Herald: So now, the next talk that
we have here for one hour from 8:30
’til 9:30 PM is “The Tor Network
– we’re living in interesting times”.
I don’t know how many of you are familiar
with the works of Terry Pratchett.
But anyways, in the novels of Terry
Pratchett there is the saying:
“And may you live in interesting
times!” that is actually a curse
for someone that you especially
dislike; because it usually means
that you’re in a lot of trouble. So
I guess we’re all very excited
for this year’s ‘Tor Talk’ by the
everlasting Dream Team:
Jacob Appelbaum and Roger
Dingledine! There you go!
cheers and applause
Give it up!
huge applause
Jacob Appelbaum: So, thanks very much
to the guy who brought me a Mate.
I learned his name is Alexander. It’s
never a good idea to take drugs
from strangers, so I introduced
myself before I drank it. Thank you.
laughter
First I wanted to say that following up
after Glenn Greenwald is a great honor
and a really difficult thing to do, that’s
a really tough act to follow, and
he’s pretty much one of,
I think, our heroes. So, it’s
really great to be able to share the stage
with him, even for just a brief moment.
And I wanted to do something a little
unconventional when we started
and Roger agreed. Which is that we
want people who have questions
– since I suspect some things happened
this year that arouse a lot of questions
in people – we’d like you to write those
questions down, pass them to an Angel
or to just bring them to the front
of the stage as soon as possible
during the talk, so that we can answer as
many of your questions as is possible.
This is a lot of stuff that happened,
there’s a lot of confusion, and we wanna
make sure that people feel like
we are actually answering
those questions in a useful way.
And if you wanna do that, it’d be great,
and otherwise, we’re gonna try to have
the second half of our talk be mostly
space for questioning.
So with that, here is Roger.
Roger Dingledine: Okay, so, a lot of
things have happened over this past year,
and we’re gonna try to cover
as many of them as we can.
Here’s a great quote
from either NSA or GCHQ,
I’m actually not sure which one it is.
But we’re gonna start a little bit
earlier in the process than this
and work our way up to that.
So, we’re in a war,
or rather, conflict of perception here.
There are a lot – I mean,
you saw Glenn’s talk earlier
– there are a lot of large media
organizations out there
that are trying to present Tor
in lots of different ways,
and we all here understand
the value that Tor provides
to the world, but there are a growing
number of people around the world
who are learning about Tor
not from our website, or from
seeing one of these talks or from
learning it from somebody who uses it
and teaches them how to use it.
But they read the Time Magazine
or Economist or whatever the
mainstream newspapers are,
and part of our challenge is how do we
help you, and help the rest of the world
do outreach and education, so that
people can understand what Tor is for
and how it works and what
sorts of people actually use it.
So, e.g. GCHQ has been given instructions
to try to kill Tor by, I mean, who knows,
maybe they thought of it on their own,
maybe we can imagine some nearby
governments asked them to do it.
And part of the challenge…
they say: “we have to kill it
because of child porn”. And it
turns out that we actually do know
that some people around the
world are using Tor for child porn.
E.g. we have talked to
a lot of federal agencies
who use Tor to fetch child porn.
subdued laughter
I talked to people in the
FBI who use Tor every day
to safely reach the websites
that they want to investigate.
The most crazy example of this is
actually the Internet Watch Foundation.
How many people here have heard
of the Internet Watch Foundation?
I see a very small number of hands.
They are the censorship wing
of the British Government. They are the
sort of quasi-government organization
who is tasked with coming up with the
blacklist for the internet for England.
And, we got email from them a few years
ago, saying – not what you’d expect,
you’d expect “Hey, can you please shut
this thing down, can you turn it off,
it’s a big hassle for us!” – the
question they asked me was:
“How can we make Tor faster?”
laughter, applause
It turns out that they need Tor,
because people report URLs to them,
they need to fetch them somehow.
It turns out that when you go the URL
with the allegedly bad stuff on
it and you’re coming from
the Internet Watch Foundation’s
IP address, they give you kittens!
laughter
Who would have known?
laughter, applause
So it turns out that these censors
need an anonymity system
in order to censor their internet.
laughter Fun times.
So another challenge here: at the
same point, one of my side hobbies
is teaching law enforcement how the
internet works, and how security works
and how Tor works. So, yeah, their job
does suck, but it’s actually not our fault
that their job sucks. There are a lot
of different challenges to successfully
being a good, honest law
enforcement person these days.
So, e.g. I went to Amsterdam and Brussels
in January of this past year to try to
teach various law enforcement groups.
And I ended up having a four-hour
debate with the Dutch regional Police,
and then another four-hour debate
with a Belgian cybercrime unit,
and then another four-hour debate
with the Dutch national Police.
And there are a lot of good-meaning, smart
people in each of these organizations,
but they end up, as a group, doing
sometimes quite bad things.
So part of our challenge is: how do we
teach them that Tor is not the enemy
for them? And there are a couple of
stories that I’ve been trying to refine
using on them. One of them they always
pull out, the “But what about child porn?
What about bad people? What about some
creep using Tor to do bad things?”.
And one of the arguments that I tried on
them was, “Okay, so on the one hand
we have a girl in Syria
who is alive right now
because of Tor. Because her family
was able to communicate safely
and the Syrian military didn’t
break in and murder all of them.
On the other hand, we have a girl
in America who is getting hassled
by some creep on the internet
who is stalking her over Tor.”
So the question is, how do we balance,
how do we value these things?
How do we assign a value
to the girl in Syria?
How do we assign a value
to the girl in America
so that we can decide which
one of these is more important?
And actually the answer is, you
don’t get to make that choice,
that’s not the right question to ask.
Because if we take Tor away
from the girl in Syria, she’s
going to die. If we take Tor away
from the creep in America, he’s got a lot
of other options for how he can be a creep
and start stalking people.
So if you’re a bad person,
for various definitions of ‘bad person’,
and you’re willing to break laws
or go around social norms,
you’ve got a lot of other options
besides what Tor provides. Whereas there
are very few tools out there like Tor
for honest, I’d like to say law-abiding,
but let’s go with civilization-abiding
citizens out there.
applause
Jacob: And it’s important to understand
that this hypothetical thing is actually
also true for certain values.
So at our Tor developer meeting
that we had in Munich recently,
that Syrian woman came to us,
and thanked us for Tor. She said:
“I’m from a city called Homs.
You might have heard about it,
it’s not a city anymore. I used Tor.
My family used Tor. We were able to
keep ourselves safe on the internet
thanks to Tor. So I wanted to come
here to Munich to tell you this.
Thank you for the work that you’re
doing.” And for people who
– this was their first dev meeting –
they were completely blown away
to meet this person. “Wow,
the stuff that we’re working on,
it really does matter, there
are real people behind it”.
And we were all, I think, very touched
by it, and all of us know someone
who has been on the receiving end
of people being jerks on the internet.
So this is a real thing where there
are real people involved, and
it’s really important to understand
that if you remove the option
for that woman in Syria – or you
here in Germany, now that we know
what Edward Snowden has told the world…
Those bad guys, those jerks
– for different values of that –
they always have options. But very
rarely do all of us have options
that will actually keep us safe.
And Tor is certainly not the only one,
but right now, and we hope in this
talk you’ll see that we’re making
the right trade-off by working on Tor.
Roger: One of the other talks that I give
to them, one of the other stories
that I give to them, one of the big
questions they always ask me is:
“But what about terrorists?
Aren’t you helping terrorists?”
And we can and we should talk about
“What do you mean by terrorists?”
because in China they have a very
different definition of terrorists
and in Gaza they have a very
different definition of terrorists, and
in America, they are always thinking
of a small number of people
in some Middle-Eastern country who are
trying to blow up buildings or something –
Jacob: Mohammed Badguy,
I think is his name.
Roger: Yes, that –
Jacob: In the NSA slides.
Roger: Yes. So, scenario 1:
I want to build a tool that
works for millions of people,
it will work for the next year,
and I can tell you how it works,
so you can help me evaluate
it. That’s Tor’s problem.
Scenario 2: I want to build a tool that
will work for the next 2 weeks,
it will work for 20 people and I’m
not going to tell you about it.
There are so many more
ways of solving scenario 2
than solving scenario 1. The bad
guys – for all sorts of definitions –
the bad guys have a lot more
options on how they can keep safe.
They don’t have to scale,
it doesn’t have to last forever,
they don’t want peer review, they
don’t want anybody to even know
that it’s happening. So the
challenge that Tor has is
we wanna build something that works for
everybody and that everybody can analyze
and learn about. That’s a much harder
problem, there are far fewer ways
of solving that. So, the terrorists,
they got a lot of options.
That sucks. We need to build tools that
can keep the rest of the world safe.
Jacob: And it’s important, really, to try
to have some good rhetorical arguments,
I think. I mean, we sort of
put a few facts up here.
One interesting point to mention
is that people who really
don’t want anonymity to exist
in a practical sense, maybe
not even in a theoretical, Human
Rights sense either, but definitely
in a practical sense, they’re not really
having honest conversations about it.
E.g. this DoJ study – the Department
of Justice in the United States – they
actually started to do a study where they
classified traffic leaving Tor exit nodes.
Which… it’s interesting that they
were basically probably wiretapping
an exit node to do that study. And
I wonder how they went about that – but
nonetheless, they came up with the
number 3% of the traffic being bad.
And then they aborted the study because
they received many DMCA takedown notices.
laughter
Roger: Yes, they –
Jacob: Apparently even the DMCA
is a problem to finding out answers!
That plague of society! (?)
Roger: interrupts They asked a
university to run the Tor exit for them
and they were just starting out
doing their study, and then
the university started getting
DMCA takedowns and said:
“Well, we have to stop, the
lawyers told us to stop!”,
and the Department of Justice said:
“We’re the Department of Justice,
keep doing it”, and then they
turned it off. laughter
So, not sure how the balance of power
goes there, but the initial results
they were looking towards
were about 3% of the traffic
coming out of that Tor exit node was bad,
but I haven’t figured out what they mean
by ‘bad’. But I’ll take it if it’s 3%.
Jacob: And I personally don’t
like to use the word ‘war’
when talking about the internet.
And I particularly dislike
when we talk about actual
issues of terrorism.
And I think that we should talk about it
in terms of perception and conflict.
And one of the most frustrating
things is: the BBC
actually has articles on their
website instructing people
how to use the Silk Road and
Tor together to buy drugs.
We very, very seriously do
not ever advocate that,
for a bunch of reasons… Not the
least of which is that even though
Bitcoin is amazing, it’s not
an anonymous currency.
And it isn’t the case that these websites
are necessarily a good idea and…
but it won’t be Tor, I think, that will be
the weakest link. But the fact that
the BBC promotes that – it’s because
they generally have “A man bites dog”.
You could say that that’s their
entire Tor related ecosystem.
Anything that could be just
kind of a little bit interesting,
they’ll run with it. So they have
something to say about it.
And in this case they literally were
promoting and pushing for people
to buy drugs. Which is crazy to me, to
imagine that. And that really impacts
the way that people perceive the
Tor Project and the Tor Network.
And what we’re trying to do
is not that particular thing.
That is a sort of side effect that occurs.
What we want is for every person
to have the right to speak freely and the
right to read anonymously on the internet.
Roger: And we also need to keep in
mind the different incentive structures
that they have. So BBC posted their
first article about Silk Road and Tor.
And the comment section was
packed with “Oh, wow, thanks!
Oh, this is great! Oh, I don’t have to go
to the street corner and getting shot!
Oh! Wow! Thanks! This is great!” Just
comment after comment, of people saying:
“Thank you for telling me about this!”
And then a week later they posted
a follow-up article saying “And we
bought some, and it was really good!”
laughter and applause
So what motivation are they doing here?
So their goal in this case is: “Let’s get
more clicks. Doesn’t matter what it takes,
doesn’t matter what we
destroy while we’re doing it.”
Jacob: So that has some serious problems,
obviously. Because then there are
different structures that exist to attack
– as part of the War on Some Drugs –
and they want to show that their
mission is of course impacted by Tor.
They want to have an enemy that
they can paint a target on. They want
something sexy that they can get funding
for. So here’s a little funny story
about an agent, as it says in the last
point, who showed this massive drop
in the Tor Network load after Silk
Road was busted. Right? Because
everybody realizes of course that all
of the anonymity traffic in the world
must be for elicit (?) things.
Roger: So this was at a particular meeting
where they were trying to get more funding
for this. This is a US Government person
who basically said: “I evaluated
the Tor Network load
during the Silk Road bust. And
I saw 50% network load drop
when the Silk Road bust happened.”
So I started out with him
arguing: “Actually, you know, when
there’s a huge amount of publicity about
– I don’t know – if Tor is broken, we can
understand, that would be reasonable,
that some Tor people would stop using
Tor for a little while, in order to wait
for more facts to come out and then will
be more prepared for it.” But then
I thought: “You know, wait a minute, we
got the Tor Metrics database. We have
all of this data of load on the network.”
So then I went: “Let’s go actually
see if there was a 50% drop on
the Tor Network!” So the green
line here is the capacity
of the Tor Network over time. So the
amount of bytes that relays can push
if we were loading it down
completely. And the purple line is
the number of bytes that are actually
handled on the network over time.
Jacob: Can you guess? If you don’t
look at the date at the bottom,
can you show what that
agent was talking about?
Or is the agent totally full of shit?
laughter
Just a… hypothetical question, but if you
have a theo… anyone? Shout it out! Yeah!
[unintelligible from audience]
Oh that’s right! It didn’t go down by 50%!
laughter
Wow! He was completely wrong!
But just for the record, that’s
where he said there was a drop!
laughter and applause
Roger: And while we’ve talked you had
to read these graphs. Here is a graph
of the overall network growth
over the past 3 or 4 years.
So the green line, again, is the amount of
capacity. And we’ve seen a bunch of people
adding fast relays recently,
after the Snowden issues.
And we’ll talk a little bit later about
what other reasons people are running
more capacity lately, as the
load on the network goes up.
Okay. And then there is the
‘Dark Web’. Or the ‘Deep Web’.
Or the Whatever-else-the-hell-you-call-it
Web. And again,
this comes back to media trying to
produce as many articles as they can.
So here’s the basic… I’ll give you
the primer on this ‘Dark Web’ thing.
Statement 1: “The Dark Web is every web
page out there that Google can’t index.”
That’s the definition of the Dark Web.
laughter and applause
applause
So every Corporate database,
every Government database,
everything that you access with a
web browser at work or whatever,
all those things that Google can’t get to,
that is the Dark Web. That’s statement 1.
Statement 2: “90+X% of web
pages are in the Dark Web.”
So these were both well-known
facts a year ago.
Statement 3, that the media has
added this year: “The only way
to access the Dark Web is through Tor.”
laughter, some applause
These 3 statements together
sell more and more articles
because it’s great, people buy them,
they’re all shocked: “Oh my god,
the web is bigger than I thought,
and it’s all because of Tor”.
laughter and applause
Jacob: So, really… the reality of this
is that it’s not actually the case.
Obviously that’s a completely laughable
thing. And for everyone that’s here –
not necessarily people watching on the
video stream – but for everyone here,
I think, you realize how ridiculous
that is. That entire setup
is obviously a kind of ‘clickbait’, if
you would call it something like that.
There are a few high-profile Hidden
Services. And actually, this is
a show of hands: raise your hand
if you run a Tor Hidden Service!
few hands go up
Right. So, no one’s ever heard of your
Tor Hidden Service. Almost certainly.
And these are the ones that people have
heard of. And this is something which is
kind of a fascinating reality
which is that these 4 sites,
or these 4 entities have
produced most of the stories
related to the deep gaping
whatever web, that
if you wanna call it the Dark Web. And,
in fact, for the most part, it’s been…
I would say the Top one
e.g., with Wikileaks,
it’s a positive example. And,
in fact, with GlobaLeaks,
which is something that Arturo Filastò
and a number of other really great
Italian hackers here have been working
on, GlobaLeaks, they’re deploying
more and more Hidden Services that you
also haven’t heard about. For localized
corruption, reporting and whistleblowing.
But the news doesn’t report about
Arturo’s great work. The news
reports are on The Farmer’s Market,
on Freedom Hosting and
on Silk Road. And those things
also bring out a disproportionate
amount of incredible negative attention.
In the case of freedom hosting, we
have a developer, Mike Perry, who’s
kind of the most incredible
evil genius alive today.
I think he’s probably at about 2 Mike
Perrys right now. That’ll be my guess.
And he was relentlessly attacked.
Because he happened to have
a registration for a company
which had an F and an H in the name.
Wasn’t actually even close
to what’s up there now.
And he was relentlessly attacked because
the topics that the other sites have
as part of their customer base or as part
of the things that they’re pushing online,
they really pull on people’s
hearts in a big way.
And that sort of created
a lot of stress. I mean,
the first issue, Wikileaks, created a
lot of stress for people working on Tor
in various different ways. But for Mike
Perry, he was personally targeted,
in sort of Co-Intel-Pro style
harassment. And really sad,
in a really sad series of events.
And of course, the news
also picked up on that, in some
negative ways. And they really, really
picked up on that. And that’s a really
big part of I think you could call it
a kind of cultural conflict
that we’re in, right now.
The farmer’s market has also
quite an interesting story.
Which I think you wanted to tell.
Roger: Yeah, so, I actually heard from
a DEA person who was involved
in the eventual bust of
the Farmer’s Market story.
Long ago there was a website on
the internet, and they sold drugs.
Oh my god. And there were people
who bought drugs from this website
and Tor was nowhere in the story. It
was some website in South East Asia.
And the DEA wanted to take
it down. So they learned…
I mean the website was public. It was
a public web server. So they sent
some sort of letter to the country that it
was in. And the country that it was in
said: “Screw you!”. And then they said:
“Okay, well, I guess we can’t take down
the web server”. So then they started to
try to investigate the people behind it.
And it turns out the people
behind it used Hushmail.
So they were happily communicating
with each other very safely.
So the folks in the US
sent a letter to Canada.
And then Canada made Hushmail basically
give them the entire database
of all the emails that these people
had sent. And then, a year or 2 later,
these people discovered Tor. And they’re
like: “Hey we should switch our website
over to Tor and then it will be safe.
That sounds good!”. The DEA people
were watching them the whole time
looking for a good time to bust them.
And then they switched over to Tor, and
then 6 months later it was a good time
to bust them. So then there were all
these newspaper articles about how
Tor Hidden Services are
obviously broken. And
the first time I heard the story
I was thinking in myself:
“Idiot drug sellers use Paypal
– get busted – end of story”.
laughing
But they were actually using Paypal
correctly. They had innocent people
around the world who were receiving
Paypal payments and turning it into some
Panama based e-currency or
something. So the better lesson
of the story is: “Idiot drug sellers
use Hushmail – get busted”.
So there are a lot of different
pieces of all of these.
Jacob: Don’t use Hushmail!
laughter
Seriously! It’s a bad idea! And
don’t use things where they have
a habit of backdooring their
service or cooperating
with so called ‘lawful interception
orders’. Because it tells you that
their system is not secure. And it’s clear
that Hushmail falls into that category.
They fundamentally have chosen that
that is what they would like to do.
And they should have that reputation.
And we should respect them exactly
as much as they deserve for that. So
don’t use their service. If you can.
Especially if you’re gonna do
this kind of stuff. laughter
Or maybe what I mean is: guys,
do that – use Hushmail.
But everybody else, protect yourself!
laughter
So, the thing is that
not every single person
is actually stupid enough to use Hushmail.
So as a result, we had started to
see some pretty crazy stuff happen.
Which we of course knew would happen and
we always understood that this would be
a vector. So, in this case,
this year we saw,
I think, one of the probably not
the most interesting exploits
that we’ve ever seen. But one
of the most interesting exploits
we’ve ever seen deployed
against a broad scale of users.
And we’re not exactly sure
who was behind it. Though
there was an FBI person who went
to court in Ireland and did in fact
claim that they were behind it. The IP
space that the exploit connected back to
was either SAIC or NSA.
And I had an exchange
with one of the guys behind the VUPEN
exploit company. And he has
on a couple of occasions mentioned
writing exploits for Tor Browser.
And what he really means is Firefox. And
this is a serious problem of course. If
they want to target a person, though,
the first they have to actually find them.
So traditionally, if you’re not using Tor,
they go to your house, they plug in some
gear. They go to the ISP upstream,
and they plug in some gear. Or they do
some interception with an IMSI catcher,
and things like that. Most of these
techniques, I’ll talk about on Monday
with Claudio. If you’re interested.
But basically it’s the same.
They find out who you are,
then they begin to target you,
then they serve you an exploit.
This year one of the differences is
that they had actually taken over a Tor
Hidden Service. And started to serve up
an exploit from that. Just trying
to exploit every single person
that visited the Hidden Service. So there
was a period of time when you could
really badly troll all of your friends
by just putting a link up where
it would load in an iFrame and they would
have been exploited. If they were running
an old version of Firefox. And
an old version of Tor Browser.
Which was an interesting twist. They
didn’t actually, as far as we know,
use that exploit against anyone
while it was a fresh Zeroday.
But they did write it. And they
did serve it out. And they gave
the rest of the world the payload
to use against whoever they’d like.
So, when the FBI did this, they basically
gave an exploit against Firefox
and Tor Browser to the Syrian Electronic
Army who couldn’t have written one,
even if they wanted to. This is
a really interesting difference
between other ways that the FBI might
try to bust you, where they can localize
the damage of hitting untargeted
people who are otherwise innocent,
especially. But we’ve asked
Firefox to try to integrate
some of these privacy-related things that
we’ve done. We’d like to be able to be
more up-to-speed with Firefox and
they generally seem premili, too (?)
and I think that’s a fair thing to say.
But we have a de-synchronisation.
But even with that de-synchronisation we
were still ahead of what they were doing
as far as we can tell. But they
are actually at the point where
they have hired probably some people
from this community – fuck you –
and they write those exploits.
applause
And serve them up.
And so that is a new turn.
We had not seen that before this year.
And that’s a really serious change.
As a result we’ve obviously been
looking into Chrome, which has
a very different architecture. And in some
cases it’s significantly harder to exploit
than Firefox. Even with just very
straight-forward bugs which should be
very easy to exploit the Chrome team
has done a good job. We want to have
a lot of diversity in the different
browsers. But we have a very strict
set of requirements for protecting
Privacy with Tor Browser.
And there’s a whole design document
out there. So just adding Tor
and a web browser together is not quite
enough. You need some actual thoughts.
That have been – mostly by Mike Perry
and Aron Clark (?) – have been elucidated
in the Tor Browser design document.
So we’re hoping to work on that.
If anyone here would like to work on that:
that’s really something where we really
need some help. Because there is
really only one Mike Perry. Literately
and figuratively.
Roger: Okay. Another exciting topic
people have been talking about lately
is the diversity of funding. A lot of our
funding comes from governments.
US mostly but some other ones as
well. Because they have things
that they want us to work on. So once upon
a time when I was looking at fundraising
and how to get money I would go to places
and I would say: “We’ve got 10 things
we want to work on. If you
want to fund one of these 10,
you can help us set our priorities.
We really want to work on
circumventing censorship, we really want
to work on anonymity, we really want
to work on Tor Browser safety. So
if you have funding for one of these
then we’ll focus on the one that
you’re most interested in”.
So there’s some trade-offs here. On the
one hand government funding is good
because we can do more things. That’s
great. A lot of the stuff that you’ve seen
from Tor over the past couple of years
comes from people who are paid full-time
to be able to work on Tor and focus
on it and not have to worry about
where they’re gonna pay their rent
or where they’re gonna get food.
On the other hand it’s bad because
funders can influence our priorities.
Now, there’s no conspiracy. It’s not
that people come to us and say:
“Here’s money, do a backdoor, etc.”
We’re never gonna put any backdoors
in Tor, ever.
Jacob: Maybe you could tell the story
about that really high-pitched lady
who tried to get you, to tell you that
that was your duty and then you explained…
Roger: Give me a few more details!
laughter
Jacob: People have approached us,
obviously, in order to try to get us
to do these types of things. And
this is a serious commitment
that the whole Tor community gets behind.
Which is that we will never ever
put in a backdoor. And any time that we
can tell that something has gone wrong
we try to fix it as soon
as is possible regardless
– actually I would say for myself – of any
other consequences. That our commitment
to protecting anonymity
of our user base extends
beyond any reasonable commitment,
actually. And we really believe
that commitment. And there are people
that have tried to get us to change that.
Tried to tell us that “oh, it’s only
because you’re living in the free world,
and you’re able to have a company
that (?) and make a profit
that you can even right the supper (?). So
come on! Do your duty!” And of course
when we tell them we’re non-profit
and that we’re not gonna do it,
they’re completely
dumbfounded. For example.
Roger: Now I remember that discussion, yes!
Jacob: Yeah!
applause
Roger: This was a discussion with
a US Department of Justice person
who basically said: “It’s your…
the Congress has given us,
the Department of Justice, the
right to backdoor everything,
and you have a tool
that you haven’t made
easy for us to backdoor. So
it’s your responsibility to fix it
so that we can use the privileges
and rights given us by Congress
on surveilling everybody. And
you are taking advantage
of the situation that we’ve given you
in America where you’ve got good
freedom of speech and you got other
freedoms etc. You’re stealing
from the country. You’re cheating on the
process by not giving us the backdoor
that Congress said we should have”. And
then I said: “Actually we’re a non-profit.
We work for the public good”. And then
the conversation basically ended.
She had no further thing to say.
applause
So part of what we need to do is continue
to make tools that are actually safe
as tools. Rather than a lot of the other
systems out there. On the other hand,
every funder we’ve talked to
lately has interesting priorities:
they wanna pay for censorship-resistance,
they wanna pay for outreach, education,
training etc. We don’t have any
funders right now who want to pay
for better anonymity. And it’s really
important for some of the people
we heard about in the last talk that
they have really good anonymity
against really large adversaries.
And I’m not just talking about
American Intelligence Agencies. There
are a lot of Intelligence Agencies
around the world who are trying
to learn how to surveil everything.
So what should Tor’s role be here?
There are a lot of people in the Tor
development community who say:
“What we really need to do is
focus on writing good code,
and we’ll let the rest of the world
take care of itself.” There is also
a trade-off from some of the
funders we have right now.
Where I could go up and I could say
a lot of really outrageous
things that I agree with
and that you agree with. But some
of our funders might wonder
if they should keep funding us after
that. So part of what we need to do
is get some funders who are more
comfortable with the messages
that everybody here would like the
world to hear. So if you know anybody
who wants to help provide actual
freedom we’d love to hear from you.
Jacob: And it’s important to understand
that we sort of have an interesting place
in the world at the moment
where it’s easy to say
that we shouldn’t be political. And that
in general, there shouldn’t be politics
in what we’re doing. And
it’s also easy to understand
that that’s crazy when someone
says that to an extent. Because
the idea of having free speech, having
the right to read, having the ability
to reach a website that is beyond
of the power of the state
– that is a very political thing for
many people. And it is often the privilege
of some, where they don’t even
realize that’s a political statement.
applause
And they suggest…
and that they suggest that we don’t need
to be political. We need to recognize the
political context that we exist in. And
especially after the summer of Snowden,
understanding that there
are almost no tools
that can resist the NSA
and GCHQ. Almost none.
We did not survive completely
in the summer of Snowden.
They were able to get some Tor users.
But they couldn’t get all Tor users!
That’s really important. We change
the economic game for them.
And that, fundamentally,
is a political issue!
applause
But please note that the solution
is not a Partisan solution.
Where we say: well, some people
are good and some are bad.
You guys over there, on the left
or on the right, you don’t deserve
to have freedom of speech. You
don’t have the right to read.
We aren’t saying that. We’re saying that
the common good of everyone having
these fundamental rights
protected in a practical way
is an important thing for us to build
and for all of us to contribute to,
and for every person to
have. That is, I think,
the best kind of political solution
we can come up with.
Though it is a very controversial
one in some ways. I think that
we can’t actually do it unless everyone
really starts to agree with us.
And we are making a lot of positive change
in this. As we saw with the network graph.
But this comes from
Mutual Aid and Solidarity.
Which most of the people
in this room provide.
Roger: And that diversity of
users is actually technically
what makes Tor safe. You need to have
activists in various countries,
and folks in Russia right now,
and law enforcement around the
world. You need to have them all
in the same network. Otherwise
if I see that you’re using Tor,
I can start guessing why you’re using
Tor. So we need that diversity
of users. Not just for
a perception perspective
but for an actual technical perspective.
We need to have all the different
types of users out there blending
into the same system
so that they can keep each other
safe. So part of the hobbies
that each Tor person has,
we’re all getting better
at outreach to various communities.
So, I mentioned earlier
that I talked to law enforcement to try
to teach them how these things work.
Turns out that having Jake talk to
law enforcement is not actually
the most effective way to
convince them of things
laughter
so…
Jacob: I’m, I’m, I’m, eh, you know, my
lawyer gave me some great advice
which I can tell you without breaking the
privilege of our other communications.
Which he says: “never miss the
chance to shut the fuck up!”
laughter
And that I think really really underscores
why I should not talk to the Police
about why they also need
traffic analysis resistance, reachability,
network security, privacy and anonymity.
Roger’s much much more diplomatic.
Roger: So at the same time we have
people talking to domestic violence
and abuse groups and teaching them
how to be safe. And at the same time
we have folks at corporations
learning how to be safe online.
We hear from large companies
who are saying: “I want to
put the entire corporate
traffic over Tor
because we actually do have adversaries
and they actually are spying on us
and they do want to learn what we’re
doing. So how do we become safe
from these situations?” So part of
what we need is help from all of you
to become outreach for all of your
communities. And get better
at teaching people about why privacy
is important for the communities
that you’re talking to and learn how to
use their language and convince them
that these things are important.
And at the same time teach them
about the other groups out there who
care. So that they can understand
that it’s a bigger issue than just
whatever they’re most focused on.
Okay, so, a while ago I wrote up
a list of 3 ways to destroy Tor.
The first way – we have
a handle on it for a while.
The first way is: change the laws
or the policies or the cultures
so that anonymity is outlawed.
And we’re pretty good
at fighting back in governments
and policy and culture etc.
and saying: “No, there are good uses of
these things, you can’t take them away
from the world”. The second way:
Make ISPs hate hosting exit relays.
And if more and more ISPs say:
“No, I’m not gonna do that”
then eventually the Tor Network
shrinks reducing the anonymity
it can provide because there’s not as
much diversity of where you might
pop out of the Tor Network to go to
the websites. So I think we’re doing
pretty well fighting that fight.
We’ve known about it for a while.
It’s one we’ve been focusing on
for a long time. Torservers.net
and a lot of other groups are doing great
work at building and maintaining
relationships with ISPs. But the third
one is one that we haven’t focused on
as much as we should. Which is:
make websites hate Tor users.
So a growing number of
places are just refusing
to hear from Tor users
at all. Wikipedia did it
a long time ago. Google gives
you a captcha if you’re lucky…
Jacob: That’s the best question, ever!
If you like, that’s a good setup!
Roger: I’ll cover this one next. So,
Skype is another interesting example
here. If you run a Tor exit relay
and you try to skype with somebody
Microsoft hangs up on you.
And the reason for that is not that
they say: “Oh my god, Tor people
are abusing Skype!” – Microsoft pays
some commercial company out there
to give them a blacklist, they don’t even
know what’s on it, and the company
puts Tor exit IPs on it. And
now Microsoft blacklists all the
Tor exit relays. And they don’t even know
they’re doing it. They don’t even care.
So as more and more of these
blacklisting companies exist
we’re more and more screwed.
So we need help trying to
learn how to teach all of these
companies how to accept
users without thinking that IP addresses
are the right way to identify people.
Jacob: There might also be,
on point 3, a relationship here
with some of the other
points here. E.g. point 4.
Which is to say that when
a company does not want to
give you location anonymity
maybe there’s a reason for that.
I mean, I personally think that Wikipedia
is great, I don’t feel so great
about yelp and about Google, most of
the time. And I definitely don’t feel good
about Skype. Given what we’ve
learned it makes sense
that they would demonstrate that
they do not respect you as users.
And the Tor Network as a way to
protect users from them, actually.
And some of these places will
say that it's basically only being
used for abuse. Often they won’t have
metrics for it. And they will refuse
to work with us to come up with inventive
solutions, like e.g. something
where you have to use a
nym system of some kind,
in the case of Wikipedia, or something
where you solve a captcha, something
where you have to have an account,
something where you’re pseudononymous.
But you get to retain location privacy.
And actually, in a few cases,
it’s probably better that Tor is blocked
because they don’t even
provide secure logins when you’re not
using Tor. So it’s not necessarily
always a good thing to use the services,
anyway. So in a sort of funny sense
it could be helpful that they’re blocking
Tor. But we would like to improve
those things. And one thing is
to show that we need to build
some systems to get these properties. And
we need to show that it is the best thing
right now that we all can use. And
we need people that are working
with these companies, with these
communities, to actually help us
to understand how we can
better serve Tor community,
but also the Tor community that
overlaps with their community.
Especially Wikipedia. For me personally,
it kills me that the way that I get
to edit the Wikipedia, should I edit
it, is that I have to send an email
to someone, tell them an account I already
have, ask them to set a special flag
in the Wikipedia database,
and then I can log in and edit.
That’s not really the ideal solution,
I think. If I’m not being abusive
on Wikipedia I should be able to
have a pseudononymous way to edit.
I should be able to anonymously connect.
And I should be able to do that
from anywhere in the world, especially
when the local network is censoring me
and my only way to get to the
Wikipedia is to, in fact, use Tor
or something like it.
applause
So, the last point on that is this one:
I obviously joked the church man (?)
Roger: Yeah, so I was showing this to an
anonymity researcher and he started
yelling: “IPO, IPO, IPO, IPO…” as
soon as he saw this graph of Tor users
over time. So in the course of a week
or so we added about 4 or 5 million
Tor clients to the network.
And you’d think: “Oh wow,
this Snowden thing worked,
it’s great!” But actually,
some jerk in the Ukraine signed
up his 5 million node botnet.
Jacob: I mean, one of the good things
about this is that we learned that
the Tor Network scales to
more than 5 million users.
Roger: We’ve been working on
scalability: it works!
applause
Jacob: We had to make some changes.
There’s e.g. the NTor handshaking
which is using elliptic curves. That is
something which really helps to reduce
the load on the relays. This is a pretty
big change. But there’s a lot of work
that Mike Perry has done with load
balancing, lots of work by Nick Mathewson.
Lots of changes in the Tor Network
for scalability. But if this had been
like a real attacker, or if the botnet had
been turned against the Tor Network,
it probably would have been fatal,
I think. A really interesting detail is
that this was a botnet for Windows.
And Microsoft has the ability to remove
things that they flag as malicious.
And so they were going around
and removing Tor clients from
Microsoft Windows users
that were part of this botnet. Now when we
talked to them, my understanding is that
they only removed it when they were
certain that is was a Tor that came
from this botnet. That’s a lot of power
that Microsoft has there, though!
If you’re using Windows, trying to be
anonymous, with the device. Bad idea.
Roger: They actually removed the
bot and left the Tor client because
they weren’t sure whether they
should remove it. So actually
all those 5 millions are
still running Tor clients.
Jacob: Whhoops! So, interesting
point here, summer of Snowden.
It’s hard to tell. There’s
some piece of information
that we’re really missing here. Due to
the botnet happening at the same time
it’s really difficult to understand the
public response to the revelations
about NSA and spying.
Especially now. I mean:
we think that most of that is
botnet traffic. Over a million.
Over a million, where it goes
up. Over almost a 6 million.
So that’s a serious amount
of traffic, from that botnet.
And that is a really serious threat to
the Tor Network. It can be (?)
a couple of different ways. One of
these things, I mentioned before,
NTor handshake. But another thing
is: if every person in this room
were to run a Tor relay, even
a middle relay not an exit relay,
it would make it significantly harder to
melt the Tor Network.
I actually think
that would be incredible if you guys
would all do that.
I don’t think that
all of you will.
But if you did that would
make it so that we could survive
other events like this in the future.
applause
So someone sent a question which we’re
just gonna go ahead and answer now.
“When talking of funding for better
anonymity, what do you think,
in terms of money,
how much could you need?”
Well here’s a thing:
if you were willing to fund us
we would really like you.
Or I would really like it
especially, since I’m probably the one
that threatens the US Government funding
of Tor, more than any person in this room.
I think that it would be great if you
could match the Dollar-to-Dollar
that Government funders
bring to the table.
We would really like that.
It would be amazing if that was possible.
So there’s actually a hard number
on the website.
Or if you wanted to
– as much money as you have.
laughter
Feel free!
Either way –
Roger: To give you a sense of
scale: right now our 2014 budget
is looking like it will be somewhere
between 2 Mio US and 3 Mio US,
which is great except we’re trying to
do so many different things at once.
If it ends up on the 2 Mio US side
we basically have no funding
for making anonymity better.
If it ends up
more than that then
we’re in better shape and
we can make people more safe.
Jacob: And part of the thing is that we
have to build all sorts of tools that are
not directly related to Tor.
In many cases.
Especially because of the funding.
But because we want users to be
able to actually use the software
with something else.
It’s not nearly
enough to have a Tor.
You need to be able
to do something with the Tor.
You know?
And that’s a really difficult part.
But if there’s specific things we would
also be open to alternate funding models
where we fund very specific tasks e.g.
that would be a really great thing.
We haven’t really
experimented with that.
But on that note I wanted to talk
about classified information.
Everybody ready?
It’s not classified any more,
it’s on the internet?
I’m not sure. So,
this is probably the hot topic
I would say.
Probably the one
everyone wanted to know about.
So the NSA and GCHQ
have decided that they
don’t like anonymity,
and they’re doing everything that
they possibly can to attack it.
With a few exceptions.
So there’re
a few different programs
– I’m gonna talk a lot about this
on Monday. So I don’t wanna go
into too much detail about the
non-Tor aspects of it. But
for the Tor side of it – Quick Ant is
what’s called a question-filled data set.
This is a QFD.
What that means is it’s TLS related
sessions, as I understand it.
And it is recording data, i.e.
Data Retention about TLS sessions.
It’s pulled from a larger thing –
Flying Pig.
Which was revealed on I think,
a Brazilian Television clip, or someone
photographed a moving
picture of Glenn’s screen.
That program is kind of scary.
But not too scary.
Just looks like after the fact (?) Data
Retention.
Quantum Insert
on the other hand is a pretty
straightforward man-on-the-side-attack.
Foxacid, which is another thing which
we know that’s used against Tor users,
is basically just the ‘Tailored Access
and Operations’ web server farm
where they serve out malware.
Sort of like a watering hole attack.
Except
in this case they also combine it with
Quantum Insert.
So that when you visit
your Yahoo mail
– NSA and GCHQ love Yahoo –
even when you use Tor
they basically redirect you
by just tagging a little bit of data
into the TCP connection. And
of course Tor does its job, it flows all
the way back to you.
Your web browser
then loads it.
You’re now connected to
their server.
Their server delivers
malicious code.
And the use it
is to pop somebody.
From what I understand it took
them 8 months to hit one guy.
That’s fucking great, I think, that
we went from ‘everybody all the time
applause
being compromisable’ to ‘they have to
very carefully pick one person
and work for a long time’.
They really believe that
that’s the right target.
They really understand that
that is someone that they
want to go after. And
if that person were to keep their browser
up-to-date they probably would have been
ahead of the game.
Not exactly sure.
But there are some other things
that are really dangerous.
Which is
Quantum Cookie, e.g. Quantum Cookie
is a program where basically
they’re able to elicit
from a connection other connections
from your web browser
which will get you to
leak cookie information.
So let’s say you happen to
log-in to a Yahoo account.
And that was a known
selector for surveillance.
And then they thought you might also have
a Gmail cookie that wasn’t marked secure
and you might also have another
search engine; or you might have
some other cookies.
Then they would
basically insert things that your browser
will then request insecurely over the same
connection, to (?) tie them together,
correlate that.
And then they will extract
it and they’ll be able to tell that
this selector is linked to
these other selectors.
’Cause they basically been able
to actively probe.
A solution to that is
‘Https Everywhere’ which we already ship
in the Tor Browser Bundle
but also to be aware about
session isolation to maybe
even if you’re using things
where you’re trying to it as securely as
possible – not every site will offer TLS
to actually make sure that the
Tor browser only has the exact
set of credentials you need for the thing
you’re doing at that time.
So that’s
incredibly straight-forward stuff.
In terms of the hacker
community this is like
not even really interesting, actually.
The thing that makes it interesting is
that they do it at internet scale.
And that they’re trying to watch
the entire internet all the time.
Another interesting fact about this is
that you would imagine that not
routing through Five Eyes countries
would make you safer in some way.
I don’t think that’s actually true.
From what I can tell they actually
have some restrictions, if you route
through the Five Eyes countries.
And if you are not in
a Five Eyes country,
like Germany, they have no restrictions.
So if you behave differently we know
from an anonymity perspective
that that’s worse for you.
And if you behave differently
in this particular way
then there are legal answers that
show that you shouldn’t break out
from the regular way that Tor
users and Tor clients behave.
But the key point to take home is
that every single person here
has the same set of problems
if they’re not using Tor.
And it is easier for them.
So that’s a huge,
huge difference.
And the last point, I think is a key one
which Roger has a great story for.
Roger: Yeah, so they… the story
here is they look at Tor traffic
coming out of Tor exit relays.
They don’t know who the person is.
And they have
to make a decision there: do I try the
Quantum Insert and the Foxacid,
do I try to break into their browser?
Or do I leave them alone.
And when they see the Tor flow
they don’t know who it is.
So on the one hand, that’s great.
They can’t do target attacks.
They have to do broad
attacks and then
check/wait (?) later to see whether
they broke into the right person.
But as soon as the Guardian
articles went up about this,
DNI – the something National Intelligence
– put out a press release, saying:
“We’d like to assure everybody
that we never attack Americans”.
Jacob: So first of all – on behalf of
the American people and the US Government
which I do not represent:
I’m so sorry that
my country keeps embarrassing the rest
of the reasonable Americans, of which
there are plenty, many of us that are not
James Clapper, that total fucking asshole.
applause
to Roger:
We have 5 minutes.
applause
Roger: So the reason why that story is
particularly interesting is that: I talked
to an actual NSA person a couple of weeks
ago… and I’m like: “Wait, you never attack
Americans but you have to blank-and-attack
everybody and then find out who it was”.
And he said: “Oh no no no no, we watch
them log into Facebook and if they log in
as the user we’re trying to attack
then we attack them.
No problem.”
Jacob: And they do the blanket
dragnet surveillance. So,
an interesting point of course is that we
always heard…
I once met someone
who explained to me: “The NSA obviously
runs lots of Tor nodes like they were
like 90.000 Tor nodes”,
I think was the number.
I wish we had 90.000 Tor nodes.
That’d be incredible.
You know
we’re like, what, at about 4..5000
at any given point in time, that are
stable, of which are 1/3 are exit relays.
Right.
So it turns out when the NSA did
run some, they ran half a dozen.. a dozen?
Roger: They ran about 10.
And they
were small.
And short-lived.
On EC2.
But that should not
make you happy.
It doesn’t matter
whether the NSA runs Tor relays.
They can watch your Tor relays.
If you run a Tor relay at a
great place anywhere in the US
or Germany or wherever they’re good
at spying on they watch the upstream
of your relay and they get almost
what they would get from running
their own relay.
So what we should be
worried about – we should not be worried
that they’re running relays.
It’s a concern, but the
bigger concern is
that they’re watching the whole internet.
And the internet is much more centralized
than we think it is.
There are a lot more
bottle-necks where if you watch them
you get to see a lot of
different Tor traffic.
So the problem is not so much
“Are they running relays?” as “How
many normal relays can they watch?”
And if you’re thinking about a large
adversary like NSA: the answer could be:
“A third?”, “Half?”.
We don’t know
how many deals they have.
Jacob: So, an interesting point here is
that one-hop-proxies are… or VPN
– who here uses a VPN to some
kind of commercial VPN service?
about 1/4 raised hands
Right.
So this is a pretty big problem,
I think.
Which is that you end up with the
hide-my-ass problem.
Which is that –
first of all that company, it’s a problem.
Second of all, what they do to their users
is also a problem.
Which is that they
basically promote their service
for revolution in Egypt, e.g. but when
someone used it because they disagreed
with the policies of the UK then
they turned them over.
Interesting point.
We need to build decentralized systems
where they can’t make that choice.
We need to make sure that that
isn’t actually happening.
And one of the things
that we’re trying to drive home is
that – and I really think it’s important
to take this to heart –
one-hop-proxies or VPNs,
as we have said for more that a
decade, are not safe. Especially
if you think about when they from the
QuickANT and from the Flying Pig software,
they’re recording traffic
information about connections.
And in some cases
we know – thanks to Laura Poitras
and James Risen – that they have
Data Retention which is something
like – what is it, 10..15 years,
5 years online, 10 years
offline, is that right?
Right. Okay.
That’s bad news.
We know that the math
for VPNs is not in your favor.
So that said: What
happens with this stuff?
Right?
What happens is what happened
e.g. with the Silk Road fellow.
Or maybe not.
It’s not clear.
It could be that the guy used a VPN.
Which is braindead.
But it could also be that
the NSA has this data and tried
to pull off a retractive attack
once they already had him from
other things like auguring fake IDs.
We don’t know which in the case
of Silk Road.
But we can tell you
that it’s pretty clearly a bad
idea to do it if you’re going to
do something interesting.
It’s probably also a bad
idea to do it just generally
because you don’t even know what
’interesting’ is in 5 or 10 years. So
parallel construction is a really
serious problem, and we think,
probably, if we could expand the
Tor Network, we would make it
significantly harder to do this.
It would
make it significantly harder for them
to do it, especially if you replace your
VPN with Tor.
There are some trade-offs
with that, though.
So the real question is
what your threat model is.
And you really
have to think about it.
And then also understand
that we live in a world now
where Law Enforcement and
Intelligence Services, they seem to be
blending together.
And they seem to be blending
together across the whole planet
in secret.
Which is a serious problem
for the threat model of Tor.
Roger: So I actually talked to
some FBI people and I said:
So which one of these is it?
And they said: Well, we
never get tips from the NSA.
We’re good, honest Law enforcement,
they’re doing something bad,
but why should that affect us?
And my response was: “Well,
NSA says they told you!
So, are you lying
to me or are they lying to you?
Or what’s going on here?”
And I don’t actually
know the right solution here.
So scenario 1: The NSA
anonymously tips the FBI
and they go check something out and
they say: “Well I need to build a case
that they do”.
Scenario 2: Some anonymous
whistleblower tips off the FBI
and they go build a case.
From the FBI’s perspective
these are the same:
“I got a tip, I build a case.
Why should I care where
it came from?” And
so should we build a Know-your-customer
Law so that the FBI has to know
their informers or whistleblowers?
Should we rely on the NSA
to regulate itself?
Should we rely
on the Congress to regulate NSA?
None of these are good answers.
Jacob: So, we have a very
limited amount of time.
And in order to be able
to address some questions we
will probably skip a few things
and we’ll put these slides
online.
But short/quick
summaries for a few of these slides, then
we’re gonna address some questions.
One of them is that we want to improve
Hidden Services.
Even though they
haven’t been broken as far as we
understand from any of the documents
that have been released.
We still
want to make them stronger,
because we wanna be ahead of the game.
We don’t want to play Catch-Up.
Roger: We especially need to improve
the usability and performance of them.
Because right now they’re a toy
that only really dedicated people
get working.
And the more
mainstream we could make them
the more broad uses we are going to see.
The reason why people keep hearing
about high-profile bad Hidden Services
is that we don’t have enough
good use cases in action yet that
lots of people are experiencing.
Jacob: The most important thing for all of
the – let’s say – Cypherpunks movement
to understand is that when
you have usable crypto
you are doing the right thing.
When
you have strong peer-reviewed
Free Software to implement that, and
it’s built on a platform where you can
look at the whole stack you’re
really ahead of the game.
There’s a lot to be done in that.
And if we do that
for Hidden Services
I think we’ll have similar returns that
you’ll see with other crypto projects.
Roger: So one of the other great things in
the Tor world is the number of researchers
who are doing great work at evaluating
and improving Tor’s anonymity.
So there are a couple of papers that were
out over the past year talking about
how we didn’t actually choose the
right guard rotation parameters.
I’m not going to get into that in detail
in our last couple of minutes.
But the very brief version is:
if you can attack both sides of the
network and they run 10% of the network
– they, the adversary run 10% of the
network – the chance over time,
the blue line is the current situation,
where you choose 3 first hops,
3 entry guards and you rotate every
couple of months – over time
the chance that you get screwed by an
adversary who runs 10% of the network
is pretty high.
But if we change it
to 1 guard and you don’t rotate
then we’re at the green line which
is a lot better against an adversary
who’s really quite large.
This is an adversary
larger than torservers.net
e.g. So A...
Jacob: Arts (?) is no adversary, right?
Roger: So a pretty large attacker we
need to move it from the blue line
down to the green line.
And that’s
an example of the anonymity work
that we need to do.
-- So, what’s next?
Tor, endorsed by Egyptian activists,
Wikileaks, NSA, GCHQ, Chelsea
Manning, Edward Snowden…
Different communities like
Tor for different reasons.
Some of our funders we go to them with
that sentence – basically everybody
we go to with that sentence.
It’s like:
“I like those 3 examples but I don’t like
those 2 examples”.
So part of what we
need to do is help them to understand
why all of these different
examples matter.
Jacob: That said, I tend to believe
that we need to be engaged
in a pretty big way and thanks
to the people of Ecuador,
especially the people running the Minga-tec
community events, they have actually
put together a real model which
should be emulated probably
by the rest of the world where they really
engage with civil society, and they’re
actually able to arrange for meetings
with e.g. the Foreign Minister
or with various other people involved in
the National Assembly.
And as a result
they had Article 474, which they
proposed, which was basically
the worst Data Retention
Law you can imagine.
It included video taping
in Internet Cafés, 6 months dragnet
surveillance, all sorts of awful stuff.
And they were able to, in the
course of, I would say 3..6 months,
this is mostly the FLOK Society,
actually.
They were able to organize
a real discussion about this.
And we
were able to get this proposed part
of the penal code completely removed.
At the end of November of last year…
early December… of this year.
So just about a month ago.
So if we really work together
across the spectrum,
we see, right now, in Ecuador
e.g. changing (?) away
by showing them that fundamentally:
the game is rigged.
If you choose
to spy on your citizens then the NSA
always wins.
And the NSA wants people
to believe that everybody is doing
the spying.
So one of the things
I explained to people in the Ecuadorian
Government and in Ecuadorian civil society
is that you can choose a different game.
You can choose not to play that game.
The only people that win when you
choose that game are the NSA,
and potentially you
– a few times.
But the NSA will get
whatever data you
have stored away.
If you want to be secure
against the dragnet surveillance, if
you want to be secure against people
who will break into that system you
must not have that system in existence.
You must choose a different paradigm.
And when I told this to people in Ecuador
and they understood the trade-offs,
and they understood that they are
not the best at surveilling
the whole planet.
They understood that they’re
not the best in internet security yet.
They realized that the game is rigged.
And they got rid of Article
474 from the penal code.
And there is no Data Retention
there in that penal code now.
applause
But I have to stress this not
because of 1 or 2 or 10 people,
it’s because of a broad
civil society movement.
Which is what we’ve also seen
in Germany, and in other places.
So this is something which you
should have a lot of hope about.
It’s not actually
dark everywhere.
We are actually making
positive steps forward.
Roger: So there are other tools
that we would like help with.
E.g. tails is a live CD, WiNoN and
other approaches are trying
to add VM to it, so that even if
you can break out of the browser,
there’s something else you have
to break out, other sandboxes.
And there are
a lot of other crypto improvements that
we’re happy to talk about afterwards.
The Tor Browser Bundle, the new one, has
a bunch of really interesting features.
Deterministic Builds is
one of the coolest parts of it.
Where everybody here can
build the Tor Browser Bundle and end up
with an identical binary.
So that you can
check to see that it
really is the same one.
And here’s a screenshot
of the new one.
It no longer has
Vidalia in it, it’s all just a browser
with a Firefox extension that
has a Tor binary and starts it.
So we’re trying to stream-line it
and make it a lot simpler and safer.
I’d love to chat with you afterwards about
the core Tor things that we’re up to
in terms of building the actual program
called Tor but also the Browser Bundle,
and metrics, and censorship
resistance etc.
And then, as a final note:
We accept Bitcoin now.
Which is great.
applause
Jacob: So all of the Bitcoin
millionaires in this community:
we would really encourage you to help us
get off of the US Government funding.
Don’t just complain, help us!
Mutual Aid
and Solidarity means exactly that:
to put some money where
your mouth is!
We’d really like to do that.
And it’s really important to show people
that we have alternative methods
of funding community-based
projects.
So think about it
and you can, if you’d like, use Bitcoin.
Roger: A last, right now, BitPay is
limiting you to 1000 Dollars of Bitcoin
per donation.
We’re hoping to lift
that in the next couple of days.
But if you would like to give us lots of
Bitcoins, please don’t get discouraged.
And then, as a final note: starting
right now in Noisy Square
is an event on how to help Tor and there
will be a lot of Tor people there,
and we’d love to help teach you
and answer your questions
and help you become part of the community.
We need you to teach other people
why Tor is important.
Jacob: Thank you!
applause
no time for Q&A left
*Subtitles created by c3subtitles.de
in the year 2016.
Join and help us!*