Return to Video

State of the Onion

  • 0:00 - 0:11
    preroll music
  • 0:11 - 0:18
    Herald: I am very happy to introduce this
    year’s update on the “State of the Onion”!
  • 0:18 - 0:24
    This is a talk with about 5 speakers,
    so let’s introduce them one by one.
  • 0:24 - 0:29
    First, Roger. He did it the last talk.
    He is the founder of the TOR Project,
  • 0:29 - 0:36
    applause
    MIT Graduate and Top 100 Global Thinkers.
  • 0:36 - 0:39
    Then we have Jake, a
    humble PHD math student
  • 0:39 - 0:42
    applause
  • 0:42 - 0:46
    that is in my opinion not a
    National Security threat
  • 0:46 - 0:51
    but a post National Security promise.
  • 0:51 - 0:55
    We have Mike Perry, and I think
    it is enough to say about him,
  • 0:55 - 0:59
    that the NSA calls him a worthy adversary.
  • 0:59 - 1:05
    applause
  • 1:05 - 1:09
    He is also the lead dev
    of the TOR Browser.
  • 1:09 - 1:14
    And then we have Alison Macrina,
    a radical, militant librarian.
  • 1:14 - 1:21
    applause
  • 1:21 - 1:28
    And last but not least: Shari Steele, the
    new Executive Director of the TOR Project.
  • 1:28 - 1:36
    applause
  • 1:36 - 1:40
    So without further ado:
    This year’s State of the Onion!
  • 1:40 - 1:45
    applause
  • 1:45 - 1:49
    Jacob: Alright, it’s a great
    honor to be back here again.
  • 1:49 - 1:53
    And we’re really happy to be able
    to introduce so many more faces.
  • 1:53 - 1:57
    It’s no longer the Roger and Jake
    show. That’s very important to us.
  • 1:57 - 2:01
    Hopefully next year, we won’t
    be here, but we’ll still be alive.
  • 2:01 - 2:06
    So 2015, if I were to express
    it in a hand gesture
  • 2:06 - 2:10
    or with a facial expression, it would
    look something like “Ooouuw”.
  • 2:10 - 2:15
    It was really a year of big changes. Not
    all of them were really good changes.
  • 2:15 - 2:18
    And there were a lot of heavy things
    that happened throughout the year.
  • 2:18 - 2:22
    We won’t even be able to cover all of
    them because we only have an hour.
  • 2:22 - 2:26
    So we want to focus on the
    positive things. I would say that
  • 2:26 - 2:30
    probably the nicest thing is that we are
    growing. We’re really, really growing.
  • 2:30 - 2:33
    Not only growing the network,
    but we’re growing the community.
  • 2:33 - 2:37
    And in some sense we’re expanding
    throughout the whole world in terms of
  • 2:37 - 2:41
    users who are using TOR, what TOR
    users are using TOR for, which is
  • 2:41 - 2:45
    of course extremely important that there
    is more and more people just doing
  • 2:45 - 2:49
    regular things with TOR, protecting
    themselves. But then we have of course
  • 2:49 - 2:52
    lots of specialized things that happen
    with the TOR network as well.
  • 2:52 - 2:56
    We have things like OnionBalance and
    Ricochet. Really exciting developments.
  • 2:56 - 3:01
    And we’ll talk a bit about all of those
    things. One of the most unlikely things,
  • 3:01 - 3:06
    at least when I imagine working
    on TOR, say 10 years ago vs. now,
  • 3:06 - 3:10
    is that we’ve worked with some really
    unlikely partners. Some of you know
  • 3:10 - 3:17
    that I’m not really a big fan of Silicon
    Valley, even though I’m from there.
  • 3:17 - 3:22
    So you know, I sometimes call Facebook
    not so nice names, like Stasi-Book.
  • 3:22 - 3:24
    And part of the reason for that is
    because I think it is a little bit weird,
  • 3:24 - 3:28
    that you report on all your friends
    in order to go to parties.
  • 3:28 - 3:32
    Previously it was to get into the party
    and now it is to go to parties.
  • 3:32 - 3:36
    And yet we worked with them on something.
  • 3:36 - 3:40
    Because it turns out that sometimes
    you have unlikely temporary alliances.
  • 3:40 - 3:43
    And it turns out that while I personally
    may think that they are evil incarnate
  • 3:43 - 3:48
    in some sense, it is the case that
    there is at least one good guy there.
  • 3:48 - 3:53
    Alec worked on this fantastic RFC7686,
  • 3:53 - 3:58
    that actually allowed us to help all
    Facebook users mitigate some harm.
  • 3:58 - 4:02
    Which is that if they want to be able
    to visit Facebook; and I guess
  • 4:02 - 4:05
    the reality is that not using Facebook
    for a lot of people is sort of like
  • 4:05 - 4:09
    the “Kill your Television” bumper sticker
    of the 90s. For those of you that ever
  • 4:09 - 4:13
    visited rural America. You know that that
    wasn’t like a really successful campaign.
  • 4:13 - 4:18
    A lot of people have TVs these days
    as well. So it’s a little bit like that,
  • 4:18 - 4:22
    only here we actually built an alternative
    where we can mitigate harm.
  • 4:22 - 4:25
    And that’s really incredibly important
    because it mitigates harm in all sorts
  • 4:25 - 4:29
    of different pieces of software. It
    makes it possible for us to talk to
  • 4:29 - 4:33
    Browser vendors, to DNS resolvers.
    And part of this was motivated
  • 4:33 - 4:37
    by some investigative journalism
    that I actually did, where I revealed
  • 4:37 - 4:41
    XKeyscore rules, where the US
    Government’s National Security Agency
  • 4:41 - 4:45
    was sifting through all of the internet
    traffic to look for .onion addresses.
  • 4:45 - 4:49
    So when they saw a DNS request
    for .onion they were actually
  • 4:49 - 4:53
    learning .onions by harvesting traffic.
    And that really motivated me
  • 4:53 - 4:56
    to want to make it, so that the DNS
    resolvers didn’t do that anymore.
  • 4:56 - 5:01
    It was very important, because one
    of my core missions with TOR
  • 5:01 - 5:05
    is to make that kind of stuff a
    lot harder for the spies to do.
  • 5:05 - 5:09
    And protecting everyday users, even
    users who aren’t TOR users, yet.
  • 5:09 - 5:12
    And that’s very important. So working
    with Alec on this has been great,
  • 5:12 - 5:16
    because the IETF actually
    supports this. And now
  • 5:16 - 5:20
    ICANN will not sell
    .onion to anyone.
  • 5:20 - 5:24
    It’s a special use reserved
    name. And that’s incredible!
  • 5:24 - 5:31
    applause
  • 5:31 - 5:35
    Roger: OK, so. Is this
    thing on? Yes it is, great!
  • 5:35 - 5:37
    So there are a couple of interesting
    graphs, that we’re going to give you,
  • 5:37 - 5:42
    of usage scenarios, usage
    instances over the past year.
  • 5:42 - 5:47
    So pretty recently we were looking at
    the number of people in Russia
  • 5:47 - 5:51
    using TOR. Russia has been talking about
    censoring, talking about all sorts of
  • 5:51 - 5:56
    oppression steps. And at
    the beginning of November,
  • 5:56 - 6:01
    we moved from 180k people in
    Russia each day using TOR
  • 6:01 - 6:06
    up to almost 400k people. And
    this is probably a low estimate.
  • 6:06 - 6:10
    So many hundreds of thousands
    of people for that two week period,
  • 6:10 - 6:15
    which started with a Russian bomber
    getting shot down, were trying to get
  • 6:15 - 6:18
    news from the rest of the world, rather
    than news as Russia wanted to show it
  • 6:18 - 6:22
    to them. So that’s
    kind of a cool event.
  • 6:22 - 6:26
    Another interesting event: Bangladesh
    ended up censoring Facebook
  • 6:26 - 6:30
    and some other websites and a whole
    lot of people switched to using TOR.
  • 6:30 - 6:33
    I was actually talking to one of the
    Facebook people and they have their own
  • 6:33 - 6:38
    internal statistics about the number of
    people connecting over the TOR network
  • 6:38 - 6:42
    to Facebook. And it would be super
    cool to super impose these two graphs.
  • 6:42 - 6:46
    Our data is public and open
    and we like sharing it.
  • 6:46 - 6:50
    They don’t actually share their data.
    But one day it would be really cool
  • 6:50 - 6:53
    to be able to see both of these
    graphs at once, to see users shifting
  • 6:53 - 6:57
    from reaching Facebook
    directly to going over TOR.
  • 6:57 - 7:00
    The other interesting thing from the
    Bangladesh side: I was looking at the
  • 7:00 - 7:04
    Alexa top websites around the
    world and we, torproject.org is
  • 7:04 - 7:09
    like 8000th in the global
    rankings, but at least
  • 7:09 - 7:12
    for the past couple of weeks
    torproject.org has been
  • 7:12 - 7:17
    300th in Bangladesh. So there are a
    whole heck of a lot of people there,
  • 7:17 - 7:23
    learning about these privacy things
    that can get around local censorship.
  • 7:23 - 7:28
    applause
  • 7:28 - 7:32
    OK, and then an exciting
    other story that we’re
  • 7:32 - 7:36
    going to touch on briefly, but
    it’s an entire talk on its own.
  • 7:36 - 7:40
    So let me give you a couple
    of facts and we’ll go from there.
  • 7:40 - 7:44
    January of 2014 a hundred
    relays showed up
  • 7:44 - 7:48
    in the TOR network and we weren’t sure
    who was running them, but they weren’t
  • 7:48 - 7:52
    exit relays, so they didn’t seem like
    they were such a threat at the time.
  • 7:52 - 7:58
    Fast forward a while later: The
    CERT organization inside CMU
  • 7:58 - 8:02
    submitted a presentation to
    Blackhat on how cool they were
  • 8:02 - 8:06
    for being able to attack TOR users. And
    they talked about how they were going to
  • 8:06 - 8:10
    talk about individual users
    that they de-anonymized
  • 8:10 - 8:13
    and how cool they were for that.
    And I spent a while trying to extract
  • 8:13 - 8:17
    details from them. And eventually
    I learned what their attack was.
  • 8:17 - 8:21
    And then Nick Mathewson, one of
    the other TOR developers decided
  • 8:21 - 8:25
    to check the TOR network to see if
    anybody was actually doing that attack.
  • 8:25 - 8:29
    I mean it’s CERT, they are the
    folks who publicised the phrase
  • 8:29 - 8:33
    “responsible disclosure”. Surely,
    they are not actually undermining
  • 8:33 - 8:37
    the TOR network and attacking TOR users.
    But then it turns out that somebody was
  • 8:37 - 8:41
    doing the attack. And it was these
    100 relays that looked kind of ordinary
  • 8:41 - 8:45
    and innocuous before that. Then I sent
    mail to the CERT people, saying:
  • 8:45 - 8:49
    “Hey are those relays yours?” And they
    went silent. They have never answered any
  • 8:49 - 8:54
    of my mails since then. So that’s
    what we know. It doesn’t look good.
  • 8:54 - 8:58
    One of the key things that we,
    TOR, have done from here is
  • 8:58 - 9:01
    we’ve been working on strengthening
    the TOR network and getting better
  • 9:01 - 9:05
    at recognizing these things. So
    the core of the attack was that
  • 9:05 - 9:09
    they did what’s called a Sybil attack,
    where you sign up a lot of relays
  • 9:09 - 9:13
    and you become too large a fraction of the
    TOR network. So we’ve been working on
  • 9:13 - 9:18
    a lot of ways to recognize that
    an attack like that is happening,
  • 9:18 - 9:22
    and mitigate it, and get rid of it
    early. For example Philipp Winter
  • 9:22 - 9:27
    has a bunch of interesting research
    areas on recognizing similarity
  • 9:27 - 9:31
    between relays. So you can
    automatically start detecting:
  • 9:31 - 9:34
    “Wait a minute, this event
    happened, where a lot of relays
  • 9:34 - 9:38
    are more similar than they should
    be.” Another example there is:
  • 9:38 - 9:42
    We used to say: “Well I don’t
    know who’s running them,
  • 9:42 - 9:45
    but they don’t seem that dangerous. So
    OK, it’s good to grow the TOR network.”
  • 9:45 - 9:49
    Now we’re taking the other
    approach of “Gosh, that’s weird,
  • 9:49 - 9:52
    let’s get rid of them and then
    we’ll ask questions after that.”
  • 9:52 - 9:56
    So we’re trying to be more
    aggressive, more conservative
  • 9:56 - 10:00
    at keeping the TOR network
    safe from large adversaries.
  • 10:00 - 10:05
    Whether they’re government organizations
    or corporations or individuals.
  • 10:05 - 10:12
    Whoever might be attacking it.
  • 10:12 - 10:17
    Jacob: We’ve had a few really big
    changes in the TOR community.
  • 10:17 - 10:21
    One of them is that we had
    an Interim Executive Director
  • 10:21 - 10:26
    come on in a sort of quick moment
    and that’s Roger Dingledine.
  • 10:26 - 10:29
    Some of you probably always thought he
    was the Executive Director the whole time.
  • 10:29 - 10:33
    That’s because for a while he was and then
    he wasn’t. And then he was back again.
  • 10:33 - 10:37
    And that change was quite a
    huge change in that instead of
  • 10:37 - 10:41
    working on a lot of anonymity stuff,
    Roger was doing a lot of bureaucratic
  • 10:41 - 10:45
    paperwork which was actually quite
    sad for the anonymity world, I think.
  • 10:45 - 10:48
    He probably reviewed fewer papers
    and did fewer anonymity things
  • 10:48 - 10:52
    this year than ever before.
    Which is really, really sad.
  • 10:52 - 10:55
    But that really lit a fire under us to
    make sure that we would actually
  • 10:55 - 10:59
    change that. To make sure that it was
    possible to get someone else, who is
  • 10:59 - 11:02
    really good at being an Executive Director
    of the TOR Project, to really lead,
  • 11:02 - 11:06
    so that we could have Roger return to
    not only being an anonymity researcher,
  • 11:06 - 11:09
    but also the true Spirit
    Animal of the TOR Project.
  • 11:09 - 11:13
    He doesn’t look like
    an onion, but in spirit.
  • 11:13 - 11:20
    Roger: Slide!
    Jacob: laughing
  • 11:20 - 11:22
    Another really big thing that happened
    is working with Laura Poitras
  • 11:22 - 11:28
    over the last many years.
    She has followed the TOR Project
  • 11:28 - 11:31
    – lots of people like to follow the
    people on the TOR Project –
  • 11:31 - 11:36
    but we consented to her following us.
    And she made a film, “Citizenfour”,
  • 11:36 - 11:39
    I think some of you… have
    any of you seen this film?
  • 11:39 - 11:45
    applause
    Quite amazingly,
  • 11:45 - 11:48
    she won an Oscar. Actually, she
    basically won every film prize.
  • 11:48 - 11:57
    applause
  • 11:57 - 12:01
    One of the key things is that people
    in this room that work on Free Software
  • 12:01 - 12:05
    were explicitly thanked. If you work
    on Tails, if you work on GnuPG,
  • 12:05 - 12:09
    if you work on SecureDrop,
    OTR, TOR, …
  • 12:09 - 12:11
    She specifically said in
    the credits of the film:
  • 12:11 - 12:15
    This film wouldn’t have been
    possible without that Free Software.
  • 12:15 - 12:19
    Actually making her job and
    the jobs of her source
  • 12:19 - 12:22
    and other people involved…
    making that possible.
  • 12:22 - 12:26
    And so her winning that Oscar
    in some sense feels like
  • 12:26 - 12:29
    closing a really big loop that had
    been open for a very long time.
  • 12:29 - 12:33
    And it’s really great and she,
    I think, would really wish that she
  • 12:33 - 12:38
    could be here today, again. She
    sends her regards, and she is really,
  • 12:38 - 12:42
    really thankful for everybody here that
    writes Free Software for freedom!
  • 12:42 - 12:48
    applause
  • 12:48 - 12:52
    Roger: So another exciting event
    that happened in 2015 is that reddit
  • 12:52 - 12:56
    gave us 83.000$. They had some
    extra profit and they decided
  • 12:56 - 13:01
    that they would give it to 10 non-profits
    chosen from among the Redditer community.
  • 13:01 - 13:04
    And there were people who came to me
    and said: “Hey Roger, you really have to,
  • 13:04 - 13:07
    you know, start advocating, start
    teaching everybody, why TOR should be
  • 13:07 - 13:10
    one of them.” And I said: “Oh, I’m
    busy. Those things never work.
  • 13:10 - 13:14
    You know, they’ll choose somebody
    else.” And so it turns out that we were
  • 13:14 - 13:19
    the 10th out of 10 without doing
    any advocacy work whatsoever
  • 13:19 - 13:23
    to the reddit community, which is super
    cool that they care about us so much.
  • 13:23 - 13:27
    Also reddit divided the ten equally. So
    even though we were the 10th out of 10,
  • 13:27 - 13:31
    we got 10% of the donations
    that they were giving out.
  • 13:31 - 13:38
    applause
  • 13:38 - 13:41
    Jake: One of the really –
    I would say one of the oddest things
  • 13:41 - 13:46
    about working at the TOR Project for me
    is that TOR has supported me through
  • 13:46 - 13:50
    really crazy times. So when I was
    being detained by the US Government
  • 13:50 - 13:55
    or having my property stolen by fascist
    pigs in the United States Government’s
  • 13:55 - 13:59
    border checkpoints, TOR didn’t fire me.
    TOR always backed me and always
  • 13:59 - 14:03
    kept me safe. And many people often look
    like they wanted to kill me from stress,
  • 14:03 - 14:06
    but often they didn’t, which was nice.
    Or they didn’t get close enough
  • 14:06 - 14:11
    and I could move fast enough. But
    they were always very helpful. And
  • 14:11 - 14:15
    they’ve really helped me to
    go and do things to speak for
  • 14:15 - 14:18
    anonymous users who can’t go
    other places. And one of the places
  • 14:18 - 14:22
    which I was most honored to go in the
    last year – I was actually scheduled
  • 14:22 - 14:26
    to go there with Caspar Bowden, but
    unfortunately he was ill at the time.
  • 14:26 - 14:30
    And as you know, Caspar
    has since passed away.
  • 14:30 - 14:33
    But we were scheduled to go together and
    TOR was supporting us both, actually,
  • 14:33 - 14:38
    to go to this. And it resulted, I believe,
  • 14:38 - 14:42
    in a very amazing meeting in
    Geneva at the United Nations,
  • 14:42 - 14:46
    where the special rapporteur actually
    endorsed TOR and off-the-record messaging
  • 14:46 - 14:50
    and encryption programs,
    and privacy, and free software.
  • 14:50 - 14:55
    Saying that they are absolutely essential.
    And in fact their use should be encouraged
  • 14:55 - 15:00
    from a human rights perspective. And in
    fact the really amazing part about it is
  • 15:00 - 15:04
    he didn’t do it only from the perspective
    of free speech. And this is important,
  • 15:04 - 15:07
    because actually there are other rights.
    And we should think about them.
  • 15:07 - 15:10
    So for example the right to form
    and to hold an idea is a right
  • 15:10 - 15:14
    that cannot be abridged. The right
    to free speech can be abridged
  • 15:14 - 15:19
    in many free societies, but what is
    in your head and how you form it
  • 15:19 - 15:22
    is something where… that is not
    a right that can be abridged.
  • 15:22 - 15:26
    And he wrote this in the report. And
    he, when writing this report with
  • 15:26 - 15:30
    many other people, made it very clear that
    this is something we need to keep in mind.
  • 15:30 - 15:34
    That when we talk about private spaces
    online, where groups may collaborate
  • 15:34 - 15:38
    to form ideas, to be able to create
    a political platform for example,
  • 15:38 - 15:41
    to be able to make democratic change,
    they need to be able to use the internet
  • 15:41 - 15:46
    to freely exchange those ideas in a secure
    and anonymized, encrypted fashion.
  • 15:46 - 15:51
    And that helps them to form and to hold
    ideas. And obviously that helps them later
  • 15:51 - 15:55
    to express free speech ideas. And that’s
    a huge thing to have the United Nations
  • 15:55 - 16:02
    endorse basically what many of us in this
    room have been saying for, well… decades.
  • 16:02 - 16:05
    Roger: So the UN thing is really cool.
    We’ve also been doing some other
  • 16:05 - 16:10
    policy angles. So Steven Murdoch, who
    is a professor in England and also
  • 16:10 - 16:14
    part of the TOR community, has worked
    really hard at teaching the British folks,
  • 16:14 - 16:18
    that their new backdoor laws and
    their new terrible laws are actually
  • 16:18 - 16:23
    not what any reasonable country wants.
    So he’s put a huge amount of energy into
  • 16:23 - 16:28
    basically advocating for freedom for
    them. And similarly Paul Syverson,
  • 16:28 - 16:33
    part of the TOR community, basically
    ended up writing a post note for the UK
  • 16:33 - 16:37
    about how the dark web is
    misunderstood. See previous talk.
  • 16:37 - 16:41
    So we’ve been doing quite a bit
    of education at the policy level
  • 16:41 - 16:45
    to try to teach the world, that encryption
    is good and safe and worthwhile
  • 16:45 - 16:50
    and should be the default
    around the world.
  • 16:50 - 16:54
    Jake: And there is a kind of interesting
    thing here. Maybe a little contentious
  • 16:54 - 16:57
    with some people in the TOR community.
    But I just wanted to make it really clear.
  • 16:57 - 17:01
    We have the TOR Project, which is
    a non-profit in the United States.
  • 17:01 - 17:05
    And we have a much wider TOR
    community all around the world.
  • 17:05 - 17:08
    And in Berlin we have a really, really
    like an incredible TOR community.
  • 17:08 - 17:11
    We have people like Donncha working
    on OnionBalance. We have people like
  • 17:11 - 17:15
    Leif Ryge working on bananaphone. We
    have all of these different people working
  • 17:15 - 17:18
    on all sorts of Free Software. And many
    of those people don’t actually work
  • 17:18 - 17:21
    for the TOR Project. They’re community
    members, they’re volunteers,
  • 17:21 - 17:26
    there is some of privacy students.
    And so the Renewable Freedom Foundation
  • 17:26 - 17:30
    actually funded the creation
    of a sort of separate space
  • 17:30 - 17:34
    in Berlin where people work on these
    kinds of things, which is not affiliated
  • 17:34 - 17:38
    with US Government money. It’s
    not affiliated with the TOR Project
  • 17:38 - 17:41
    as some sort of corporate thing.
    It’s not a multinational thing.
  • 17:41 - 17:47
    It’s really the peer-to-peer version in
    some sense of what we’ve already had
  • 17:47 - 17:50
    in other places. And it’s really great
    and I wanted to just thank Moritz
  • 17:50 - 17:54
    who made that happen and to all the
    people like Aaron Gibson, and Juris
  • 17:54 - 17:58
    who actually put that space together
    and made it possible. So in Berlin,
  • 17:58 - 18:02
    there is a space, not just c-base,
    not just CCCB, but actually
  • 18:02 - 18:06
    a place which is about anonymity.
    It’s called Zwiebelraum.
  • 18:06 - 18:09
    And this is a place in which people are
    working on this Free Software. And they
  • 18:09 - 18:12
    are doing it in an independent manner.
    And we hope actually that people will
  • 18:12 - 18:16
    come together and support that, because
    we need more spaces like that, that
  • 18:16 - 18:21
    are not directly affiliated with the TOR
    Project, necessarily, but where we have
  • 18:21 - 18:24
    an aligned mission about reproduceable
    builds in Free Software and also
  • 18:24 - 18:29
    about anonymity and actually about caring
    about Free Speech. And actually making
  • 18:29 - 18:33
    it happen. And really building spaces
    like that all around the world. So if you
  • 18:33 - 18:36
    have a place in your town where you want
    to work on those things, we would really
  • 18:36 - 18:40
    hope that you will work on building that.
    I called it “general cipher punkery”.
  • 18:40 - 18:44
    I feel like that’s a good description.
    There’s lots of stuff to be done.
  • 18:44 - 18:49
    And now for a Marxist joke: So we
    discovered the division of labor,
  • 18:49 - 18:53
    which was a really important discovery.
    We’re about 180 years too late,
  • 18:53 - 18:58
    but we started to split up where it didn’t
    go very well, the Marxist asked why.
  • 18:58 - 19:02
    Cheers, cheers!
    So the Vegas Teams are really simple.
  • 19:02 - 19:07
    Basically we have a bunch of people
    that previously they did everything.
  • 19:07 - 19:10
    And this really doesn’t work. It’s very
    stressful and it’s very frustrating
  • 19:10 - 19:14
    and it leads to people doing lots and
    lots of things in a very unfocused way.
  • 19:14 - 19:19
    And so we split it up! And it actually
    happened naturally, it was emergent.
  • 19:19 - 19:24
    So e.g. Mike Perry, who’s gonna talk
    about the Applications Team’s work
  • 19:24 - 19:28
    in a second here, he was
    already leading this,
  • 19:28 - 19:32
    he was really making this happen. And
    so we just made it more explicit. And,
  • 19:32 - 19:37
    in fact we created a way of communicating
    and reporting back so that
  • 19:37 - 19:40
    you don’t have to, like, drink from the
    fire hose about absolutely everything
  • 19:40 - 19:42
    that’s happening everywhere, but you can
    sort of tune in to those things, which
  • 19:42 - 19:47
    means we get higher-level understandings
    and that is a really, incredibly useful
  • 19:47 - 19:50
    thing that has made us much more
    productive. And what was part of the
  • 19:50 - 19:54
    growing pains of the last year actually
    was figuring out how to make that work
  • 19:54 - 19:57
    because we’re a pretty flat group in terms
    of a community and a pretty flat group
  • 19:57 - 20:02
    in terms of an organization writing
    Free Software and advocating.
  • 20:02 - 20:06
    And so that’s a really incredibly good
    thing which will come up all the time.
  • 20:06 - 20:10
    You’ll hear people talking about the
    Metrics Team or the Network Team or the
  • 20:10 - 20:14
    Applications Team or the Community Team.
    And that’s what we’re talking about.
  • 20:14 - 20:18
    In that sense. So we tried to formalize it
    and in some ways we may be moving in a
  • 20:18 - 20:24
    sort of Debian model a little bit. And
    we’ll see how that actually goes. So we
  • 20:24 - 20:28
    have a really great person here to
    explain the work of the Metrics Team.
  • 20:28 - 20:32
    Roger: OK, so I’m gonna tell you a little
    bit about what the Metrics Team has been
  • 20:32 - 20:37
    working on lately to give you a
    sense of some of the components
  • 20:37 - 20:41
    of the TOR community. So there are 5 or
    10 people who work on the Metrics Team.
  • 20:41 - 20:45
    We actually only pay one-ish of them;
    so most of them are volunteers
  • 20:45 - 20:49
    and that’s… on the one hand that’s great.
    It’s wonderful that there are researchers
  • 20:49 - 20:54
    all around the world who are contributing
    and helping to visualize and helping to do
  • 20:54 - 20:58
    analysis on the data. On the other hand
    it’s sort of sad that we don’t have a full
  • 20:58 - 21:03
    team of full-time people who are working
    on this all the time. So it’d be great
  • 21:03 - 21:08
    to have your assistance
    working on this. So,
  • 21:08 - 21:12
    actually Metrics has been accumulating
    all sorts of analysis tools
  • 21:12 - 21:17
    over the past 5 years. So there are up to
    30 different little tools. There’s Atlas
  • 21:17 - 21:22
    and Globe and Stem and 20-something more
    which is a challenge to keep coordinated,
  • 21:22 - 21:27
    a challenge to keep maintained. So
    they’ve been working on how to integrate
  • 21:27 - 21:32
    these things and make them more
    usable and maintainable and extensible.
  • 21:32 - 21:36
    So one example that they… so they wrote
    some slides for me to present here.
  • 21:36 - 21:40
    One example that they were looking
    at, to give you an example of how
  • 21:40 - 21:46
    this analysis works, is bad relays in the
    TOR network. So maybe that’s an exit relay
  • 21:46 - 21:51
    that runs, but it modifies traffic, or
    it watches traffic or something.
  • 21:51 - 21:56
    Maybe it’s a relay that signs up
    as a Hidden Service directory
  • 21:56 - 22:00
    and then when you publish your
    onion address to it, it goes to visit it
  • 22:00 - 22:04
    or it puts it on a big list or something
    like that. Or maybe bad relays are Sybils
  • 22:04 - 22:10
    who – we were talking earlier about
    the 2014 attack where a 100 relays
  • 22:10 - 22:15
    showed up at once and we, the directory
    authorities have a couple of ways of
  • 22:15 - 22:20
    addressing that relays. One of them is
    each of the directory authorities can say:
  • 22:20 - 22:23
    “That relay needs to get out of the
    network! We just cut it out of the
  • 22:23 - 22:28
    network.” We can also say: “Bad exit!”
    We can also say: “That relay is no longer
  • 22:28 - 22:33
    gonna be used as an exit!” So even though
    it advertises that it can reach Blockchain
  • 22:33 - 22:39
    and other websites, clients choose not to
    do it that way. So that’s the background.
  • 22:39 - 22:45
    One of the tools that Damian wrote a while
    ago is called Tor-Consensus-Health and it
  • 22:45 - 22:50
    looks every hour at the new list of relays
    in the network and it tries to figure out:
  • 22:50 - 22:53
    “Is there something suspicious that
    just happened at this point?” And in this
  • 22:53 - 22:58
    case it looks for a bunch of new relays
    showing up all at the same time with
  • 22:58 - 23:05
    similar characteristics and it sends email
    to a list. So that’s useful. The second
  • 23:05 - 23:09
    piece of the analysis is “OK, what do you
    do when that happens?” So we get an email
  • 23:09 - 23:14
    saying “Hey, 40 new relays showed up,
    what’s up with that?” So there’s a real
  • 23:14 - 23:19
    challenge there to decide: do we allow
    the TOR network to grow – sounds good –
  • 23:19 - 23:23
    or do we wonder who these people are
    and try to contact them or cut them out of
  • 23:23 - 23:30
    the network or constrain what fraction
    of the network they can become.
  • 23:30 - 23:35
    So Philipp Winter also has a
    visualization, in this case of basically
  • 23:35 - 23:41
    which relays were around on a given month.
    So the X axis is all of the different
  • 23:41 - 23:46
    relays in the month and the Y axis is each
    hour during that month. And they’ve sorted
  • 23:46 - 23:51
    the relays here by how much they were
    present in the given month. And you’ll
  • 23:51 - 23:55
    notice the red blocks over there are
    relays that showed up at the same time
  • 23:55 - 23:59
    and they’d been consistently present at
    the same time since then. So that’s kind
  • 23:59 - 24:03
    of suspicious. That’s “Hey, wait a minute,
    what’s that pattern going on there?”
  • 24:03 - 24:07
    So this is a cool way of visualizing and
    being able to drill down and say:
  • 24:07 - 24:11
    “Wait a minute, that pattern right there,
    something weird just happened.”
  • 24:11 - 24:14
    So part of the challenge in general for
    the Metrics Team is: they have a Terabyte
  • 24:14 - 24:18
    of interesting data of what the network
    has looked like over the years –
  • 24:18 - 24:24
    how do you turn that into “Wait a minute,
    that right there is something mysterious
  • 24:24 - 24:27
    that just happened. Let’s look at it
    more.” So you can look at it from
  • 24:27 - 24:32
    the visualization side but you can also
    – there’s a tool called Onionoo where
  • 24:32 - 24:35
    you can basically query it, all sorts
    of queries in it, it dumps the data
  • 24:35 - 24:40
    back on to you. So we’ve got a Terabyte
    of interesting data out there, what
  • 24:40 - 24:45
    the relays are on the network, what
    sort of statistics they been reporting,
  • 24:45 - 24:49
    when they’re up, when they’re down,
    whether they change keys a lot,
  • 24:49 - 24:55
    whether they change IP addresses a lot.
    So we encourage you to investigate and
  • 24:55 - 24:59
    look at these tools etc. So there’s
    a new website we set up this year
  • 24:59 - 25:05
    called CollecTor, collector.torproject.org
    that has all of these different data sets
  • 25:05 - 25:09
    and pointers to all these different
    libraries and tools etc. that you too
  • 25:09 - 25:15
    can use to investigate, graph-visualize
    etc. So here’s another example.
  • 25:15 - 25:19
    At this point we’re looking at the 9
    directory authorities in the network.
  • 25:19 - 25:25
    Each of them votes its opinion about
    each relay. So whether the relay’s fast,
  • 25:25 - 25:31
    or stable, or looks like a good exit or
    maybe we should vote about “Bad Exit”
  • 25:31 - 25:36
    for it. So the grey lines are: all of the
    directory authorities thought that
  • 25:36 - 25:41
    it didn’t deserve the flag and it’s very
    clear. The green lines are: enough of the
  • 25:41 - 25:45
    directory authorities said that the relay
    should get the flag, also very clear.
  • 25:45 - 25:50
    And all the brown and light green etc.
    in the middle are contradictions.
  • 25:50 - 25:53
    That’s where some of the directory
    authorities said “Yes it’s fast” and some
  • 25:53 - 25:59
    of them said “No, it’s not fast”. And this
    gives us a visualization, a way to see
  • 25:59 - 26:03
    whether most of the directory authorities
    are agreeing with each other.
  • 26:03 - 26:06
    We should look at this over time and if
    suddenly there’s a huge brown area
  • 26:06 - 26:11
    then we can say “Wait a minute,
    something’s going on”, where maybe
  • 26:11 - 26:15
    a set of relays are trying to look good to
    these directory authorities and trying
  • 26:15 - 26:20
    not to look good to these. So basically
    it helps us to recognize patterns
  • 26:20 - 26:26
    of weird things going on. So on CollecTor
    you can find all sorts of data sets
  • 26:26 - 26:33
    and you can fetch them and do your
    analysis of them. And Tor Metrics
  • 26:33 - 26:38
    – metrics.torproject.org – has a bunch of
    examples of this analysis, where you can
  • 26:38 - 26:42
    look at graphs of the number of people
    connecting from different countries, the
  • 26:42 - 26:47
    number of relays over time, the number
    of new relays, the number of bridges,
  • 26:47 - 26:53
    users connecting to bridges etc. There
    are 3 different libraries that help you
  • 26:53 - 26:56
    to parse these various data sets. So
    there’s one in Python, one in Java,
  • 26:56 - 27:01
    one in Go; so whichever one of those
    you enjoy most you can grab and start
  • 27:01 - 27:08
    doing analysis. They do weekly or so
    IRC meetings, so the TOR Metrics Team
  • 27:08 - 27:12
    invites you to show up on January 7th
    and they would love to have your help.
  • 27:12 - 27:15
    They have a bunch of really interesting
    data, they have a bunch of really
  • 27:15 - 27:21
    interesting analysis tools and they’re
    missing curious people. So show up,
  • 27:21 - 27:25
    start asking questions about the data, try
    to learn what’s going on. And you can
  • 27:25 - 27:28
    learn more about them, on
    the Metrics Team, there.
  • 27:28 - 27:32
    And then I’m gonna pass it on to Mike.
  • 27:32 - 27:39
    applause
  • 27:39 - 27:44
    Mike: OK, so Hello everyone! So, I’ll be
    telling ’bout the Applications Team part
  • 27:44 - 27:49
    of the Vegas plan that
    Jake introduced. Basically,
  • 27:49 - 27:54
    the Applications Team was created to
    bring together all the aspects of TOR
  • 27:54 - 27:58
    and the extended community that are
    working on anything that’s user facing.
  • 27:58 - 28:03
    So anything with a user interface that
    the user will directly interact with,
  • 28:03 - 28:09
    that’s an application on
    either Mobile or Desktop.
  • 28:09 - 28:13
    So to start, obviously we had the
    TOR Browser, that’s sort of like
  • 28:13 - 28:19
    a flagship application that most people
    are familiar with when they think of TOR.
  • 28:19 - 28:23
    Recently we’ve added OrFox which is a
    project by the Guardianproject to port
  • 28:23 - 28:28
    the TOR Browser patches to Android
    and that’s currently in Alpha Status. But
  • 28:28 - 28:34
    it’s available on the Guardianproject’s
    F-Droid Repo. We also have 2 chat clients:
  • 28:34 - 28:39
    TorMessenger and Ricochet and both with
    different security properties. I will be
  • 28:39 - 28:44
    getting to it later. So I guess, first
    off let’s talk about what happened
  • 28:44 - 28:51
    in the TOR Browser world in 2015.
    Basically most of the, or a good deal
  • 28:51 - 28:57
    of our work is spent keeping up
    with the Firefox release treadmill.
  • 28:57 - 29:02
    That includes responding
    to emergency releases,
  • 29:02 - 29:07
    auditing changes in the Firefox code
    base making sure that their features
  • 29:07 - 29:11
    adhere to our privacy model and making
    sure that our releases come out
  • 29:11 - 29:15
    the same day as the official
    Firefox releases so that there’s
  • 29:15 - 29:20
    no vulnerability exposure to known
    vulnerabilities after they’re disclosed.
  • 29:20 - 29:25
    That has been a little bit rough to over
    2015. I believe there is a solid 3..4
  • 29:25 - 29:30
    months where it felt like we were doing
    a release every 2 weeks. Due to either
  • 29:30 - 29:39
    log jam or random unassessed
    vulnerability or any arbitrary
  • 29:39 - 29:44
    security issue with Firefox. But we did…
    despite treading all that water we did
  • 29:44 - 29:49
    manage to get quite a bit of work done.
    As always our work on the browser focuses
  • 29:49 - 29:55
    in 3 main areas: privacy, security
    and usability. Our privacy work is
  • 29:55 - 30:00
    primarily focused around making sure that
    any new browser feature doesn’t enable
  • 30:00 - 30:06
    new vectors for 3rd party tracking. So no
    ways for a 3rd party content resource to
  • 30:06 - 30:13
    store state or cookies or blob URIs
    or some of the newer features.
  • 30:13 - 30:17
    There’s a new cash API. These sorts
    of things need to all be isolated
  • 30:17 - 30:21
    to the URL bar domain to prevent 3rd
    parties from being able to track you.
  • 30:21 - 30:25
    From being able to recognize it’s the same
    you when you log in to Facebook and
  • 30:25 - 30:32
    when you visit CNN, and CNN loads
    the Facebook Like buttons, e.g.
  • 30:32 - 30:37
    Additionally we have done a lot of work on
    fingerprinting defences, the Alpha Release
  • 30:37 - 30:41
    ships a set of fonts for the
    Linux users so that the
  • 30:41 - 30:45
    font fingerprinting can be normalized
    since a lot of Linux users tend to have
  • 30:45 - 30:50
    different fonts installed on their
    systems. As well as tries to normalize
  • 30:50 - 30:54
    the font list that allowed for Windows
    and Mac users where they often get
  • 30:54 - 31:00
    additional fonts from 3rd party
    applications that install them.
  • 31:00 - 31:05
    On the security front the major exciting
    piece is the security slider. So with iSEC
  • 31:05 - 31:12
    Partners’ help we did a review of all the
    Firefox vulnerabilities and categorized
  • 31:12 - 31:17
    them based on the component that they were
    in as well as their prevalence on the web.
  • 31:17 - 31:22
    And came up with 4 positions that allow
    you to choose, basically trade off,
  • 31:22 - 31:26
    functionality for vulnerability surface
    reduction. And this was actually quite
  • 31:26 - 31:32
    successful. It turned out that
    all of the Pwn2own exploits
  • 31:32 - 31:40
    against Firefox were actually blocked
    for non-https sites at medium/high.
  • 31:40 - 31:46
    And if you enable the high security
    level they were blocked for everything.
  • 31:46 - 31:50
    We additionally released address
    sanitizer hardened builds, these are…
  • 31:50 - 31:54
    basically should… especially the higher
    security levels of the security slider
  • 31:54 - 31:59
    should protect against various memory
    safety issues in the browser and also
  • 31:59 - 32:05
    help us diagnose issues very rapidly.
  • 32:05 - 32:10
    And of course we now sign our Windows
    packages using a hardware security module
  • 32:10 - 32:17
    from DigiCert. The usability improvements
    were primarily focused around this UI and
  • 32:17 - 32:21
    this new Onion Menus you can see if you
    remember the old menu. There was quite a
  • 32:21 - 32:24
    lot more options there. We sort of
    condensed and consolidated options and
  • 32:24 - 32:29
    eliminated and combined as much as we
    could. An additionally displayed the
  • 32:29 - 32:37
    circuit for the current URL bar domain.
    In 2016 we’ll be focusing mostly on again
  • 32:37 - 32:42
    the same 3 areas. Our main goal for
    privacy is to try and convince Mozilla
  • 32:42 - 32:48
    that they want to adopt our idea of
    isolating 3rd party identifiers at least
  • 32:48 - 32:52
    to the point of if the user goes into the
    Preferences and tries to disable 3rd party
  • 32:52 - 32:58
    cookies, will let you do the same thing
    for DOM storage, Cash, blob URIs,
  • 32:58 - 33:03
    worker threads, and all these
    other sources of shared state.
  • 33:03 - 33:08
    We’re very excited about their work on a
    multi-process sandbox, additionally even
  • 33:08 - 33:14
    application-level sandboxing, it should
    be… without Mozilla’s sandbox,
  • 33:14 - 33:19
    we should still be able to prevent the
    browser from bypassing TOR using SecComp
  • 33:19 - 33:23
    or AppArmor or SeatBelt or one of
    these other sandboxing technologies.
  • 33:23 - 33:25
    We’re looking forward to trying to
    get that rolled out. And we’re doing
  • 33:25 - 33:30
    exploit bounties! We’ll be
    partnering with HackerOne,
  • 33:30 - 33:34
    who’ll be announcing this shortly. The
    program will start out invite-only
  • 33:34 - 33:37
    and then… just, so we can get
    used to the flow and scale up
  • 33:37 - 33:42
    and then we’ll make it public later in the
    year to basically provide people with
  • 33:42 - 33:47
    incentive to review our code to look
    for vulnerabilities that might be
  • 33:47 - 33:51
    specific to our applications. And of
    course the usual usability improving,
  • 33:51 - 33:57
    security, improving installation. And we’d
    like to improve the censorship and bridges
  • 33:57 - 34:03
    ability flow as well hoping to automate
    the discovery of bridges and inform you
  • 34:03 - 34:09
    if your bridges become unreachable.
    So TOR messenger
  • 34:09 - 34:13
    is one of our 2 chat clients, also
    part of the Applications Team.
  • 34:13 - 34:18
    Basically, the goal there was to minimize
    the amount of configuration that
  • 34:18 - 34:21
    the user had to do if they wanted to
    use one of their existing chat clients
  • 34:21 - 34:27
    with TOR and OTR. Now this is based
  • 34:27 - 34:32
    on another Mozilla platform – Instantbird
    which is based on Thunderbird.
  • 34:32 - 34:38
    This allows us to share a lot of the
    TOR Browser configuration codes
  • 34:38 - 34:42
    for managing the TOR process and
    configuring bridges. So the user has a
  • 34:42 - 34:47
    very similar configuration
    experience to the browser
  • 34:47 - 34:53
    when they first start it up. It also has
    some additional memory safety advantages
  • 34:53 - 34:59
    – all the protocol parsers are written
    in Javascript. This basically…
  • 34:59 - 35:04
    one of the major things when we
    were looking at candidates for
  • 35:04 - 35:08
    a messaging client was we wanted to avoid
    the problems of libpurple in the past
  • 35:08 - 35:12
    where there’s been a lot of, like, remote
    code execution vulnerabilities with
  • 35:12 - 35:17
    protocol parsing. Now there are some
    trade-offs here, obviously, when you’re
  • 35:17 - 35:23
    dealing with a browser product. You
    still have a html window rendering
  • 35:23 - 35:30
    the messages. But it is XSS filtered and
    even if an XSS exploit were to get through
  • 35:30 - 35:34
    to run Javascript in your messaging
    window that Javascript would still be
  • 35:34 - 35:40
    unprivileged. So they need an additional
    browser-style exploit. And that filter has
  • 35:40 - 35:44
    been reviewed by Mozilla and additionally
    we’re looking into removing Javascript
  • 35:44 - 35:49
    from that messaging window at all.
    It should be completely possible to just
  • 35:49 - 35:55
    display a reduced, slightly less sexy
    version of the same window at perhaps
  • 35:55 - 36:01
    another higher security level without
    Javascript involved at all in that window.
  • 36:01 - 36:04
    So we will hand off to Jake now to
    describe some of the security properties
  • 36:04 - 36:06
    and differences between TOR
    messenger and Ricochet.
  • 36:06 - 36:12
    Jacob: Just to be clear about this: We
    wanted to sort of echo what Phil Rogaway
  • 36:12 - 36:16
    has recently said. He wrote a really
    wonderful paper quite recently about the
  • 36:16 - 36:21
    moral character of cryptographic work and
    Phil Rogaway for those of you that don’t
  • 36:21 - 36:24
    know is one of the sort of like amazing
    cryptographers, very humble, really
  • 36:24 - 36:30
    wonderful man who was really a little bit
    sad that cryptographers and people
  • 36:30 - 36:35
    working on security software don’t take
    the adversaries seriously. So they use
  • 36:35 - 36:40
    Alice and Bob, and Mallory and they have
    cutie icons and they look very happy.
  • 36:40 - 36:45
    We wanted to make it clear what we thought
    the adversary was. Which is definitely not
  • 36:45 - 36:53
    a cutie adversary. When anonymity fails
    for Muslims that live in Pakistan, or e.g.
  • 36:53 - 36:57
    the guys that are giving a talk later
    today, the CAGE guys, when anonymity fails
  • 36:57 - 37:01
    for them they get detained or they get
    murdered or they end up in Guantanamo Bay
  • 37:01 - 37:05
    or other things like that. So it’s a
    serious thing. And we wanted to talk about
  • 37:05 - 37:11
    what that looks like. So e.g. a lot of you
    use jabber.ccc.de, I guess. Don’t raise
  • 37:11 - 37:17
    your hands. You should decentralize. Stop
    using jabber.ccc.de because we should
  • 37:17 - 37:21
    decentralize. But that said if you do,
    this is sort of what it looks like, right?
  • 37:21 - 37:24
    There’s the possibility for targeted
    attacks when you connect. There’s the
  • 37:24 - 37:29
    possibility that the Social Graph e.g. of
    your buddy list, that that would be on the
  • 37:29 - 37:33
    server. It would be possible that there’s
    a bug on any Jabber server anywhere.
  • 37:33 - 37:36
    So of course you know that if you’re using
    Gmail with Jabber, you know that they are
  • 37:36 - 37:40
    prison providers. So if you got a pretty
    big problem there and the attacker, again,
  • 37:40 - 37:44
    is not a cutie attacker, it’s, you know,
    I like the Grim Reaper, that fit that
  • 37:44 - 37:49
    Mike chose, if you like that’s accurate.
    And now if you see one of the protections
  • 37:49 - 37:52
    you’ll have for communicating with your
    peers is off-the-record messaging. That’s
  • 37:52 - 37:58
    basically the thing. But that’s a very
    slap together protocol in a sense. Because
  • 37:58 - 38:03
    it’s hacks on top of hacks. Where you
    know you compose TOR with Jabber and TLS
  • 38:03 - 38:06
    and maybe you still have a certificate
    authority in there somewhere. Or maybe you
  • 38:06 - 38:10
    have a TOR Hidden Service but then your
    status updates they don’t have any
  • 38:10 - 38:16
    encryption at all, for example. Or, again,
    your roster is an actual thing that
  • 38:16 - 38:19
    someone can see, including every time you
    send a message to those people the server
  • 38:19 - 38:25
    sees that. So, that said, TOR messenger is
    really great because it meets users where
  • 38:25 - 38:29
    they already are. Right? So e.g. actually
    one other point here is if you use a piece
  • 38:29 - 38:33
    of software like Adium, there is actually
    a bug filed against Adium where someone
  • 38:33 - 38:38
    said “Please disable logging-by-default
    because Chelsea Manning went to prison
  • 38:38 - 38:42
    because of your logging policy”. And the
    people working on Adium in this bug report
  • 38:42 - 38:49
    basically said: “Good!” That’s horrifying!
    Right? So what if we made it as reasonable
  • 38:49 - 38:55
    as possible, as configuration-free as
    possible using TOR, using OTR, trying to
  • 38:55 - 38:59
    remove libpurple which is a whole like…
    it’s a flock of Zerodays flying in
  • 38:59 - 39:08
    formation. Right? So we wanted to kill the
    bird in a sense but also not we want to
  • 39:08 - 39:14
    help provide an incentive for improving.
    And so that’s where TOR messenger fits.
  • 39:14 - 39:20
    But we also want to experiment with next
    generation stuff. And one of those things
  • 39:20 - 39:25
    is written by a really great guy on our
    community, almost single-handedly, without
  • 39:25 - 39:31
    any funding at all, and his name is
    “special”, that’s actually his name. He’s
  • 39:31 - 39:37
    also special. But it’s really nice,
    because actually, if you solve the problem
  • 39:37 - 39:41
    of telling your friend your name, if
    you’re familiar with the properties of
  • 39:41 - 39:45
    Hidden Services where you have a self-
    authenticating name you know that you’re
  • 39:45 - 39:48
    talking to the person that you think you
    are because you’ve already done a key
  • 39:48 - 39:52
    exchange. The important part of the key
    exchange. And so one of the things that
  • 39:52 - 39:59
    you’ll see very clearly is that there is
    no more server. Right? So there’s no more
  • 39:59 - 40:05
    jabber.ccc.de in this picture. So this is
    a really good example of how we might
  • 40:05 - 40:09
    decentralize, actually. It’s an experiment
    right now but it means no more servers. It
  • 40:09 - 40:14
    uses the TOR network’s TOR Hidden Service
    protocol and everybody actually becomes a
  • 40:14 - 40:19
    TOR Hidden Service for chatting with their
    buddies. And it’s end-to-end encrypted and
  • 40:19 - 40:23
    it’s anonymized and of course this means
    that your Social Graph is a traffic
  • 40:23 - 40:28
    analysis problem, it’s no longer a list on
    a server. And it means your metadata is
  • 40:28 - 40:33
    as protected as we currently know how
    to do in a low-latency anonymity network.
  • 40:33 - 40:36
    And in the future one of the really nice
    things about this is that it will be
  • 40:36 - 40:42
    possible – or we think it will be
    possible – to even make it better in a
  • 40:42 - 40:47
    sense, e.g. multiple chats, sending
    files, sending pictures, in other words,
  • 40:47 - 40:51
    everything becomes, instead of a certainty
    we move it towards probability. And the
  • 40:51 - 40:53
    probability is in your favour.
  • 40:53 - 41:00
    Mike: Yes, additionally, I’ll be working
    on various forms of panning for cases like
  • 41:00 - 41:04
    this to basically increase this high…
    the probability that there will be
  • 41:04 - 41:10
    concurrent traffic at the same time from
    multiple TOR clients, which will further
  • 41:10 - 41:14
    frustrate the discovery of the Social
    Graph based on simple traffic analysis
  • 41:14 - 41:22
    especially for low-traffic cases such as
    Ricochet. So just to wrap up that
  • 41:22 - 41:29
    TOR Applications piece: in 2016 we’re
    trying to focus heavily on usability and
  • 41:29 - 41:35
    gin more people to be able to use TOR,
    omitting the barriers to finding TOR,
  • 41:35 - 41:40
    downloading TOR, being able especially
    for censored users, and being able to
  • 41:40 - 41:45
    install TOR. There’s still some snags,
    various difficulties that cause people to
  • 41:45 - 41:50
    stop at various stages of that process and
    we want to try and work for to eliminate
  • 41:50 - 41:53
    them. We also, of course, want to increase
    coordination: share graphics, visual
  • 41:53 - 42:01
    aesthetics and coordinate the ability to
    share the TOR process. And we also want to
  • 42:01 - 42:05
    create a space for more experimentation,
    for more things like Ricochet. There’s
  • 42:05 - 42:09
    probably a lot more ideas like Ricochet
    out there. There could be leverages
  • 42:09 - 42:12
    of TOR protocol and especially Hidden
    Services in creative ways. So we’re
  • 42:12 - 42:16
    looking to create an official sanctioned
    space as part of TOR to give them a home.
  • 42:16 - 42:21
    And to look for that in the coming
    months on the TOR blog.
  • 42:21 - 42:27
    Jacob: Alright, I just wanted to put in a
    picture of a guy wearing a Slayer T-Shirt.
  • 42:27 - 42:31
    So there it is. That’s Trevor Paglen. Some
    of you may remember him from such things
  • 42:31 - 42:36
    as helping to film Citizenfour, building
    Satellites that burn up in space so that
  • 42:36 - 42:41
    are actually currently on other
    satellites. And this on the left is
  • 42:41 - 42:46
    Leif Ryge, he’s sort of the person that
    taught me how to use computers. And he is
  • 42:46 - 42:49
    an incredible Free Software developer.
    Trevor Paglen and myself, and this is
  • 42:49 - 42:53
    a cube, the Autonomy Cube which we talked
    about last year. Because we think that
  • 42:53 - 42:57
    culture is very important and we think
    that it’s important to actually get people
  • 42:57 - 43:02
    to understand the struggle that exists
    right now. So this is installed in a
  • 43:02 - 43:06
    museum right now in Germany, in the city
    of Oldenburg, at the Edith-Russ-Haus. And
  • 43:06 - 43:11
    it actually opened several months ago,
    it’s filled with classified documents, it
  • 43:11 - 43:14
    has really interesting things to go and
    read. I highly encourage you to go and
  • 43:14 - 43:18
    read. We built a reading room about
    anonymity papers, about things that are
  • 43:18 - 43:23
    happening. About how corporations track
    you, and then the entire museum is an
  • 43:23 - 43:28
    Open-WiFi network that routs you
    transparently through TOR. So in Germany
  • 43:28 - 43:33
    a free open WiFi network that isn’t run by
    Freifunk – much respect to them – we
  • 43:33 - 43:37
    wanted to make it possible for you to just
    go and have the ability to bootstrap
  • 43:37 - 43:43
    yourself anonymously if you needed to. And
    also these four boards are Novena boards.
  • 43:43 - 43:48
    And these Novena boards are Free and Open
    Hardware devices made by Bunnie and Sean
  • 43:48 - 43:51
    in Singapore where you could, if you
    wanted to, download the schematics and
  • 43:51 - 43:56
    fab it yourself. And it’s running the
    Debian GNU Linux universal operating
  • 43:56 - 44:01
    system. And it’s an actual TOR exit node
    with absolutely every port allowed. So the
  • 44:01 - 44:07
    museum’s infrastructure itself on the
    city’s internet connection actually is a
  • 44:07 - 44:14
    TOR exit node for the whole world to be
    able to use the internet anonymously.
  • 44:14 - 44:20
    applause
  • 44:20 - 44:24
    But the museum’s infrastructure is not
    just helping people in Oldenburg, it’s
  • 44:24 - 44:29
    helping people all around the world to be
    able to communicate anonymously and it’s
  • 44:29 - 44:32
    quite amazing actually because when
    cultural institutions stand up for this
  • 44:32 - 44:36
    we recognize it’s not just a problem of
    over-there stand. We have mass-surveillance
  • 44:36 - 44:41
    and corporate surveillance in the West
    and we need to deal with that. Here, by
  • 44:41 - 44:46
    creating spaces like this. But that said,
    we also need to make sure that we create
  • 44:46 - 44:49
    spaces in people’s minds all around the
    world. And I want to introduce to you
  • 44:49 - 44:55
    someone who’s incredibly awesome, the
    most bad-ass radical librarian around,
  • 44:55 - 44:59
    this is Alison.
    Alison is going to talk about…
  • 44:59 - 45:03
    Alison: …Library Freedom Project! Hi!
    Thank you so much! I’m so excited
  • 45:03 - 45:09
    to be here, it’s my first CCC and I’m on
    stage, and it’s very… exciting. So I’m
  • 45:09 - 45:13
    going to talk to you a little bit about my
    organization, Library Freedom Project.
  • 45:13 - 45:18
    I’m the director and what we do: we have
    a partnership with TOR project to do
  • 45:18 - 45:23
    community outreach around TOR and other
    privacy-enhancing technologies. Making
  • 45:23 - 45:28
    TOR network more strong and making tools
    like TOR Browser more ubiquitous and
  • 45:28 - 45:36
    mainstream, all with the help of a
    coalition of radical militant librarians.
  • 45:36 - 45:40
    So we introduced you to the Library
    Freedom Project back in February. We told
  • 45:40 - 45:44
    you a little bit about the kind of work
    that we do, mostly in US libraries,
  • 45:44 - 45:49
    increasingly internationally. Where
    essentially we teach them about tools like
  • 45:49 - 45:55
    TOR Browser, how to install it on their
    local computers, how to teach it into
  • 45:55 - 45:59
    computer classes that they offer for free
    in the library or one-on-one technology
  • 45:59 - 46:04
    sessions for their community. And we’ve
    had a really amazing year since then.
  • 46:04 - 46:08
    In addition to working with the TOR
    project we’re really fortunate to work
  • 46:08 - 46:12
    with the American Civil Liberties Union
    (ACLU). If you’re not familiar with them,
  • 46:12 - 46:16
    they’re basically… they’re the bad asses
    who’ve been suing the US Intelligence
  • 46:16 - 46:23
    Agencies and Police for about a 100 years.
    That is me with 2 people from the ACLU
  • 46:23 - 46:28
    Massachusetts, Jessy Rossman who is a
    surveillance law expert and Kay Croqueford
  • 46:28 - 46:31
    who is an activist for the ACLU. And
    they’re here, if you see that human buy
  • 46:31 - 46:35
    them a drink and ask them about the
    surveillance capabilities of the US Police.
  • 46:35 - 46:38
    applause
  • 46:38 - 46:43
    So, it’s really cool! It’s a great
    partnership with the ACLU because
  • 46:43 - 46:49
    basically they can teach why we need to
    use tools like TOR Browser. So how to use
  • 46:49 - 46:52
    them is super-super important but you need
    to know about the authorizations, the
  • 46:52 - 46:57
    programs, all the bad laws and the uses of
    them against ordinary people. So, why do
  • 46:57 - 47:02
    we teach this stuff to librarians? It’s
    basically for 2 big reasons. One of them
  • 47:02 - 47:06
    is that libraries and librarians have an
    amazing history of activism around
  • 47:06 - 47:11
    privacy, fighting surveillance and
    fighting censorship in the US where
  • 47:11 - 47:16
    I live. Librarians were some of the
    staunchest opponents of the USA Patriot
  • 47:16 - 47:20
    Act from the beginning when it was
    codified back in 2002. They made T-Shirts
  • 47:20 - 47:26
    that said “Another hysterical librarian
    for Privacy” because of the…
  • 47:26 - 47:30
    The Attorney General at the time called
    them “hysterical” for the fact that they
  • 47:30 - 47:33
    didn’t want this awful authorization to go
    through. And of course then after Snowden
  • 47:33 - 47:37
    we learned many more things about just
    how bad the Patriot Act was. So librarians
  • 47:37 - 47:41
    were some of the first people to oppose
    that. They also have fought back against
  • 47:41 - 47:45
    National Security Letters which are the US
    Government informational requests that
  • 47:45 - 47:50
    sometimes go to software providers and
    other internet services. They have an
  • 47:50 - 47:53
    attached gag order that basically says:
    “You have to give this information about
  • 47:53 - 47:56
    your users and you can’t tell anyone that
    you got it.” Well, libraries got one of
  • 47:56 - 47:59
    these and fought back against that in one.
    applause
  • 47:59 - 48:06
    They also, all the way back in the 1950s
    even, at the height of Anti-Communist
  • 48:06 - 48:11
    Fervor and FUD, around the time of the
    House on American Activities Committee,
  • 48:11 - 48:14
    librarians came out with this amazing
    statement, called the “Freedom to Read”
  • 48:14 - 48:19
    Statement that I think really is a
    beautiful text. It’s about 2 pages long
  • 48:19 - 48:26
    and it is their commitment to privacy and
    democratic ideals made manifest.
  • 48:26 - 48:29
    And I have a little excerpt from it here.
    I’m not gonna read the whole thing to you
  • 48:29 - 48:32
    ’cause I understand I’m all too
    pressed for time. But the last line is
  • 48:32 - 48:38
    my favourite. It says: “Freedom itself is
    a dangerous way of life. But it is ours.”
  • 48:38 - 48:41
    So everybody go and get that tattooed!
    You know, on your forehead or whatever.
  • 48:41 - 48:44
    applause
  • 48:44 - 48:49
    So, the history of activism is one of the
    big things. There’s a second part that
  • 48:49 - 48:52
    is more practical. Libraries have an
    amazing relationship to the local
  • 48:52 - 48:57
    communities. That doesn’t really exist
    anywhere else especially in this era of
  • 48:57 - 49:02
    privatization and the destruction of
    public commons. Libraries have already
  • 49:02 - 49:06
    free computer classes in many places,
    sometimes the only free computer help that
  • 49:06 - 49:11
    you can get anywhere. They offer free
    computer terminals to many people who
  • 49:11 - 49:14
    don’t have any other computer access.
    They’re trusted community spaces, they
  • 49:14 - 49:18
    already teach about a whole number of
    things. So we think they’re really the
  • 49:18 - 49:24
    ideal location for people to learn about
    things like TOR Browser. So it’s been
  • 49:24 - 49:31
    going really well. This year we have
    visited hundreds of different locations.
  • 49:31 - 49:36
    We’ve trained about 2300 librarians in the
    US, in Canada and a few other countries,
  • 49:36 - 49:43
    Australia, UK and Ireland. We held an
    amazing conference, you might recognize
  • 49:43 - 49:48
    this as Noisebridge. Any Noisebridge fans
    here? I hope so. Come on, there’s got to
  • 49:48 - 49:50
    be more Noisebridge fans than that!
    Christ! We had an amazing conference in
  • 49:50 - 49:54
    Noisebridge and actually my co-organizer
    is also here, April Glaser, so you can buy
  • 49:54 - 49:59
    her a drink, she’s right over there. There
    has been a huge response from the library
  • 49:59 - 50:02
    community. They wanna learn about TOR
    Browser, they’re so excited that finally
  • 50:02 - 50:07
    there’s a practical way for them to help
    protect their patrons’ privacy. They’ve
  • 50:07 - 50:12
    cared about this stuff from an ideological
    and ethical standpoint for a really long
  • 50:12 - 50:16
    time, and now they know that there are
    tools that they can actually use and
  • 50:16 - 50:19
    implement in their libraries and teach to
    their community to help them take back
  • 50:19 - 50:25
    their privacy. We’re really lucky that not
    only do we get to teach librarians but
  • 50:25 - 50:30
    occasionally we get invited to visit
    the local communities themselves.
  • 50:30 - 50:34
    So, here we teach how to teach privacy
    classes with TOR as a big focus.
  • 50:34 - 50:37
    But sometimes we get to meet the local
    community members themselves. So I want to
  • 50:37 - 50:42
    show you this picture of a recent visit
    that I made to Yonkers, New York. It was
  • 50:42 - 50:46
    a class just for teens. They’re all
    holding TOR stickers if you can see that
  • 50:46 - 50:50
    and Library Freedom Project stickers.
    This is a great picture that sort of is
  • 50:50 - 50:54
    emblematic of the kind of communities
    that we get to visit. Yonkers is one of
  • 50:54 - 50:59
    the poorest cities in the US. These kids
    are… many of them are immigrants, their
  • 50:59 - 51:03
    parents are immigrants, they face
    surveillance and state violence as a
  • 51:03 - 51:08
    matter of their regular everyday lives.
    For them privacy is not just a human
  • 51:08 - 51:13
    right but it’s sometimes a matter of life
    and death. And these kids are just some
  • 51:13 - 51:17
    of the amazing people that we get to see.
    Also, just to give you an idea of how the
  • 51:17 - 51:21
    public perception around privacy is
    shifting in my anecdotal experience:
  • 51:21 - 51:26
    we had 65 teenagers come to this class!
    If you have a teenager or if you’ve been
  • 51:26 - 51:30
    a teenager you know teenagers don’t show
    up for stuff, they don’t do that. 65 kids
  • 51:30 - 51:34
    came to this! And they were so excited!
    This was just the group that was left over
  • 51:34 - 51:38
    at the end that had so many questions and
    wanted more stickers to bring back to
  • 51:38 - 51:44
    their friends. So it’s pretty cool stuff.
    Recently we embarked on a new project
  • 51:44 - 51:50
    bringing TOR relays into libraries. This
    is Nima Fatemi with me, when we set up
  • 51:50 - 51:55
    our pilot at a library in New Hampshire
    which is the state just above where I live
  • 51:55 - 52:02
    in the United States. And we basically
    decided to do this project because we
  • 52:02 - 52:06
    thought it was a really great continuation
    of the work that we were already doing,
  • 52:06 - 52:10
    teaching and training librarians around
    using TOR. We wanted to take a step
  • 52:10 - 52:14
    further and take the infrastructure that
    libraries already have; many of them are
  • 52:14 - 52:19
    moving to really fast internet, they can
    donate an IP address and some bandwidth.
  • 52:19 - 52:24
    And they… many of them want to do kind
    of the next thing to help protect privacy
  • 52:24 - 52:28
    and not just in their local communities,
    as well. They want to help protect
  • 52:28 - 52:32
    internet freedom everywhere. So we thought
    it was a really great sort of next step to
  • 52:32 - 52:35
    go. So we set up our pilot project in New
    Hampshire. It went pretty well, we got a
  • 52:35 - 52:39
    lot of great press attention, a lot of
    really great local and global community
  • 52:39 - 52:45
    support. We also got the attention of
    the Department of Homeland Security.
  • 52:45 - 52:50
    applause
  • 52:50 - 52:53
    Basically they contacted the local Police
    in this town in New Hampshire and they
  • 52:53 - 52:57
    said: “You know, this is stupid, and bad,
    and criminal and you should shut this
  • 52:57 - 53:03
    down!” And the library was understandably
    shaken by this and temporarily suspended
  • 53:03 - 53:09
    the operation of the relay. So we
    responded by writing a letter, an open
  • 53:09 - 53:13
    letter from Library Freedom Project, from
    TOR project, from ACLU and a broad
  • 53:13 - 53:17
    coalition of public interest groups and
    luminary individuals including the
  • 53:17 - 53:21
    Electronic Frontier Foundation (EFF), the
    Freedom of the Press Foundation, the Free
  • 53:21 - 53:24
    Software Foundation and all of our other
    friends many of whom are in this audience
  • 53:24 - 53:29
    today. We wrote this letter to the library
    basically affirming our commitment to
  • 53:29 - 53:32
    them, how much we are proud of them for
    participating in this project and how much
  • 53:32 - 53:37
    we wanted them to continue. We put a lot
    of nice, you know, ideological, why this
  • 53:37 - 53:42
    is important, warm fuzzy stuff. We also
    got EFF to start a petition for us and
  • 53:42 - 53:46
    over a weekend we got about 4500
    signatures from all over the world, the
  • 53:46 - 53:52
    library was flooded with emails, calls.
    Only one negative one. Just one out of
  • 53:52 - 53:56
    hundreds. And that person was a little
    confused, so I’m not even counting that
  • 53:56 - 54:03
    necessarily. It was like a conspiracy type thing.
    So we got this amazing support and this
  • 54:03 - 54:07
    was all in anticipation of their board
    meeting that was gonna happen a few days
  • 54:07 - 54:12
    later where the board was gonna decide
    what to do about the relay. So Nima and I
  • 54:12 - 54:16
    show up to New Hampshire on a Tuesday
    Night and you might imagine what a library
  • 54:16 - 54:21
    board meeting in rural New Hampshire is
    typically like. It was nothing like that.
  • 54:21 - 54:26
    So we get outside and there’s a protest
    happening already. Many people holding
  • 54:26 - 54:32
    Pro-TOR signs. This was just a glimpse of
    it. And the look on my face is because
  • 54:32 - 54:36
    someone pointed to a very small child and
    said: “Alison, look at that child over
  • 54:36 - 54:39
    there”. This tiny little girl was holding
    a sign that said “Dammit Big Brother” and
  • 54:39 - 54:46
    I was like “I’m done, that’s it, I got to
    go home!” So we went into the board
  • 54:46 - 54:53
    meeting and we were met with about 4 dozen
    people and media and a huge amount of
  • 54:53 - 54:58
    support. Many of the community members
    expressed how much they loved TOR, that
  • 54:58 - 55:04
    this whole incident made them download TOR
    and check it out for themselves. Basically
  • 55:04 - 55:08
    it galvanized this community into a
    greater level of support than we even had
  • 55:08 - 55:12
    when we initially set it up about a month
    earlier. People who had no idea that the
  • 55:12 - 55:16
    library was doing this heard about it
    because it got a huge amount of media
  • 55:16 - 55:21
    attention thanks to a story by Julia
    Angwin in ProPublica that broke the news
  • 55:21 - 55:26
    to everybody and then it just went like
    wildfire. So as you might imagine the
  • 55:26 - 55:30
    relay went back online that night. We were
    super-successful. Everybody in the
  • 55:30 - 55:35
    community was incredibly excited about it
    and supportive. And what has happened now
  • 55:35 - 55:41
    is that this community has sort of… like
    I said they’ve been galvanized to support
  • 55:41 - 55:47
    TOR even more. The library has now allowed
    at some of their staff time and travel
  • 55:47 - 55:52
    budget to help other libraries in the area
    set up TOR relays. They’re speaking about
  • 55:52 - 55:57
    TOR…
    applause
  • 55:57 - 56:00
    Thank you!
    They’re speaking about TOR at conferences.
  • 56:00 - 56:05
    And this has really caught on in the
    greater library community as well. So I
  • 56:05 - 56:08
    mentioned already the kind of success that
    we’ve had at Library Freedom Project in
  • 56:08 - 56:13
    teaching tools like TOR Browser and
    getting folks to bring us in for trainings.
  • 56:13 - 56:18
    This is even bigger than that! Libraries
    are now organizing their, you know, staff
  • 56:18 - 56:22
    training days around, you know, “Should we
    participate in the TOR relay project?” or
  • 56:22 - 56:27
    “How can we do this best?”, “What’s the
    best angle for us?” So we’re really
  • 56:27 - 56:32
    excited to do announce that we’re gonna
    be continuing the relay project at scale.
  • 56:32 - 56:35
    Nima Fatemi, who is now also in this
    picture again, I’m really sad that he
  • 56:35 - 56:39
    can’t be here, he is wonderful and
    essential to this project. But he will now
  • 56:39 - 56:46
    be able to travel across the US and we
    hope to go a little further opening up
  • 56:46 - 56:49
    more relays in libraries. We’re gonna
    continue teaching, of course, about TOR
  • 56:49 - 56:54
    Browser and other privacy-enhancing Free
    Software. We’re now gonna incorporate some
  • 56:54 - 56:58
    other TOR services, so we’re really
    excited to bring “Let’s Encrypt” into
  • 56:58 - 57:01
    libraries. And while we’re there, why not
    run a Hidden Service on the library’s web
  • 57:01 - 57:06
    server. Among many other things. The other
    goals for Library Freedom Project: to take
  • 57:06 - 57:12
    this to a much more international level.
    So if you want to do this in your country,
  • 57:12 - 57:16
    you know your librarian, put them in touch
    with us. You can follow our progress on
  • 57:16 - 57:20
    LibraryFreedomProject.org or
    @libraryfreedom on Twidder. And we’re
  • 57:20 - 57:23
    always sort of posting on Tor Blog about
    stuff that’s going on with us, so…
  • 57:23 - 57:26
    Thank you so much for letting me tell you
    about it. It’s really a pleasure to be
  • 57:26 - 57:41
    here!
    applause
  • 57:41 - 57:45
    Jacob: So, that’s a really tough act to
    follow! But we’re very pressed for time
  • 57:45 - 57:49
    now. And we want to make sure that we can
    tell you two big things. And one of them
  • 57:49 - 57:52
    is that, as you know, we were looking for
    an Executive Director because our Spirit
  • 57:52 - 57:57
    Animal, Roger,…
    Roger: Slide…
  • 57:57 - 58:02
    Jacob: Right… He couldn’t do it all. And
    in fact we needed someone to help us. And
  • 58:02 - 58:06
    we needed someone to help us who has the
    respect not only of the community here but
  • 58:06 - 58:11
    the community, basically, all around the
    world. And we couldn’t think of a better
  • 58:11 - 58:15
    person, in fact, when we came up with a
    list of people. The person that we ended
  • 58:15 - 58:19
    up with was the Dream Candidate for a
    number of the people in the TOR Project
  • 58:19 - 58:24
    and around the world. And so, I mean, I
    have to say that I’m so excited, I’m so
  • 58:24 - 58:28
    excited that we have her as our Executive
    Director. I used to think that our ship
  • 58:28 - 58:32
    was going to sink, that we would all go to
    prison, and that may still happen, the
  • 58:32 - 58:40
    second part. But the first part, for sure,
    is not going to happen. We found someone
  • 58:40 - 58:44
    who I believe will keep the TOR Project
    going long after all of us are dead and
  • 58:44 - 58:51
    buried. Hopefully, not in shallow graves.
    So, this is Shari Steele!
  • 58:51 - 58:59
    applause
  • 58:59 - 59:01
    Shari: Hi!
    applause
  • 59:01 - 59:05
    Thanks! Thanks, it’s actually so fun to be
    back in this community. And I wasn’t gone
  • 59:05 - 59:09
    for very long. I had so much for
    retirement. It didn’t work out for me.
  • 59:09 - 59:14
    But, that’s OK, I’m really excited. I have
    had – we’re so tight on time – so I want
  • 59:14 - 59:18
    to just tell you there are 2 big mandates
    that I was given when I first was hired.
  • 59:18 - 59:22
    And one is: Help build a great
    infrastructure so that TOR Project is
  • 59:22 - 59:27
    sustainable. Working on that! The other
    thing is: Money! We need to diversify our
  • 59:27 - 59:31
    funding sources, as everybody knows here.
    The Government funding has been really
  • 59:31 - 59:36
    difficult for us specifically because it’s
    all restricted. And so it limits the kinds
  • 59:36 - 59:41
    of things we want to do. When you get the
    developers in a room blue-skying about the
  • 59:41 - 59:45
    things that they want to do, it’s
    incredible! Really, really brilliant
  • 59:45 - 59:48
    people who want to do great things but
    they’re really limited when the funding
  • 59:48 - 59:53
    says they have to do particular things. So
    we happen to be doing our very first ever
  • 59:53 - 59:59
    crowd funding campaign right now. I want
    to give a shout out to Katina Bishop who
  • 59:59 - 60:03
    is here somewhere and who is running
    the campaign for us and is just doing an
  • 60:03 - 60:10
    amazing job. As of last count which is a
    couple of days ago, we had over 3000
  • 60:10 - 60:15
    individual donors and over 120.000 Dollars
    which is incredible for our very first
  • 60:15 - 60:19
    time when we didn’t even really have a
    mechanism in place to be collecting this
  • 60:19 - 60:25
    money, even. So, it’s really great! And I
    wanna also say we have a limited number
  • 60:25 - 60:31
    of these T-Shirts that I brought in a
    suitcase from Seattle. So, and they’re
  • 60:31 - 60:36
    gonna be available, if you come down to
    the Wau Holland booth at the Noisy Square.
  • 60:36 - 60:40
    Come talk with us! Give a donation!
    We’re doing a special: it’s normally a
  • 60:40 - 60:46
    100 Dollar donation to get a shirt, but
    for the conference we’ll do, for 60 Euro
  • 60:46 - 60:50
    you can get a shirt and it would be great
    you’d be able to show your support. And
  • 60:50 - 60:57
    you can also donate online if you don’t
    wanna do that here. That’s the URL. And
  • 60:57 - 61:01
    to end, we’d like to have a
    word from Down Under!
  • 61:01 - 61:05
    Video starts
  • 61:05 - 61:10
    Video Intro Violin Music
  • 61:10 - 61:15
    Good Day to you! Fellow Members of the
    Intergalactic Resistance against Dystopian
  • 61:15 - 61:21
    bastardry! It is I, George Orwell, with an
    urgent message from Planet Earth, as it
  • 61:21 - 61:26
    embarks on a new orbit. Transmitting via
    the Juice Channeling Portal. Our time is
  • 61:26 - 61:30
    short. So let’s get straight to the point.
    Shall we? This transmission goes out to
  • 61:30 - 61:35
    all you internet citizens. Denizens of
    the one remaining free frequency. In whose
  • 61:35 - 61:41
    hands rests the fate of humanity.
    Lord… f_ckin’ help us!
  • 61:41 - 61:43
    typewriter typing sounds
  • 61:43 - 61:49
    When I last appeared to you, I warned you
    noobs: You must not lose the Internet! Now
  • 61:49 - 61:54
    before I proceed, let us clarify one
    crucial thing. The Internet is not Virtual
  • 61:54 - 62:00
    Reality, it is actual Reality.
    typewriter typing sounds
  • 62:00 - 62:05
    Are you still with me? Good. Now ask
    yourselves: Would you let some fascist
  • 62:05 - 62:09
    dictate with whom you can and cannot
    communicate? Because that’s what happens
  • 62:09 - 62:14
    every time a government blacklists a
    website domain. Would you let anyone force
  • 62:14 - 62:18
    you to get all your information from cable
    TV? That’s effectively the case if you
  • 62:18 - 62:25
    allow corporations to kill Net Neutrality.
    typewriter typing sounds
  • 62:25 - 62:29
    Would you let the Thought Police install
    telescreens in your house, monitor and
  • 62:29 - 62:34
    record everything you do, every time you
    move, every word you’ve read, to peer into
  • 62:34 - 62:38
    the most private nook of all, your head?
    BECAUSE THAT’S WHAT HAPPENS when
  • 62:38 - 62:43
    you let your governments monitor the net
    and enact mandatory data-retention laws!
  • 62:43 - 62:48
    smashing sounds
  • 62:48 - 62:52
    If you answered “No” to all those
    questions, then we can safely deduce
  • 62:52 - 63:00
    that terms like “Online”, “IRL” and “in
    Cyberspace” are Newspeak. They confuse the
  • 63:00 - 63:05
    truth: There is no “Cybersphere”. There
    is only life. Here. It follows that if you
  • 63:05 - 63:09
    have an oppressive Internet, you have
    an oppressive society, too. Remember:
  • 63:09 - 63:11
    online is real life…
    typewriter typing sounds
  • 63:11 - 63:16
    Your Digital Rights are no different from
    everyday human rights! And don’t give me
  • 63:16 - 63:20
    that BS that you don’t care about
    Privacy because you have nothing to hide.
  • 63:20 - 63:25
    That’s pure Doublethink. As comrade
    Snowden clearly explained, that’s like
  • 63:25 - 63:29
    saying you don’t care about Free Speech
    because you have nothing to say!
  • 63:29 - 63:33
    Stick that up your memory
    holes and smoke it, noobs!
  • 63:33 - 63:38
    Pigs Arse, the portal is closing, I’m
    losing you! I’ll leave you with a new tool
  • 63:38 - 63:43
    to use. I assume you’ve all been fitted
    with one of these spying devices. Well,
  • 63:43 - 63:46
    here’s an app you can use in spite of
    this. It’s called Signal, and, yes, it’s
  • 63:46 - 63:51
    free and simple. Install it and tell all
    your contacts to mingle then all your
  • 63:51 - 63:55
    calls and texts will be encrypted. So even
    if Big Brother sees them the c_nt won’t be
  • 63:55 - 64:00
    able to read them. Hahaa! Now that’s
    a smartphone! Our time is up!
  • 64:00 - 64:04
    typewriter typing sounds
    Until the next transmission. Heed the
  • 64:04 - 64:10
    words of George Orwell. Or
    should I say: George TORwell?
  • 64:10 - 64:15
    typewriter typing sounds
  • 64:15 - 64:20
    Remember, just as I went to Spain to fight
    the dirty fascists you can come to Onion
  • 64:20 - 64:24
    land and fight Big Brother’s filthy
    tactics. If you’re a Pro run a node and
  • 64:24 - 64:28
    strengthen the code. Or if you’re in the
    Outer Party and can afford it, send TOR
  • 64:28 - 64:34
    some of your dough. Special Salute to
    all my comrades, the “State of the Onion”.
  • 64:34 - 64:38
    Happy Hacking! Now go forth and
    f_ck up Big Brother. That mendacious
  • 64:38 - 64:43
    motherf_cking, c_ck-sucking bastard
    son of a corporatist b_tch…
  • 64:43 - 64:53
    Video Outro Music
  • 64:53 - 65:01
    applause
  • 65:01 - 65:05
    Jacob: So, I think that’s all the time
    that we have. Thank you very much for
  • 65:05 - 65:09
    coming. And thank you all
    for your material support.
  • 65:09 - 65:35
    applause
  • 65:35 - 65:42
    Herald: Unfortunately we won’t have time
    for a Q&A. But I heard that some of the
  • 65:42 - 65:50
    crew will now go to the Wau Holland booth
    at Noisy Square down in the Foyer and
  • 65:50 - 65:55
    might be ready to answer
    questions there. If you have any.
  • 65:55 - 65:59
    postroll music
  • 65:59 - 66:06
    Subtitles created by c3subtitles.de
    in 2016. Join and help us!
Title:
State of the Onion
Description:

more » « less
Video Language:
English
Duration:
01:06:06

English subtitles

Revisions Compare revisions