1
00:00:09,559 --> 00:00:13,359
Herald: So now, the next talk that
we have here for one hour from 8:30
2
00:00:13,359 --> 00:00:17,689
’til 9:30 PM is “The Tor Network
– we’re living in interesting times”.
3
00:00:17,689 --> 00:00:21,499
I don’t know how many of you are familiar
with the works of Terry Pratchett.
4
00:00:21,499 --> 00:00:26,680
But anyways, in the novels of Terry
Pratchett there is the saying:
5
00:00:26,680 --> 00:00:30,509
“And may you live in interesting
times!” that is actually a curse
6
00:00:30,509 --> 00:00:33,780
for someone that you especially
dislike; because it usually means
7
00:00:33,780 --> 00:00:36,700
that you’re in a lot of trouble. So
I guess we’re all very excited
8
00:00:36,700 --> 00:00:40,610
for this year’s ‘Tor Talk’ by the
everlasting Dream Team:
9
00:00:40,610 --> 00:00:44,210
Jacob Appelbaum and Roger
Dingledine! There you go!
10
00:00:44,210 --> 00:00:46,969
cheers and applause
Give it up!
11
00:00:46,969 --> 00:00:54,659
huge applause
12
00:00:54,659 --> 00:00:58,320
Jacob Appelbaum: So, thanks very much
to the guy who brought me a Mate.
13
00:00:58,320 --> 00:01:00,979
I learned his name is Alexander. It’s
never a good idea to take drugs
14
00:01:00,979 --> 00:01:04,589
from strangers, so I introduced
myself before I drank it. Thank you.
15
00:01:04,589 --> 00:01:07,370
laughter
16
00:01:07,370 --> 00:01:11,010
First I wanted to say that following up
after Glenn Greenwald is a great honor
17
00:01:11,010 --> 00:01:15,250
and a really difficult thing to do, that’s
a really tough act to follow, and
18
00:01:15,250 --> 00:01:18,860
he’s pretty much one of,
I think, our heroes. So, it’s
19
00:01:18,860 --> 00:01:22,729
really great to be able to share the stage
with him, even for just a brief moment.
20
00:01:22,729 --> 00:01:25,500
And I wanted to do something a little
unconventional when we started
21
00:01:25,500 --> 00:01:28,660
and Roger agreed. Which is that we
want people who have questions
22
00:01:28,660 --> 00:01:32,439
– since I suspect some things happened
this year that arouse a lot of questions
23
00:01:32,439 --> 00:01:37,000
in people – we’d like you to write those
questions down, pass them to an Angel
24
00:01:37,000 --> 00:01:40,940
or to just bring them to the front
of the stage as soon as possible
25
00:01:40,940 --> 00:01:44,870
during the talk, so that we can answer as
many of your questions as is possible.
26
00:01:44,870 --> 00:01:47,939
This is a lot of stuff that happened,
there’s a lot of confusion, and we wanna
27
00:01:47,939 --> 00:01:51,689
make sure that people feel like
we are actually answering
28
00:01:51,689 --> 00:01:55,620
those questions in a useful way.
And if you wanna do that, it’d be great,
29
00:01:55,620 --> 00:01:59,100
and otherwise, we’re gonna try to have
the second half of our talk be mostly
30
00:01:59,100 --> 00:02:03,429
space for questioning.
So with that, here is Roger.
31
00:02:03,429 --> 00:02:06,659
Roger Dingledine: Okay, so, a lot of
things have happened over this past year,
32
00:02:06,659 --> 00:02:09,220
and we’re gonna try to cover
as many of them as we can.
33
00:02:09,220 --> 00:02:12,600
Here’s a great quote
from either NSA or GCHQ,
34
00:02:12,600 --> 00:02:14,930
I’m actually not sure which one it is.
35
00:02:14,930 --> 00:02:17,600
But we’re gonna start a little bit
earlier in the process than this
36
00:02:17,600 --> 00:02:20,840
and work our way up to that.
So, we’re in a war,
37
00:02:20,840 --> 00:02:23,530
or rather, conflict of perception here.
38
00:02:23,530 --> 00:02:26,080
There are a lot – I mean,
you saw Glenn’s talk earlier
39
00:02:26,080 --> 00:02:29,040
– there are a lot of large media
organizations out there
40
00:02:29,040 --> 00:02:32,500
that are trying to present Tor
in lots of different ways,
41
00:02:32,500 --> 00:02:35,500
and we all here understand
the value that Tor provides
42
00:02:35,500 --> 00:02:38,520
to the world, but there are a growing
number of people around the world
43
00:02:38,520 --> 00:02:41,520
who are learning about Tor
not from our website, or from
44
00:02:41,520 --> 00:02:44,780
seeing one of these talks or from
learning it from somebody who uses it
45
00:02:44,780 --> 00:02:48,890
and teaches them how to use it.
But they read the Time Magazine
46
00:02:48,890 --> 00:02:52,690
or Economist or whatever the
mainstream newspapers are,
47
00:02:52,690 --> 00:02:57,140
and part of our challenge is how do we
help you, and help the rest of the world
48
00:02:57,140 --> 00:03:01,370
do outreach and education, so that
people can understand what Tor is for
49
00:03:01,370 --> 00:03:05,280
and how it works and what
sorts of people actually use it.
50
00:03:05,280 --> 00:03:09,370
So, e.g. GCHQ has been given instructions
51
00:03:09,370 --> 00:03:13,230
to try to kill Tor by, I mean, who knows,
maybe they thought of it on their own,
52
00:03:13,230 --> 00:03:17,590
maybe we can imagine some nearby
governments asked them to do it.
53
00:03:17,590 --> 00:03:21,150
And part of the challenge…
they say: “we have to kill it
54
00:03:21,150 --> 00:03:24,780
because of child porn”. And it
turns out that we actually do know
55
00:03:24,780 --> 00:03:29,150
that some people around the
world are using Tor for child porn.
56
00:03:29,150 --> 00:03:33,080
E.g. we have talked to
a lot of federal agencies
57
00:03:33,080 --> 00:03:35,550
who use Tor to fetch child porn.
subdued laughter
58
00:03:35,550 --> 00:03:37,970
I talked to people in the
FBI who use Tor every day
59
00:03:37,970 --> 00:03:42,660
to safely reach the websites
that they want to investigate.
60
00:03:42,660 --> 00:03:46,740
The most crazy example of this is
actually the Internet Watch Foundation.
61
00:03:46,740 --> 00:03:49,770
How many people here have heard
of the Internet Watch Foundation?
62
00:03:49,770 --> 00:03:53,560
I see a very small number of hands.
They are the censorship wing
63
00:03:53,560 --> 00:03:57,580
of the British Government. They are the
sort of quasi-government organization
64
00:03:57,580 --> 00:04:02,510
who is tasked with coming up with the
blacklist for the internet for England.
65
00:04:02,510 --> 00:04:07,310
And, we got email from them a few years
ago, saying – not what you’d expect,
66
00:04:07,310 --> 00:04:10,650
you’d expect “Hey, can you please shut
this thing down, can you turn it off,
67
00:04:10,650 --> 00:04:13,880
it’s a big hassle for us!” – the
question they asked me was:
68
00:04:13,880 --> 00:04:17,740
“How can we make Tor faster?”
laughter, applause
69
00:04:17,740 --> 00:04:21,149
It turns out that they need Tor,
because people report URLs to them,
70
00:04:21,149 --> 00:04:24,980
they need to fetch them somehow.
It turns out that when you go the URL
71
00:04:24,980 --> 00:04:27,790
with the allegedly bad stuff on
it and you’re coming from
72
00:04:27,790 --> 00:04:32,270
the Internet Watch Foundation’s
IP address, they give you kittens!
73
00:04:32,270 --> 00:04:35,730
laughter
Who would have known?
74
00:04:35,730 --> 00:04:40,050
laughter, applause
75
00:04:40,050 --> 00:04:44,700
So it turns out that these censors
need an anonymity system
76
00:04:44,700 --> 00:04:50,320
in order to censor their internet.
laughter Fun times.
77
00:04:52,890 --> 00:04:56,670
So another challenge here: at the
same point, one of my side hobbies
78
00:04:56,670 --> 00:05:01,220
is teaching law enforcement how the
internet works, and how security works
79
00:05:01,220 --> 00:05:05,530
and how Tor works. So, yeah, their job
does suck, but it’s actually not our fault
80
00:05:05,530 --> 00:05:09,610
that their job sucks. There are a lot
of different challenges to successfully
81
00:05:09,610 --> 00:05:13,210
being a good, honest law
enforcement person these days.
82
00:05:13,210 --> 00:05:17,120
So, e.g. I went to Amsterdam and Brussels
83
00:05:17,120 --> 00:05:21,120
in January of this past year to try to
teach various law enforcement groups.
84
00:05:21,120 --> 00:05:24,790
And I ended up having a four-hour
debate with the Dutch regional Police,
85
00:05:24,790 --> 00:05:28,860
and then another four-hour debate
with a Belgian cybercrime unit,
86
00:05:28,860 --> 00:05:32,180
and then another four-hour debate
with the Dutch national Police.
87
00:05:32,180 --> 00:05:36,500
And there are a lot of good-meaning, smart
people in each of these organizations,
88
00:05:36,500 --> 00:05:41,400
but they end up, as a group, doing
sometimes quite bad things.
89
00:05:41,400 --> 00:05:45,160
So part of our challenge is: how do we
teach them that Tor is not the enemy
90
00:05:45,160 --> 00:05:50,840
for them? And there are a couple of
stories that I’ve been trying to refine
91
00:05:50,840 --> 00:05:55,870
using on them. One of them they always
pull out, the “But what about child porn?
92
00:05:55,870 --> 00:06:00,280
What about bad people? What about some
creep using Tor to do bad things?”.
93
00:06:00,280 --> 00:06:04,510
And one of the arguments that I tried on
them was, “Okay, so on the one hand
94
00:06:04,510 --> 00:06:08,370
we have a girl in Syria
who is alive right now
95
00:06:08,370 --> 00:06:12,650
because of Tor. Because her family
was able to communicate safely
96
00:06:12,650 --> 00:06:17,010
and the Syrian military didn’t
break in and murder all of them.
97
00:06:17,010 --> 00:06:19,950
On the other hand, we have a girl
in America who is getting hassled
98
00:06:19,950 --> 00:06:24,310
by some creep on the internet
who is stalking her over Tor.”
99
00:06:24,310 --> 00:06:29,370
So the question is, how do we balance,
how do we value these things?
100
00:06:29,370 --> 00:06:31,400
How do we assign a value
to the girl in Syria?
101
00:06:31,400 --> 00:06:33,570
How do we assign a value
to the girl in America
102
00:06:33,570 --> 00:06:36,700
so that we can decide which
one of these is more important?
103
00:06:36,700 --> 00:06:40,060
And actually the answer is, you
don’t get to make that choice,
104
00:06:40,060 --> 00:06:43,260
that’s not the right question to ask.
Because if we take Tor away
105
00:06:43,260 --> 00:06:46,850
from the girl in Syria, she’s
going to die. If we take Tor away
106
00:06:46,850 --> 00:06:51,300
from the creep in America, he’s got a lot
of other options for how he can be a creep
107
00:06:51,300 --> 00:06:54,620
and start stalking people.
So if you’re a bad person,
108
00:06:54,620 --> 00:06:58,240
for various definitions of ‘bad person’,
and you’re willing to break laws
109
00:06:58,240 --> 00:07:01,860
or go around social norms,
you’ve got a lot of other options
110
00:07:01,860 --> 00:07:06,309
besides what Tor provides. Whereas there
are very few tools out there like Tor
111
00:07:06,309 --> 00:07:11,000
for honest, I’d like to say law-abiding,
112
00:07:11,000 --> 00:07:15,700
but let’s go with civilization-abiding
citizens out there.
113
00:07:15,700 --> 00:07:21,110
applause
114
00:07:21,110 --> 00:07:24,940
Jacob: And it’s important to understand
that this hypothetical thing is actually
115
00:07:24,940 --> 00:07:28,410
also true for certain values.
So at our Tor developer meeting
116
00:07:28,410 --> 00:07:33,790
that we had in Munich recently,
that Syrian woman came to us,
117
00:07:33,790 --> 00:07:38,100
and thanked us for Tor. She said:
“I’m from a city called Homs.
118
00:07:38,100 --> 00:07:41,940
You might have heard about it,
it’s not a city anymore. I used Tor.
119
00:07:41,940 --> 00:07:45,150
My family used Tor. We were able to
keep ourselves safe on the internet
120
00:07:45,150 --> 00:07:49,480
thanks to Tor. So I wanted to come
here to Munich to tell you this.
121
00:07:49,480 --> 00:07:52,550
Thank you for the work that you’re
doing.” And for people who
122
00:07:52,550 --> 00:07:56,040
– this was their first dev meeting –
they were completely blown away
123
00:07:56,040 --> 00:07:58,810
to meet this person. “Wow,
the stuff that we’re working on,
124
00:07:58,810 --> 00:08:02,590
it really does matter, there
are real people behind it”.
125
00:08:02,590 --> 00:08:06,260
And we were all, I think, very touched
by it, and all of us know someone
126
00:08:06,260 --> 00:08:10,420
who has been on the receiving end
of people being jerks on the internet.
127
00:08:10,420 --> 00:08:12,880
So this is a real thing where there
are real people involved, and
128
00:08:12,880 --> 00:08:16,440
it’s really important to understand
that if you remove the option
129
00:08:16,440 --> 00:08:20,130
for that woman in Syria – or you
here in Germany, now that we know
130
00:08:20,130 --> 00:08:23,430
what Edward Snowden has told the world…
131
00:08:23,430 --> 00:08:27,090
Those bad guys, those jerks
– for different values of that –
132
00:08:27,090 --> 00:08:31,210
they always have options. But very
rarely do all of us have options
133
00:08:31,210 --> 00:08:35,349
that will actually keep us safe.
And Tor is certainly not the only one,
134
00:08:35,349 --> 00:08:38,850
but right now, and we hope in this
talk you’ll see that we’re making
135
00:08:38,850 --> 00:08:41,580
the right trade-off by working on Tor.
136
00:08:41,580 --> 00:08:45,449
Roger: One of the other talks that I give
to them, one of the other stories
137
00:08:45,449 --> 00:08:49,970
that I give to them, one of the big
questions they always ask me is:
138
00:08:49,970 --> 00:08:53,690
“But what about terrorists?
Aren’t you helping terrorists?”
139
00:08:53,690 --> 00:08:58,160
And we can and we should talk about
“What do you mean by terrorists?”
140
00:08:58,160 --> 00:09:00,689
because in China they have a very
different definition of terrorists
141
00:09:00,689 --> 00:09:04,290
and in Gaza they have a very
different definition of terrorists, and
142
00:09:04,290 --> 00:09:07,040
in America, they are always thinking
of a small number of people
143
00:09:07,040 --> 00:09:11,009
in some Middle-Eastern country who are
trying to blow up buildings or something –
144
00:09:11,009 --> 00:09:12,709
Jacob: Mohammed Badguy,
I think is his name.
145
00:09:12,709 --> 00:09:15,600
Roger: Yes, that –
Jacob: In the NSA slides.
146
00:09:15,600 --> 00:09:19,770
Roger: Yes. So, scenario 1:
147
00:09:19,770 --> 00:09:23,490
I want to build a tool that
works for millions of people,
148
00:09:23,490 --> 00:09:26,759
it will work for the next year,
and I can tell you how it works,
149
00:09:26,759 --> 00:09:30,489
so you can help me evaluate
it. That’s Tor’s problem.
150
00:09:30,489 --> 00:09:34,769
Scenario 2: I want to build a tool that
will work for the next 2 weeks,
151
00:09:34,769 --> 00:09:38,480
it will work for 20 people and I’m
not going to tell you about it.
152
00:09:38,480 --> 00:09:41,740
There are so many more
ways of solving scenario 2
153
00:09:41,740 --> 00:09:45,220
than solving scenario 1. The bad
guys – for all sorts of definitions –
154
00:09:45,220 --> 00:09:49,509
the bad guys have a lot more
options on how they can keep safe.
155
00:09:49,509 --> 00:09:52,329
They don’t have to scale,
it doesn’t have to last forever,
156
00:09:52,329 --> 00:09:55,170
they don’t want peer review, they
don’t want anybody to even know
157
00:09:55,170 --> 00:09:58,690
that it’s happening. So the
challenge that Tor has is
158
00:09:58,690 --> 00:10:02,920
we wanna build something that works for
everybody and that everybody can analyze
159
00:10:02,920 --> 00:10:07,090
and learn about. That’s a much harder
problem, there are far fewer ways
160
00:10:07,090 --> 00:10:12,000
of solving that. So, the terrorists,
they got a lot of options.
161
00:10:12,000 --> 00:10:15,809
That sucks. We need to build tools that
can keep the rest of the world safe.
162
00:10:15,809 --> 00:10:19,339
Jacob: And it’s important, really, to try
to have some good rhetorical arguments,
163
00:10:19,339 --> 00:10:23,209
I think. I mean, we sort of
put a few facts up here.
164
00:10:23,209 --> 00:10:26,829
One interesting point to mention
is that people who really
165
00:10:26,829 --> 00:10:29,740
don’t want anonymity to exist
in a practical sense, maybe
166
00:10:29,740 --> 00:10:32,839
not even in a theoretical, Human
Rights sense either, but definitely
167
00:10:32,839 --> 00:10:36,879
in a practical sense, they’re not really
having honest conversations about it.
168
00:10:36,879 --> 00:10:40,440
E.g. this DoJ study – the Department
of Justice in the United States – they
169
00:10:40,440 --> 00:10:44,300
actually started to do a study where they
classified traffic leaving Tor exit nodes.
170
00:10:44,300 --> 00:10:47,700
Which… it’s interesting that they
were basically probably wiretapping
171
00:10:47,700 --> 00:10:50,709
an exit node to do that study. And
I wonder how they went about that – but
172
00:10:50,709 --> 00:10:54,680
nonetheless, they came up with the
number 3% of the traffic being bad.
173
00:10:54,680 --> 00:10:58,089
And then they aborted the study because
they received many DMCA takedown notices.
174
00:10:58,089 --> 00:10:59,899
laughter
Roger: Yes, they –
175
00:10:59,899 --> 00:11:03,000
Jacob: Apparently even the DMCA
is a problem to finding out answers!
176
00:11:03,000 --> 00:11:04,130
That plague of society! (?)
177
00:11:04,130 --> 00:11:05,689
Roger: interrupts They asked a
university to run the Tor exit for them
178
00:11:05,689 --> 00:11:08,429
and they were just starting out
doing their study, and then
179
00:11:08,429 --> 00:11:11,980
the university started getting
DMCA takedowns and said:
180
00:11:11,980 --> 00:11:14,759
“Well, we have to stop, the
lawyers told us to stop!”,
181
00:11:14,759 --> 00:11:18,579
and the Department of Justice said:
“We’re the Department of Justice,
182
00:11:18,579 --> 00:11:21,100
keep doing it”, and then they
turned it off. laughter
183
00:11:21,100 --> 00:11:25,060
So, not sure how the balance of power
goes there, but the initial results
184
00:11:25,060 --> 00:11:28,100
they were looking towards
were about 3% of the traffic
185
00:11:28,100 --> 00:11:31,470
coming out of that Tor exit node was bad,
186
00:11:31,470 --> 00:11:35,409
but I haven’t figured out what they mean
by ‘bad’. But I’ll take it if it’s 3%.
187
00:11:35,409 --> 00:11:41,019
Jacob: And I personally don’t
like to use the word ‘war’
188
00:11:41,019 --> 00:11:45,739
when talking about the internet.
And I particularly dislike
189
00:11:45,739 --> 00:11:48,709
when we talk about actual
issues of terrorism.
190
00:11:48,709 --> 00:11:51,920
And I think that we should talk about it
in terms of perception and conflict.
191
00:11:51,920 --> 00:11:55,169
And one of the most frustrating
things is: the BBC
192
00:11:55,169 --> 00:11:58,430
actually has articles on their
website instructing people
193
00:11:58,430 --> 00:12:02,119
how to use the Silk Road and
Tor together to buy drugs.
194
00:12:02,119 --> 00:12:07,189
We very, very seriously do
not ever advocate that,
195
00:12:07,189 --> 00:12:10,009
for a bunch of reasons… Not the
least of which is that even though
196
00:12:10,009 --> 00:12:13,240
Bitcoin is amazing, it’s not
an anonymous currency.
197
00:12:13,240 --> 00:12:16,250
And it isn’t the case that these websites
are necessarily a good idea and…
198
00:12:16,250 --> 00:12:19,949
but it won’t be Tor, I think, that will be
the weakest link. But the fact that
199
00:12:19,949 --> 00:12:24,949
the BBC promotes that – it’s because
they generally have “A man bites dog”.
200
00:12:24,949 --> 00:12:28,920
You could say that that’s their
entire Tor related ecosystem.
201
00:12:28,920 --> 00:12:31,500
Anything that could be just
kind of a little bit interesting,
202
00:12:31,500 --> 00:12:33,870
they’ll run with it. So they have
something to say about it.
203
00:12:33,870 --> 00:12:37,320
And in this case they literally were
promoting and pushing for people
204
00:12:37,320 --> 00:12:41,750
to buy drugs. Which is crazy to me, to
imagine that. And that really impacts
205
00:12:41,750 --> 00:12:45,540
the way that people perceive the
Tor Project and the Tor Network.
206
00:12:45,540 --> 00:12:48,160
And what we’re trying to do
is not that particular thing.
207
00:12:48,160 --> 00:12:51,699
That is a sort of side effect that occurs.
What we want is for every person
208
00:12:51,699 --> 00:12:55,959
to have the right to speak freely and the
right to read anonymously on the internet.
209
00:12:55,959 --> 00:12:59,740
Roger: And we also need to keep in
mind the different incentive structures
210
00:12:59,740 --> 00:13:04,519
that they have. So BBC posted their
first article about Silk Road and Tor.
211
00:13:04,519 --> 00:13:07,800
And the comment section was
packed with “Oh, wow, thanks!
212
00:13:07,800 --> 00:13:11,200
Oh, this is great! Oh, I don’t have to go
to the street corner and getting shot!
213
00:13:11,200 --> 00:13:14,659
Oh! Wow! Thanks! This is great!” Just
comment after comment, of people saying:
214
00:13:14,659 --> 00:13:18,239
“Thank you for telling me about this!”
And then a week later they posted
215
00:13:18,239 --> 00:13:23,000
a follow-up article saying “And we
bought some, and it was really good!”
216
00:13:23,000 --> 00:13:25,870
laughter and applause
217
00:13:25,870 --> 00:13:29,820
So what motivation are they doing here?
218
00:13:29,820 --> 00:13:33,179
So their goal in this case is: “Let’s get
more clicks. Doesn’t matter what it takes,
219
00:13:33,179 --> 00:13:35,920
doesn’t matter what we
destroy while we’re doing it.”
220
00:13:35,920 --> 00:13:39,870
Jacob: So that has some serious problems,
obviously. Because then there are
221
00:13:39,870 --> 00:13:44,199
different structures that exist to attack
– as part of the War on Some Drugs –
222
00:13:44,199 --> 00:13:47,970
and they want to show that their
mission is of course impacted by Tor.
223
00:13:47,970 --> 00:13:50,459
They want to have an enemy that
they can paint a target on. They want
224
00:13:50,459 --> 00:13:55,150
something sexy that they can get funding
for. So here’s a little funny story
225
00:13:55,150 --> 00:13:59,049
about an agent, as it says in the last
point, who showed this massive drop
226
00:13:59,049 --> 00:14:02,000
in the Tor Network load after Silk
Road was busted. Right? Because
227
00:14:02,000 --> 00:14:04,950
everybody realizes of course that all
of the anonymity traffic in the world
228
00:14:04,950 --> 00:14:06,260
must be for elicit (?) things.
229
00:14:06,260 --> 00:14:08,010
Roger: So this was at a particular meeting
230
00:14:08,010 --> 00:14:11,551
where they were trying to get more funding
for this. This is a US Government person
231
00:14:11,551 --> 00:14:15,620
who basically said: “I evaluated
the Tor Network load
232
00:14:15,620 --> 00:14:19,820
during the Silk Road bust. And
I saw 50% network load drop
233
00:14:19,820 --> 00:14:23,599
when the Silk Road bust happened.”
So I started out with him
234
00:14:23,599 --> 00:14:27,639
arguing: “Actually, you know, when
there’s a huge amount of publicity about
235
00:14:27,639 --> 00:14:30,969
– I don’t know – if Tor is broken, we can
understand, that would be reasonable,
236
00:14:30,969 --> 00:14:34,540
that some Tor people would stop using
Tor for a little while, in order to wait
237
00:14:34,540 --> 00:14:37,979
for more facts to come out and then will
be more prepared for it.” But then
238
00:14:37,979 --> 00:14:41,579
I thought: “You know, wait a minute, we
got the Tor Metrics database. We have
239
00:14:41,579 --> 00:14:45,120
all of this data of load on the network.”
240
00:14:45,120 --> 00:14:48,759
So then I went: “Let’s go actually
see if there was a 50% drop on
241
00:14:48,759 --> 00:14:52,579
the Tor Network!” So the green
line here is the capacity
242
00:14:52,579 --> 00:14:56,739
of the Tor Network over time. So the
amount of bytes that relays can push
243
00:14:56,739 --> 00:15:00,119
if we were loading it down
completely. And the purple line is
244
00:15:00,119 --> 00:15:04,050
the number of bytes that are actually
handled on the network over time.
245
00:15:04,050 --> 00:15:08,590
Jacob: Can you guess? If you don’t
look at the date at the bottom,
246
00:15:08,590 --> 00:15:12,150
can you show what that
agent was talking about?
247
00:15:12,150 --> 00:15:16,060
Or is the agent totally full of shit?
laughter
248
00:15:16,060 --> 00:15:21,529
Just a… hypothetical question, but if you
have a theo… anyone? Shout it out! Yeah!
249
00:15:21,529 --> 00:15:23,379
[unintelligible from audience]
250
00:15:23,379 --> 00:15:29,580
Oh that’s right! It didn’t go down by 50%!
laughter
251
00:15:29,580 --> 00:15:33,559
Wow! He was completely wrong!
252
00:15:33,559 --> 00:15:37,410
But just for the record, that’s
where he said there was a drop!
253
00:15:37,410 --> 00:15:45,509
laughter and applause
254
00:15:45,509 --> 00:15:48,690
Roger: And while we’ve talked you had
to read these graphs. Here is a graph
255
00:15:48,690 --> 00:15:52,459
of the overall network growth
over the past 3 or 4 years.
256
00:15:52,459 --> 00:15:56,369
So the green line, again, is the amount of
capacity. And we’ve seen a bunch of people
257
00:15:56,369 --> 00:16:00,239
adding fast relays recently,
after the Snowden issues.
258
00:16:00,239 --> 00:16:03,800
And we’ll talk a little bit later about
what other reasons people are running
259
00:16:03,800 --> 00:16:10,240
more capacity lately, as the
load on the network goes up.
260
00:16:10,240 --> 00:16:14,349
Okay. And then there is the
‘Dark Web’. Or the ‘Deep Web’.
261
00:16:14,349 --> 00:16:17,770
Or the Whatever-else-the-hell-you-call-it
Web. And again,
262
00:16:17,770 --> 00:16:22,470
this comes back to media trying to
produce as many articles as they can.
263
00:16:22,470 --> 00:16:27,119
So here’s the basic… I’ll give you
the primer on this ‘Dark Web’ thing.
264
00:16:27,119 --> 00:16:32,910
Statement 1: “The Dark Web is every web
page out there that Google can’t index.”
265
00:16:32,910 --> 00:16:36,710
That’s the definition of the Dark Web.
laughter and applause
266
00:16:36,710 --> 00:16:40,209
applause
267
00:16:40,209 --> 00:16:45,120
So every Corporate database,
every Government database,
268
00:16:45,120 --> 00:16:48,869
everything that you access with a
web browser at work or whatever,
269
00:16:48,869 --> 00:16:52,439
all those things that Google can’t get to,
that is the Dark Web. That’s statement 1.
270
00:16:52,439 --> 00:16:57,799
Statement 2: “90+X% of web
pages are in the Dark Web.”
271
00:16:57,799 --> 00:17:01,090
So these were both well-known
facts a year ago.
272
00:17:01,090 --> 00:17:04,770
Statement 3, that the media has
added this year: “The only way
273
00:17:04,770 --> 00:17:10,500
to access the Dark Web is through Tor.”
laughter, some applause
274
00:17:10,500 --> 00:17:13,930
These 3 statements together
sell more and more articles
275
00:17:13,930 --> 00:17:16,730
because it’s great, people buy them,
they’re all shocked: “Oh my god,
276
00:17:16,730 --> 00:17:20,009
the web is bigger than I thought,
and it’s all because of Tor”.
277
00:17:20,009 --> 00:17:25,429
laughter and applause
278
00:17:25,429 --> 00:17:30,340
Jacob: So, really… the reality of this
is that it’s not actually the case.
279
00:17:30,340 --> 00:17:33,810
Obviously that’s a completely laughable
thing. And for everyone that’s here –
280
00:17:33,810 --> 00:17:37,059
not necessarily people watching on the
video stream – but for everyone here,
281
00:17:37,059 --> 00:17:40,780
I think, you realize how ridiculous
that is. That entire setup
282
00:17:40,780 --> 00:17:45,080
is obviously a kind of ‘clickbait’, if
you would call it something like that.
283
00:17:45,080 --> 00:17:48,550
There are a few high-profile Hidden
Services. And actually, this is
284
00:17:48,550 --> 00:17:51,540
a show of hands: raise your hand
if you run a Tor Hidden Service!
285
00:17:51,540 --> 00:17:53,250
few hands go up
286
00:17:53,250 --> 00:17:57,230
Right. So, no one’s ever heard of your
Tor Hidden Service. Almost certainly.
287
00:17:57,230 --> 00:18:01,250
And these are the ones that people have
heard of. And this is something which is
288
00:18:01,250 --> 00:18:06,229
kind of a fascinating reality
which is that these 4 sites,
289
00:18:06,229 --> 00:18:10,190
or these 4 entities have
produced most of the stories
290
00:18:10,190 --> 00:18:13,801
related to the deep gaping
whatever web, that
291
00:18:13,801 --> 00:18:18,710
if you wanna call it the Dark Web. And,
in fact, for the most part, it’s been…
292
00:18:18,710 --> 00:18:22,240
I would say the Top one
e.g., with Wikileaks,
293
00:18:22,240 --> 00:18:26,040
it’s a positive example. And,
in fact, with GlobaLeaks,
294
00:18:26,040 --> 00:18:29,380
which is something that Arturo Filastò
and a number of other really great
295
00:18:29,380 --> 00:18:33,409
Italian hackers here have been working
on, GlobaLeaks, they’re deploying
296
00:18:33,409 --> 00:18:36,350
more and more Hidden Services that you
also haven’t heard about. For localized
297
00:18:36,350 --> 00:18:40,410
corruption, reporting and whistleblowing.
But the news doesn’t report about
298
00:18:40,410 --> 00:18:43,790
Arturo’s great work. The news
reports are on The Farmer’s Market,
299
00:18:43,790 --> 00:18:48,370
on Freedom Hosting and
on Silk Road. And those things
300
00:18:48,370 --> 00:18:51,640
also bring out a disproportionate
amount of incredible negative attention.
301
00:18:51,640 --> 00:18:55,090
In the case of freedom hosting, we
have a developer, Mike Perry, who’s
302
00:18:55,090 --> 00:18:58,430
kind of the most incredible
evil genius alive today.
303
00:18:58,430 --> 00:19:02,700
I think he’s probably at about 2 Mike
Perrys right now. That’ll be my guess.
304
00:19:02,700 --> 00:19:06,460
And he was relentlessly attacked.
305
00:19:06,460 --> 00:19:10,429
Because he happened to have
a registration for a company
306
00:19:10,429 --> 00:19:14,690
which had an F and an H in the name.
307
00:19:14,690 --> 00:19:18,140
Wasn’t actually even close
to what’s up there now.
308
00:19:18,140 --> 00:19:21,889
And he was relentlessly attacked because
the topics that the other sites have
309
00:19:21,889 --> 00:19:25,770
as part of their customer base or as part
of the things that they’re pushing online,
310
00:19:25,770 --> 00:19:29,400
they really pull on people’s
hearts in a big way.
311
00:19:29,400 --> 00:19:32,500
And that sort of created
a lot of stress. I mean,
312
00:19:32,500 --> 00:19:35,470
the first issue, Wikileaks, created a
lot of stress for people working on Tor
313
00:19:35,470 --> 00:19:38,960
in various different ways. But for Mike
Perry, he was personally targeted,
314
00:19:38,960 --> 00:19:42,840
in sort of Co-Intel-Pro style
harassment. And really sad,
315
00:19:42,840 --> 00:19:46,690
in a really sad series of events.
And of course, the news
316
00:19:46,690 --> 00:19:50,250
also picked up on that, in some
negative ways. And they really, really
317
00:19:50,250 --> 00:19:52,740
picked up on that. And that’s a really
big part of I think you could call it
318
00:19:52,740 --> 00:19:57,130
a kind of cultural conflict
that we’re in, right now.
319
00:19:57,130 --> 00:19:59,440
The farmer’s market has also
quite an interesting story.
320
00:19:59,440 --> 00:20:00,880
Which I think you wanted to tell.
321
00:20:00,880 --> 00:20:05,230
Roger: Yeah, so, I actually heard from
a DEA person who was involved
322
00:20:05,230 --> 00:20:09,149
in the eventual bust of
the Farmer’s Market story.
323
00:20:09,149 --> 00:20:12,880
Long ago there was a website on
the internet, and they sold drugs.
324
00:20:12,880 --> 00:20:16,629
Oh my god. And there were people
who bought drugs from this website
325
00:20:16,629 --> 00:20:21,280
and Tor was nowhere in the story. It
was some website in South East Asia.
326
00:20:21,280 --> 00:20:24,590
And the DEA wanted to take
it down. So they learned…
327
00:20:24,590 --> 00:20:28,139
I mean the website was public. It was
a public web server. So they sent
328
00:20:28,139 --> 00:20:31,779
some sort of letter to the country that it
was in. And the country that it was in
329
00:20:31,779 --> 00:20:35,189
said: “Screw you!”. And then they said:
“Okay, well, I guess we can’t take down
330
00:20:35,189 --> 00:20:39,479
the web server”. So then they started to
try to investigate the people behind it.
331
00:20:39,479 --> 00:20:42,789
And it turns out the people
behind it used Hushmail.
332
00:20:42,789 --> 00:20:46,820
So they were happily communicating
with each other very safely.
333
00:20:46,820 --> 00:20:50,380
So the folks in the US
sent a letter to Canada.
334
00:20:50,380 --> 00:20:53,470
And then Canada made Hushmail basically
give them the entire database
335
00:20:53,470 --> 00:20:58,290
of all the emails that these people
had sent. And then, a year or 2 later,
336
00:20:58,290 --> 00:21:01,320
these people discovered Tor. And they’re
like: “Hey we should switch our website
337
00:21:01,320 --> 00:21:05,169
over to Tor and then it will be safe.
That sounds good!”. The DEA people
338
00:21:05,169 --> 00:21:08,580
were watching them the whole time
looking for a good time to bust them.
339
00:21:08,580 --> 00:21:11,389
And then they switched over to Tor, and
then 6 months later it was a good time
340
00:21:11,389 --> 00:21:15,349
to bust them. So then there were all
these newspaper articles about how
341
00:21:15,349 --> 00:21:18,880
Tor Hidden Services are
obviously broken. And
342
00:21:18,880 --> 00:21:21,870
the first time I heard the story
I was thinking in myself:
343
00:21:21,870 --> 00:21:25,869
“Idiot drug sellers use Paypal
– get busted – end of story”.
344
00:21:25,869 --> 00:21:26,829
laughing
345
00:21:26,829 --> 00:21:30,320
But they were actually using Paypal
correctly. They had innocent people
346
00:21:30,320 --> 00:21:33,720
around the world who were receiving
Paypal payments and turning it into some
347
00:21:33,720 --> 00:21:38,120
Panama based e-currency or
something. So the better lesson
348
00:21:38,120 --> 00:21:42,330
of the story is: “Idiot drug sellers
use Hushmail – get busted”.
349
00:21:42,330 --> 00:21:45,010
So there are a lot of different
pieces of all of these.
350
00:21:45,010 --> 00:21:48,069
Jacob: Don’t use Hushmail!
laughter
351
00:21:48,069 --> 00:21:51,959
Seriously! It’s a bad idea! And
don’t use things where they have
352
00:21:51,960 --> 00:21:55,269
a habit of backdooring their
service or cooperating
353
00:21:55,269 --> 00:21:57,860
with so called ‘lawful interception
orders’. Because it tells you that
354
00:21:57,860 --> 00:22:03,410
their system is not secure. And it’s clear
that Hushmail falls into that category.
355
00:22:03,410 --> 00:22:07,220
They fundamentally have chosen that
that is what they would like to do.
356
00:22:07,220 --> 00:22:10,679
And they should have that reputation.
And we should respect them exactly
357
00:22:10,679 --> 00:22:14,040
as much as they deserve for that. So
don’t use their service. If you can.
358
00:22:14,040 --> 00:22:17,229
Especially if you’re gonna do
this kind of stuff. laughter
359
00:22:17,229 --> 00:22:20,260
Or maybe what I mean is: guys,
do that – use Hushmail.
360
00:22:20,260 --> 00:22:25,620
But everybody else, protect yourself!
laughter
361
00:22:25,620 --> 00:22:29,860
So, the thing is that
not every single person
362
00:22:29,860 --> 00:22:33,350
is actually stupid enough to use Hushmail.
363
00:22:33,350 --> 00:22:36,690
So as a result, we had started to
see some pretty crazy stuff happen.
364
00:22:36,690 --> 00:22:39,940
Which we of course knew would happen and
we always understood that this would be
365
00:22:39,940 --> 00:22:44,389
a vector. So, in this case,
this year we saw,
366
00:22:44,389 --> 00:22:48,659
I think, one of the probably not
the most interesting exploits
367
00:22:48,659 --> 00:22:52,480
that we’ve ever seen. But one
of the most interesting exploits
368
00:22:52,480 --> 00:22:56,400
we’ve ever seen deployed
against a broad scale of users.
369
00:22:56,400 --> 00:23:00,149
And we’re not exactly sure
who was behind it. Though
370
00:23:00,149 --> 00:23:04,250
there was an FBI person who went
to court in Ireland and did in fact
371
00:23:04,250 --> 00:23:08,250
claim that they were behind it. The IP
space that the exploit connected back to
372
00:23:08,250 --> 00:23:13,789
was either SAIC or NSA.
And I had an exchange
373
00:23:13,789 --> 00:23:18,200
with one of the guys behind the VUPEN
exploit company. And he has
374
00:23:18,200 --> 00:23:21,980
on a couple of occasions mentioned
writing exploits for Tor Browser.
375
00:23:21,980 --> 00:23:25,480
And what he really means is Firefox. And
376
00:23:25,480 --> 00:23:28,390
this is a serious problem of course. If
they want to target a person, though,
377
00:23:28,390 --> 00:23:33,240
the first they have to actually find them.
So traditionally, if you’re not using Tor,
378
00:23:33,240 --> 00:23:36,960
they go to your house, they plug in some
gear. They go to the ISP upstream,
379
00:23:36,960 --> 00:23:39,619
and they plug in some gear. Or they do
some interception with an IMSI catcher,
380
00:23:39,619 --> 00:23:43,339
and things like that. Most of these
techniques, I’ll talk about on Monday
381
00:23:43,340 --> 00:23:48,310
with Claudio. If you’re interested.
But basically it’s the same.
382
00:23:48,310 --> 00:23:51,380
They find out who you are,
then they begin to target you,
383
00:23:51,380 --> 00:23:54,559
then they serve you an exploit.
This year one of the differences is
384
00:23:54,559 --> 00:23:58,759
that they had actually taken over a Tor
Hidden Service. And started to serve up
385
00:23:58,759 --> 00:24:02,329
an exploit from that. Just trying
to exploit every single person
386
00:24:02,330 --> 00:24:04,980
that visited the Hidden Service. So there
was a period of time when you could
387
00:24:04,980 --> 00:24:08,669
really badly troll all of your friends
by just putting a link up where
388
00:24:08,669 --> 00:24:12,799
it would load in an iFrame and they would
have been exploited. If they were running
389
00:24:12,799 --> 00:24:16,409
an old version of Firefox. And
an old version of Tor Browser.
390
00:24:16,409 --> 00:24:19,529
Which was an interesting twist. They
didn’t actually, as far as we know,
391
00:24:19,529 --> 00:24:24,549
use that exploit against anyone
while it was a fresh Zeroday.
392
00:24:24,549 --> 00:24:27,539
But they did write it. And they
did serve it out. And they gave
393
00:24:27,539 --> 00:24:31,909
the rest of the world the payload
to use against whoever they’d like.
394
00:24:31,909 --> 00:24:36,240
So, when the FBI did this, they basically
gave an exploit against Firefox
395
00:24:36,240 --> 00:24:40,139
and Tor Browser to the Syrian Electronic
Army who couldn’t have written one,
396
00:24:40,139 --> 00:24:43,779
even if they wanted to. This is
a really interesting difference
397
00:24:43,779 --> 00:24:47,919
between other ways that the FBI might
try to bust you, where they can localize
398
00:24:47,919 --> 00:24:52,530
the damage of hitting untargeted
people who are otherwise innocent,
399
00:24:52,530 --> 00:24:56,570
especially. But we’ve asked
Firefox to try to integrate
400
00:24:56,570 --> 00:24:59,559
some of these privacy-related things that
we’ve done. We’d like to be able to be
401
00:24:59,559 --> 00:25:03,600
more up-to-speed with Firefox and
they generally seem premili, too (?)
402
00:25:03,600 --> 00:25:08,419
and I think that’s a fair thing to say.
But we have a de-synchronisation.
403
00:25:08,419 --> 00:25:12,480
But even with that de-synchronisation we
were still ahead of what they were doing
404
00:25:12,480 --> 00:25:16,329
as far as we can tell. But they
are actually at the point where
405
00:25:16,329 --> 00:25:20,730
they have hired probably some people
from this community – fuck you –
406
00:25:20,730 --> 00:25:25,100
and they write those exploits.
applause
407
00:25:25,100 --> 00:25:28,290
And serve them up.
And so that is a new turn.
408
00:25:28,290 --> 00:25:32,309
We had not seen that before this year.
And that’s a really serious change.
409
00:25:32,309 --> 00:25:34,700
As a result we’ve obviously been
looking into Chrome, which has
410
00:25:34,700 --> 00:25:38,059
a very different architecture. And in some
cases it’s significantly harder to exploit
411
00:25:38,059 --> 00:25:41,550
than Firefox. Even with just very
straight-forward bugs which should be
412
00:25:41,550 --> 00:25:44,790
very easy to exploit the Chrome team
has done a good job. We want to have
413
00:25:44,790 --> 00:25:47,990
a lot of diversity in the different
browsers. But we have a very strict
414
00:25:47,990 --> 00:25:50,970
set of requirements for protecting
Privacy with Tor Browser.
415
00:25:50,970 --> 00:25:54,260
And there’s a whole design document
out there. So just adding Tor
416
00:25:54,260 --> 00:25:58,770
and a web browser together is not quite
enough. You need some actual thoughts.
417
00:25:58,770 --> 00:26:03,059
That have been – mostly by Mike Perry
and Aron Clark (?) – have been elucidated
418
00:26:03,059 --> 00:26:06,690
in the Tor Browser design document.
So we’re hoping to work on that.
419
00:26:06,690 --> 00:26:09,450
If anyone here would like to work on that:
that’s really something where we really
420
00:26:09,450 --> 00:26:13,570
need some help. Because there is
really only one Mike Perry. Literately
421
00:26:13,570 --> 00:26:16,019
and figuratively.
422
00:26:16,019 --> 00:26:19,780
Roger: Okay. Another exciting topic
people have been talking about lately
423
00:26:19,780 --> 00:26:24,910
is the diversity of funding. A lot of our
funding comes from governments.
424
00:26:24,910 --> 00:26:28,489
US mostly but some other ones as
well. Because they have things
425
00:26:28,489 --> 00:26:32,939
that they want us to work on. So once upon
a time when I was looking at fundraising
426
00:26:32,940 --> 00:26:36,980
and how to get money I would go to places
and I would say: “We’ve got 10 things
427
00:26:36,980 --> 00:26:41,220
we want to work on. If you
want to fund one of these 10,
428
00:26:41,220 --> 00:26:45,170
you can help us set our priorities.
We really want to work on
429
00:26:45,170 --> 00:26:48,240
circumventing censorship, we really want
to work on anonymity, we really want
430
00:26:48,240 --> 00:26:52,990
to work on Tor Browser safety. So
if you have funding for one of these
431
00:26:52,990 --> 00:26:56,559
then we’ll focus on the one that
you’re most interested in”.
432
00:26:56,559 --> 00:27:00,160
So there’s some trade-offs here. On the
one hand government funding is good
433
00:27:00,160 --> 00:27:04,119
because we can do more things. That’s
great. A lot of the stuff that you’ve seen
434
00:27:04,119 --> 00:27:08,049
from Tor over the past couple of years
comes from people who are paid full-time
435
00:27:08,049 --> 00:27:12,090
to be able to work on Tor and focus
on it and not have to worry about
436
00:27:12,090 --> 00:27:15,480
where they’re gonna pay their rent
or where they’re gonna get food.
437
00:27:15,480 --> 00:27:19,540
On the other hand it’s bad because
funders can influence our priorities.
438
00:27:19,540 --> 00:27:23,359
Now, there’s no conspiracy. It’s not
that people come to us and say:
439
00:27:23,359 --> 00:27:27,320
“Here’s money, do a backdoor, etc.”
We’re never gonna put any backdoors
440
00:27:27,320 --> 00:27:28,880
in Tor, ever.
441
00:27:28,880 --> 00:27:29,840
Jacob: Maybe you could tell the story
442
00:27:29,840 --> 00:27:33,100
about that really high-pitched lady
who tried to get you, to tell you that
443
00:27:33,100 --> 00:27:36,250
that was your duty and then you explained…
444
00:27:36,250 --> 00:27:39,659
Roger: Give me a few more details!
laughter
445
00:27:39,659 --> 00:27:42,190
Jacob: People have approached us,
obviously, in order to try to get us
446
00:27:42,190 --> 00:27:45,220
to do these types of things. And
this is a serious commitment
447
00:27:45,220 --> 00:27:48,710
that the whole Tor community gets behind.
Which is that we will never ever
448
00:27:48,710 --> 00:27:53,309
put in a backdoor. And any time that we
can tell that something has gone wrong
449
00:27:53,309 --> 00:27:56,480
we try to fix it as soon
as is possible regardless
450
00:27:56,480 --> 00:28:00,309
– actually I would say for myself – of any
other consequences. That our commitment
451
00:28:00,309 --> 00:28:03,740
to protecting anonymity
of our user base extends
452
00:28:03,740 --> 00:28:08,159
beyond any reasonable commitment,
actually. And we really believe
453
00:28:08,159 --> 00:28:11,139
that commitment. And there are people
that have tried to get us to change that.
454
00:28:11,139 --> 00:28:15,340
Tried to tell us that “oh, it’s only
because you’re living in the free world,
455
00:28:15,340 --> 00:28:17,759
and you’re able to have a company
that (?) and make a profit
456
00:28:17,759 --> 00:28:21,290
that you can even right the supper (?). So
come on! Do your duty!” And of course
457
00:28:21,290 --> 00:28:24,080
when we tell them we’re non-profit
and that we’re not gonna do it,
458
00:28:24,080 --> 00:28:27,009
they’re completely
dumbfounded. For example.
459
00:28:27,009 --> 00:28:29,740
Roger: Now I remember that discussion, yes!
Jacob: Yeah!
460
00:28:29,740 --> 00:28:34,310
applause
461
00:28:34,310 --> 00:28:38,669
Roger: This was a discussion with
a US Department of Justice person
462
00:28:38,669 --> 00:28:43,029
who basically said: “It’s your…
the Congress has given us,
463
00:28:43,029 --> 00:28:47,180
the Department of Justice, the
right to backdoor everything,
464
00:28:47,180 --> 00:28:51,269
and you have a tool
that you haven’t made
465
00:28:51,269 --> 00:28:55,199
easy for us to backdoor. So
it’s your responsibility to fix it
466
00:28:55,200 --> 00:28:59,460
so that we can use the privileges
and rights given us by Congress
467
00:28:59,460 --> 00:29:03,769
on surveilling everybody. And
you are taking advantage
468
00:29:03,769 --> 00:29:07,120
of the situation that we’ve given you
in America where you’ve got good
469
00:29:07,120 --> 00:29:11,020
freedom of speech and you got other
freedoms etc. You’re stealing
470
00:29:11,020 --> 00:29:15,009
from the country. You’re cheating on the
process by not giving us the backdoor
471
00:29:15,009 --> 00:29:19,070
that Congress said we should have”. And
then I said: “Actually we’re a non-profit.
472
00:29:19,070 --> 00:29:22,949
We work for the public good”. And then
the conversation basically ended.
473
00:29:22,949 --> 00:29:32,709
She had no further thing to say.
applause
474
00:29:32,710 --> 00:29:36,440
So part of what we need to do is continue
to make tools that are actually safe
475
00:29:36,440 --> 00:29:41,770
as tools. Rather than a lot of the other
systems out there. On the other hand,
476
00:29:41,770 --> 00:29:45,499
every funder we’ve talked to
lately has interesting priorities:
477
00:29:45,499 --> 00:29:49,279
they wanna pay for censorship-resistance,
they wanna pay for outreach, education,
478
00:29:49,279 --> 00:29:52,649
training etc. We don’t have any
funders right now who want to pay
479
00:29:52,649 --> 00:29:57,370
for better anonymity. And it’s really
important for some of the people
480
00:29:57,370 --> 00:30:00,910
we heard about in the last talk that
they have really good anonymity
481
00:30:00,910 --> 00:30:04,480
against really large adversaries.
And I’m not just talking about
482
00:30:04,480 --> 00:30:07,580
American Intelligence Agencies. There
are a lot of Intelligence Agencies
483
00:30:07,580 --> 00:30:12,820
around the world who are trying
to learn how to surveil everything.
484
00:30:12,820 --> 00:30:16,350
So what should Tor’s role be here?
485
00:30:16,350 --> 00:30:19,750
There are a lot of people in the Tor
development community who say:
486
00:30:19,750 --> 00:30:23,260
“What we really need to do is
focus on writing good code,
487
00:30:23,260 --> 00:30:26,720
and we’ll let the rest of the world
take care of itself.” There is also
488
00:30:26,720 --> 00:30:30,010
a trade-off from some of the
funders we have right now.
489
00:30:30,010 --> 00:30:32,760
Where I could go up and I could say
490
00:30:32,760 --> 00:30:36,639
a lot of really outrageous
things that I agree with
491
00:30:36,639 --> 00:30:40,730
and that you agree with. But some
of our funders might wonder
492
00:30:40,730 --> 00:30:45,120
if they should keep funding us after
that. So part of what we need to do
493
00:30:45,120 --> 00:30:49,450
is get some funders who are more
comfortable with the messages
494
00:30:49,450 --> 00:30:53,559
that everybody here would like the
world to hear. So if you know anybody
495
00:30:53,559 --> 00:30:59,110
who wants to help provide actual
freedom we’d love to hear from you.
496
00:30:59,110 --> 00:31:03,380
Jacob: And it’s important to understand
that we sort of have an interesting place
497
00:31:03,380 --> 00:31:07,090
in the world at the moment
where it’s easy to say
498
00:31:07,090 --> 00:31:11,650
that we shouldn’t be political. And that
in general, there shouldn’t be politics
499
00:31:11,650 --> 00:31:14,740
in what we’re doing. And
it’s also easy to understand
500
00:31:14,740 --> 00:31:19,430
that that’s crazy when someone
says that to an extent. Because
501
00:31:19,430 --> 00:31:23,350
the idea of having free speech, having
the right to read, having the ability
502
00:31:23,350 --> 00:31:27,530
to reach a website that is beyond
of the power of the state
503
00:31:27,530 --> 00:31:31,929
– that is a very political thing for
many people. And it is often the privilege
504
00:31:31,929 --> 00:31:35,419
of some, where they don’t even
realize that’s a political statement.
505
00:31:35,419 --> 00:31:37,940
applause
And they suggest…
506
00:31:37,940 --> 00:31:41,720
and that they suggest that we don’t need
to be political. We need to recognize the
507
00:31:41,720 --> 00:31:45,779
political context that we exist in. And
especially after the summer of Snowden,
508
00:31:45,779 --> 00:31:50,159
understanding that there
are almost no tools
509
00:31:50,159 --> 00:31:53,880
that can resist the NSA
and GCHQ. Almost none.
510
00:31:53,880 --> 00:31:56,710
We did not survive completely
in the summer of Snowden.
511
00:31:56,710 --> 00:32:01,509
They were able to get some Tor users.
But they couldn’t get all Tor users!
512
00:32:01,509 --> 00:32:05,099
That’s really important. We change
the economic game for them.
513
00:32:05,099 --> 00:32:08,530
And that, fundamentally,
is a political issue!
514
00:32:08,530 --> 00:32:18,259
applause
515
00:32:18,259 --> 00:32:21,860
But please note that the solution
is not a Partisan solution.
516
00:32:21,860 --> 00:32:25,760
Where we say: well, some people
are good and some are bad.
517
00:32:25,760 --> 00:32:29,250
You guys over there, on the left
or on the right, you don’t deserve
518
00:32:29,250 --> 00:32:32,809
to have freedom of speech. You
don’t have the right to read.
519
00:32:32,809 --> 00:32:36,219
We aren’t saying that. We’re saying that
the common good of everyone having
520
00:32:36,219 --> 00:32:39,940
these fundamental rights
protected in a practical way
521
00:32:39,940 --> 00:32:43,460
is an important thing for us to build
and for all of us to contribute to,
522
00:32:43,460 --> 00:32:47,139
and for every person to
have. That is, I think,
523
00:32:47,139 --> 00:32:50,040
the best kind of political solution
we can come up with.
524
00:32:50,040 --> 00:32:54,110
Though it is a very controversial
one in some ways. I think that
525
00:32:54,110 --> 00:32:57,890
we can’t actually do it unless everyone
really starts to agree with us.
526
00:32:57,890 --> 00:33:01,920
And we are making a lot of positive change
in this. As we saw with the network graph.
527
00:33:01,920 --> 00:33:05,590
But this comes from
Mutual Aid and Solidarity.
528
00:33:05,590 --> 00:33:09,019
Which most of the people
in this room provide.
529
00:33:09,019 --> 00:33:12,809
Roger: And that diversity of
users is actually technically
530
00:33:12,809 --> 00:33:16,289
what makes Tor safe. You need to have
531
00:33:16,289 --> 00:33:20,549
activists in various countries,
and folks in Russia right now,
532
00:33:20,549 --> 00:33:24,019
and law enforcement around the
world. You need to have them all
533
00:33:24,019 --> 00:33:27,580
in the same network. Otherwise
if I see that you’re using Tor,
534
00:33:27,580 --> 00:33:31,330
I can start guessing why you’re using
Tor. So we need that diversity
535
00:33:31,330 --> 00:33:35,109
of users. Not just for
a perception perspective
536
00:33:35,109 --> 00:33:39,180
but for an actual technical perspective.
We need to have all the different
537
00:33:39,180 --> 00:33:42,350
types of users out there blending
into the same system
538
00:33:42,350 --> 00:33:46,569
so that they can keep each other
safe. So part of the hobbies
539
00:33:46,569 --> 00:33:50,370
that each Tor person has,
we’re all getting better
540
00:33:50,370 --> 00:33:54,049
at outreach to various communities.
So, I mentioned earlier
541
00:33:54,049 --> 00:33:58,100
that I talked to law enforcement to try
to teach them how these things work.
542
00:33:58,100 --> 00:34:00,730
Turns out that having Jake talk to
law enforcement is not actually
543
00:34:00,730 --> 00:34:02,759
the most effective way to
convince them of things
544
00:34:02,759 --> 00:34:03,759
laughter
so…
545
00:34:03,759 --> 00:34:07,670
Jacob: I’m, I’m, I’m, eh, you know, my
lawyer gave me some great advice
546
00:34:07,670 --> 00:34:11,119
which I can tell you without breaking the
privilege of our other communications.
547
00:34:11,119 --> 00:34:14,129
Which he says: “never miss the
chance to shut the fuck up!”
548
00:34:14,129 --> 00:34:17,480
laughter
And that I think really really underscores
549
00:34:17,480 --> 00:34:20,280
why I should not talk to the Police
about why they also need
550
00:34:20,280 --> 00:34:24,070
traffic analysis resistance, reachability,
network security, privacy and anonymity.
551
00:34:24,070 --> 00:34:27,250
Roger’s much much more diplomatic.
552
00:34:27,250 --> 00:34:31,310
Roger: So at the same time we have
people talking to domestic violence
553
00:34:31,310 --> 00:34:34,789
and abuse groups and teaching them
how to be safe. And at the same time
554
00:34:34,789 --> 00:34:38,280
we have folks at corporations
learning how to be safe online.
555
00:34:38,280 --> 00:34:42,389
We hear from large companies
who are saying: “I want to
556
00:34:42,389 --> 00:34:46,510
put the entire corporate
traffic over Tor
557
00:34:46,510 --> 00:34:50,230
because we actually do have adversaries
and they actually are spying on us
558
00:34:50,230 --> 00:34:53,530
and they do want to learn what we’re
doing. So how do we become safe
559
00:34:53,530 --> 00:34:57,370
from these situations?” So part of
what we need is help from all of you
560
00:34:57,370 --> 00:35:00,790
to become outreach for all of your
communities. And get better
561
00:35:00,790 --> 00:35:04,410
at teaching people about why privacy
is important for the communities
562
00:35:04,410 --> 00:35:08,690
that you’re talking to and learn how to
use their language and convince them
563
00:35:08,690 --> 00:35:11,480
that these things are important.
And at the same time teach them
564
00:35:11,480 --> 00:35:15,460
about the other groups out there who
care. So that they can understand
565
00:35:15,460 --> 00:35:20,730
that it’s a bigger issue than just
whatever they’re most focused on.
566
00:35:20,730 --> 00:35:25,890
Okay, so, a while ago I wrote up
a list of 3 ways to destroy Tor.
567
00:35:25,890 --> 00:35:29,210
The first way – we have
a handle on it for a while.
568
00:35:29,210 --> 00:35:33,710
The first way is: change the laws
or the policies or the cultures
569
00:35:33,710 --> 00:35:37,080
so that anonymity is outlawed.
And we’re pretty good
570
00:35:37,080 --> 00:35:40,820
at fighting back in governments
and policy and culture etc.
571
00:35:40,820 --> 00:35:44,820
and saying: “No, there are good uses of
these things, you can’t take them away
572
00:35:44,820 --> 00:35:50,470
from the world”. The second way:
Make ISPs hate hosting exit relays.
573
00:35:50,470 --> 00:35:54,210
And if more and more ISPs say:
“No, I’m not gonna do that”
574
00:35:54,210 --> 00:35:57,340
then eventually the Tor Network
shrinks reducing the anonymity
575
00:35:57,340 --> 00:36:00,820
it can provide because there’s not as
much diversity of where you might
576
00:36:00,820 --> 00:36:04,480
pop out of the Tor Network to go to
the websites. So I think we’re doing
577
00:36:04,480 --> 00:36:07,690
pretty well fighting that fight.
We’ve known about it for a while.
578
00:36:07,690 --> 00:36:11,060
It’s one we’ve been focusing on
for a long time. Torservers.net
579
00:36:11,060 --> 00:36:14,620
and a lot of other groups are doing great
work at building and maintaining
580
00:36:14,620 --> 00:36:19,250
relationships with ISPs. But the third
one is one that we haven’t focused on
581
00:36:19,250 --> 00:36:23,490
as much as we should. Which is:
make websites hate Tor users.
582
00:36:23,490 --> 00:36:27,390
So a growing number of
places are just refusing
583
00:36:27,390 --> 00:36:30,820
to hear from Tor users
at all. Wikipedia did it
584
00:36:30,820 --> 00:36:33,910
a long time ago. Google gives
you a captcha if you’re lucky…
585
00:36:33,910 --> 00:36:38,480
Jacob: That’s the best question, ever!
If you like, that’s a good setup!
586
00:36:38,480 --> 00:36:42,510
Roger: I’ll cover this one next. So,
587
00:36:42,510 --> 00:36:46,940
Skype is another interesting example
here. If you run a Tor exit relay
588
00:36:46,940 --> 00:36:50,340
and you try to skype with somebody
Microsoft hangs up on you.
589
00:36:50,340 --> 00:36:53,350
And the reason for that is not that
they say: “Oh my god, Tor people
590
00:36:53,350 --> 00:36:57,500
are abusing Skype!” – Microsoft pays
some commercial company out there
591
00:36:57,500 --> 00:37:00,950
to give them a blacklist, they don’t even
know what’s on it, and the company
592
00:37:00,950 --> 00:37:04,770
puts Tor exit IPs on it. And
now Microsoft blacklists all the
593
00:37:04,770 --> 00:37:08,300
Tor exit relays. And they don’t even know
they’re doing it. They don’t even care.
594
00:37:08,300 --> 00:37:12,510
So as more and more of these
blacklisting companies exist
595
00:37:12,510 --> 00:37:16,960
we’re more and more screwed.
So we need help trying to
596
00:37:16,960 --> 00:37:20,300
learn how to teach all of these
companies how to accept
597
00:37:20,300 --> 00:37:24,950
users without thinking that IP addresses
are the right way to identify people.
598
00:37:24,950 --> 00:37:29,120
Jacob: There might also be,
on point 3, a relationship here
599
00:37:29,120 --> 00:37:32,320
with some of the other
points here. E.g. point 4.
600
00:37:32,320 --> 00:37:35,870
Which is to say that when
a company does not want to
601
00:37:35,870 --> 00:37:39,860
give you location anonymity
maybe there’s a reason for that.
602
00:37:39,860 --> 00:37:44,300
I mean, I personally think that Wikipedia
is great, I don’t feel so great
603
00:37:44,300 --> 00:37:48,480
about yelp and about Google, most of
the time. And I definitely don’t feel good
604
00:37:48,480 --> 00:37:51,860
about Skype. Given what we’ve
learned it makes sense
605
00:37:51,860 --> 00:37:56,930
that they would demonstrate that
they do not respect you as users.
606
00:37:56,930 --> 00:38:01,680
And the Tor Network as a way to
protect users from them, actually.
607
00:38:01,680 --> 00:38:05,620
And some of these places will
say that it's basically only being
608
00:38:05,620 --> 00:38:10,120
used for abuse. Often they won’t have
metrics for it. And they will refuse
609
00:38:10,120 --> 00:38:14,350
to work with us to come up with inventive
solutions, like e.g. something
610
00:38:14,350 --> 00:38:18,150
where you have to use a
nym system of some kind,
611
00:38:18,150 --> 00:38:22,010
in the case of Wikipedia, or something
where you solve a captcha, something
612
00:38:22,010 --> 00:38:24,800
where you have to have an account,
something where you’re pseudononymous.
613
00:38:24,800 --> 00:38:29,190
But you get to retain location privacy.
And actually, in a few cases,
614
00:38:29,190 --> 00:38:32,591
it’s probably better that Tor is blocked
because they don’t even
615
00:38:32,591 --> 00:38:36,040
provide secure logins when you’re not
using Tor. So it’s not necessarily
616
00:38:36,040 --> 00:38:40,540
always a good thing to use the services,
anyway. So in a sort of funny sense
617
00:38:40,540 --> 00:38:43,780
it could be helpful that they’re blocking
Tor. But we would like to improve
618
00:38:43,780 --> 00:38:48,400
those things. And one thing is
to show that we need to build
619
00:38:48,400 --> 00:38:52,500
some systems to get these properties. And
we need to show that it is the best thing
620
00:38:52,500 --> 00:38:56,700
right now that we all can use. And
we need people that are working
621
00:38:56,700 --> 00:38:59,790
with these companies, with these
communities, to actually help us
622
00:38:59,790 --> 00:39:04,980
to understand how we can
better serve Tor community,
623
00:39:04,980 --> 00:39:08,870
but also the Tor community that
overlaps with their community.
624
00:39:08,870 --> 00:39:12,910
Especially Wikipedia. For me personally,
it kills me that the way that I get
625
00:39:12,910 --> 00:39:16,130
to edit the Wikipedia, should I edit
it, is that I have to send an email
626
00:39:16,130 --> 00:39:19,780
to someone, tell them an account I already
have, ask them to set a special flag
627
00:39:19,780 --> 00:39:25,270
in the Wikipedia database,
and then I can log in and edit.
628
00:39:25,270 --> 00:39:28,840
That’s not really the ideal solution,
I think. If I’m not being abusive
629
00:39:28,840 --> 00:39:32,540
on Wikipedia I should be able to
have a pseudononymous way to edit.
630
00:39:32,540 --> 00:39:35,310
I should be able to anonymously connect.
And I should be able to do that
631
00:39:35,310 --> 00:39:38,190
from anywhere in the world, especially
when the local network is censoring me
632
00:39:38,190 --> 00:39:43,340
and my only way to get to the
Wikipedia is to, in fact, use Tor
633
00:39:43,340 --> 00:39:52,530
or something like it.
applause
634
00:39:52,530 --> 00:39:57,310
So, the last point on that is this one:
I obviously joked the church man (?)
635
00:39:57,310 --> 00:40:01,660
Roger: Yeah, so I was showing this to an
anonymity researcher and he started
636
00:40:01,660 --> 00:40:05,800
yelling: “IPO, IPO, IPO, IPO…” as
soon as he saw this graph of Tor users
637
00:40:05,800 --> 00:40:10,650
over time. So in the course of a week
or so we added about 4 or 5 million
638
00:40:10,651 --> 00:40:14,980
Tor clients to the network.
And you’d think: “Oh wow,
639
00:40:14,980 --> 00:40:19,280
this Snowden thing worked,
it’s great!” But actually,
640
00:40:19,280 --> 00:40:24,020
some jerk in the Ukraine signed
up his 5 million node botnet.
641
00:40:24,020 --> 00:40:26,890
Jacob: I mean, one of the good things
about this is that we learned that
642
00:40:26,890 --> 00:40:30,940
the Tor Network scales to
more than 5 million users.
643
00:40:30,940 --> 00:40:33,510
Roger: We’ve been working on
scalability: it works!
644
00:40:33,510 --> 00:40:36,930
applause
645
00:40:36,930 --> 00:40:41,900
Jacob: We had to make some changes.
There’s e.g. the NTor handshaking
646
00:40:41,900 --> 00:40:46,180
which is using elliptic curves. That is
something which really helps to reduce
647
00:40:46,180 --> 00:40:51,680
the load on the relays. This is a pretty
big change. But there’s a lot of work
648
00:40:51,680 --> 00:40:54,750
that Mike Perry has done with load
balancing, lots of work by Nick Mathewson.
649
00:40:54,750 --> 00:40:58,770
Lots of changes in the Tor Network
for scalability. But if this had been
650
00:40:58,770 --> 00:41:01,670
like a real attacker, or if the botnet had
been turned against the Tor Network,
651
00:41:01,670 --> 00:41:05,580
it probably would have been fatal,
I think. A really interesting detail is
652
00:41:05,580 --> 00:41:09,900
that this was a botnet for Windows.
And Microsoft has the ability to remove
653
00:41:09,900 --> 00:41:14,160
things that they flag as malicious.
And so they were going around
654
00:41:14,160 --> 00:41:18,430
and removing Tor clients from
Microsoft Windows users
655
00:41:18,430 --> 00:41:22,030
that were part of this botnet. Now when we
talked to them, my understanding is that
656
00:41:22,030 --> 00:41:25,050
they only removed it when they were
certain that is was a Tor that came
657
00:41:25,050 --> 00:41:29,270
from this botnet. That’s a lot of power
that Microsoft has there, though!
658
00:41:29,270 --> 00:41:33,620
If you’re using Windows, trying to be
anonymous, with the device. Bad idea.
659
00:41:33,620 --> 00:41:36,520
Roger: They actually removed the
bot and left the Tor client because
660
00:41:36,520 --> 00:41:39,470
they weren’t sure whether they
should remove it. So actually
661
00:41:39,470 --> 00:41:42,650
all those 5 millions are
still running Tor clients.
662
00:41:42,650 --> 00:41:47,520
Jacob: Whhoops! So, interesting
point here, summer of Snowden.
663
00:41:47,520 --> 00:41:51,840
It’s hard to tell. There’s
some piece of information
664
00:41:51,840 --> 00:41:55,260
that we’re really missing here. Due to
the botnet happening at the same time
665
00:41:55,260 --> 00:41:59,510
it’s really difficult to understand the
public response to the revelations
666
00:41:59,510 --> 00:42:03,060
about NSA and spying.
Especially now. I mean:
667
00:42:03,060 --> 00:42:06,590
we think that most of that is
botnet traffic. Over a million.
668
00:42:06,590 --> 00:42:10,990
Over a million, where it goes
up. Over almost a 6 million.
669
00:42:10,990 --> 00:42:14,910
So that’s a serious amount
of traffic, from that botnet.
670
00:42:14,910 --> 00:42:18,830
And that is a really serious threat to
the Tor Network. It can be (?)
671
00:42:18,830 --> 00:42:22,500
a couple of different ways. One of
these things, I mentioned before,
672
00:42:22,500 --> 00:42:25,740
NTor handshake. But another thing
is: if every person in this room
673
00:42:25,740 --> 00:42:29,350
were to run a Tor relay, even
a middle relay not an exit relay,
674
00:42:29,350 --> 00:42:32,510
it would make it significantly harder to
melt the Tor Network.
675
00:42:32,510 --> 00:42:33,510
I actually think
676
00:42:33,510 --> 00:42:35,240
that would be incredible if you guys
would all do that.
677
00:42:35,240 --> 00:42:36,490
I don’t think that
all of you will.
678
00:42:36,490 --> 00:42:38,780
But if you did that would
make it so that we could survive
679
00:42:38,780 --> 00:42:42,240
other events like this in the future.
680
00:42:42,240 --> 00:42:49,760
applause
681
00:42:49,760 --> 00:42:53,220
So someone sent a question which we’re
just gonna go ahead and answer now.
682
00:42:53,220 --> 00:42:56,900
“When talking of funding for better
anonymity, what do you think,
683
00:42:56,900 --> 00:42:59,060
in terms of money,
how much could you need?”
684
00:42:59,060 --> 00:43:01,540
Well here’s a thing:
685
00:43:01,540 --> 00:43:03,430
if you were willing to fund us
we would really like you.
686
00:43:03,430 --> 00:43:04,810
Or I would really like it
687
00:43:04,810 --> 00:43:07,850
especially, since I’m probably the one
that threatens the US Government funding
688
00:43:07,850 --> 00:43:11,730
of Tor, more than any person in this room.
689
00:43:11,730 --> 00:43:15,380
I think that it would be great if you
could match the Dollar-to-Dollar
690
00:43:15,380 --> 00:43:17,830
that Government funders
bring to the table.
691
00:43:17,830 --> 00:43:18,900
We would really like that.
692
00:43:18,900 --> 00:43:21,800
It would be amazing if that was possible.
693
00:43:21,800 --> 00:43:22,950
So there’s actually a hard number
694
00:43:22,950 --> 00:43:24,250
on the website.
695
00:43:24,250 --> 00:43:26,850
Or if you wanted to
– as much money as you have.
696
00:43:26,850 --> 00:43:28,050
laughter
Feel free!
697
00:43:28,050 --> 00:43:29,050
Either way –
698
00:43:29,050 --> 00:43:32,860
Roger: To give you a sense of
scale: right now our 2014 budget
699
00:43:32,860 --> 00:43:37,000
is looking like it will be somewhere
between 2 Mio US and 3 Mio US,
700
00:43:37,000 --> 00:43:40,850
which is great except we’re trying to
do so many different things at once.
701
00:43:40,850 --> 00:43:45,160
If it ends up on the 2 Mio US side
we basically have no funding
702
00:43:45,160 --> 00:43:46,660
for making anonymity better.
703
00:43:46,660 --> 00:43:48,940
If it ends up
more than that then
704
00:43:48,940 --> 00:43:51,650
we’re in better shape and
we can make people more safe.
705
00:43:51,650 --> 00:43:54,770
Jacob: And part of the thing is that we
have to build all sorts of tools that are
706
00:43:54,770 --> 00:43:56,650
not directly related to Tor.
707
00:43:56,650 --> 00:43:58,090
In many cases.
708
00:43:58,090 --> 00:43:59,550
Especially because of the funding.
709
00:43:59,550 --> 00:44:03,350
But because we want users to be
able to actually use the software
710
00:44:03,350 --> 00:44:04,390
with something else.
711
00:44:04,390 --> 00:44:06,440
It’s not nearly
enough to have a Tor.
712
00:44:06,440 --> 00:44:07,440
You need to be able
713
00:44:07,440 --> 00:44:08,440
to do something with the Tor.
714
00:44:08,440 --> 00:44:09,440
You know?
715
00:44:09,440 --> 00:44:11,310
And that’s a really difficult part.
716
00:44:11,310 --> 00:44:15,410
But if there’s specific things we would
also be open to alternate funding models
717
00:44:15,410 --> 00:44:19,340
where we fund very specific tasks e.g.
that would be a really great thing.
718
00:44:19,340 --> 00:44:21,300
We haven’t really
experimented with that.
719
00:44:21,300 --> 00:44:24,170
But on that note I wanted to talk
about classified information.
720
00:44:24,170 --> 00:44:26,730
Everybody ready?
It’s not classified any more,
721
00:44:26,730 --> 00:44:30,810
it’s on the internet?
I’m not sure. So,
722
00:44:30,810 --> 00:44:33,620
this is probably the hot topic
I would say.
723
00:44:33,620 --> 00:44:35,750
Probably the one
everyone wanted to know about.
724
00:44:35,750 --> 00:44:38,200
So the NSA and GCHQ
725
00:44:38,200 --> 00:44:41,790
have decided that they
don’t like anonymity,
726
00:44:41,790 --> 00:44:44,880
and they’re doing everything that
they possibly can to attack it.
727
00:44:44,880 --> 00:44:47,020
With a few exceptions.
728
00:44:47,020 --> 00:44:48,640
So there’re
a few different programs
729
00:44:48,640 --> 00:44:50,786
– I’m gonna talk a lot about this
on Monday. So I don’t wanna go
730
00:44:50,786 --> 00:44:55,470
into too much detail about the
non-Tor aspects of it. But
731
00:44:55,470 --> 00:45:01,220
for the Tor side of it – Quick Ant is
what’s called a question-filled data set.
732
00:45:01,220 --> 00:45:02,530
This is a QFD.
733
00:45:02,530 --> 00:45:05,910
What that means is it’s TLS related
sessions, as I understand it.
734
00:45:05,910 --> 00:45:11,860
And it is recording data, i.e.
Data Retention about TLS sessions.
735
00:45:11,860 --> 00:45:14,720
It’s pulled from a larger thing –
Flying Pig.
736
00:45:14,720 --> 00:45:17,900
Which was revealed on I think,
a Brazilian Television clip, or someone
737
00:45:17,900 --> 00:45:22,310
photographed a moving
picture of Glenn’s screen.
738
00:45:22,310 --> 00:45:25,930
That program is kind of scary.
But not too scary.
739
00:45:25,930 --> 00:45:28,930
Just looks like after the fact (?) Data
Retention.
740
00:45:28,930 --> 00:45:29,930
Quantum Insert
741
00:45:29,930 --> 00:45:34,540
on the other hand is a pretty
straightforward man-on-the-side-attack.
742
00:45:34,540 --> 00:45:38,230
Foxacid, which is another thing which
we know that’s used against Tor users,
743
00:45:38,230 --> 00:45:42,270
is basically just the ‘Tailored Access
and Operations’ web server farm
744
00:45:42,270 --> 00:45:43,470
where they serve out malware.
745
00:45:43,470 --> 00:45:45,560
Sort of like a watering hole attack.
Except
746
00:45:45,560 --> 00:45:48,330
in this case they also combine it with
Quantum Insert.
747
00:45:48,330 --> 00:45:49,330
So that when you visit
748
00:45:49,330 --> 00:45:53,600
your Yahoo mail
– NSA and GCHQ love Yahoo –
749
00:45:53,600 --> 00:45:57,520
even when you use Tor
they basically redirect you
750
00:45:57,520 --> 00:46:01,210
by just tagging a little bit of data
into the TCP connection. And
751
00:46:01,210 --> 00:46:03,570
of course Tor does its job, it flows all
the way back to you.
752
00:46:03,570 --> 00:46:04,980
Your web browser
then loads it.
753
00:46:04,980 --> 00:46:06,150
You’re now connected to
their server.
754
00:46:06,150 --> 00:46:09,130
Their server delivers
malicious code.
755
00:46:09,130 --> 00:46:12,390
And the use it
is to pop somebody.
756
00:46:12,390 --> 00:46:17,040
From what I understand it took
them 8 months to hit one guy.
757
00:46:17,040 --> 00:46:21,850
That’s fucking great, I think, that
we went from ‘everybody all the time
758
00:46:21,850 --> 00:46:24,230
applause
being compromisable’ to ‘they have to
759
00:46:24,230 --> 00:46:29,180
very carefully pick one person
and work for a long time’.
760
00:46:29,180 --> 00:46:31,120
They really believe that
that’s the right target.
761
00:46:31,120 --> 00:46:32,430
They really understand that
762
00:46:32,430 --> 00:46:36,250
that is someone that they
want to go after. And
763
00:46:36,250 --> 00:46:38,630
if that person were to keep their browser
up-to-date they probably would have been
764
00:46:38,630 --> 00:46:40,970
ahead of the game.
Not exactly sure.
765
00:46:40,970 --> 00:46:43,250
But there are some other things
that are really dangerous.
766
00:46:43,250 --> 00:46:45,580
Which is
Quantum Cookie, e.g. Quantum Cookie
767
00:46:45,580 --> 00:46:49,240
is a program where basically
they’re able to elicit
768
00:46:49,240 --> 00:46:53,190
from a connection other connections
from your web browser
769
00:46:53,190 --> 00:46:55,760
which will get you to
leak cookie information.
770
00:46:55,760 --> 00:46:58,180
So let’s say you happen to
log-in to a Yahoo account.
771
00:46:58,180 --> 00:47:00,750
And that was a known
selector for surveillance.
772
00:47:00,750 --> 00:47:03,920
And then they thought you might also have
a Gmail cookie that wasn’t marked secure
773
00:47:03,920 --> 00:47:07,970
and you might also have another
search engine; or you might have
774
00:47:07,970 --> 00:47:08,970
some other cookies.
775
00:47:08,970 --> 00:47:10,870
Then they would
basically insert things that your browser
776
00:47:10,870 --> 00:47:14,530
will then request insecurely over the same
connection, to (?) tie them together,
777
00:47:14,530 --> 00:47:15,680
correlate that.
778
00:47:15,680 --> 00:47:17,910
And then they will extract
it and they’ll be able to tell that
779
00:47:17,910 --> 00:47:20,000
this selector is linked to
these other selectors.
780
00:47:20,000 --> 00:47:22,370
’Cause they basically been able
to actively probe.
781
00:47:22,370 --> 00:47:25,650
A solution to that is
‘Https Everywhere’ which we already ship
782
00:47:25,650 --> 00:47:29,480
in the Tor Browser Bundle
but also to be aware about
783
00:47:29,480 --> 00:47:33,090
session isolation to maybe
even if you’re using things
784
00:47:33,090 --> 00:47:36,940
where you’re trying to it as securely as
possible – not every site will offer TLS
785
00:47:36,940 --> 00:47:40,690
to actually make sure that the
Tor browser only has the exact
786
00:47:40,690 --> 00:47:43,980
set of credentials you need for the thing
you’re doing at that time.
787
00:47:43,980 --> 00:47:46,240
So that’s
788
00:47:46,240 --> 00:47:48,220
incredibly straight-forward stuff.
789
00:47:48,220 --> 00:47:49,790
In terms of the hacker
community this is like
790
00:47:49,790 --> 00:47:52,410
not even really interesting, actually.
791
00:47:52,410 --> 00:47:53,800
The thing that makes it interesting is
792
00:47:53,800 --> 00:47:55,920
that they do it at internet scale.
793
00:47:55,920 --> 00:47:57,100
And that they’re trying to watch
794
00:47:57,100 --> 00:47:59,610
the entire internet all the time.
795
00:47:59,610 --> 00:48:01,110
Another interesting fact about this is
796
00:48:01,110 --> 00:48:04,520
that you would imagine that not
routing through Five Eyes countries
797
00:48:04,520 --> 00:48:06,350
would make you safer in some way.
798
00:48:06,350 --> 00:48:08,650
I don’t think that’s actually true.
799
00:48:08,650 --> 00:48:12,480
From what I can tell they actually
have some restrictions, if you route
800
00:48:12,480 --> 00:48:13,980
through the Five Eyes countries.
801
00:48:13,980 --> 00:48:16,050
And if you are not in
a Five Eyes country,
802
00:48:16,050 --> 00:48:20,230
like Germany, they have no restrictions.
803
00:48:20,230 --> 00:48:24,000
So if you behave differently we know
from an anonymity perspective
804
00:48:24,000 --> 00:48:25,580
that that’s worse for you.
805
00:48:25,580 --> 00:48:28,410
And if you behave differently
in this particular way
806
00:48:28,410 --> 00:48:31,960
then there are legal answers that
show that you shouldn’t break out
807
00:48:31,960 --> 00:48:35,990
from the regular way that Tor
users and Tor clients behave.
808
00:48:35,990 --> 00:48:39,460
But the key point to take home is
that every single person here
809
00:48:39,460 --> 00:48:43,790
has the same set of problems
if they’re not using Tor.
810
00:48:43,790 --> 00:48:46,490
And it is easier for them.
811
00:48:46,490 --> 00:48:48,090
So that’s a huge,
huge difference.
812
00:48:48,090 --> 00:48:53,240
And the last point, I think is a key one
which Roger has a great story for.
813
00:48:53,240 --> 00:48:57,350
Roger: Yeah, so they… the story
here is they look at Tor traffic
814
00:48:57,350 --> 00:48:59,010
coming out of Tor exit relays.
815
00:48:59,010 --> 00:49:00,740
They don’t know who the person is.
And they have
816
00:49:00,740 --> 00:49:04,110
to make a decision there: do I try the
Quantum Insert and the Foxacid,
817
00:49:04,110 --> 00:49:06,750
do I try to break into their browser?
Or do I leave them alone.
818
00:49:06,750 --> 00:49:10,210
And when they see the Tor flow
they don’t know who it is.
819
00:49:10,210 --> 00:49:11,830
So on the one hand, that’s great.
820
00:49:11,830 --> 00:49:13,770
They can’t do target attacks.
821
00:49:13,770 --> 00:49:15,460
They have to do broad
attacks and then
822
00:49:15,460 --> 00:49:19,130
check/wait (?) later to see whether
they broke into the right person.
823
00:49:19,130 --> 00:49:22,520
But as soon as the Guardian
articles went up about this,
824
00:49:22,520 --> 00:49:26,530
DNI – the something National Intelligence
– put out a press release, saying:
825
00:49:26,530 --> 00:49:32,200
“We’d like to assure everybody
that we never attack Americans”.
826
00:49:32,200 --> 00:49:36,360
Jacob: So first of all – on behalf of
the American people and the US Government
827
00:49:36,360 --> 00:49:40,380
which I do not represent:
I’m so sorry that
828
00:49:40,380 --> 00:49:43,700
my country keeps embarrassing the rest
of the reasonable Americans, of which
829
00:49:43,700 --> 00:49:48,250
there are plenty, many of us that are not
James Clapper, that total fucking asshole.
830
00:49:48,250 --> 00:49:54,550
applause
831
00:49:54,550 --> 00:49:55,540
to Roger:
We have 5 minutes.
832
00:49:55,540 --> 00:49:57,430
applause
833
00:49:57,430 --> 00:50:01,560
Roger: So the reason why that story is
particularly interesting is that: I talked
834
00:50:01,560 --> 00:50:05,000
to an actual NSA person a couple of weeks
ago… and I’m like: “Wait, you never attack
835
00:50:05,000 --> 00:50:09,050
Americans but you have to blank-and-attack
everybody and then find out who it was”.
836
00:50:09,050 --> 00:50:12,690
And he said: “Oh no no no no, we watch
them log into Facebook and if they log in
837
00:50:12,690 --> 00:50:14,790
as the user we’re trying to attack
then we attack them.
838
00:50:14,790 --> 00:50:15,790
No problem.”
839
00:50:15,790 --> 00:50:19,230
Jacob: And they do the blanket
dragnet surveillance. So,
840
00:50:19,230 --> 00:50:22,330
an interesting point of course is that we
always heard…
841
00:50:22,330 --> 00:50:23,570
I once met someone
842
00:50:23,570 --> 00:50:26,500
who explained to me: “The NSA obviously
runs lots of Tor nodes like they were
843
00:50:26,500 --> 00:50:28,850
like 90.000 Tor nodes”,
I think was the number.
844
00:50:28,850 --> 00:50:31,860
I wish we had 90.000 Tor nodes.
That’d be incredible.
845
00:50:31,860 --> 00:50:34,880
You know
we’re like, what, at about 4..5000
846
00:50:34,880 --> 00:50:38,440
at any given point in time, that are
stable, of which are 1/3 are exit relays.
847
00:50:38,440 --> 00:50:39,440
Right.
848
00:50:39,440 --> 00:50:43,280
So it turns out when the NSA did
run some, they ran half a dozen.. a dozen?
849
00:50:43,280 --> 00:50:44,740
Roger: They ran about 10.
850
00:50:44,740 --> 00:50:45,740
And they
were small.
851
00:50:45,740 --> 00:50:46,740
And short-lived.
852
00:50:46,740 --> 00:50:48,920
On EC2.
853
00:50:48,920 --> 00:50:51,400
But that should not
make you happy.
854
00:50:51,400 --> 00:50:52,450
It doesn’t matter
855
00:50:52,450 --> 00:50:54,880
whether the NSA runs Tor relays.
856
00:50:54,880 --> 00:50:57,610
They can watch your Tor relays.
857
00:50:57,610 --> 00:51:01,490
If you run a Tor relay at a
great place anywhere in the US
858
00:51:01,490 --> 00:51:05,600
or Germany or wherever they’re good
at spying on they watch the upstream
859
00:51:05,600 --> 00:51:08,660
of your relay and they get almost
what they would get from running
860
00:51:08,660 --> 00:51:09,910
their own relay.
861
00:51:09,910 --> 00:51:12,140
So what we should be
worried about – we should not be worried
862
00:51:12,140 --> 00:51:13,750
that they’re running relays.
863
00:51:13,750 --> 00:51:16,830
It’s a concern, but the
bigger concern is
864
00:51:16,830 --> 00:51:18,360
that they’re watching the whole internet.
865
00:51:18,360 --> 00:51:20,730
And the internet is much more centralized
866
00:51:20,730 --> 00:51:22,010
than we think it is.
867
00:51:22,010 --> 00:51:24,320
There are a lot more
bottle-necks where if you watch them
868
00:51:24,320 --> 00:51:26,850
you get to see a lot of
different Tor traffic.
869
00:51:26,850 --> 00:51:29,510
So the problem is not so much
870
00:51:29,510 --> 00:51:33,400
“Are they running relays?” as “How
many normal relays can they watch?”
871
00:51:33,400 --> 00:51:37,400
And if you’re thinking about a large
adversary like NSA: the answer could be:
872
00:51:37,400 --> 00:51:39,840
“A third?”, “Half?”.
873
00:51:39,840 --> 00:51:42,020
We don’t know
how many deals they have.
874
00:51:42,020 --> 00:51:46,740
Jacob: So, an interesting point here is
that one-hop-proxies are… or VPN
875
00:51:46,740 --> 00:51:49,970
– who here uses a VPN to some
kind of commercial VPN service?
876
00:51:49,970 --> 00:51:51,770
about 1/4 raised hands
Right.
877
00:51:51,770 --> 00:51:54,620
So this is a pretty big problem,
878
00:51:54,620 --> 00:51:55,620
I think.
879
00:51:55,620 --> 00:51:57,920
Which is that you end up with the
hide-my-ass problem.
880
00:51:57,920 --> 00:51:58,920
Which is that –
881
00:51:58,920 --> 00:52:00,550
first of all that company, it’s a problem.
882
00:52:00,550 --> 00:52:01,990
Second of all, what they do to their users
883
00:52:01,990 --> 00:52:03,090
is also a problem.
884
00:52:03,090 --> 00:52:05,480
Which is that they
basically promote their service
885
00:52:05,480 --> 00:52:09,130
for revolution in Egypt, e.g. but when
someone used it because they disagreed
886
00:52:09,130 --> 00:52:13,370
with the policies of the UK then
they turned them over.
887
00:52:13,370 --> 00:52:14,370
Interesting point.
888
00:52:14,370 --> 00:52:17,810
We need to build decentralized systems
where they can’t make that choice.
889
00:52:17,810 --> 00:52:20,520
We need to make sure that that
isn’t actually happening.
890
00:52:20,520 --> 00:52:21,520
And one of the things
891
00:52:21,520 --> 00:52:25,900
that we’re trying to drive home is
that – and I really think it’s important
892
00:52:25,900 --> 00:52:29,920
to take this to heart –
one-hop-proxies or VPNs,
893
00:52:29,920 --> 00:52:33,700
as we have said for more that a
decade, are not safe. Especially
894
00:52:33,700 --> 00:52:37,740
if you think about when they from the
QuickANT and from the Flying Pig software,
895
00:52:37,740 --> 00:52:40,800
they’re recording traffic
information about connections.
896
00:52:40,800 --> 00:52:41,800
And in some cases
897
00:52:41,800 --> 00:52:44,850
we know – thanks to Laura Poitras
and James Risen – that they have
898
00:52:44,850 --> 00:52:48,490
Data Retention which is something
like – what is it, 10..15 years,
899
00:52:48,490 --> 00:52:51,350
5 years online, 10 years
offline, is that right?
900
00:52:51,350 --> 00:52:54,230
Right. Okay.
That’s bad news.
901
00:52:54,230 --> 00:52:58,710
We know that the math
for VPNs is not in your favor.
902
00:52:58,710 --> 00:53:03,340
So that said: What
happens with this stuff?
903
00:53:03,340 --> 00:53:04,340
Right?
904
00:53:04,340 --> 00:53:08,020
What happens is what happened
e.g. with the Silk Road fellow.
905
00:53:08,020 --> 00:53:10,240
Or maybe not.
It’s not clear.
906
00:53:10,240 --> 00:53:11,930
It could be that the guy used a VPN.
907
00:53:11,930 --> 00:53:15,380
Which is braindead.
But it could also be that
908
00:53:15,380 --> 00:53:19,430
the NSA has this data and tried
to pull off a retractive attack
909
00:53:19,430 --> 00:53:23,630
once they already had him from
other things like auguring fake IDs.
910
00:53:23,630 --> 00:53:26,300
We don’t know which in the case
of Silk Road.
911
00:53:26,300 --> 00:53:27,410
But we can tell you
912
00:53:27,410 --> 00:53:30,970
that it’s pretty clearly a bad
idea to do it if you’re going to
913
00:53:30,970 --> 00:53:31,970
do something interesting.
914
00:53:31,970 --> 00:53:34,720
It’s probably also a bad
idea to do it just generally
915
00:53:34,720 --> 00:53:39,030
because you don’t even know what
’interesting’ is in 5 or 10 years. So
916
00:53:39,030 --> 00:53:43,470
parallel construction is a really
serious problem, and we think,
917
00:53:43,470 --> 00:53:46,270
probably, if we could expand the
Tor Network, we would make it
918
00:53:46,270 --> 00:53:47,700
significantly harder to do this.
919
00:53:47,700 --> 00:53:49,200
It would
make it significantly harder for them
920
00:53:49,200 --> 00:53:51,660
to do it, especially if you replace your
VPN with Tor.
921
00:53:51,660 --> 00:53:52,660
There are some trade-offs
922
00:53:52,660 --> 00:53:53,970
with that, though.
923
00:53:53,970 --> 00:53:55,760
So the real question is
what your threat model is.
924
00:53:55,760 --> 00:53:57,240
And you really
have to think about it.
925
00:53:57,240 --> 00:53:58,760
And then also understand
that we live in a world now
926
00:53:58,760 --> 00:54:02,800
where Law Enforcement and
Intelligence Services, they seem to be
927
00:54:02,800 --> 00:54:04,680
blending together.
928
00:54:04,680 --> 00:54:07,390
And they seem to be blending
together across the whole planet
929
00:54:07,390 --> 00:54:08,390
in secret.
930
00:54:08,390 --> 00:54:10,420
Which is a serious problem
for the threat model of Tor.
931
00:54:10,420 --> 00:54:13,130
Roger: So I actually talked to
some FBI people and I said:
932
00:54:13,130 --> 00:54:15,050
So which one of these is it?
933
00:54:15,050 --> 00:54:17,610
And they said: Well, we
never get tips from the NSA.
934
00:54:17,610 --> 00:54:21,060
We’re good, honest Law enforcement,
they’re doing something bad,
935
00:54:21,060 --> 00:54:22,760
but why should that affect us?
936
00:54:22,760 --> 00:54:25,790
And my response was: “Well,
NSA says they told you!
937
00:54:25,790 --> 00:54:29,520
So, are you lying
to me or are they lying to you?
938
00:54:29,520 --> 00:54:31,450
Or what’s going on here?”
939
00:54:31,450 --> 00:54:34,260
And I don’t actually
know the right solution here.
940
00:54:34,260 --> 00:54:38,540
So scenario 1: The NSA
anonymously tips the FBI
941
00:54:38,540 --> 00:54:40,850
and they go check something out and
they say: “Well I need to build a case
942
00:54:40,850 --> 00:54:41,850
that they do”.
943
00:54:41,850 --> 00:54:44,730
Scenario 2: Some anonymous
whistleblower tips off the FBI
944
00:54:44,730 --> 00:54:46,060
and they go build a case.
945
00:54:46,060 --> 00:54:47,720
From the FBI’s perspective
these are the same:
946
00:54:47,720 --> 00:54:50,050
“I got a tip, I build a case.
947
00:54:50,050 --> 00:54:52,260
Why should I care where
it came from?” And
948
00:54:52,260 --> 00:54:56,060
so should we build a Know-your-customer
Law so that the FBI has to know
949
00:54:56,060 --> 00:54:58,790
their informers or whistleblowers?
950
00:54:58,790 --> 00:55:00,770
Should we rely on the NSA
951
00:55:00,770 --> 00:55:01,770
to regulate itself?
952
00:55:01,770 --> 00:55:05,220
Should we rely
on the Congress to regulate NSA?
953
00:55:05,220 --> 00:55:07,460
None of these are good answers.
954
00:55:07,460 --> 00:55:09,250
Jacob: So, we have a very
limited amount of time.
955
00:55:09,250 --> 00:55:10,250
And in order to be able
956
00:55:10,250 --> 00:55:14,390
to address some questions we
will probably skip a few things
957
00:55:14,390 --> 00:55:15,690
and we’ll put these slides
online.
958
00:55:15,690 --> 00:55:18,150
But short/quick
959
00:55:18,150 --> 00:55:20,930
summaries for a few of these slides, then
we’re gonna address some questions.
960
00:55:20,930 --> 00:55:22,970
One of them is that we want to improve
Hidden Services.
961
00:55:22,970 --> 00:55:23,970
Even though they
962
00:55:23,970 --> 00:55:26,040
haven’t been broken as far as we
understand from any of the documents
963
00:55:26,040 --> 00:55:27,590
that have been released.
964
00:55:27,590 --> 00:55:29,230
We still
want to make them stronger,
965
00:55:29,230 --> 00:55:30,760
because we wanna be ahead of the game.
966
00:55:30,760 --> 00:55:31,760
We don’t want to play Catch-Up.
967
00:55:31,760 --> 00:55:35,440
Roger: We especially need to improve
the usability and performance of them.
968
00:55:35,440 --> 00:55:38,990
Because right now they’re a toy
that only really dedicated people
969
00:55:38,990 --> 00:55:40,160
get working.
970
00:55:40,160 --> 00:55:42,510
And the more
mainstream we could make them
971
00:55:42,510 --> 00:55:44,550
the more broad uses we are going to see.
972
00:55:44,550 --> 00:55:46,040
The reason why people keep hearing
973
00:55:46,040 --> 00:55:50,180
about high-profile bad Hidden Services
is that we don’t have enough
974
00:55:50,180 --> 00:55:54,500
good use cases in action yet that
lots of people are experiencing.
975
00:55:54,500 --> 00:55:58,740
Jacob: The most important thing for all of
the – let’s say – Cypherpunks movement
976
00:55:58,740 --> 00:56:02,400
to understand is that when
you have usable crypto
977
00:56:02,400 --> 00:56:04,420
you are doing the right thing.
978
00:56:04,420 --> 00:56:06,330
When
you have strong peer-reviewed
979
00:56:06,330 --> 00:56:10,150
Free Software to implement that, and
it’s built on a platform where you can
980
00:56:10,150 --> 00:56:13,650
look at the whole stack you’re
really ahead of the game.
981
00:56:13,650 --> 00:56:15,370
There’s a lot to be done in that.
982
00:56:15,370 --> 00:56:17,670
And if we do that
for Hidden Services
983
00:56:17,670 --> 00:56:22,490
I think we’ll have similar returns that
you’ll see with other crypto projects.
984
00:56:22,490 --> 00:56:25,950
Roger: So one of the other great things in
the Tor world is the number of researchers
985
00:56:25,950 --> 00:56:30,820
who are doing great work at evaluating
and improving Tor’s anonymity.
986
00:56:30,820 --> 00:56:34,740
So there are a couple of papers that were
out over the past year talking about
987
00:56:34,740 --> 00:56:39,380
how we didn’t actually choose the
right guard rotation parameters.
988
00:56:39,380 --> 00:56:42,810
I’m not going to get into that in detail
in our last couple of minutes.
989
00:56:42,810 --> 00:56:46,490
But the very brief version is:
990
00:56:46,490 --> 00:56:51,109
if you can attack both sides of the
network and they run 10% of the network
991
00:56:51,109 --> 00:56:54,930
– they, the adversary run 10% of the
network – the chance over time,
992
00:56:54,930 --> 00:56:59,280
the blue line is the current situation,
where you choose 3 first hops,
993
00:56:59,280 --> 00:57:02,310
3 entry guards and you rotate every
couple of months – over time
994
00:57:02,310 --> 00:57:05,930
the chance that you get screwed by an
adversary who runs 10% of the network
995
00:57:05,930 --> 00:57:07,120
is pretty high.
996
00:57:07,120 --> 00:57:10,160
But if we change it
to 1 guard and you don’t rotate
997
00:57:10,160 --> 00:57:13,770
then we’re at the green line which
is a lot better against an adversary
998
00:57:13,770 --> 00:57:15,300
who’s really quite large.
999
00:57:15,300 --> 00:57:17,750
This is an adversary
larger than torservers.net
1000
00:57:17,750 --> 00:57:19,750
e.g. So A...
1001
00:57:19,750 --> 00:57:21,440
Jacob: Arts (?) is no adversary, right?
1002
00:57:21,440 --> 00:57:26,510
Roger: So a pretty large attacker we
need to move it from the blue line
1003
00:57:26,510 --> 00:57:27,760
down to the green line.
1004
00:57:27,760 --> 00:57:30,510
And that’s
an example of the anonymity work
1005
00:57:30,510 --> 00:57:31,510
that we need to do.
1006
00:57:31,510 --> 00:57:33,130
-- So, what’s next?
1007
00:57:33,130 --> 00:57:35,420
Tor, endorsed by Egyptian activists,
1008
00:57:35,420 --> 00:57:40,070
Wikileaks, NSA, GCHQ, Chelsea
Manning, Edward Snowden…
1009
00:57:40,070 --> 00:57:42,870
Different communities like
Tor for different reasons.
1010
00:57:42,870 --> 00:57:46,060
Some of our funders we go to them with
that sentence – basically everybody
1011
00:57:46,060 --> 00:57:47,120
we go to with that sentence.
1012
00:57:47,120 --> 00:57:50,050
It’s like:
“I like those 3 examples but I don’t like
1013
00:57:50,050 --> 00:57:51,670
those 2 examples”.
1014
00:57:51,670 --> 00:57:55,650
So part of what we
need to do is help them to understand
1015
00:57:55,650 --> 00:58:02,030
why all of these different
examples matter.
1016
00:58:02,030 --> 00:58:04,940
Jacob: That said, I tend to believe
that we need to be engaged
1017
00:58:04,940 --> 00:58:09,090
in a pretty big way and thanks
to the people of Ecuador,
1018
00:58:09,090 --> 00:58:12,800
especially the people running the Minga-tec
community events, they have actually
1019
00:58:12,800 --> 00:58:17,120
put together a real model which
should be emulated probably
1020
00:58:17,120 --> 00:58:20,960
by the rest of the world where they really
engage with civil society, and they’re
1021
00:58:20,960 --> 00:58:24,450
actually able to arrange for meetings
with e.g. the Foreign Minister
1022
00:58:24,450 --> 00:58:27,530
or with various other people involved in
the National Assembly.
1023
00:58:27,530 --> 00:58:28,530
And as a result
1024
00:58:28,530 --> 00:58:31,570
they had Article 474, which they
proposed, which was basically
1025
00:58:31,570 --> 00:58:33,500
the worst Data Retention
Law you can imagine.
1026
00:58:33,500 --> 00:58:35,050
It included video taping
1027
00:58:35,050 --> 00:58:39,810
in Internet Cafés, 6 months dragnet
surveillance, all sorts of awful stuff.
1028
00:58:39,810 --> 00:58:43,320
And they were able to, in the
course of, I would say 3..6 months,
1029
00:58:43,320 --> 00:58:46,210
this is mostly the FLOK Society,
actually.
1030
00:58:46,210 --> 00:58:47,210
They were able to organize
1031
00:58:47,210 --> 00:58:49,190
a real discussion about this.
1032
00:58:49,190 --> 00:58:50,880
And we
were able to get this proposed part
1033
00:58:50,880 --> 00:58:53,010
of the penal code completely removed.
1034
00:58:53,010 --> 00:58:54,540
At the end of November of last year…
1035
00:58:54,540 --> 00:58:56,580
early December… of this year.
1036
00:58:56,580 --> 00:58:58,290
So just about a month ago.
1037
00:58:58,290 --> 00:59:01,620
So if we really work together
across the spectrum,
1038
00:59:01,620 --> 00:59:06,030
we see, right now, in Ecuador
e.g. changing (?) away
1039
00:59:06,030 --> 00:59:09,250
by showing them that fundamentally:
the game is rigged.
1040
00:59:09,250 --> 00:59:10,250
If you choose
1041
00:59:10,250 --> 00:59:12,660
to spy on your citizens then the NSA
always wins.
1042
00:59:12,660 --> 00:59:13,790
And the NSA wants people
1043
00:59:13,790 --> 00:59:16,390
to believe that everybody is doing
the spying.
1044
00:59:16,390 --> 00:59:17,390
So one of the things
1045
00:59:17,390 --> 00:59:20,750
I explained to people in the Ecuadorian
Government and in Ecuadorian civil society
1046
00:59:20,750 --> 00:59:23,140
is that you can choose a different game.
1047
00:59:23,140 --> 00:59:24,490
You can choose not to play that game.
1048
00:59:24,490 --> 00:59:28,890
The only people that win when you
choose that game are the NSA,
1049
00:59:28,890 --> 00:59:30,900
and potentially you
– a few times.
1050
00:59:30,900 --> 00:59:31,900
But the NSA will get
1051
00:59:31,900 --> 00:59:34,620
whatever data you
have stored away.
1052
00:59:34,620 --> 00:59:35,620
If you want to be secure
1053
00:59:35,620 --> 00:59:38,360
against the dragnet surveillance, if
you want to be secure against people
1054
00:59:38,360 --> 00:59:41,720
who will break into that system you
must not have that system in existence.
1055
00:59:41,720 --> 00:59:43,640
You must choose a different paradigm.
1056
00:59:43,640 --> 00:59:45,350
And when I told this to people in Ecuador
1057
00:59:45,350 --> 00:59:47,770
and they understood the trade-offs,
and they understood that they are
1058
00:59:47,770 --> 00:59:50,670
not the best at surveilling
the whole planet.
1059
00:59:50,670 --> 00:59:51,670
They understood that they’re
1060
00:59:51,670 --> 00:59:53,350
not the best in internet security yet.
1061
00:59:53,350 --> 00:59:55,570
They realized that the game is rigged.
1062
00:59:55,570 --> 00:59:58,290
And they got rid of Article
474 from the penal code.
1063
00:59:58,290 --> 01:00:02,030
And there is no Data Retention
there in that penal code now.
1064
01:00:02,030 --> 01:00:10,310
applause
1065
01:00:10,310 --> 01:00:14,550
But I have to stress this not
because of 1 or 2 or 10 people,
1066
01:00:14,550 --> 01:00:17,260
it’s because of a broad
civil society movement.
1067
01:00:17,260 --> 01:00:18,450
Which is what we’ve also seen
1068
01:00:18,450 --> 01:00:20,840
in Germany, and in other places.
1069
01:00:20,840 --> 01:00:23,130
So this is something which you
should have a lot of hope about.
1070
01:00:23,130 --> 01:00:25,590
It’s not actually
dark everywhere.
1071
01:00:25,590 --> 01:00:28,540
We are actually making
positive steps forward.
1072
01:00:28,540 --> 01:00:31,670
Roger: So there are other tools
that we would like help with.
1073
01:00:31,670 --> 01:00:35,670
E.g. tails is a live CD, WiNoN and
other approaches are trying
1074
01:00:35,670 --> 01:00:40,260
to add VM to it, so that even if
you can break out of the browser,
1075
01:00:40,260 --> 01:00:43,410
there’s something else you have
to break out, other sandboxes.
1076
01:00:43,410 --> 01:00:44,410
And there are
1077
01:00:44,410 --> 01:00:47,090
a lot of other crypto improvements that
we’re happy to talk about afterwards.
1078
01:00:47,090 --> 01:00:50,860
The Tor Browser Bundle, the new one, has
a bunch of really interesting features.
1079
01:00:50,860 --> 01:00:53,480
Deterministic Builds is
one of the coolest parts of it.
1080
01:00:53,480 --> 01:00:54,480
Where everybody here can
1081
01:00:54,480 --> 01:00:57,940
build the Tor Browser Bundle and end up
with an identical binary.
1082
01:00:57,940 --> 01:00:58,940
So that you can
1083
01:00:58,940 --> 01:01:01,440
check to see that it
really is the same one.
1084
01:01:01,440 --> 01:01:02,550
And here’s a screenshot
1085
01:01:02,550 --> 01:01:03,550
of the new one.
1086
01:01:03,550 --> 01:01:06,880
It no longer has
Vidalia in it, it’s all just a browser
1087
01:01:06,880 --> 01:01:11,050
with a Firefox extension that
has a Tor binary and starts it.
1088
01:01:11,050 --> 01:01:14,510
So we’re trying to stream-line it
and make it a lot simpler and safer.
1089
01:01:14,510 --> 01:01:18,890
I’d love to chat with you afterwards about
the core Tor things that we’re up to
1090
01:01:18,890 --> 01:01:22,310
in terms of building the actual program
called Tor but also the Browser Bundle,
1091
01:01:22,310 --> 01:01:25,590
and metrics, and censorship
resistance etc.
1092
01:01:25,590 --> 01:01:30,020
And then, as a final note:
We accept Bitcoin now.
1093
01:01:30,020 --> 01:01:34,840
Which is great.
applause
1094
01:01:34,840 --> 01:01:37,360
Jacob: So all of the Bitcoin
millionaires in this community:
1095
01:01:37,360 --> 01:01:41,760
we would really encourage you to help us
get off of the US Government funding.
1096
01:01:41,760 --> 01:01:43,080
Don’t just complain, help us!
1097
01:01:43,080 --> 01:01:45,930
Mutual Aid
and Solidarity means exactly that:
1098
01:01:45,930 --> 01:01:47,960
to put some money where
your mouth is!
1099
01:01:47,960 --> 01:01:49,760
We’d really like to do that.
1100
01:01:49,760 --> 01:01:53,510
And it’s really important to show people
that we have alternative methods
1101
01:01:53,510 --> 01:01:55,330
of funding community-based
projects.
1102
01:01:55,330 --> 01:01:56,690
So think about it
1103
01:01:56,690 --> 01:01:59,790
and you can, if you’d like, use Bitcoin.
1104
01:01:59,790 --> 01:02:04,030
Roger: A last, right now, BitPay is
limiting you to 1000 Dollars of Bitcoin
1105
01:02:04,030 --> 01:02:05,180
per donation.
1106
01:02:05,180 --> 01:02:07,550
We’re hoping to lift
that in the next couple of days.
1107
01:02:07,550 --> 01:02:12,620
But if you would like to give us lots of
Bitcoins, please don’t get discouraged.
1108
01:02:12,620 --> 01:02:16,400
And then, as a final note: starting
right now in Noisy Square
1109
01:02:16,400 --> 01:02:20,720
is an event on how to help Tor and there
will be a lot of Tor people there,
1110
01:02:20,720 --> 01:02:24,240
and we’d love to help teach you
and answer your questions
1111
01:02:24,240 --> 01:02:26,330
and help you become part of the community.
1112
01:02:26,330 --> 01:02:28,730
We need you to teach other people
1113
01:02:28,730 --> 01:02:30,920
why Tor is important.
1114
01:02:30,920 --> 01:02:32,230
Jacob: Thank you!
1115
01:02:32,230 --> 01:02:38,540
applause
1116
01:02:38,540 --> 01:02:40,810
no time for Q&A left
1117
01:02:40,810 --> 01:02:44,290
*Subtitles created by c3subtitles.de
in the year 2016.
1118
01:02:44,290 --> 01:02:47,733
Join and help us!*