04.980
that visited the Hidden Service. So there[br]was a period of time when you could
0:24:04.980,0:24:08.669
really badly troll all of your friends[br]by just putting a link up where
0:24:08.669,0:24:12.799
it would load in an iFrame and they would[br]have been exploited. If they were running
0:24:12.799,0:24:16.409
an old version of Firefox. And[br]an old version of Tor Browser.
0:24:16.409,0:24:19.529
Which was an interesting twist. They[br]didn’t actually, as far as we know,
0:24:19.529,0:24:24.549
use that exploit against anyone[br]while it was a fresh Zeroday.
0:24:24.549,0:24:27.539
But they did write it. And they[br]did serve it out. And they gave
0:24:27.539,0:24:31.909
the rest of the world the payload[br]to use against whoever they’d like.
0:24:31.909,0:24:36.240
So, when the FBI did this, they basically[br]gave an exploit against Firefox
0:24:36.240,0:24:40.139
and Tor Browser to the Syrian Electronic[br]Army who couldn’t have written one,
0:24:40.139,0:24:43.779
even if they wanted to. This is[br]a really interesting difference
0:24:43.779,0:24:47.919
between other ways that the FBI might[br]try to bust you, where they can localize
0:24:47.919,0:24:52.530
the damage of hitting untargeted[br]people who are otherwise innocent,
0:24:52.530,0:24:56.570
especially. But we’ve asked[br]Firefox to try to integrate
0:24:56.570,0:24:59.559
some of these privacy-related things that[br]we’ve done. We’d like to be able to be
0:24:59.559,0:25:03.600
more up-to-speed with Firefox and[br]they generally seem premili, too (?)
0:25:03.600,0:25:08.419
and I think that’s a fair thing to say.[br]But we have a de-synchronisation.
0:25:08.419,0:25:12.480
But even with that de-synchronisation we[br]were still ahead of what they were doing
0:25:12.480,0:25:16.329
as far as we can tell. But they[br]are actually at the point where
0:25:16.329,0:25:20.730
they have hired probably some people[br]from this community – fuck you –
0:25:20.730,0:25:25.100
and they write those exploits.[br]applause
0:25:25.100,0:25:28.290
And serve them up.[br]And so that is a new turn.
0:25:28.290,0:25:32.309
We had not seen that before this year.[br]And that’s a really serious change.
0:25:32.309,0:25:34.700
As a result we’ve obviously been[br]looking into Chrome, which has
0:25:34.700,0:25:38.059
a very different architecture. And in some[br]cases it’s significantly harder to exploit
0:25:38.059,0:25:41.550
than Firefox. Even with just very[br]straight-forward bugs which should be
0:25:41.550,0:25:44.790
very easy to exploit the Chrome team[br]has done a good job. We want to have
0:25:44.790,0:25:47.990
a lot of diversity in the different[br]browsers. But we have a very strict
0:25:47.990,0:25:50.970
set of requirements for protecting[br]Privacy with Tor Browser.
0:25:50.970,0:25:54.260
And there’s a whole design document[br]out there. So just adding Tor
0:25:54.260,0:25:58.770
and a web browser together is not quite[br]enough. You need some actual thoughts.
0:25:58.770,0:26:03.059
That have been – mostly by Mike Perry[br]and Aron Clark (?) – have been elucidated
0:26:03.059,0:26:06.690
in the Tor Browser design document.[br]So we’re hoping to work on that.
0:26:06.690,0:26:09.450
If anyone here would like to work on that:[br]that’s really something where we really
0:26:09.450,0:26:13.570
need some help. Because there is[br]really only one Mike Perry. Literately
0:26:13.570,0:26:16.019
and figuratively.
0:26:16.019,0:26:19.780
Roger: Okay. Another exciting topic[br]people have been talking about lately
0:26:19.780,0:26:24.910
is the diversity of funding. A lot of our[br]funding comes from governments.
0:26:24.910,0:26:28.489
US mostly but some other ones as[br]well. Because they have things
0:26:28.489,0:26:32.939
that they want us to work on. So once upon[br]a time when I was looking at fundraising
0:26:32.940,0:26:36.980
and how to get money I would go to places[br]and I would say: “We’ve got 10 things
0:26:36.980,0:26:41.220
we want to work on. If you[br]want to fund one of these 10,
0:26:41.220,0:26:45.170
you can help us set our priorities.[br]We really want to work on
0:26:45.170,0:26:48.240
circumventing censorship, we really want[br]to work on anonymity, we really want
0:26:48.240,0:26:52.990
to work on Tor Browser safety. So[br]if you have funding for one of these
0:26:52.990,0:26:56.559
then we’ll focus on the one that[br]you’re most interested in”.
0:26:56.559,0:27:00.160
So there’s some trade-offs here. On the[br]one hand government funding is good
0:27:00.160,0:27:04.119
because we can do more things. That’s[br]great. A lot of the stuff that you’ve seen
0:27:04.119,0:27:08.049
from Tor over the past couple of years[br]comes from people who are paid full-time
0:27:08.049,0:27:12.090
to be able to work on Tor and focus[br]on it and not have to worry about
0:27:12.090,0:27:15.480
where they’re gonna pay their rent[br]or where they’re gonna get food.
0:27:15.480,0:27:19.540
On the other hand it’s bad because[br]funders can influence our priorities.
0:27:19.540,0:27:23.359
Now, there’s no conspiracy. It’s not[br]that people come to us and say:
0:27:23.359,0:27:27.320
“Here’s money, do a backdoor, etc.”[br]We’re never gonna put any backdoors
0:27:27.320,0:27:28.880
in Tor, ever.[br]
0:27:28.880,0:27:29.840
Jacob: Maybe you could tell the story
0:27:29.840,0:27:33.100
about that really high-pitched lady[br]who tried to get you, to tell you that
0:27:33.100,0:27:36.250
that was your duty and then you explained…
0:27:36.250,0:27:39.659
Roger: Give me a few more details![br]laughter
0:27:39.659,0:27:42.190
Jacob: People have approached us,[br]obviously, in order to try to get us
0:27:42.190,0:27:45.220
to do these types of things. And[br]this is a serious commitment
0:27:45.220,0:27:48.710
that the whole Tor community gets behind.[br]Which is that we will never ever
0:27:48.710,0:27:53.309
put in a backdoor. And any time that we[br]can tell that something has gone wrong
0:27:53.309,0:27:56.480
we try to fix it as soon[br]as is possible regardless
0:27:56.480,0:28:00.309
– actually I would say for myself – of any[br]other consequences. That our commitment
0:28:00.309,0:28:03.740
to protecting anonymity[br]of our user base extends
0:28:03.740,0:28:08.159
beyond any reasonable commitment,[br]actually. And we really believe
0:28:08.159,0:28:11.139
that commitment. And there are people[br]that have tried to get us to change that.
0:28:11.139,0:28:15.340
Tried to tell us that “oh, it’s only[br]because you’re living in the free world,
0:28:15.340,0:28:17.759
and you’re able to have a company[br]that (?) and make a profit
0:28:17.759,0:28:21.290
that you can even right the supper (?). So[br]come on! Do your duty!” And of course
0:28:21.290,0:28:24.080
when we tell them we’re non-profit[br]and that we’re not gonna do it,
0:28:24.080,0:28:27.009
they’re completely[br]dumbfounded. For example.
0:28:27.009,0:28:29.740
Roger: Now I remember that discussion, yes![br]Jacob: Yeah!
0:28:29.740,0:28:34.310
applause
0:28:34.310,0:28:38.669
Roger: This was a discussion with[br]a US Department of Justice person
0:28:38.669,0:28:43.029
who basically said: “It’s your…[br]the Congress has given us,
0:28:43.029,0:28:47.180
the Department of Justice, the[br]right to backdoor everything,
0:28:47.180,0:28:51.269
and you have a tool[br]that you haven’t made
0:28:51.269,0:28:55.199
easy for us to backdoor. So[br]it’s your responsibility to fix it
0:28:55.200,0:28:59.460
so that we can use the privileges[br]and rights given us by Congress
0:28:59.460,0:29:03.769
on surveilling everybody. And[br]you are taking advantage
0:29:03.769,0:29:07.120
of the situation that we’ve given you[br]in America where you’ve got good
0:29:07.120,0:29:11.020
freedom of speech and you got other[br]freedoms etc. You’re stealing
0:29:11.020,0:29:15.009
from the country. You’re cheating on the[br]process by not giving us the backdoor
0:29:15.009,0:29:19.070
that Congress said we should have”. And[br]then I said: “Actually we’re a non-profit.
0:29:19.070,0:29:22.949
We work for the public good”. And then[br]the conversation basically ended.
0:29:22.949,0:29:32.709
She had no further thing to say.[br]applause
0:29:32.710,0:29:36.440
So part of what we need to do is continue[br]to make tools that are actually safe
0:29:36.440,0:29:41.770
as tools. Rather than a lot of the other[br]systems out there. On the other hand,
0:29:41.770,0:29:45.499
every funder we’ve talked to[br]lately has interesting priorities:
0:29:45.499,0:29:49.279
they wanna pay for censorship-resistance,[br]they wanna pay for outreach, education,
0:29:49.279,0:29:52.649
training etc. We don’t have any[br]funders right now who want to pay
0:29:52.649,0:29:57.370
for better anonymity. And it’s really[br]important for some of the people
0:29:57.370,0:30:00.910
we heard about in the last talk that[br]they have really good anonymity
0:30:00.910,0:30:04.480
against really large adversaries.[br]And I’m not just talking about
0:30:04.480,0:30:07.580
American Intelligence Agencies. There[br]are a lot of Intelligence Agencies
0:30:07.580,0:30:12.820
around the world who are trying[br]to learn how to surveil everything.
0:30:12.820,0:30:16.350
So what should Tor’s role be here?
0:30:16.350,0:30:19.750
There are a lot of people in the Tor[br]development community who say:
0:30:19.750,0:30:23.260
“What we really need to do is[br]focus on writing good code,
0:30:23.260,0:30:26.720
and we’ll let the rest of the world[br]take care of itself.” There is also
0:30:26.720,0:30:30.010
a trade-off from some of the[br]funders we have right now.
0:30:30.010,0:30:32.760
Where I could go up and I could say
0:30:32.760,0:30:36.639
a lot of really outrageous[br]things that I agree with
0:30:36.639,0:30:40.730
and that you agree with. But some[br]of our funders might wonder
0:30:40.730,0:30:45.120
if they should keep funding us after[br]that. So part of what we need to do
0:30:45.120,0:30:49.450
is get some funders who are more[br]comfortable with the messages
0:30:49.450,0:30:53.559
that everybody here would like the[br]world to hear. So if you know anybody
0:30:53.559,0:30:59.110
who wants to help provide actual[br]freedom we’d love to hear from you.
0:30:59.110,0:31:03.380
Jacob: And it’s important to understand[br]that we sort of have an interesting place
0:31:03.380,0:31:07.090
in the world at the moment[br]where it’s easy to say
0:31:07.090,0:31:11.650
that we shouldn’t be political. And that[br]in general, there shouldn’t be politics
0:31:11.650,0:31:14.740
in what we’re doing. And[br]it’s also easy to understand
0:31:14.740,0:31:19.430
that that’s crazy when someone[br]says that to an extent. Because
0:31:19.430,0:31:23.350
the idea of having free speech, having[br]the right to read, having the ability
0:31:23.350,0:31:27.530
to reach a website that is beyond[br]of the power of the state
0:31:27.530,0:31:31.929
– that is a very political thing for[br]many people. And it is often the privilege
0:31:31.929,0:31:35.419
of some, where they don’t even[br]realize that’s a political statement.
0:31:35.419,0:31:37.940
applause[br]And they suggest…
0:31:37.940,0:31:41.720
and that they suggest that we don’t need[br]to be political. We need to recognize the
0:31:41.720,0:31:45.779
political context that we exist in. And[br]especially after the summer of Snowden,
0:31:45.779,0:31:50.159
understanding that there[br]are almost no tools
0:31:50.159,0:31:53.880
that can resist the NSA[br]and GCHQ. Almost none.
0:31:53.880,0:31:56.710
We did not survive completely[br]in the summer of Snowden.
0:31:56.710,0:32:01.509
They were able to get some Tor users.[br]But they couldn’t get all Tor users!
0:32:01.509,0:32:05.099
That’s really important. We change[br]the economic game for them.
0:32:05.099,0:32:08.530
And that, fundamentally,[br]is a political issue!
0:32:08.530,0:32:18.259
applause
0:32:18.259,0:32:21.860
But please note that the solution[br]is not a Partisan solution.
0:32:21.860,0:32:25.760
Where we say: well, some people[br]are good and some are bad.
0:32:25.760,0:32:29.250
You guys over there, on the left[br]or on the right, you don’t deserve
0:32:29.250,0:32:32.809
to have freedom of speech. You[br]don’t have the right to read.
0:32:32.809,0:32:36.219
We aren’t saying that. We’re saying that[br]the common good of everyone having
0:32:36.219,0:32:39.940
these fundamental rights[br]protected in a practical way
0:32:39.940,0:32:43.460
is an important thing for us to build[br]and for all of us to contribute to,
0:32:43.460,0:32:47.139
and for every person to[br]have. That is, I think,
0:32:47.139,0:32:50.040
the best kind of political solution[br]we can come up with.
0:32:50.040,0:32:54.110
Though it is a very controversial[br]one in some ways. I think that
0:32:54.110,0:32:57.890
we can’t actually do it unless everyone[br]really starts to agree with us.
0:32:57.890,0:33:01.920
And we are making a lot of positive change[br]in this. As we saw with the network graph.
0:33:01.920,0:33:05.590
But this comes from[br]Mutual Aid and Solidarity.
0:33:05.590,0:33:09.019
Which most of the people[br]in this room provide.
0:33:09.019,0:33:12.809
Roger: And that diversity of[br]users is actually technically
0:33:12.809,0:33:16.289
what makes Tor safe. You need to have
0:33:16.289,0:33:20.549
activists in various countries,[br]and folks in Russia right now,
0:33:20.549,0:33:24.019
and law enforcement around the[br]world. You need to have them all
0:33:24.019,0:33:27.580
in the same network. Otherwise[br]if I see that you’re using Tor,
0:33:27.580,0:33:31.330
I can start guessing why you’re using[br]Tor. So we need that diversity
0:33:31.330,0:33:35.109
of users. Not just for[br]a perception perspective
0:33:35.109,0:33:39.180
but for an actual technical perspective.[br]We need to have all the different
0:33:39.180,0:33:42.350
types of users out there blending[br]into the same system
0:33:42.350,0:33:46.569
so that they can keep each other[br]safe. So part of the hobbies
0:33:46.569,0:33:50.370
that each Tor person has,[br]we’re all getting better
0:33:50.370,0:33:54.049
at outreach to various communities.[br]So, I mentioned earlier
0:33:54.049,0:33:58.100
that I talked to law enforcement to try[br]to teach them how these things work.
0:33:58.100,0:34:00.730
Turns out that having Jake talk to[br]law enforcement is not actually
0:34:00.730,0:34:02.759
the most effective way to[br]convince them of things
0:34:02.759,0:34:03.759
laughter[br]so…
0:34:03.759,0:34:07.670
Jacob: I’m, I’m, I’m, eh, you know, my[br]lawyer gave me some great advice
0:34:07.670,0:34:11.119
which I can tell you without breaking the[br]privilege of our other communications.
0:34:11.119,0:34:14.129
Which he says: “never miss the[br]chance to shut the fuck up!”
0:34:14.129,0:34:17.480
laughter[br]And that I think really really underscores
0:34:17.480,0:34:20.280
why I should not talk to the Police[br]about why they also need
0:34:20.280,0:34:24.070
traffic analysis resistance, reachability,[br]network security, privacy and anonymity.
0:34:24.070,0:34:27.250
Roger’s much much more diplomatic.
0:34:27.250,0:34:31.310
Roger: So at the same time we have[br]people talking to domestic violence
0:34:31.310,0:34:34.789
and abuse groups and teaching them[br]how to be safe. And at the same time
0:34:34.789,0:34:38.280
we have folks at corporations[br]learning how to be safe online.
0:34:38.280,0:34:42.389
We hear from large companies[br]who are saying: “I want to
0:34:42.389,0:34:46.510
put the entire corporate[br]traffic over Tor
0:34:46.510,0:34:50.230
because we actually do have adversaries[br]and they actually are spying on us
0:34:50.230,0:34:53.530
and they do want to learn what we’re[br]doing. So how do we become safe
0:34:53.530,0:34:57.370
from these situations?” So part of[br]what we need is help from all of you
0:34:57.370,0:35:00.790
to become outreach for all of your[br]communities. And get better
0:35:00.790,0:35:04.410
at teaching people about why privacy[br]is important for the communities
0:35:04.410,0:35:08.690
that you’re talking to and learn how to[br]use their language and convince them
0:35:08.690,0:35:11.480
that these things are important.[br]And at the same time teach them
0:35:11.480,0:35:15.460
about the other groups out there who[br]care. So that they can understand
0:35:15.460,0:35:20.730
that it’s a bigger issue than just[br]whatever they’re most focused on.
0:35:20.730,0:35:25.890
Okay, so, a while ago I wrote up[br]a list of 3 ways to destroy Tor.
0:35:25.890,0:35:29.210
The first way – we have[br]a handle on it for a while.
0:35:29.210,0:35:33.710
The first way is: change the laws[br]or the policies or the cultures
0:35:33.710,0:35:37.080
so that anonymity is outlawed.[br]And we’re pretty good
0:35:37.080,0:35:40.820
at fighting back in governments[br]and policy and culture etc.
0:35:40.820,0:35:44.820
and saying: “No, there are good uses of[br]these things, you can’t take them away
0:35:44.820,0:35:50.470
from the world”. The second way:[br]Make ISPs hate hosting exit relays.
0:35:50.470,0:35:54.210
And if more and more ISPs say:[br]“No, I’m not gonna do that”
0:35:54.210,0:35:57.340
then eventually the Tor Network[br]shrinks reducing the anonymity
0:35:57.340,0:36:00.820
it can provide because there’s not as[br]much diversity of where you might
0:36:00.820,0:36:04.480
pop out of the Tor Network to go to[br]the websites. So I think we’re doing
0:36:04.480,0:36:07.690
pretty well fighting that fight.[br]We’ve known about it for a while.
0:36:07.690,0:36:11.060
It’s one we’ve been focusing on[br]for a long time. Torservers.net
0:36:11.060,0:36:14.620
and a lot of other groups are doing great[br]work at building and maintaining
0:36:14.620,0:36:19.250
relationships with ISPs. But the third[br]one is one that we haven’t focused on
0:36:19.250,0:36:23.490
as much as we should. Which is:[br]make websites hate Tor users.
0:36:23.490,0:36:27.390
So a growing number of[br]places are just refusing
0:36:27.390,0:36:30.820
to hear from Tor users[br]at all. Wikipedia did it
0:36:30.820,0:36:33.910
a long time ago. Google gives[br]you a captcha if you’re lucky…
0:36:33.910,0:36:38.480
Jacob: That’s the best question, ever![br]If you like, that’s a good setup!
0:36:38.480,0:36:42.510
Roger: I’ll cover this one next. So,
0:36:42.510,0:36:46.940
Skype is another interesting example[br]here. If you run a Tor exit relay
0:36:46.940,0:36:50.340
and you try to skype with somebody[br]Microsoft hangs up on you.
0:36:50.340,0:36:53.350
And the reason for that is not that[br]they say: “Oh my god, Tor people
0:36:53.350,0:36:57.500
are abusing Skype!” – Microsoft pays[br]some commercial company out there
0:36:57.500,0:37:00.950
to give them a blacklist, they don’t even[br]know what’s on it, and the company
0:37:00.950,0:37:04.770
puts Tor exit IPs on it. And[br]now Microsoft blacklists all the
0:37:04.770,0:37:08.300
Tor exit relays. And they don’t even know[br]they’re doing it. They don’t even care.
0:37:08.300,0:37:12.510
So as more and more of these[br]blacklisting companies exist
0:37:12.510,0:37:16.960
we’re more and more screwed.[br]So we need help trying to
0:37:16.960,0:37:20.300
learn how to teach all of these[br]companies how to accept
0:37:20.300,0:37:24.950
users without thinking that IP addresses[br]are the right way to identify people.
0:37:24.950,0:37:29.120
Jacob: There might also be,[br]on point 3, a relationship here
0:37:29.120,0:37:32.320
with some of the other[br]points here. E.g. point 4.
0:37:32.320,0:37:35.870
Which is to say that when[br]a company does not want to
0:37:35.870,0:37:39.860
give you location anonymity[br]maybe there’s a reason for that.
0:37:39.860,0:37:44.300
I mean, I personally think that Wikipedia[br]is great, I don’t feel so great
0:37:44.300,0:37:48.480
about yelp and about Google, most of[br]the time. And I definitely don’t feel good
0:37:48.480,0:37:51.860
about Skype. Given what we’ve[br]learned it makes sense
0:37:51.860,0:37:56.930
that they would demonstrate that[br]they do not respect you as users.
0:37:56.930,0:38:01.680
And the Tor Network as a way to[br]protect users from them, actually.
0:38:01.680,0:38:05.620
And some of these places will[br]say that it's basically only being
0:38:05.620,0:38:10.120
used for abuse. Often they won’t have[br]metrics for it. And they will refuse
0:38:10.120,0:38:14.350
to work with us to come up with inventive[br]solutions, like e.g. something
0:38:14.350,0:38:18.150
where you have to use a[br]nym system of some kind,
0:38:18.150,0:38:22.010
in the case of Wikipedia, or something[br]where you solve a captcha, something
0:38:22.010,0:38:24.800
where you have to have an account,[br]something where you’re pseudononymous.
0:38:24.800,0:38:29.190
But you get to retain location privacy.[br]And actually, in a few cases,
0:38:29.190,0:38:32.591
it’s probably better that Tor is blocked[br]because they don’t even
0:38:32.591,0:38:36.040
provide secure logins when you’re not[br]using Tor. So it’s not necessarily
0:38:36.040,0:38:40.540
always a good thing to use the services,[br]anyway. So in a sort of funny sense
0:38:40.540,0:38:43.780
it could be helpful that they’re blocking[br]Tor. But we would like to improve
0:38:43.780,0:38:48.400
those things. And one thing is[br]to show that we need to build
0:38:48.400,0:38:52.500
some systems to get these properties. And[br]we need to show that it is the best thing
0:38:52.500,0:38:56.700
right now that we all can use. And[br]we need people that are working
0:38:56.700,0:38:59.790
with these companies, with these[br]communities, to actually help us
0:38:59.790,0:39:04.980
to understand how we can[br]better serve Tor community,
0:39:04.980,0:39:08.870
but also the Tor community that[br]overlaps with their community.
0:39:08.870,0:39:12.910
Especially Wikipedia. For me personally,[br]it kills me that the way that I get
0:39:12.910,0:39:16.130
to edit the Wikipedia, should I edit[br]it, is that I have to send an email
0:39:16.130,0:39:19.780
to someone, tell them an account I already[br]have, ask them to set a special flag
0:39:19.780,0:39:25.270
in the Wikipedia database,[br]and then I can log in and edit.
0:39:25.270,0:39:28.840
That’s not really the ideal solution,[br]I think. If I’m not being abusive
0:39:28.840,0:39:32.540
on Wikipedia I should be able to[br]have a pseudononymous way to edit.
0:39:32.540,0:39:35.310
I should be able to anonymously connect.[br]And I should be able to do that
0:39:35.310,0:39:38.190
from anywhere in the world, especially[br]when the local network is censoring me
0:39:38.190,0:39:43.340
and my only way to get to the[br]Wikipedia is to, in fact, use Tor
0:39:43.340,0:39:52.530
or something like it.[br]applause
0:39:52.530,0:39:57.310
So, the last point on that is this one:[br]I obviously joked the church man (?)
0:39:57.310,0:40:01.660
Roger: Yeah, so I was showing this to an[br]anonymity researcher and he started
0:40:01.660,0:40:05.800
yelling: “IPO, IPO, IPO, IPO…” as[br]soon as he saw this graph of Tor users
0:40:05.800,0:40:10.650
over time. So in the course of a week[br]or so we added about 4 or 5 million
0:40:10.651,0:40:14.980
Tor clients to the network.[br]And you’d think: “Oh wow,
0:40:14.980,0:40:19.280
this Snowden thing worked,[br]it’s great!” But actually,
0:40:19.280,0:40:24.020
some jerk in the Ukraine signed[br]up his 5 million node botnet.
0:40:24.020,0:40:26.890
Jacob: I mean, one of the good things[br]about this is that we learned that
0:40:26.890,0:40:30.940
the Tor Network scales to[br]more than 5 million users.
0:40:30.940,0:40:33.510
Roger: We’ve been working on[br]scalability: it works!
0:40:33.510,0:40:36.930
applause
0:40:36.930,0:40:41.900
Jacob: We had to make some changes.[br]There’s e.g. the NTor handshaking
0:40:41.900,0:40:46.180
which is using elliptic curves. That is[br]something which really helps to reduce
0:40:46.180,0:40:51.680
the load on the relays. This is a pretty[br]big change. But there’s a lot of work
0:40:51.680,0:40:54.750
that Mike Perry has done with load[br]balancing, lots of work by Nick Mathewson.
0:40:54.750,0:40:58.770
Lots of changes in the Tor Network[br]for scalability. But if this had been
0:40:58.770,0:41:01.670
like a real attacker, or if the botnet had[br]been turned against the Tor Network,
0:41:01.670,0:41:05.580
it probably would have been fatal,[br]I think. A really interesting detail is
0:41:05.580,0:41:09.900
that this was a botnet for Windows.[br]And Microsoft has the ability to remove
0:41:09.900,0:41:14.160
things that they flag as malicious.[br]And so they were going around
0:41:14.160,0:41:18.430
and removing Tor clients from[br]Microsoft Windows users
0:41:18.430,0:41:22.030
that were part of this botnet. Now when we[br]talked to them, my understanding is that
0:41:22.030,0:41:25.050
they only removed it when they were[br]certain that is was a Tor that came
0:41:25.050,0:41:29.270
from this botnet. That’s a lot of power[br]that Microsoft has there, though!
0:41:29.270,0:41:33.620
If you’re using Windows, trying to be[br]anonymous, with the device. Bad idea.
0:41:33.620,0:41:36.520
Roger: They actually removed the[br]bot and left the Tor client because
0:41:36.520,0:41:39.470
they weren’t sure whether they[br]should remove it. So actually
0:41:39.470,0:41:42.650
all those 5 millions are[br]still running Tor clients.
0:41:42.650,0:41:47.520
Jacob: Whhoops! So, interesting[br]point here, summer of Snowden.
0:41:47.520,0:41:51.840
It’s hard to tell. There’s[br]some piece of information
0:41:51.840,0:41:55.260
that we’re really missing here. Due to[br]the botnet happening at the same time
0:41:55.260,0:41:59.510
it’s really difficult to understand the[br]public response to the revelations
0:41:59.510,0:42:03.060
about NSA and spying.[br]Especially now. I mean:
0:42:03.060,0:42:06.590
we think that most of that is[br]botnet traffic. Over a million.
0:42:06.590,0:42:10.990
Over a million, where it goes[br]up. Over almost a 6 million.
0:42:10.990,0:42:14.910
So that’s a serious amount[br]of traffic, from that botnet.
0:42:14.910,0:42:18.830
And that is a really serious threat to[br]the Tor Network. It can be (?)
0:42:18.830,0:42:22.500
a couple of different ways. One of[br]these things, I mentioned before,
0:42:22.500,0:42:25.740
NTor handshake. But another thing[br]is: if every person in this room
0:42:25.740,0:42:29.350
were to run a Tor relay, even[br]a middle relay not an exit relay,
0:42:29.350,0:42:32.510
it would make it significantly harder to[br]melt the Tor Network.
0:42:32.510,0:42:33.510
I actually think
0:42:33.510,0:42:35.240
that would be incredible if you guys[br]would all do that.
0:42:35.240,0:42:36.490
I don’t think that[br]all of you will.
0:42:36.490,0:42:38.780
But if you did that would[br]make it so that we could survive
0:42:38.780,0:42:42.240
other events like this in the future.
0:42:42.240,0:42:49.760
applause
0:42:49.760,0:42:53.220
So someone sent a question which we’re[br]just gonna go ahead and answer now.
0:42:53.220,0:42:56.900
“When talking of funding for better[br]anonymity, what do you think,
0:42:56.900,0:42:59.060
in terms of money,[br]how much could you need?”
0:42:59.060,0:43:01.540
Well here’s a thing:
0:43:01.540,0:43:03.430
if you were willing to fund us[br]we would really like you.
0:43:03.430,0:43:04.810
Or I would really like it
0:43:04.810,0:43:07.850
especially, since I’m probably the one[br]that threatens the US Government funding
0:43:07.850,0:43:11.730
of Tor, more than any person in this room.
0:43:11.730,0:43:15.380
I think that it would be great if you[br]could match the Dollar-to-Dollar
0:43:15.380,0:43:17.830
that Government funders[br]bring to the table.
0:43:17.830,0:43:18.900
We would really like that.
0:43:18.900,0:43:21.800
It would be amazing if that was possible.
0:43:21.800,0:43:22.950
So there’s actually a hard number
0:43:22.950,0:43:24.250
on the website.
0:43:24.250,0:43:26.850
Or if you wanted to[br]– as much money as you have.
0:43:26.850,0:43:28.050
laughter[br]Feel free!
0:43:28.050,0:43:29.050
Either way –
0:43:29.050,0:43:32.860
Roger: To give you a sense of[br]scale: right now our 2014 budget
0:43:32.860,0:43:37.000
is looking like it will be somewhere[br]between 2 Mio US and 3 Mio US,
0:43:37.000,0:43:40.850
which is great except we’re trying to[br]do so many different things at once.
0:43:40.850,0:43:45.160
If it ends up on the 2 Mio US side[br]we basically have no funding
0:43:45.160,0:43:46.660
for making anonymity better.
0:43:46.660,0:43:48.940
If it ends up[br]more than that then
0:43:48.940,0:43:51.650
we’re in better shape and[br]we can make people more safe.
0:43:51.650,0:43:54.770
Jacob: And part of the thing is that we[br]have to build all sorts of tools that are
0:43:54.770,0:43:56.650
not directly related to Tor.
0:43:56.650,0:43:58.090
In many cases.
0:43:58.090,0:43:59.550
Especially because of the funding.
0:43:59.550,0:44:03.350
But because we want users to be[br]able to actually use the software
0:44:03.350,0:44:04.390
with something else.
0:44:04.390,0:44:06.440
It’s not nearly[br]enough to have a Tor.
0:44:06.440,0:44:07.440
You need to be able
0:44:07.440,0:44:08.440
to do something with the Tor.
0:44:08.440,0:44:09.440
You know?
0:44:09.440,0:44:11.310
And that’s a really difficult part.
0:44:11.310,0:44:15.410
But if there’s specific things we would[br]also be open to alternate funding models
0:44:15.410,0:44:19.340
where we fund very specific tasks e.g.[br]that would be a really great thing.
0:44:19.340,0:44:21.300
We haven’t really[br]experimented with that.
0:44:21.300,0:44:24.170
But on that note I wanted to talk[br]about classified information.
0:44:24.170,0:44:26.730
Everybody ready?[br]It’s not classified any more,
0:44:26.730,0:44:30.810
it’s on the internet?[br]I’m not sure. So,
0:44:30.810,0:44:33.620
this is probably the hot topic[br]I would say.
0:44:33.620,0:44:35.750
Probably the one[br]everyone wanted to know about.
0:44:35.750,0:44:38.200
So the NSA and GCHQ
0:44:38.200,0:44:41.790
have decided that they[br]don’t like anonymity,
0:44:41.790,0:44:44.880
and they’re doing everything that[br]they possibly can to attack it.
0:44:44.880,0:44:47.020
With a few exceptions.
0:44:47.020,0:44:48.640
So there’re[br]a few different programs
0:44:48.640,0:44:50.786
– I’m gonna talk a lot about this[br]on Monday. So I don’t wanna go
0:44:50.786,0:44:55.470
into too much detail about the[br]non-Tor aspects of it. But
0:44:55.470,0:45:01.220
for the Tor side of it – Quick Ant is[br]what’s called a question-filled data set.
0:45:01.220,0:45:02.530
This is a QFD.
0:45:02.530,0:45:05.910
What that means is it’s TLS related[br]sessions, as I understand it.
0:45:05.910,0:45:11.860
And it is recording data, i.e.[br]Data Retention about TLS sessions.
0:45:11.860,0:45:14.720
It’s pulled from a larger thing –[br]Flying Pig.
0:45:14.720,0:45:17.900
Which was revealed on I think,[br]a Brazilian Television clip, or someone
0:45:17.900,0:45:22.310
photographed a moving[br]picture of Glenn’s screen.
0:45:22.310,0:45:25.930
That program is kind of scary.[br]But not too scary.
0:45:25.930,0:45:28.930
Just looks like after the fact (?) Data[br]Retention.
0:45:28.930,0:45:29.930
Quantum Insert
0:45:29.930,0:45:34.540
on the other hand is a pretty[br]straightforward man-on-the-side-attack.
0:45:34.540,0:45:38.230
Foxacid, which is another thing which[br]we know that’s used against Tor users,
0:45:38.230,0:45:42.270
is basically just the ‘Tailored Access[br]and Operations’ web server farm
0:45:42.270,0:45:43.470
where they serve out malware.
0:45:43.470,0:45:45.560
Sort of like a watering hole attack.[br]Except
0:45:45.560,0:45:48.330
in this case they also combine it with[br]Quantum Insert.
0:45:48.330,0:45:49.330
So that when you visit
0:45:49.330,0:45:53.600
your Yahoo mail[br]– NSA and GCHQ love Yahoo –
0:45:53.600,0:45:57.520
even when you use Tor[br]they basically redirect you
0:45:57.520,0:46:01.210
by just tagging a little bit of data[br]into the TCP connection. And
0:46:01.210,0:46:03.570
of course Tor does its job, it flows all[br]the way back to you.
0:46:03.570,0:46:04.980
Your web browser[br]then loads it.
0:46:04.980,0:46:06.150
You’re now connected to[br]their server.
0:46:06.150,0:46:09.130
Their server delivers[br]malicious code.
0:46:09.130,0:46:12.390
And the use it[br]is to pop somebody.
0:46:12.390,0:46:17.040
From what I understand it took[br]them 8 months to hit one guy.
0:46:17.040,0:46:21.850
That’s fucking great, I think, that[br]we went from ‘everybody all the time
0:46:21.850,0:46:24.230
applause[br]being compromisable’ to ‘they have to
0:46:24.230,0:46:29.180
very carefully pick one person[br]and work for a long time’.
0:46:29.180,0:46:31.120
They really believe that[br]that’s the right target.
0:46:31.120,0:46:32.430
They really understand that
0:46:32.430,0:46:36.250
that is someone that they[br]want to go after. And
0:46:36.250,0:46:38.630
if that person were to keep their browser[br]up-to-date they probably would have been
0:46:38.630,0:46:40.970
ahead of the game.[br]Not exactly sure.
0:46:40.970,0:46:43.250
But there are some other things[br]that are really dangerous.
0:46:43.250,0:46:45.580
Which is[br]Quantum Cookie, e.g. Quantum Cookie
0:46:45.580,0:46:49.240
is a program where basically[br]they’re able to elicit
0:46:49.240,0:46:53.190
from a connection other connections[br]from your web browser
0:46:53.190,0:46:55.760
which will get you to[br]leak cookie information.
0:46:55.760,0:46:58.180
So let’s say you happen to[br]log-in to a Yahoo account.
0:46:58.180,0:47:00.750
And that was a known[br]selector for surveillance.
0:47:00.750,0:47:03.920
And then they thought you might also have[br]a Gmail cookie that wasn’t marked secure
0:47:03.920,0:47:07.970
and you might also have another[br]search engine; or you might have
0:47:07.970,0:47:08.970
some other cookies.
0:47:08.970,0:47:10.870
Then they would[br]basically insert things that your browser
0:47:10.870,0:47:14.530
will then request insecurely over the same[br]connection, to (?) tie them together,
0:47:14.530,0:47:15.680
correlate that.
0:47:15.680,0:47:17.910
And then they will extract[br]it and they’ll be able to tell that
0:47:17.910,0:47:20.000
this selector is linked to[br]these other selectors.
0:47:20.000,0:47:22.370
’Cause they basically been able[br]to actively probe.
0:47:22.370,0:47:25.650
A solution to that is[br]‘Https Everywhere’ which we already ship
0:47:25.650,0:47:29.480
in the Tor Browser Bundle[br]but also to be aware about
0:47:29.480,0:47:33.090
session isolation to maybe[br]even if you’re using things
0:47:33.090,0:47:36.940
where you’re trying to it as securely as[br]possible – not every site will offer TLS
0:47:36.940,0:47:40.690
to actually make sure that the[br]Tor browser only has the exact
0:47:40.690,0:47:43.980
set of credentials you need for the thing[br]you’re doing at that time.
0:47:43.980,0:47:46.240
So that’s
0:47:46.240,0:47:48.220
incredibly straight-forward stuff.
0:47:48.220,0:47:49.790
In terms of the hacker[br]community this is like
0:47:49.790,0:47:52.410
not even really interesting, actually.
0:47:52.410,0:47:53.800
The thing that makes it interesting is
0:47:53.800,0:47:55.920
that they do it at internet scale.
0:47:55.920,0:47:57.100
And that they’re trying to watch
0:47:57.100,0:47:59.610
the entire internet all the time.
0:47:59.610,0:48:01.110
Another interesting fact about this is
0:48:01.110,0:48:04.520
that you would imagine that not[br]routing through Five Eyes countries
0:48:04.520,0:48:06.350
would make you safer in some way.
0:48:06.350,0:48:08.650
I don’t think that’s actually true.
0:48:08.650,0:48:12.480
From what I can tell they actually[br]have some restrictions, if you route
0:48:12.480,0:48:13.980
through the Five Eyes countries.
0:48:13.980,0:48:16.050
And if you are not in[br]a Five Eyes country,
0:48:16.050,0:48:20.230
like Germany, they have no restrictions.
0:48:20.230,0:48:24.000
So if you behave differently we know[br]from an anonymity perspective
0:48:24.000,0:48:25.580
that that’s worse for you.
0:48:25.580,0:48:28.410
And if you behave differently[br]in this particular way
0:48:28.410,0:48:31.960
then there are legal answers that[br]show that you shouldn’t break out
0:48:31.960,0:48:35.990
from the regular way that Tor[br]users and Tor clients behave.
0:48:35.990,0:48:39.460
But the key point to take home is[br]that every single person here
0:48:39.460,0:48:43.790
has the same set of problems[br]if they’re not using Tor.
0:48:43.790,0:48:46.490
And it is easier for them.
0:48:46.490,0:48:48.090
So that’s a huge,[br]huge difference.
0:48:48.090,0:48:53.240
And the last point, I think is a key one[br]which Roger has a great story for.
0:48:53.240,0:48:57.350
Roger: Yeah, so they… the story[br]here is they look at Tor traffic
0:48:57.350,0:48:59.010
coming out of Tor exit relays.
0:48:59.010,0:49:00.740
They don’t know who the person is.[br]And they have
0:49:00.740,0:49:04.110
to make a decision there: do I try the[br]Quantum Insert and the Foxacid,
0:49:04.110,0:49:06.750
do I try to break into their browser?[br]Or do I leave them alone.
0:49:06.750,0:49:10.210
And when they see the Tor flow[br]they don’t know who it is.
0:49:10.210,0:49:11.830
So on the one hand, that’s great.
0:49:11.830,0:49:13.770
They can’t do target attacks.
0:49:13.770,0:49:15.460
They have to do broad[br]attacks and then
0:49:15.460,0:49:19.130
check/wait (?) later to see whether[br]they broke into the right person.
0:49:19.130,0:49:22.520
But as soon as the Guardian[br]articles went up about this,
0:49:22.520,0:49:26.530
DNI – the something National Intelligence[br]– put out a press release, saying:
0:49:26.530,0:49:32.200
“We’d like to assure everybody[br]that we never attack Americans”.
0:49:32.200,0:49:36.360
Jacob: So first of all – on behalf of[br]the American people and the US Government
0:49:36.360,0:49:40.380
which I do not represent:[br]I’m so sorry that
0:49:40.380,0:49:43.700
my country keeps embarrassing the rest[br]of the reasonable Americans, of which
0:49:43.700,0:49:48.250
there are plenty, many of us that are not[br]James Clapper, that total fucking asshole.
0:49:48.250,0:49:54.550
applause
0:49:54.550,0:49:55.540
to Roger:[br]We have 5 minutes.
0:49:55.540,0:49:57.430
applause
0:49:57.430,0:50:01.560
Roger: So the reason why that story is[br]particularly interesting is that: I talked
0:50:01.560,0:50:05.000
to an actual NSA person a couple of weeks[br]ago… and I’m like: “Wait, you never attack
0:50:05.000,0:50:09.050
Americans but you have to blank-and-attack[br]everybody and then find out who it was”.
0:50:09.050,0:50:12.690
And he said: “Oh no no no no, we watch[br]them log into Facebook and if they log in
0:50:12.690,0:50:14.790
as the user we’re trying to attack[br]then we attack them.
0:50:14.790,0:50:15.790
No problem.”
0:50:15.790,0:50:19.230
Jacob: And they do the blanket[br]dragnet surveillance. So,
0:50:19.230,0:50:22.330
an interesting point of course is that we[br]always heard…
0:50:22.330,0:50:23.570
I once met someone
0:50:23.570,0:50:26.500
who explained to me: “The NSA obviously[br]runs lots of Tor nodes like they were
0:50:26.500,0:50:28.850
like 90.000 Tor nodes”,[br]I think was the number.
0:50:28.850,0:50:31.860
I wish we had 90.000 Tor nodes.[br]That’d be incredible.
0:50:31.860,0:50:34.880
You know[br]we’re like, what, at about 4..5000
0:50:34.880,0:50:38.440
at any given point in time, that are[br]stable, of which are 1/3 are exit relays.
0:50:38.440,0:50:39.440
Right.
0:50:39.440,0:50:43.280
So it turns out when the NSA did[br]run some, they ran half a dozen.. a dozen?
0:50:43.280,0:50:44.740
Roger: They ran about 10.
0:50:44.740,0:50:45.740
And they[br]were small.
0:50:45.740,0:50:46.740
And short-lived.
0:50:46.740,0:50:48.920
On EC2.
0:50:48.920,0:50:51.400
But that should not[br]make you happy.
0:50:51.400,0:50:52.450
It doesn’t matter
0:50:52.450,0:50:54.880
whether the NSA runs Tor relays.
0:50:54.880,0:50:57.610
They can watch your Tor relays.
0:50:57.610,0:51:01.490
If you run a Tor relay at a[br]great place anywhere in the US
0:51:01.490,0:51:05.600
or Germany or wherever they’re good[br]at spying on they watch the upstream
0:51:05.600,0:51:08.660
of your relay and they get almost[br]what they would get from running
0:51:08.660,0:51:09.910
their own relay.
0:51:09.910,0:51:12.140
So what we should be[br]worried about – we should not be worried
0:51:12.140,0:51:13.750
that they’re running relays.
0:51:13.750,0:51:16.830
It’s a concern, but the[br]bigger concern is
0:51:16.830,0:51:18.360
that they’re watching the whole internet.
0:51:18.360,0:51:20.730
And the internet is much more centralized
0:51:20.730,0:51:22.010
than we think it is.
0:51:22.010,0:51:24.320
There are a lot more[br]bottle-necks where if you watch them
0:51:24.320,0:51:26.850
you get to see a lot of[br]different Tor traffic.
0:51:26.850,0:51:29.510
So the problem is not so much
0:51:29.510,0:51:33.400
“Are they running relays?” as “How[br]many normal relays can they watch?”
0:51:33.400,0:51:37.400
And if you’re thinking about a large[br]adversary like NSA: the answer could be:
0:51:37.400,0:51:39.840
“A third?”, “Half?”.
0:51:39.840,0:51:42.020
We don’t know[br]how many deals they have.
0:51:42.020,0:51:46.740
Jacob: So, an interesting point here is[br]that one-hop-proxies are… or VPN
0:51:46.740,0:51:49.970
– who here uses a VPN to some[br]kind of commercial VPN service?
0:51:49.970,0:51:51.770
about 1/4 raised hands[br]Right.
0:51:51.770,0:51:54.620
So this is a pretty big problem,
0:51:54.620,0:51:55.620
I think.
0:51:55.620,0:51:57.920
Which is that you end up with the[br]hide-my-ass problem.
0:51:57.920,0:51:58.920
Which is that –
0:51:58.920,0:52:00.550
first of all that company, it’s a problem.
0:52:00.550,0:52:01.990
Second of all, what they do to their users
0:52:01.990,0:52:03.090
is also a problem.
0:52:03.090,0:52:05.480
Which is that they[br]basically promote their service
0:52:05.480,0:52:09.130
for revolution in Egypt, e.g. but when[br]someone used it because they disagreed
0:52:09.130,0:52:13.370
with the policies of the UK then[br]they turned them over.
0:52:13.370,0:52:14.370
Interesting point.
0:52:14.370,0:52:17.810
We need to build decentralized systems[br]where they can’t make that choice.
0:52:17.810,0:52:20.520
We need to make sure that that[br]isn’t actually happening.
0:52:20.520,0:52:21.520
And one of the things
0:52:21.520,0:52:25.900
that we’re trying to drive home is[br]that – and I really think it’s important
0:52:25.900,0:52:29.920
to take this to heart –[br]one-hop-proxies or VPNs,
0:52:29.920,0:52:33.700
as we have said for more that a[br]decade, are not safe. Especially
0:52:33.700,0:52:37.740
if you think about when they from the[br]QuickANT and from the Flying Pig software,
0:52:37.740,0:52:40.800
they’re recording traffic[br]information about connections.
0:52:40.800,0:52:41.800
And in some cases
0:52:41.800,0:52:44.850
we know – thanks to Laura Poitras[br]and James Risen – that they have
0:52:44.850,0:52:48.490
Data Retention which is something[br]like – what is it, 10..15 years,
0:52:48.490,0:52:51.350
5 years online, 10 years[br]offline, is that right?
0:52:51.350,0:52:54.230
Right. Okay.[br]That’s bad news.
0:52:54.230,0:52:58.710
We know that the math[br]for VPNs is not in your favor.
0:52:58.710,0:53:03.340
So that said: What[br]happens with this stuff?
0:53:03.340,0:53:04.340
Right?
0:53:04.340,0:53:08.020
What happens is what happened[br]e.g. with the Silk Road fellow.
0:53:08.020,0:53:10.240
Or maybe not.[br]It’s not clear.
0:53:10.240,0:53:11.930
It could be that the guy used a VPN.
0:53:11.930,0:53:15.380
Which is braindead.[br]But it could also be that
0:53:15.380,0:53:19.430
the NSA has this data and tried[br]to pull off a retractive attack
0:53:19.430,0:53:23.630
once they already had him from[br]other things like auguring fake IDs.
0:53:23.630,0:53:26.300
We don’t know which in the case[br]of Silk Road.
0:53:26.300,0:53:27.410
But we can tell you
0:53:27.410,0:53:30.970
that it’s pretty clearly a bad[br]idea to do it if you’re going to
0:53:30.970,0:53:31.970
do something interesting.
0:53:31.970,0:53:34.720
It’s probably also a bad[br]idea to do it just generally
0:53:34.720,0:53:39.030
because you don’t even know what[br]’interesting’ is in 5 or 10 years. So
0:53:39.030,0:53:43.470
parallel construction is a really[br]serious problem, and we think,
0:53:43.470,0:53:46.270
probably, if we could expand the[br]Tor Network, we would make it
0:53:46.270,0:53:47.700
significantly harder to do this.
0:53:47.700,0:53:49.200
It would[br]make it significantly harder for them
0:53:49.200,0:53:51.660
to do it, especially if you replace your[br]VPN with Tor.
0:53:51.660,0:53:52.660
There are some trade-offs
0:53:52.660,0:53:53.970
with that, though.
0:53:53.970,0:53:55.760
So the real question is[br]what your threat model is.
0:53:55.760,0:53:57.240
And you really[br]have to think about it.
0:53:57.240,0:53:58.760
And then also understand[br]that we live in a world now
0:53:58.760,0:54:02.800
where Law Enforcement and[br]Intelligence Services, they seem to be
0:54:02.800,0:54:04.680
blending together.
0:54:04.680,0:54:07.390
And they seem to be blending[br]together across the whole planet
0:54:07.390,0:54:08.390
in secret.
0:54:08.390,0:54:10.420
Which is a serious problem[br]for the threat model of Tor.
0:54:10.420,0:54:13.130
Roger: So I actually talked to[br]some FBI people and I said:
0:54:13.130,0:54:15.050
So which one of these is it?
0:54:15.050,0:54:17.610
And they said: Well, we[br]never get tips from the NSA.
0:54:17.610,0:54:21.060
We’re good, honest Law enforcement,[br]they’re doing something bad,
0:54:21.060,0:54:22.760
but why should that affect us?
0:54:22.760,0:54:25.790
And my response was: “Well,[br]NSA says they told you!
0:54:25.790,0:54:29.520
So, are you lying[br]to me or are they lying to you?
0:54:29.520,0:54:31.450
Or what’s going on here?”
0:54:31.450,0:54:34.260
And I don’t actually[br]know the right solution here.
0:54:34.260,0:54:38.540
So scenario 1: The NSA[br]anonymously tips the FBI
0:54:38.540,0:54:40.850
and they go check something out and[br]they say: “Well I need to build a case
0:54:40.850,0:54:41.850
that they do”.
0:54:41.850,0:54:44.730
Scenario 2: Some anonymous[br]whistleblower tips off the FBI
0:54:44.730,0:54:46.060
and they go build a case.
0:54:46.060,0:54:47.720
From the FBI’s perspective[br]these are the same:
0:54:47.720,0:54:50.050
“I got a tip, I build a case.
0:54:50.050,0:54:52.260
Why should I care where[br]it came from?” And
0:54:52.260,0:54:56.060
so should we build a Know-your-customer[br]Law so that the FBI has to know
0:54:56.060,0:54:58.790
their informers or whistleblowers?
0:54:58.790,0:55:00.770
Should we rely on the NSA
0:55:00.770,0:55:01.770
to regulate itself?
0:55:01.770,0:55:05.220
Should we rely[br]on the Congress to regulate NSA?
0:55:05.220,0:55:07.460
None of these are good answers.
0:55:07.460,0:55:09.250
Jacob: So, we have a very[br]limited amount of time.
0:55:09.250,0:55:10.250
And in order to be able
0:55:10.250,0:55:14.390
to address some questions we[br]will probably skip a few things
0:55:14.390,0:55:15.690
and we’ll put these slides[br]online.
0:55:15.690,0:55:18.150
But short/quick
0:55:18.150,0:55:20.930
summaries for a few of these slides, then[br]we’re gonna address some questions.
0:55:20.930,0:55:22.970
One of them is that we want to improve[br]Hidden Services.
0:55:22.970,0:55:23.970
Even though they
0:55:23.970,0:55:26.040
haven’t been broken as far as we[br]understand from any of the documents
0:55:26.040,0:55:27.590
that have been released.
0:55:27.590,0:55:29.230
We still[br]want to make them stronger,
0:55:29.230,0:55:30.760
because we wanna be ahead of the game.
0:55:30.760,0:55:31.760
We don’t want to play Catch-Up.
0:55:31.760,0:55:35.440
Roger: We especially need to improve[br]the usability and performance of them.
0:55:35.440,0:55:38.990
Because right now they’re a toy[br]that only really dedicated people
0:55:38.990,0:55:40.160
get working.
0:55:40.160,0:55:42.510
And the more[br]mainstream we could make them
0:55:42.510,0:55:44.550
the more broad uses we are going to see.
0:55:44.550,0:55:46.040
The reason why people keep hearing
0:55:46.040,0:55:50.180
about high-profile bad Hidden Services[br]is that we don’t have enough
0:55:50.180,0:55:54.500
good use cases in action yet that[br]lots of people are experiencing.
0:55:54.500,0:55:58.740
Jacob: The most important thing for all of[br]the – let’s say – Cypherpunks movement
0:55:58.740,0:56:02.400
to understand is that when[br]you have usable crypto
0:56:02.400,0:56:04.420
you are doing the right thing.
0:56:04.420,0:56:06.330
When[br]you have strong peer-reviewed
0:56:06.330,0:56:10.150
Free Software to implement that, and[br]it’s built on a platform where you can
0:56:10.150,0:56:13.650
look at the whole stack you’re[br]really ahead of the game.
0:56:13.650,0:56:15.370
There’s a lot to be done in that.
0:56:15.370,0:56:17.670
And if we do that[br]for Hidden Services
0:56:17.670,0:56:22.490
I think we’ll have similar returns that[br]you’ll see with other crypto projects.
0:56:22.490,0:56:25.950
Roger: So one of the other great things in[br]the Tor world is the number of researchers
0:56:25.950,0:56:30.820
who are doing great work at evaluating[br]and improving Tor’s anonymity.
0:56:30.820,0:56:34.740
So there are a couple of papers that were[br]out over the past year talking about
0:56:34.740,0:56:39.380
how we didn’t actually choose the[br]right guard rotation parameters.
0:56:39.380,0:56:42.810
I’m not going to get into that in detail[br]in our last couple of minutes.
0:56:42.810,0:56:46.490
But the very brief version is:
0:56:46.490,0:56:51.109
if you can attack both sides of the[br]network and they run 10% of the network
0:56:51.109,0:56:54.930
– they, the adversary run 10% of the[br]network – the chance over time,
0:56:54.930,0:56:59.280
the blue line is the current situation,[br]where you choose 3 first hops,
0:56:59.280,0:57:02.310
3 entry guards and you rotate every[br]couple of months – over time
0:57:02.310,0:57:05.930
the chance that you get screwed by an[br]adversary who runs 10% of the network
0:57:05.930,0:57:07.120
is pretty high.
0:57:07.120,0:57:10.160
But if we change it[br]to 1 guard and you don’t rotate
0:57:10.160,0:57:13.770
then we’re at the green line which[br]is a lot better against an adversary
0:57:13.770,0:57:15.300
who’s really quite large.
0:57:15.300,0:57:17.750
This is an adversary[br]larger than torservers.net
0:57:17.750,0:57:19.750
e.g. So A...
0:57:19.750,0:57:21.440
Jacob: Arts (?) is no adversary, right?
0:57:21.440,0:57:26.510
Roger: So a pretty large attacker we[br]need to move it from the blue line
0:57:26.510,0:57:27.760
down to the green line.
0:57:27.760,0:57:30.510
And that’s[br]an example of the anonymity work
0:57:30.510,0:57:31.510
that we need to do.
0:57:31.510,0:57:33.130
-- So, what’s next?
0:57:33.130,0:57:35.420
Tor, endorsed by Egyptian activists,
0:57:35.420,0:57:40.070
Wikileaks, NSA, GCHQ, Chelsea[br]Manning, Edward Snowden…
0:57:40.070,0:57:42.870
Different communities like[br]Tor for different reasons.
0:57:42.870,0:57:46.060
Some of our funders we go to them with[br]that sentence – basically everybody
0:57:46.060,0:57:47.120
we go to with that sentence.
0:57:47.120,0:57:50.050
It’s like:[br]“I like those 3 examples but I don’t like
0:57:50.050,0:57:51.670
those 2 examples”.
0:57:51.670,0:57:55.650
So part of what we[br]need to do is help them to understand
0:57:55.650,0:58:02.030
why all of these different[br]examples matter.
0:58:02.030,0:58:04.940
Jacob: That said, I tend to believe[br]that we need to be engaged
0:58:04.940,0:58:09.090
in a pretty big way and thanks[br]to the people of Ecuador,
0:58:09.090,0:58:12.800
especially the people running the Minga-tec[br]community events, they have actually
0:58:12.800,0:58:17.120
put together a real model which[br]should be emulated probably
0:58:17.120,0:58:20.960
by the rest of the world where they really[br]engage with civil society, and they’re
0:58:20.960,0:58:24.450
actually able to arrange for meetings[br]with e.g. the Foreign Minister
0:58:24.450,0:58:27.530
or with various other people involved in[br]the National Assembly.
0:58:27.530,0:58:28.530
And as a result
0:58:28.530,0:58:31.570
they had Article 474, which they[br]proposed, which was basically
0:58:31.570,0:58:33.500
the worst Data Retention[br]Law you can imagine.
0:58:33.500,0:58:35.050
It included video taping
0:58:35.050,0:58:39.810
in Internet Cafés, 6 months dragnet[br]surveillance, all sorts of awful stuff.
0:58:39.810,0:58:43.320
And they were able to, in the[br]course of, I would say 3..6 months,
0:58:43.320,0:58:46.210
this is mostly the FLOK Society,[br]actually.
0:58:46.210,0:58:47.210
They were able to organize
0:58:47.210,0:58:49.190
a real discussion about this.
0:58:49.190,0:58:50.880
And we[br]were able to get this proposed part
0:58:50.880,0:58:53.010
of the penal code completely removed.
0:58:53.010,0:58:54.540
At the end of November of last year…
0:58:54.540,0:58:56.580
early December… of this year.
0:58:56.580,0:58:58.290
So just about a month ago.
0:58:58.290,0:59:01.620
So if we really work together[br]across the spectrum,
0:59:01.620,0:59:06.030
we see, right now, in Ecuador[br]e.g. changing (?) away
0:59:06.030,0:59:09.250
by showing them that fundamentally:[br]the game is rigged.
0:59:09.250,0:59:10.250
If you choose
0:59:10.250,0:59:12.660
to spy on your citizens then the NSA[br]always wins.
0:59:12.660,0:59:13.790
And the NSA wants people
0:59:13.790,0:59:16.390
to believe that everybody is doing[br]the spying.
0:59:16.390,0:59:17.390
So one of the things
0:59:17.390,0:59:20.750
I explained to people in the Ecuadorian[br]Government and in Ecuadorian civil society
0:59:20.750,0:59:23.140
is that you can choose a different game.
0:59:23.140,0:59:24.490
You can choose not to play that game.
0:59:24.490,0:59:28.890
The only people that win when you[br]choose that game are the NSA,
0:59:28.890,0:59:30.900
and potentially you[br]– a few times.
0:59:30.900,0:59:31.900
But the NSA will get
0:59:31.900,0:59:34.620
whatever data you[br]have stored away.
0:59:34.620,0:59:35.620
If you want to be secure
0:59:35.620,0:59:38.360
against the dragnet surveillance, if[br]you want to be secure against people
0:59:38.360,0:59:41.720
who will break into that system you[br]must not have that system in existence.
0:59:41.720,0:59:43.640
You must choose a different paradigm.
0:59:43.640,0:59:45.350
And when I told this to people in Ecuador
0:59:45.350,0:59:47.770
and they understood the trade-offs,[br]and they understood that they are
0:59:47.770,0:59:50.670
not the best at surveilling[br]the whole planet.
0:59:50.670,0:59:51.670
They understood that they’re
0:59:51.670,0:59:53.350
not the best in internet security yet.
0:59:53.350,0:59:55.570
They realized that the game is rigged.
0:59:55.570,0:59:58.290
And they got rid of Article[br]474 from the penal code.
0:59:58.290,1:00:02.030
And there is no Data Retention[br]there in that penal code now.
1:00:02.030,1:00:10.310
applause
1:00:10.310,1:00:14.550
But I have to stress this not[br]because of 1 or 2 or 10 people,
1:00:14.550,1:00:17.260
it’s because of a broad[br]civil society movement.
1:00:17.260,1:00:18.450
Which is what we’ve also seen
1:00:18.450,1:00:20.840
in Germany, and in other places.
1:00:20.840,1:00:23.130
So this is something which you[br]should have a lot of hope about.
1:00:23.130,1:00:25.590
It’s not actually[br]dark everywhere.
1:00:25.590,1:00:28.540
We are actually making[br]positive steps forward.
1:00:28.540,1:00:31.670
Roger: So there are other tools[br]that we would like help with.
1:00:31.670,1:00:35.670
E.g. tails is a live CD, WiNoN and[br]other approaches are trying
1:00:35.670,1:00:40.260
to add VM to it, so that even if[br]you can break out of the browser,
1:00:40.260,1:00:43.410
there’s something else you have[br]to break out, other sandboxes.
1:00:43.410,1:00:44.410
And there are
1:00:44.410,1:00:47.090
a lot of other crypto improvements that[br]we’re happy to talk about afterwards.
1:00:47.090,1:00:50.860
The Tor Browser Bundle, the new one, has[br]a bunch of really interesting features.
1:00:50.860,1:00:53.480
Deterministic Builds is[br]one of the coolest parts of it.
1:00:53.480,1:00:54.480
Where everybody here can
1:00:54.480,1:00:57.940
build the Tor Browser Bundle and end up[br]with an identical binary.
1:00:57.940,1:00:58.940
So that you can
1:00:58.940,1:01:01.440
check to see that it[br]really is the same one.
1:01:01.440,1:01:02.550
And here’s a screenshot
1:01:02.550,1:01:03.550
of the new one.
1:01:03.550,1:01:06.880
It no longer has[br]Vidalia in it, it’s all just a browser
1:01:06.880,1:01:11.050
with a Firefox extension that[br]has a Tor binary and starts it.
1:01:11.050,1:01:14.510
So we’re trying to stream-line it[br]and make it a lot simpler and safer.
1:01:14.510,1:01:18.890
I’d love to chat with you afterwards about[br]the core Tor things that we’re up to
1:01:18.890,1:01:22.310
in terms of building the actual program[br]called Tor but also the Browser Bundle,
1:01:22.310,1:01:25.590
and metrics, and censorship[br]resistance etc.
1:01:25.590,1:01:30.020
And then, as a final note:[br]We accept Bitcoin now.
1:01:30.020,1:01:34.840
Which is great.[br]applause
1:01:34.840,1:01:37.360
Jacob: So all of the Bitcoin[br]millionaires in this community:
1:01:37.360,1:01:41.760
we would really encourage you to help us[br]get off of the US Government funding.
1:01:41.760,1:01:43.080
Don’t just complain, help us!
1:01:43.080,1:01:45.930
Mutual Aid[br]and Solidarity means exactly that:
1:01:45.930,1:01:47.960
to put some money where[br]your mouth is!
1:01:47.960,1:01:49.760
We’d really like to do that.
1:01:49.760,1:01:53.510
And it’s really important to show people[br]that we have alternative methods
1:01:53.510,1:01:55.330
of funding community-based[br]projects.
1:01:55.330,1:01:56.690
So think about it
1:01:56.690,1:01:59.790
and you can, if you’d like, use Bitcoin.
1:01:59.790,1:02:04.030
Roger: A last, right now, BitPay is[br]limiting you to 1000 Dollars of Bitcoin
1:02:04.030,1:02:05.180
per donation.
1:02:05.180,1:02:07.550
We’re hoping to lift[br]that in the next couple of days.
1:02:07.550,1:02:12.620
But if you would like to give us lots of[br]Bitcoins, please don’t get discouraged.
1:02:12.620,1:02:16.400
And then, as a final note: starting[br]right now in Noisy Square
1:02:16.400,1:02:20.720
is an event on how to help Tor and there[br]will be a lot of Tor people there,
1:02:20.720,1:02:24.240
and we’d love to help teach you[br]and answer your questions
1:02:24.240,1:02:26.330
and help you become part of the community.
1:02:26.330,1:02:28.730
We need you to teach other people
1:02:28.730,1:02:30.920
why Tor is important.
1:02:30.920,1:02:32.230
Jacob: Thank you!
1:02:32.230,1:02:38.540
applause
1:02:38.540,1:02:40.810
no time for Q&A left
1:02:40.810,1:02:44.290
*Subtitles created by c3subtitles.de[br]in the year 2016.
1:02:44.290,1:02:47.733
Join and help us!*