0:00:00.000,0:00:11.019
<i>preroll music</i>

0:00:11.019,0:00:18.269
Herald: I am very happy to introduce this[br]year’s update on the “State of the Onion”!

0:00:18.269,0:00:23.969
This is a talk with about 5 speakers,[br]so let’s introduce them one by one.

0:00:23.969,0:00:28.529
First, Roger. He did it the last talk.[br]He is the founder of the TOR Project,

0:00:28.529,0:00:35.979
<i>applause</i>[br]MIT Graduate and Top 100 Global Thinkers.

0:00:35.979,0:00:39.059
Then we have Jake, a[br]humble PHD math student

0:00:39.059,0:00:42.410
<i>applause</i>

0:00:42.410,0:00:46.350
that is in my opinion not a[br]National Security threat

0:00:46.350,0:00:51.190
but a post National Security promise.

0:00:51.190,0:00:55.129
We have Mike Perry, and I think[br]it is enough to say about him,

0:00:55.129,0:00:58.700
that the NSA calls him a worthy adversary.

0:00:58.700,0:01:04.909
<i>applause</i>

0:01:04.909,0:01:09.250
He is also the lead dev[br]of the TOR Browser.

0:01:09.250,0:01:14.220
And then we have Alison Macrina,[br]a radical, militant librarian.

0:01:14.220,0:01:21.270
<i>applause</i>

0:01:21.270,0:01:28.040
And last but not least: Shari Steele, the[br]new Executive Director of the TOR Project.

0:01:28.040,0:01:35.500
<i>applause</i>

0:01:35.500,0:01:40.220
So without further ado:[br]This year’s State of the Onion!

0:01:40.220,0:01:45.230
<i>applause</i>

0:01:45.230,0:01:49.490
Jacob: Alright, it’s a great[br]honor to be back here again.

0:01:49.490,0:01:52.640
And we’re really happy to be able[br]to introduce so many more faces.

0:01:52.640,0:01:56.770
It’s no longer the Roger and Jake[br]show. That’s very important to us.

0:01:56.770,0:02:01.430
Hopefully next year, we won’t[br]be here, but we’ll still be alive.

0:02:01.430,0:02:05.660
So 2015, if I were to express[br]it in a hand gesture

0:02:05.660,0:02:10.310
or with a facial expression, it would[br]look something like “Ooouuw”.

0:02:10.310,0:02:15.460
It was really a year of big changes. Not[br]all of them were really good changes.

0:02:15.460,0:02:18.450
And there were a lot of heavy things[br]that happened throughout the year.

0:02:18.450,0:02:22.020
We won’t even be able to cover all of[br]them because we only have an hour.

0:02:22.020,0:02:25.760
So we want to focus on the[br]positive things. I would say that

0:02:25.760,0:02:30.120
probably the nicest thing is that we are[br]growing. We’re really, really growing.

0:02:30.120,0:02:33.200
Not only growing the network,[br]but we’re growing the community.

0:02:33.200,0:02:37.030
And in some sense we’re expanding[br]throughout the whole world in terms of

0:02:37.030,0:02:41.450
users who are using TOR, what TOR[br]users are using TOR for, which is

0:02:41.450,0:02:45.200
of course extremely important that there[br]is more and more people just doing

0:02:45.200,0:02:49.260
regular things with TOR, protecting[br]themselves. But then we have of course

0:02:49.260,0:02:52.100
lots of specialized things that happen[br]with the TOR network as well.

0:02:52.100,0:02:56.290
We have things like OnionBalance and[br]Ricochet. Really exciting developments.

0:02:56.290,0:03:01.060
And we’ll talk a bit about all of those[br]things. One of the most unlikely things,

0:03:01.060,0:03:05.990
at least when I imagine working[br]on TOR, say 10 years ago vs. now,

0:03:05.990,0:03:09.750
is that we’ve worked with some really[br]unlikely partners. Some of you know

0:03:09.750,0:03:17.190
that I’m not really a big fan of Silicon[br]Valley, even though I’m from there.

0:03:17.190,0:03:21.860
So you know, I sometimes call Facebook[br]not so nice names, like Stasi-Book.

0:03:21.860,0:03:24.190
And part of the reason for that is[br]because I think it is a little bit weird,

0:03:24.190,0:03:28.250
that you report on all your friends[br]in order to go to parties.

0:03:28.250,0:03:32.459
Previously it was to get into the party[br]and now it is to go to parties.

0:03:32.459,0:03:35.860
And yet we worked with them on something.

0:03:35.860,0:03:39.680
Because it turns out that sometimes[br]you have unlikely temporary alliances.

0:03:39.680,0:03:43.490
And it turns out that while I personally[br]may think that they are evil incarnate

0:03:43.490,0:03:48.470
in some sense, it is the case that[br]there is at least one good guy there.

0:03:48.470,0:03:52.640
Alec worked on this fantastic RFC7686,

0:03:52.640,0:03:58.130
that actually allowed us to help all[br]Facebook users mitigate some harm.

0:03:58.130,0:04:01.540
Which is that if they want to be able[br]to visit Facebook; and I guess

0:04:01.540,0:04:05.280
the reality is that not using Facebook[br]for a lot of people is sort of like

0:04:05.280,0:04:08.590
the “Kill your Television” bumper sticker[br]of the 90s. For those of you that ever

0:04:08.590,0:04:13.470
visited rural America. You know that that[br]wasn’t like a really successful campaign.

0:04:13.470,0:04:18.469
A lot of people have TVs these days[br]as well. So it’s a little bit like that,

0:04:18.469,0:04:22.370
only here we actually built an alternative[br]where we can mitigate harm.

0:04:22.370,0:04:25.400
And that’s really incredibly important[br]because it mitigates harm in all sorts

0:04:25.400,0:04:29.129
of different pieces of software. It[br]makes it possible for us to talk to

0:04:29.129,0:04:32.900
Browser vendors, to DNS resolvers.[br]And part of this was motivated

0:04:32.900,0:04:36.569
by some investigative journalism[br]that I actually did, where I revealed

0:04:36.569,0:04:41.090
XKeyscore rules, where the US[br]Government’s National Security Agency

0:04:41.090,0:04:45.159
was sifting through all of the internet[br]traffic to look for .onion addresses.

0:04:45.159,0:04:49.169
So when they saw a DNS request[br]for .onion they were actually

0:04:49.169,0:04:52.919
learning .onions by harvesting traffic.[br]And that really motivated me

0:04:52.919,0:04:55.779
to want to make it, so that the DNS[br]resolvers didn’t do that anymore.

0:04:55.779,0:05:00.819
It was very important, because one[br]of my core missions with TOR

0:05:00.819,0:05:04.699
is to make that kind of stuff a[br]lot harder for the spies to do.

0:05:04.699,0:05:08.980
And protecting everyday users, even[br]users who aren’t TOR users, yet.

0:05:08.980,0:05:12.300
And that’s very important. So working[br]with Alec on this has been great,

0:05:12.300,0:05:16.169
because the IETF actually[br]supports this. And now

0:05:16.169,0:05:20.190
ICANN will not sell[br].onion to anyone.

0:05:20.190,0:05:24.250
It’s a special use reserved[br]name. And that’s incredible!

0:05:24.250,0:05:31.269
<i>applause</i>

0:05:31.269,0:05:34.599
Roger: OK, so. Is this[br]thing on? Yes it is, great!

0:05:34.599,0:05:37.370
So there are a couple of interesting[br]graphs, that we’re going to give you,

0:05:37.370,0:05:42.490
of usage scenarios, usage[br]instances over the past year.

0:05:42.490,0:05:46.539
So pretty recently we were looking at[br]the number of people in Russia

0:05:46.539,0:05:51.199
using TOR. Russia has been talking about[br]censoring, talking about all sorts of

0:05:51.199,0:05:55.979
oppression steps. And at[br]the beginning of November,

0:05:55.979,0:06:01.219
we moved from 180k people in[br]Russia each day using TOR

0:06:01.219,0:06:05.749
up to almost 400k people. And[br]this is probably a low estimate.

0:06:05.749,0:06:10.159
So many hundreds of thousands[br]of people for that two week period,

0:06:10.159,0:06:14.619
which started with a Russian bomber[br]getting shot down, were trying to get

0:06:14.619,0:06:18.319
news from the rest of the world, rather[br]than news as Russia wanted to show it

0:06:18.319,0:06:22.460
to them. So that’s[br]kind of a cool event.

0:06:22.460,0:06:26.139
Another interesting event: Bangladesh[br]ended up censoring Facebook

0:06:26.139,0:06:30.229
and some other websites and a whole[br]lot of people switched to using TOR.

0:06:30.229,0:06:32.909
I was actually talking to one of the[br]Facebook people and they have their own

0:06:32.909,0:06:37.819
internal statistics about the number of[br]people connecting over the TOR network

0:06:37.819,0:06:42.279
to Facebook. And it would be super[br]cool to super impose these two graphs.

0:06:42.279,0:06:45.749
Our data is public and open[br]and we like sharing it.

0:06:45.749,0:06:49.520
They don’t actually share their data.[br]But one day it would be really cool

0:06:49.520,0:06:53.110
to be able to see both of these[br]graphs at once, to see users shifting

0:06:53.110,0:06:57.259
from reaching Facebook[br]directly to going over TOR.

0:06:57.259,0:07:00.050
The other interesting thing from the[br]Bangladesh side: I was looking at the

0:07:00.050,0:07:04.499
Alexa top websites around the[br]world and we, torproject.org is

0:07:04.499,0:07:08.539
like 8000th in the global[br]rankings, but at least

0:07:08.539,0:07:11.649
for the past couple of weeks[br]torproject.org has been

0:07:11.649,0:07:16.849
300th in Bangladesh. So there are a[br]whole heck of a lot of people there,

0:07:16.849,0:07:22.889
learning about these privacy things[br]that can get around local censorship.

0:07:22.889,0:07:28.289
<i>applause</i>

0:07:28.289,0:07:32.270
OK, and then an exciting[br]other story that we’re

0:07:32.270,0:07:35.900
going to touch on briefly, but[br]it’s an entire talk on its own.

0:07:35.900,0:07:40.439
So let me give you a couple[br]of facts and we’ll go from there.

0:07:40.439,0:07:44.069
January of 2014 a hundred[br]relays showed up

0:07:44.069,0:07:47.699
in the TOR network and we weren’t sure[br]who was running them, but they weren’t

0:07:47.699,0:07:52.159
exit relays, so they didn’t seem like[br]they were such a threat at the time.

0:07:52.159,0:07:57.839
Fast forward a while later: The[br]CERT organization inside CMU

0:07:57.839,0:08:01.929
submitted a presentation to[br]Blackhat on how cool they were

0:08:01.929,0:08:05.939
for being able to attack TOR users. And[br]they talked about how they were going to

0:08:05.939,0:08:09.610
talk about individual users[br]that they de-anonymized

0:08:09.610,0:08:12.990
and how cool they were for that.[br]And I spent a while trying to extract

0:08:12.990,0:08:17.479
details from them. And eventually[br]I learned what their attack was.

0:08:17.479,0:08:21.169
And then Nick Mathewson, one of[br]the other TOR developers decided

0:08:21.169,0:08:25.050
to check the TOR network to see if[br]anybody was actually doing that attack.

0:08:25.050,0:08:29.099
I mean it’s CERT, they are the[br]folks who publicised the phrase

0:08:29.099,0:08:33.059
“responsible disclosure”. Surely,[br]they are not actually undermining

0:08:33.059,0:08:36.679
the TOR network and attacking TOR users.[br]But then it turns out that somebody was

0:08:36.679,0:08:40.880
doing the attack. And it was these[br]100 relays that looked kind of ordinary

0:08:40.880,0:08:44.759
and innocuous before that. Then I sent[br]mail to the CERT people, saying:

0:08:44.759,0:08:48.540
“Hey are those relays yours?” And they[br]went silent. They have never answered any

0:08:48.540,0:08:54.269
of my mails since then. So that’s[br]what we know. It doesn’t look good.

0:08:54.269,0:08:58.009
One of the key things that we,[br]TOR, have done from here is

0:08:58.009,0:09:01.459
we’ve been working on strengthening[br]the TOR network and getting better

0:09:01.459,0:09:05.389
at recognizing these things. So[br]the core of the attack was that

0:09:05.389,0:09:09.150
they did what’s called a Sybil attack,[br]where you sign up a lot of relays

0:09:09.150,0:09:13.449
and you become too large a fraction of the[br]TOR network. So we’ve been working on

0:09:13.449,0:09:18.339
a lot of ways to recognize that[br]an attack like that is happening,

0:09:18.339,0:09:22.139
and mitigate it, and get rid of it[br]early. For example Philipp Winter

0:09:22.139,0:09:26.819
has a bunch of interesting research[br]areas on recognizing similarity

0:09:26.819,0:09:30.670
between relays. So you can[br]automatically start detecting:

0:09:30.670,0:09:33.920
“Wait a minute, this event[br]happened, where a lot of relays

0:09:33.920,0:09:38.480
are more similar than they should[br]be.” Another example there is:

0:09:38.480,0:09:41.610
We used to say: “Well I don’t[br]know who’s running them,

0:09:41.610,0:09:45.399
but they don’t seem that dangerous. So[br]OK, it’s good to grow the TOR network.”

0:09:45.399,0:09:48.940
Now we’re taking the other[br]approach of “Gosh, that’s weird,

0:09:48.940,0:09:52.470
let’s get rid of them and then[br]we’ll ask questions after that.”

0:09:52.470,0:09:56.009
So we’re trying to be more[br]aggressive, more conservative

0:09:56.009,0:09:59.880
at keeping the TOR network[br]safe from large adversaries.

0:09:59.880,0:10:04.620
Whether they’re government organizations[br]or corporations or individuals.

0:10:04.620,0:10:12.029
Whoever might be attacking it.

0:10:12.029,0:10:17.220
Jacob: We’ve had a few really big[br]changes in the TOR community.

0:10:17.220,0:10:20.610
One of them is that we had[br]an Interim Executive Director

0:10:20.610,0:10:25.930
come on in a sort of quick moment[br]and that’s Roger Dingledine.

0:10:25.930,0:10:28.850
Some of you probably always thought he[br]was the Executive Director the whole time.

0:10:28.850,0:10:33.279
That’s because for a while he was and then[br]he wasn’t. And then he was back again.

0:10:33.279,0:10:37.490
And that change was quite a[br]huge change in that instead of

0:10:37.490,0:10:41.190
working on a lot of anonymity stuff,[br]Roger was doing a lot of bureaucratic

0:10:41.190,0:10:44.519
paperwork which was actually quite[br]sad for the anonymity world, I think.

0:10:44.519,0:10:48.160
He probably reviewed fewer papers[br]and did fewer anonymity things

0:10:48.160,0:10:51.790
this year than ever before.[br]Which is really, really sad.

0:10:51.790,0:10:55.050
But that really lit a fire under us to[br]make sure that we would actually

0:10:55.050,0:10:58.839
change that. To make sure that it was[br]possible to get someone else, who is

0:10:58.839,0:11:02.399
really good at being an Executive Director[br]of the TOR Project, to really lead,

0:11:02.399,0:11:06.459
so that we could have Roger return to[br]not only being an anonymity researcher,

0:11:06.459,0:11:09.240
but also the true Spirit[br]Animal of the TOR Project.

0:11:09.240,0:11:13.440
He doesn’t look like[br]an onion, but in spirit.

0:11:13.440,0:11:19.540
Roger: Slide![br]Jacob: <i>laughing</i>

0:11:19.540,0:11:22.329
Another really big thing that happened[br]is working with Laura Poitras

0:11:22.329,0:11:27.800
over the last many years.[br]She has followed the TOR Project

0:11:27.800,0:11:31.129
– lots of people like to follow the[br]people on the TOR Project –

0:11:31.129,0:11:35.639
but we consented to her following us.[br]And she made a film, “Citizenfour”,

0:11:35.639,0:11:39.000
I think some of you… have[br]any of you seen this film?

0:11:39.000,0:11:45.170
<i>applause</i>[br]Quite amazingly,

0:11:45.170,0:11:48.499
she won an Oscar. Actually, she[br]basically won every film prize.

0:11:48.499,0:11:57.269
<i>applause</i>

0:11:57.269,0:12:01.170
One of the key things is that people[br]in this room that work on Free Software

0:12:01.170,0:12:04.819
were explicitly thanked. If you work[br]on Tails, if you work on GnuPG,

0:12:04.819,0:12:08.649
if you work on SecureDrop,[br]OTR, TOR, …

0:12:08.649,0:12:11.459
She specifically said in[br]the credits of the film:

0:12:11.459,0:12:15.490
This film wouldn’t have been[br]possible without that Free Software.

0:12:15.490,0:12:18.939
Actually making her job and[br]the jobs of her source

0:12:18.939,0:12:22.000
and other people involved…[br]making that possible.

0:12:22.000,0:12:25.750
And so her winning that Oscar[br]in some sense feels like

0:12:25.750,0:12:29.480
closing a really big loop that had[br]been open for a very long time.

0:12:29.480,0:12:33.000
And it’s really great and she,[br]I think, would really wish that she

0:12:33.000,0:12:37.660
could be here today, again. She[br]sends her regards, and she is really,

0:12:37.660,0:12:42.470
really thankful for everybody here that[br]writes Free Software for freedom!

0:12:42.470,0:12:47.909
<i>applause</i>

0:12:47.909,0:12:51.639
Roger: So another exciting event[br]that happened in 2015 is that reddit

0:12:51.639,0:12:55.660
gave us 83.000$. They had some[br]extra profit and they decided

0:12:55.660,0:13:00.839
that they would give it to 10 non-profits[br]chosen from among the Redditer community.

0:13:00.839,0:13:03.839
And there were people who came to me[br]and said: “Hey Roger, you really have to,

0:13:03.839,0:13:06.939
you know, start advocating, start[br]teaching everybody, why TOR should be

0:13:06.939,0:13:10.290
one of them.” And I said: “Oh, I’m[br]busy. Those things never work.

0:13:10.290,0:13:13.810
You know, they’ll choose somebody[br]else.” And so it turns out that we were

0:13:13.810,0:13:18.550
the 10th out of 10 without doing[br]any advocacy work whatsoever

0:13:18.550,0:13:22.509
to the reddit community, which is super[br]cool that they care about us so much.

0:13:22.509,0:13:27.089
Also reddit divided the ten equally. So[br]even though we were the 10th out of 10,

0:13:27.089,0:13:31.200
we got 10% of the donations[br]that they were giving out.

0:13:31.200,0:13:37.870
<i>applause</i>

0:13:37.870,0:13:41.149
Jake: One of the really –[br]I would say one of the oddest things

0:13:41.149,0:13:46.120
about working at the TOR Project for me[br]is that TOR has supported me through

0:13:46.120,0:13:49.629
really crazy times. So when I was[br]being detained by the US Government

0:13:49.629,0:13:54.550
or having my property stolen by fascist[br]pigs in the United States Government’s

0:13:54.550,0:13:59.329
border checkpoints, TOR didn’t fire me.[br]TOR always backed me and always

0:13:59.329,0:14:03.379
kept me safe. And many people often look[br]like they wanted to kill me from stress,

0:14:03.379,0:14:06.389
but often they didn’t, which was nice.[br]Or they didn’t get close enough

0:14:06.389,0:14:10.669
and I could move fast enough. But[br]they were always very helpful. And

0:14:10.669,0:14:14.949
they’ve really helped me to[br]go and do things to speak for

0:14:14.949,0:14:18.430
anonymous users who can’t go[br]other places. And one of the places

0:14:18.430,0:14:22.220
which I was most honored to go in the[br]last year – I was actually scheduled

0:14:22.220,0:14:25.569
to go there with Caspar Bowden, but[br]unfortunately he was ill at the time.

0:14:25.569,0:14:29.899
And as you know, Caspar[br]has since passed away.

0:14:29.899,0:14:32.999
But we were scheduled to go together and[br]TOR was supporting us both, actually,

0:14:32.999,0:14:38.319
to go to this. And it resulted, I believe,

0:14:38.319,0:14:41.519
in a very amazing meeting in[br]Geneva at the United Nations,

0:14:41.519,0:14:45.779
where the special rapporteur actually[br]endorsed TOR and off-the-record messaging

0:14:45.779,0:14:49.729
and encryption programs,[br]and privacy, and free software.

0:14:49.729,0:14:54.680
Saying that they are absolutely essential.[br]And in fact their use should be encouraged

0:14:54.680,0:14:59.629
from a human rights perspective. And in[br]fact the really amazing part about it is

0:14:59.629,0:15:03.649
he didn’t do it only from the perspective[br]of free speech. And this is important,

0:15:03.649,0:15:07.139
because actually there are other rights.[br]And we should think about them.

0:15:07.139,0:15:10.370
So for example the right to form[br]and to hold an idea is a right

0:15:10.370,0:15:14.079
that cannot be abridged. The right[br]to free speech can be abridged

0:15:14.079,0:15:18.589
in many free societies, but what is[br]in your head and how you form it

0:15:18.589,0:15:22.040
is something where… that is not[br]a right that can be abridged.

0:15:22.040,0:15:25.579
And he wrote this in the report. And[br]he, when writing this report with

0:15:25.579,0:15:29.899
many other people, made it very clear that[br]this is something we need to keep in mind.

0:15:29.899,0:15:34.249
That when we talk about private spaces[br]online, where groups may collaborate

0:15:34.249,0:15:37.850
to form ideas, to be able to create[br]a political platform for example,

0:15:37.850,0:15:41.220
to be able to make democratic change,[br]they need to be able to use the internet

0:15:41.220,0:15:46.319
to freely exchange those ideas in a secure[br]and anonymized, encrypted fashion.

0:15:46.319,0:15:50.889
And that helps them to form and to hold[br]ideas. And obviously that helps them later

0:15:50.889,0:15:55.470
to express free speech ideas. And that’s[br]a huge thing to have the United Nations

0:15:55.470,0:16:02.409
endorse basically what many of us in this[br]room have been saying for, well… decades.

0:16:02.409,0:16:05.459
Roger: So the UN thing is really cool.[br]We’ve also been doing some other

0:16:05.459,0:16:09.879
policy angles. So Steven Murdoch, who[br]is a professor in England and also

0:16:09.879,0:16:14.350
part of the TOR community, has worked[br]really hard at teaching the British folks,

0:16:14.350,0:16:18.490
that their new backdoor laws and[br]their new terrible laws are actually

0:16:18.490,0:16:23.240
not what any reasonable country wants.[br]So he’s put a huge amount of energy into

0:16:23.240,0:16:27.680
basically advocating for freedom for[br]them. And similarly Paul Syverson,

0:16:27.680,0:16:32.569
part of the TOR community, basically[br]ended up writing a post note for the UK

0:16:32.569,0:16:36.790
about how the dark web is[br]misunderstood. See previous talk.

0:16:36.790,0:16:40.680
So we’ve been doing quite a bit[br]of education at the policy level

0:16:40.680,0:16:44.910
to try to teach the world, that encryption[br]is good and safe and worthwhile

0:16:44.910,0:16:50.070
and should be the default[br]around the world.

0:16:50.070,0:16:54.050
Jake: And there is a kind of interesting[br]thing here. Maybe a little contentious

0:16:54.050,0:16:57.279
with some people in the TOR community.[br]But I just wanted to make it really clear.

0:16:57.279,0:17:01.170
We have the TOR Project, which is[br]a non-profit in the United States.

0:17:01.170,0:17:04.569
And we have a much wider TOR[br]community all around the world.

0:17:04.569,0:17:07.950
And in Berlin we have a really, really[br]like an incredible TOR community.

0:17:07.950,0:17:11.380
We have people like Donncha working[br]on OnionBalance. We have people like

0:17:11.380,0:17:14.810
Leif Ryge working on bananaphone. We[br]have all of these different people working

0:17:14.810,0:17:17.970
on all sorts of Free Software. And many[br]of those people don’t actually work

0:17:17.970,0:17:21.240
for the TOR Project. They’re community[br]members, they’re volunteers,

0:17:21.240,0:17:26.010
there is some of privacy students.[br]And so the Renewable Freedom Foundation

0:17:26.010,0:17:30.050
actually funded the creation[br]of a sort of separate space

0:17:30.050,0:17:33.980
in Berlin where people work on these[br]kinds of things, which is not affiliated

0:17:33.980,0:17:38.100
with US Government money. It’s[br]not affiliated with the TOR Project

0:17:38.100,0:17:41.360
as some sort of corporate thing.[br]It’s not a multinational thing.

0:17:41.360,0:17:46.630
It’s really the peer-to-peer version in[br]some sense of what we’ve already had

0:17:46.630,0:17:49.650
in other places. And it’s really great[br]and I wanted to just thank Moritz

0:17:49.650,0:17:54.350
who made that happen and to all the[br]people like Aaron Gibson, and Juris

0:17:54.350,0:17:57.900
who actually put that space together[br]and made it possible. So in Berlin,

0:17:57.900,0:18:01.740
there is a space, not just c-base,[br]not just CCCB, but actually

0:18:01.740,0:18:05.600
a place which is about anonymity.[br]It’s called Zwiebelraum.

0:18:05.600,0:18:09.430
And this is a place in which people are[br]working on this Free Software. And they

0:18:09.430,0:18:12.340
are doing it in an independent manner.[br]And we hope actually that people will

0:18:12.340,0:18:16.400
come together and support that, because[br]we need more spaces like that, that

0:18:16.400,0:18:20.670
are not directly affiliated with the TOR[br]Project, necessarily, but where we have

0:18:20.670,0:18:24.280
an aligned mission about reproduceable[br]builds in Free Software and also

0:18:24.280,0:18:29.300
about anonymity and actually about caring[br]about Free Speech. And actually making

0:18:29.300,0:18:33.110
it happen. And really building spaces[br]like that all around the world. So if you

0:18:33.110,0:18:36.140
have a place in your town where you want[br]to work on those things, we would really

0:18:36.140,0:18:40.340
hope that you will work on building that.[br]I called it “general cipher punkery”.

0:18:40.340,0:18:44.300
I feel like that’s a good description.[br]There’s lots of stuff to be done.

0:18:44.300,0:18:48.940
And now for a Marxist joke: So we[br]discovered the division of labor,

0:18:48.940,0:18:52.570
which was a really important discovery.[br]We’re about 180 years too late,

0:18:52.570,0:18:58.310
but we started to split up where it didn’t[br]go very well, the Marxist asked why.

0:18:58.310,0:19:02.410
Cheers, cheers![br]So the Vegas Teams are really simple.

0:19:02.410,0:19:06.620
Basically we have a bunch of people[br]that previously they did everything.

0:19:06.620,0:19:10.130
And this really doesn’t work. It’s very[br]stressful and it’s very frustrating

0:19:10.130,0:19:14.470
and it leads to people doing lots and[br]lots of things in a very unfocused way.

0:19:14.470,0:19:18.740
And so we split it up! And it actually[br]happened naturally, it was emergent.

0:19:18.740,0:19:24.010
So e.g. Mike Perry, who’s gonna talk[br]about the Applications Team’s work

0:19:24.010,0:19:28.280
in a second here, he was[br]already leading this,

0:19:28.280,0:19:32.370
he was really making this happen. And[br]so we just made it more explicit. And,

0:19:32.370,0:19:36.650
in fact we created a way of communicating[br]and reporting back so that

0:19:36.650,0:19:39.850
you don’t have to, like, drink from the[br]fire hose about absolutely everything

0:19:39.850,0:19:42.430
that’s happening everywhere, but you can[br]sort of tune in to those things, which

0:19:42.430,0:19:46.970
means we get higher-level understandings[br]and that is a really, incredibly useful

0:19:46.970,0:19:49.740
thing that has made us much more[br]productive. And what was part of the

0:19:49.740,0:19:53.500
growing pains of the last year actually[br]was figuring out how to make that work

0:19:53.500,0:19:57.210
because we’re a pretty flat group in terms[br]of a community and a pretty flat group

0:19:57.210,0:20:02.060
in terms of an organization writing[br]Free Software and advocating.

0:20:02.060,0:20:06.500
And so that’s a really incredibly good[br]thing which will come up all the time.

0:20:06.500,0:20:09.770
You’ll hear people talking about the[br]Metrics Team or the Network Team or the

0:20:09.770,0:20:13.650
Applications Team or the Community Team.[br]And that’s what we’re talking about.

0:20:13.650,0:20:17.630
In that sense. So we tried to formalize it[br]and in some ways we may be moving in a

0:20:17.630,0:20:23.840
sort of Debian model a little bit. And[br]we’ll see how that actually goes. So we

0:20:23.840,0:20:28.470
have a really great person here to[br]explain the work of the Metrics Team.

0:20:28.470,0:20:32.350
Roger: OK, so I’m gonna tell you a little[br]bit about what the Metrics Team has been

0:20:32.350,0:20:36.570
working on lately to give you a[br]sense of some of the components

0:20:36.570,0:20:40.890
of the TOR community. So there are 5 or[br]10 people who work on the Metrics Team.

0:20:40.890,0:20:45.350
We actually only pay one-ish of them;[br]so most of them are volunteers

0:20:45.350,0:20:48.980
and that’s… on the one hand that’s great.[br]It’s wonderful that there are researchers

0:20:48.980,0:20:53.750
all around the world who are contributing[br]and helping to visualize and helping to do

0:20:53.750,0:20:57.980
analysis on the data. On the other hand[br]it’s sort of sad that we don’t have a full

0:20:57.980,0:21:02.530
team of full-time people who are working[br]on this all the time. So it’d be great

0:21:02.530,0:21:07.710
to have your assistance[br]working on this. So,

0:21:07.710,0:21:12.430
actually Metrics has been accumulating[br]all sorts of analysis tools

0:21:12.430,0:21:16.990
over the past 5 years. So there are up to[br]30 different little tools. There’s Atlas

0:21:16.990,0:21:22.410
and Globe and Stem and 20-something more[br]which is a challenge to keep coordinated,

0:21:22.410,0:21:26.690
a challenge to keep maintained. So[br]they’ve been working on how to integrate

0:21:26.690,0:21:32.090
these things and make them more[br]usable and maintainable and extensible.

0:21:32.090,0:21:36.370
So one example that they… so they wrote[br]some slides for me to present here.

0:21:36.370,0:21:40.050
One example that they were looking[br]at, to give you an example of how

0:21:40.050,0:21:45.540
this analysis works, is bad relays in the[br]TOR network. So maybe that’s an exit relay

0:21:45.540,0:21:50.520
that runs, but it modifies traffic, or[br]it watches traffic or something.

0:21:50.520,0:21:56.150
Maybe it’s a relay that signs up[br]as a Hidden Service directory

0:21:56.150,0:21:59.970
and then when you publish your[br]onion address to it, it goes to visit it

0:21:59.970,0:22:04.370
or it puts it on a big list or something[br]like that. Or maybe bad relays are Sybils

0:22:04.370,0:22:09.580
who – we were talking earlier about[br]the 2014 attack where a 100 relays

0:22:09.580,0:22:14.750
showed up at once and we, the directory[br]authorities have a couple of ways of

0:22:14.750,0:22:19.500
addressing that relays. One of them is[br]each of the directory authorities can say:

0:22:19.500,0:22:22.670
“That relay needs to get out of the[br]network! We just cut it out of the

0:22:22.670,0:22:27.900
network.” We can also say: “Bad exit!”[br]We can also say: “That relay is no longer

0:22:27.900,0:22:33.240
gonna be used as an exit!” So even though[br]it advertises that it can reach Blockchain

0:22:33.240,0:22:39.320
and other websites, clients choose not to[br]do it that way. So that’s the background.

0:22:39.320,0:22:44.920
One of the tools that Damian wrote a while[br]ago is called Tor-Consensus-Health and it

0:22:44.920,0:22:49.570
looks every hour at the new list of relays[br]in the network and it tries to figure out:

0:22:49.570,0:22:53.000
“Is there something suspicious that[br]just happened at this point?” And in this

0:22:53.000,0:22:57.920
case it looks for a bunch of new relays[br]showing up all at the same time with

0:22:57.920,0:23:04.530
similar characteristics and it sends email[br]to a list. So that’s useful. The second

0:23:04.530,0:23:08.910
piece of the analysis is “OK, what do you[br]do when that happens?” So we get an email

0:23:08.910,0:23:13.960
saying “Hey, 40 new relays showed up,[br]what’s up with that?” So there’s a real

0:23:13.960,0:23:18.790
challenge there to decide: do we allow[br]the TOR network to grow – sounds good –

0:23:18.790,0:23:23.280
or do we wonder who these people are[br]and try to contact them or cut them out of

0:23:23.280,0:23:29.600
the network or constrain what fraction[br]of the network they can become.

0:23:29.600,0:23:35.150
So Philipp Winter also has a[br]visualization, in this case of basically

0:23:35.150,0:23:41.310
which relays were around on a given month.[br]So the X axis is all of the different

0:23:41.310,0:23:46.100
relays in the month and the Y axis is each[br]hour during that month. And they’ve sorted

0:23:46.100,0:23:51.010
the relays here by how much they were[br]present in the given month. And you’ll

0:23:51.010,0:23:55.120
notice the red blocks over there are[br]relays that showed up at the same time

0:23:55.120,0:23:59.320
and they’d been consistently present at[br]the same time since then. So that’s kind

0:23:59.320,0:24:03.070
of suspicious. That’s “Hey, wait a minute,[br]what’s that pattern going on there?”

0:24:03.070,0:24:07.260
So this is a cool way of visualizing and[br]being able to drill down and say:

0:24:07.260,0:24:10.780
“Wait a minute, that pattern right there,[br]something weird just happened.”

0:24:10.780,0:24:14.470
So part of the challenge in general for[br]the Metrics Team is: they have a Terabyte

0:24:14.470,0:24:18.350
of interesting data of what the network[br]has looked like over the years –

0:24:18.350,0:24:23.650
how do you turn that into “Wait a minute,[br]that right there is something mysterious

0:24:23.650,0:24:27.320
that just happened. Let’s look at it[br]more.” So you can look at it from

0:24:27.320,0:24:31.650
the visualization side but you can also[br]– there’s a tool called Onionoo where

0:24:31.650,0:24:35.290
you can basically query it, all sorts[br]of queries in it, it dumps the data

0:24:35.290,0:24:39.940
back on to you. So we’ve got a Terabyte[br]of interesting data out there, what

0:24:39.940,0:24:44.810
the relays are on the network, what[br]sort of statistics they been reporting,

0:24:44.810,0:24:48.930
when they’re up, when they’re down,[br]whether they change keys a lot,

0:24:48.930,0:24:55.080
whether they change IP addresses a lot.[br]So we encourage you to investigate and

0:24:55.080,0:24:59.410
look at these tools etc. So there’s[br]a new website we set up this year

0:24:59.410,0:25:05.180
called CollecTor, collector.torproject.org[br]that has all of these different data sets

0:25:05.180,0:25:09.270
and pointers to all these different[br]libraries and tools etc. that you too

0:25:09.270,0:25:15.030
can use to investigate, graph-visualize[br]etc. So here’s another example.

0:25:15.030,0:25:19.280
At this point we’re looking at the 9[br]directory authorities in the network.

0:25:19.280,0:25:24.620
Each of them votes its opinion about[br]each relay. So whether the relay’s fast,

0:25:24.620,0:25:31.060
or stable, or looks like a good exit or[br]maybe we should vote about “Bad Exit”

0:25:31.060,0:25:35.850
for it. So the grey lines are: all of the[br]directory authorities thought that

0:25:35.850,0:25:41.120
it didn’t deserve the flag and it’s very[br]clear. The green lines are: enough of the

0:25:41.120,0:25:45.310
directory authorities said that the relay[br]should get the flag, also very clear.

0:25:45.310,0:25:49.960
And all the brown and light green etc.[br]in the middle are contradictions.

0:25:49.960,0:25:53.290
That’s where some of the directory[br]authorities said “Yes it’s fast” and some

0:25:53.290,0:25:58.710
of them said “No, it’s not fast”. And this[br]gives us a visualization, a way to see

0:25:58.710,0:26:02.800
whether most of the directory authorities[br]are agreeing with each other.

0:26:02.800,0:26:06.290
We should look at this over time and if[br]suddenly there’s a huge brown area

0:26:06.290,0:26:10.930
then we can say “Wait a minute,[br]something’s going on”, where maybe

0:26:10.930,0:26:15.080
a set of relays are trying to look good to[br]these directory authorities and trying

0:26:15.080,0:26:19.700
not to look good to these. So basically[br]it helps us to recognize patterns

0:26:19.700,0:26:26.070
of weird things going on. So on CollecTor[br]you can find all sorts of data sets

0:26:26.070,0:26:32.690
and you can fetch them and do your[br]analysis of them. And Tor Metrics

0:26:32.690,0:26:38.280
– metrics.torproject.org – has a bunch of[br]examples of this analysis, where you can

0:26:38.280,0:26:42.430
look at graphs of the number of people[br]connecting from different countries, the

0:26:42.430,0:26:46.700
number of relays over time, the number[br]of new relays, the number of bridges,

0:26:46.700,0:26:52.530
users connecting to bridges etc. There[br]are 3 different libraries that help you

0:26:52.530,0:26:56.210
to parse these various data sets. So[br]there’s one in Python, one in Java,

0:26:56.210,0:27:01.160
one in Go; so whichever one of those[br]you enjoy most you can grab and start

0:27:01.160,0:27:07.860
doing analysis. They do weekly or so[br]IRC meetings, so the TOR Metrics Team

0:27:07.860,0:27:11.950
invites you to show up on January 7th[br]and they would love to have your help.

0:27:11.950,0:27:15.340
They have a bunch of really interesting[br]data, they have a bunch of really

0:27:15.340,0:27:21.460
interesting analysis tools and they’re[br]missing curious people. So show up,

0:27:21.460,0:27:25.240
start asking questions about the data, try[br]to learn what’s going on. And you can

0:27:25.240,0:27:28.305
learn more about them, on[br]the Metrics Team, there.

0:27:28.305,0:27:32.055
And then I’m gonna pass it on to Mike.

0:27:32.055,0:27:38.720
<i>applause</i>

0:27:38.720,0:27:43.750
Mike: OK, so Hello everyone! So, I’ll be[br]telling ’bout the Applications Team part

0:27:43.750,0:27:48.600
of the Vegas plan that[br]Jake introduced. Basically,

0:27:48.600,0:27:54.060
the Applications Team was created to[br]bring together all the aspects of TOR

0:27:54.060,0:27:58.500
and the extended community that are[br]working on anything that’s user facing.

0:27:58.500,0:28:02.890
So anything with a user interface that[br]the user will directly interact with,

0:28:02.890,0:28:08.550
that’s an application on[br]either Mobile or Desktop.

0:28:08.550,0:28:13.020
So to start, obviously we had the[br]TOR Browser, that’s sort of like

0:28:13.020,0:28:18.620
a flagship application that most people[br]are familiar with when they think of TOR.

0:28:18.620,0:28:22.990
Recently we’ve added OrFox which is a[br]project by the Guardianproject to port

0:28:22.990,0:28:28.050
the TOR Browser patches to Android[br]and that’s currently in Alpha Status. But

0:28:28.050,0:28:34.190
it’s available on the Guardianproject’s[br]F-Droid Repo. We also have 2 chat clients:

0:28:34.190,0:28:39.020
TorMessenger and Ricochet and both with[br]different security properties. I will be

0:28:39.020,0:28:44.290
getting to it later. So I guess, first[br]off let’s talk about what happened

0:28:44.290,0:28:51.070
in the TOR Browser world in 2015.[br]Basically most of the, or a good deal

0:28:51.070,0:28:56.520
of our work is spent keeping up[br]with the Firefox release treadmill.

0:28:56.520,0:29:01.620
That includes responding[br]to emergency releases,

0:29:01.620,0:29:06.730
auditing changes in the Firefox code[br]base making sure that their features

0:29:06.730,0:29:10.940
adhere to our privacy model and making[br]sure that our releases come out

0:29:10.940,0:29:15.060
the same day as the official[br]Firefox releases so that there’s

0:29:15.060,0:29:20.130
no vulnerability exposure to known[br]vulnerabilities after they’re disclosed.

0:29:20.130,0:29:24.870
That has been a little bit rough to over[br]2015. I believe there is a solid 3..4

0:29:24.870,0:29:29.500
months where it felt like we were doing[br]a release every 2 weeks. Due to either

0:29:29.500,0:29:38.880
log jam or random unassessed[br]vulnerability or any arbitrary

0:29:38.880,0:29:43.620
security issue with Firefox. But we did…[br]despite treading all that water we did

0:29:43.620,0:29:48.710
manage to get quite a bit of work done.[br]As always our work on the browser focuses

0:29:48.710,0:29:54.700
in 3 main areas: privacy, security[br]and usability. Our privacy work is

0:29:54.700,0:30:00.330
primarily focused around making sure that[br]any new browser feature doesn’t enable

0:30:00.330,0:30:05.720
new vectors for 3rd party tracking. So no[br]ways for a 3rd party content resource to

0:30:05.720,0:30:12.570
store state or cookies or blob URIs[br]or some of the newer features.

0:30:12.570,0:30:16.940
There’s a new cash API. These sorts[br]of things need to all be isolated

0:30:16.940,0:30:20.840
to the URL bar domain to prevent 3rd[br]parties from being able to track you.

0:30:20.840,0:30:25.180
From being able to recognize it’s the same[br]you when you log in to Facebook and

0:30:25.180,0:30:31.730
when you visit CNN, and CNN loads[br]the Facebook Like buttons, e.g.

0:30:31.730,0:30:36.530
Additionally we have done a lot of work on[br]fingerprinting defences, the Alpha Release

0:30:36.530,0:30:41.250
ships a set of fonts for the[br]Linux users so that the

0:30:41.250,0:30:45.340
font fingerprinting can be normalized[br]since a lot of Linux users tend to have

0:30:45.340,0:30:49.920
different fonts installed on their[br]systems. As well as tries to normalize

0:30:49.920,0:30:54.380
the font list that allowed for Windows[br]and Mac users where they often get

0:30:54.380,0:30:59.670
additional fonts from 3rd party[br]applications that install them.

0:30:59.670,0:31:05.120
On the security front the major exciting[br]piece is the security slider. So with iSEC

0:31:05.120,0:31:11.810
Partners’ help we did a review of all the[br]Firefox vulnerabilities and categorized

0:31:11.810,0:31:16.680
them based on the component that they were[br]in as well as their prevalence on the web.

0:31:16.680,0:31:21.970
And came up with 4 positions that allow[br]you to choose, basically trade off,

0:31:21.970,0:31:26.080
functionality for vulnerability surface[br]reduction. And this was actually quite

0:31:26.080,0:31:31.870
successful. It turned out that[br]all of the Pwn2own exploits

0:31:31.870,0:31:39.990
against Firefox were actually blocked[br]for non-https sites at medium/high.

0:31:39.990,0:31:46.270
And if you enable the high security[br]level they were blocked for everything.

0:31:46.270,0:31:50.130
We additionally released address[br]sanitizer hardened builds, these are…

0:31:50.130,0:31:54.150
basically should… especially the higher[br]security levels of the security slider

0:31:54.150,0:31:58.810
should protect against various memory[br]safety issues in the browser and also

0:31:58.810,0:32:04.630
help us diagnose issues very rapidly.

0:32:04.630,0:32:10.380
And of course we now sign our Windows[br]packages using a hardware security module

0:32:10.380,0:32:16.850
from DigiCert. The usability improvements[br]were primarily focused around this UI and

0:32:16.850,0:32:21.100
this new Onion Menus you can see if you[br]remember the old menu. There was quite a

0:32:21.100,0:32:24.400
lot more options there. We sort of[br]condensed and consolidated options and

0:32:24.400,0:32:29.490
eliminated and combined as much as we[br]could. An additionally displayed the

0:32:29.490,0:32:37.360
circuit for the current URL bar domain.[br]In 2016 we’ll be focusing mostly on again

0:32:37.360,0:32:41.910
the same 3 areas. Our main goal for[br]privacy is to try and convince Mozilla

0:32:41.910,0:32:48.160
that they want to adopt our idea of[br]isolating 3rd party identifiers at least

0:32:48.160,0:32:52.150
to the point of if the user goes into the[br]Preferences and tries to disable 3rd party

0:32:52.150,0:32:57.860
cookies, will let you do the same thing[br]for DOM storage, Cash, blob URIs,

0:32:57.860,0:33:02.760
worker threads, and all these[br]other sources of shared state.

0:33:02.760,0:33:07.910
We’re very excited about their work on a[br]multi-process sandbox, additionally even

0:33:07.910,0:33:13.580
application-level sandboxing, it should[br]be… without Mozilla’s sandbox,

0:33:13.580,0:33:18.620
we should still be able to prevent the[br]browser from bypassing TOR using SecComp

0:33:18.620,0:33:22.640
or AppArmor or SeatBelt or one of[br]these other sandboxing technologies.

0:33:22.640,0:33:25.410
We’re looking forward to trying to[br]get that rolled out. And we’re doing

0:33:25.410,0:33:30.500
exploit bounties! We’ll be[br]partnering with HackerOne,

0:33:30.500,0:33:34.080
who’ll be announcing this shortly. The[br]program will start out invite-only

0:33:34.080,0:33:37.200
and then… just, so we can get[br]used to the flow and scale up

0:33:37.200,0:33:41.810
and then we’ll make it public later in the[br]year to basically provide people with

0:33:41.810,0:33:46.560
incentive to review our code to look[br]for vulnerabilities that might be

0:33:46.560,0:33:51.130
specific to our applications. And of[br]course the usual usability improving,

0:33:51.130,0:33:57.470
security, improving installation. And we’d[br]like to improve the censorship and bridges

0:33:57.470,0:34:02.780
ability flow as well hoping to automate[br]the discovery of bridges and inform you

0:34:02.780,0:34:08.639
if your bridges become unreachable.[br]So TOR messenger

0:34:08.639,0:34:13.230
is one of our 2 chat clients, also[br]part of the Applications Team.

0:34:13.230,0:34:17.540
Basically, the goal there was to minimize[br]the amount of configuration that

0:34:17.540,0:34:21.360
the user had to do if they wanted to[br]use one of their existing chat clients

0:34:21.360,0:34:26.780
with TOR and OTR. Now this is based

0:34:26.780,0:34:32.290
on another Mozilla platform – Instantbird[br]which is based on Thunderbird.

0:34:32.290,0:34:38.300
This allows us to share a lot of the[br]TOR Browser configuration codes

0:34:38.300,0:34:42.120
for managing the TOR process and[br]configuring bridges. So the user has a

0:34:42.120,0:34:47.270
very similar configuration[br]experience to the browser

0:34:47.270,0:34:53.139
when they first start it up. It also has[br]some additional memory safety advantages

0:34:53.139,0:34:58.770
– all the protocol parsers are written[br]in Javascript. This basically…

0:34:58.770,0:35:03.660
one of the major things when we[br]were looking at candidates for

0:35:03.660,0:35:08.470
a messaging client was we wanted to avoid[br]the problems of libpurple in the past

0:35:08.470,0:35:11.980
where there’s been a lot of, like, remote[br]code execution vulnerabilities with

0:35:11.980,0:35:16.860
protocol parsing. Now there are some[br]trade-offs here, obviously, when you’re

0:35:16.860,0:35:22.560
dealing with a browser product. You[br]still have a html window rendering

0:35:22.560,0:35:30.090
the messages. But it is XSS filtered and[br]even if an XSS exploit were to get through

0:35:30.090,0:35:34.320
to run Javascript in your messaging[br]window that Javascript would still be

0:35:34.320,0:35:40.030
unprivileged. So they need an additional[br]browser-style exploit. And that filter has

0:35:40.030,0:35:44.270
been reviewed by Mozilla and additionally[br]we’re looking into removing Javascript

0:35:44.270,0:35:48.740
from that messaging window at all.[br]It should be completely possible to just

0:35:48.740,0:35:54.950
display a reduced, slightly less sexy[br]version of the same window at perhaps

0:35:54.950,0:36:00.670
another higher security level without[br]Javascript involved at all in that window.

0:36:00.670,0:36:04.070
So we will hand off to Jake now to[br]describe some of the security properties

0:36:04.070,0:36:06.090
and differences between TOR[br]messenger and Ricochet.

0:36:06.090,0:36:12.220
Jacob: Just to be clear about this: We[br]wanted to sort of echo what Phil Rogaway

0:36:12.220,0:36:16.440
has recently said. He wrote a really[br]wonderful paper quite recently about the

0:36:16.440,0:36:20.910
moral character of cryptographic work and[br]Phil Rogaway for those of you that don’t

0:36:20.910,0:36:24.310
know is one of the sort of like amazing[br]cryptographers, very humble, really

0:36:24.310,0:36:29.990
wonderful man who was really a little bit[br]sad that cryptographers and people

0:36:29.990,0:36:34.890
working on security software don’t take[br]the adversaries seriously. So they use

0:36:34.890,0:36:39.610
Alice and Bob, and Mallory and they have[br]cutie icons and they look very happy.

0:36:39.610,0:36:44.620
We wanted to make it clear what we thought[br]the adversary was. Which is definitely not

0:36:44.620,0:36:53.090
a cutie adversary. When anonymity fails[br]for Muslims that live in Pakistan, or e.g.

0:36:53.090,0:36:56.580
the guys that are giving a talk later[br]today, the CAGE guys, when anonymity fails

0:36:56.580,0:37:01.420
for them they get detained or they get[br]murdered or they end up in Guantanamo Bay

0:37:01.420,0:37:05.480
or other things like that. So it’s a[br]serious thing. And we wanted to talk about

0:37:05.480,0:37:11.400
what that looks like. So e.g. a lot of you[br]use jabber.ccc.de, I guess. Don’t raise

0:37:11.400,0:37:16.530
your hands. You should decentralize. Stop[br]using jabber.ccc.de because we should

0:37:16.530,0:37:20.960
decentralize. But that said if you do,[br]this is sort of what it looks like, right?

0:37:20.960,0:37:24.090
There’s the possibility for targeted[br]attacks when you connect. There’s the

0:37:24.090,0:37:29.080
possibility that the Social Graph e.g. of[br]your buddy list, that that would be on the

0:37:29.080,0:37:32.740
server. It would be possible that there’s[br]a bug on any Jabber server anywhere.

0:37:32.740,0:37:36.380
So of course you know that if you’re using[br]Gmail with Jabber, you know that they are

0:37:36.380,0:37:40.100
prison providers. So if you got a pretty[br]big problem there and the attacker, again,

0:37:40.100,0:37:44.410
is not a cutie attacker, it’s, you know,[br]I like the Grim Reaper, that fit that

0:37:44.410,0:37:48.820
Mike chose, if you like that’s accurate.[br]And now if you see one of the protections

0:37:48.820,0:37:51.770
you’ll have for communicating with your[br]peers is off-the-record messaging. That’s

0:37:51.770,0:37:57.770
basically the thing. But that’s a very[br]slap together protocol in a sense. Because

0:37:57.770,0:38:02.720
it’s hacks on top of hacks. Where you[br]know you compose TOR with Jabber and TLS

0:38:02.720,0:38:05.860
and maybe you still have a certificate[br]authority in there somewhere. Or maybe you

0:38:05.860,0:38:09.550
have a TOR Hidden Service but then your[br]status updates they don’t have any

0:38:09.550,0:38:16.430
encryption at all, for example. Or, again,[br]your roster is an actual thing that

0:38:16.430,0:38:19.110
someone can see, including every time you[br]send a message to those people the server

0:38:19.110,0:38:24.820
sees that. So, that said, TOR messenger is[br]really great because it meets users where

0:38:24.820,0:38:28.930
they already are. Right? So e.g. actually[br]one other point here is if you use a piece

0:38:28.930,0:38:33.420
of software like Adium, there is actually[br]a bug filed against Adium where someone

0:38:33.420,0:38:37.630
said “Please disable logging-by-default[br]because Chelsea Manning went to prison

0:38:37.630,0:38:41.620
because of your logging policy”. And the[br]people working on Adium in this bug report

0:38:41.620,0:38:48.710
basically said: “Good!” That’s horrifying![br]Right? So what if we made it as reasonable

0:38:48.710,0:38:54.590
as possible, as configuration-free as[br]possible using TOR, using OTR, trying to

0:38:54.590,0:38:58.650
remove libpurple which is a whole like…[br]it’s a flock of Zerodays flying in

0:38:58.650,0:39:07.640
formation. Right? So we wanted to kill the[br]bird in a sense but also not we want to

0:39:07.640,0:39:14.360
help provide an incentive for improving.[br]And so that’s where TOR messenger fits.

0:39:14.360,0:39:19.670
But we also want to experiment with next[br]generation stuff. And one of those things

0:39:19.670,0:39:25.120
is written by a really great guy on our[br]community, almost single-handedly, without

0:39:25.120,0:39:30.760
any funding at all, and his name is[br]“special”, that’s actually his name. He’s

0:39:30.760,0:39:37.020
also special. But it’s really nice,[br]because actually, if you solve the problem

0:39:37.020,0:39:40.810
of telling your friend your name, if[br]you’re familiar with the properties of

0:39:40.810,0:39:44.940
Hidden Services where you have a self-[br]authenticating name you know that you’re

0:39:44.940,0:39:47.690
talking to the person that you think you[br]are because you’ve already done a key

0:39:47.690,0:39:51.780
exchange. The important part of the key[br]exchange. And so one of the things that

0:39:51.780,0:39:58.790
you’ll see very clearly is that there is[br]no more server. Right? So there’s no more

0:39:58.790,0:40:05.130
jabber.ccc.de in this picture. So this is[br]a really good example of how we might

0:40:05.130,0:40:09.119
decentralize, actually. It’s an experiment[br]right now but it means no more servers. It

0:40:09.119,0:40:14.500
uses the TOR network’s TOR Hidden Service[br]protocol and everybody actually becomes a

0:40:14.500,0:40:18.720
TOR Hidden Service for chatting with their[br]buddies. And it’s end-to-end encrypted and

0:40:18.720,0:40:23.360
it’s anonymized and of course this means[br]that your Social Graph is a traffic

0:40:23.360,0:40:27.980
analysis problem, it’s no longer a list on[br]a server. And it means your metadata is

0:40:27.980,0:40:32.790
as protected as we currently know how[br]to do in a low-latency anonymity network.

0:40:32.790,0:40:36.480
And in the future one of the really nice[br]things about this is that it will be

0:40:36.480,0:40:41.850
possible – or we think it will be[br]possible – to even make it better in a

0:40:41.850,0:40:46.920
sense, e.g. multiple chats, sending[br]files, sending pictures, in other words,

0:40:46.920,0:40:50.780
everything becomes, instead of a certainty[br]we move it towards probability. And the

0:40:50.780,0:40:52.890
probability is in your favour.

0:40:52.890,0:41:00.000
Mike: Yes, additionally, I’ll be working[br]on various forms of panning for cases like

0:41:00.000,0:41:04.140
this to basically increase this high…[br]the probability that there will be

0:41:04.140,0:41:10.000
concurrent traffic at the same time from[br]multiple TOR clients, which will further

0:41:10.000,0:41:13.720
frustrate the discovery of the Social[br]Graph based on simple traffic analysis

0:41:13.720,0:41:21.940
especially for low-traffic cases such as[br]Ricochet. So just to wrap up that

0:41:21.940,0:41:29.230
TOR Applications piece: in 2016 we’re[br]trying to focus heavily on usability and

0:41:29.230,0:41:34.950
gin more people to be able to use TOR,[br]omitting the barriers to finding TOR,

0:41:34.950,0:41:40.110
downloading TOR, being able especially[br]for censored users, and being able to

0:41:40.110,0:41:45.100
install TOR. There’s still some snags,[br]various difficulties that cause people to

0:41:45.100,0:41:49.560
stop at various stages of that process and[br]we want to try and work for to eliminate

0:41:49.560,0:41:53.320
them. We also, of course, want to increase[br]coordination: share graphics, visual

0:41:53.320,0:42:00.900
aesthetics and coordinate the ability to[br]share the TOR process. And we also want to

0:42:00.900,0:42:04.540
create a space for more experimentation,[br]for more things like Ricochet. There’s

0:42:04.540,0:42:08.810
probably a lot more ideas like Ricochet[br]out there. There could be leverages

0:42:08.810,0:42:12.150
of TOR protocol and especially Hidden[br]Services in creative ways. So we’re

0:42:12.150,0:42:16.130
looking to create an official sanctioned[br]space as part of TOR to give them a home.

0:42:16.130,0:42:21.280
And to look for that in the coming[br]months on the TOR blog.

0:42:21.280,0:42:26.600
Jacob: Alright, I just wanted to put in a[br]picture of a guy wearing a Slayer T-Shirt.

0:42:26.600,0:42:31.380
So there it is. That’s Trevor Paglen. Some[br]of you may remember him from such things

0:42:31.380,0:42:36.150
as helping to film Citizenfour, building[br]Satellites that burn up in space so that

0:42:36.150,0:42:41.030
are actually currently on other[br]satellites. And this on the left is

0:42:41.030,0:42:45.550
Leif Ryge, he’s sort of the person that[br]taught me how to use computers. And he is

0:42:45.550,0:42:49.050
an incredible Free Software developer.[br]Trevor Paglen and myself, and this is

0:42:49.050,0:42:52.640
a cube, the Autonomy Cube which we talked[br]about last year. Because we think that

0:42:52.640,0:42:57.220
culture is very important and we think[br]that it’s important to actually get people

0:42:57.220,0:43:01.500
to understand the struggle that exists[br]right now. So this is installed in a

0:43:01.500,0:43:06.470
museum right now in Germany, in the city[br]of Oldenburg, at the Edith-Russ-Haus. And

0:43:06.470,0:43:10.810
it actually opened several months ago,[br]it’s filled with classified documents, it

0:43:10.810,0:43:14.000
has really interesting things to go and[br]read. I highly encourage you to go and

0:43:14.000,0:43:18.060
read. We built a reading room about[br]anonymity papers, about things that are

0:43:18.060,0:43:22.990
happening. About how corporations track[br]you, and then the entire museum is an

0:43:22.990,0:43:27.730
Open-WiFi network that routs you[br]transparently through TOR. So in Germany

0:43:27.730,0:43:32.520
a free open WiFi network that isn’t run by[br]Freifunk – much respect to them – we

0:43:32.520,0:43:36.869
wanted to make it possible for you to just[br]go and have the ability to bootstrap

0:43:36.869,0:43:43.030
yourself anonymously if you needed to. And[br]also these four boards are Novena boards.

0:43:43.030,0:43:47.730
And these Novena boards are Free and Open[br]Hardware devices made by Bunnie and Sean

0:43:47.730,0:43:51.220
in Singapore where you could, if you[br]wanted to, download the schematics and

0:43:51.220,0:43:55.990
fab it yourself. And it’s running the[br]Debian GNU Linux universal operating

0:43:55.990,0:44:01.350
system. And it’s an actual TOR exit node[br]with absolutely every port allowed. So the

0:44:01.350,0:44:06.780
museum’s infrastructure itself on the[br]city’s internet connection actually is a

0:44:06.780,0:44:13.619
TOR exit node for the whole world to be[br]able to use the internet anonymously.

0:44:13.619,0:44:20.340
<i>applause</i>

0:44:20.340,0:44:24.170
But the museum’s infrastructure is not[br]just helping people in Oldenburg, it’s

0:44:24.170,0:44:28.830
helping people all around the world to be[br]able to communicate anonymously and it’s

0:44:28.830,0:44:31.830
quite amazing actually because when[br]cultural institutions stand up for this

0:44:31.830,0:44:35.960
we recognize it’s not just a problem of[br]over-there stand. We have mass-surveillance

0:44:35.960,0:44:40.850
and corporate surveillance in the West[br]and we need to deal with that. Here, by

0:44:40.850,0:44:45.550
creating spaces like this. But that said,[br]we also need to make sure that we create

0:44:45.550,0:44:49.250
spaces in people’s minds all around the[br]world. And I want to introduce to you

0:44:49.250,0:44:55.380
someone who’s incredibly awesome, the[br]most bad-ass radical librarian around,

0:44:55.380,0:44:58.830
this is Alison.[br]Alison is going to talk about…

0:44:58.830,0:45:03.130
Alison: …Library Freedom Project! Hi![br]Thank you so much! I’m so excited

0:45:03.130,0:45:09.290
to be here, it’s my first CCC and I’m on[br]stage, and it’s very… exciting. So I’m

0:45:09.290,0:45:12.750
going to talk to you a little bit about my[br]organization, Library Freedom Project.

0:45:12.750,0:45:18.400
I’m the director and what we do: we have[br]a partnership with TOR project to do

0:45:18.400,0:45:23.440
community outreach around TOR and other[br]privacy-enhancing technologies. Making

0:45:23.440,0:45:28.260
TOR network more strong and making tools[br]like TOR Browser more ubiquitous and

0:45:28.260,0:45:35.540
mainstream, all with the help of a[br]coalition of radical militant librarians.

0:45:35.540,0:45:40.040
So we introduced you to the Library[br]Freedom Project back in February. We told

0:45:40.040,0:45:43.520
you a little bit about the kind of work[br]that we do, mostly in US libraries,

0:45:43.520,0:45:48.930
increasingly internationally. Where[br]essentially we teach them about tools like

0:45:48.930,0:45:54.669
TOR Browser, how to install it on their[br]local computers, how to teach it into

0:45:54.669,0:45:59.080
computer classes that they offer for free[br]in the library or one-on-one technology

0:45:59.080,0:46:04.350
sessions for their community. And we’ve[br]had a really amazing year since then.

0:46:04.350,0:46:08.470
In addition to working with the TOR[br]project we’re really fortunate to work

0:46:08.470,0:46:12.470
with the American Civil Liberties Union[br](ACLU). If you’re not familiar with them,

0:46:12.470,0:46:16.480
they’re basically… they’re the bad asses[br]who’ve been suing the US Intelligence

0:46:16.480,0:46:22.710
Agencies and Police for about a 100 years.[br]That is me with 2 people from the ACLU

0:46:22.710,0:46:27.550
Massachusetts, Jessy Rossman who is a[br]surveillance law expert and Kay Croqueford

0:46:27.550,0:46:31.000
who is an activist for the ACLU. And[br]they’re here, if you see that human buy

0:46:31.000,0:46:35.070
them a drink and ask them about the[br]surveillance capabilities of the US Police.

0:46:35.070,0:46:37.980
<i>applause</i>

0:46:37.980,0:46:43.300
So, it’s really cool! It’s a great[br]partnership with the ACLU because

0:46:43.300,0:46:48.580
basically they can teach why we need to[br]use tools like TOR Browser. So how to use

0:46:48.580,0:46:52.260
them is super-super important but you need[br]to know about the authorizations, the

0:46:52.260,0:46:57.369
programs, all the bad laws and the uses of[br]them against ordinary people. So, why do

0:46:57.369,0:47:01.770
we teach this stuff to librarians? It’s[br]basically for 2 big reasons. One of them

0:47:01.770,0:47:06.470
is that libraries and librarians have an[br]amazing history of activism around

0:47:06.470,0:47:11.450
privacy, fighting surveillance and[br]fighting censorship in the US where

0:47:11.450,0:47:16.090
I live. Librarians were some of the[br]staunchest opponents of the USA Patriot

0:47:16.090,0:47:20.350
Act from the beginning when it was[br]codified back in 2002. They made T-Shirts

0:47:20.350,0:47:25.869
that said “Another hysterical librarian[br]for Privacy” because of the…

0:47:25.869,0:47:29.720
The Attorney General at the time called[br]them “hysterical” for the fact that they

0:47:29.720,0:47:33.400
didn’t want this awful authorization to go[br]through. And of course then after Snowden

0:47:33.400,0:47:37.369
we learned many more things about just[br]how bad the Patriot Act was. So librarians

0:47:37.369,0:47:40.800
were some of the first people to oppose[br]that. They also have fought back against

0:47:40.800,0:47:45.060
National Security Letters which are the US[br]Government informational requests that

0:47:45.060,0:47:49.750
sometimes go to software providers and[br]other internet services. They have an

0:47:49.750,0:47:53.060
attached gag order that basically says:[br]“You have to give this information about

0:47:53.060,0:47:56.430
your users and you can’t tell anyone that[br]you got it.” Well, libraries got one of

0:47:56.430,0:47:58.900
these and fought back against that in one.[br]<i>applause</i>

0:47:58.900,0:48:05.640
They also, all the way back in the 1950s[br]even, at the height of Anti-Communist

0:48:05.640,0:48:10.790
Fervor and FUD, around the time of the[br]House on American Activities Committee,

0:48:10.790,0:48:13.509
librarians came out with this amazing[br]statement, called the “Freedom to Read”

0:48:13.509,0:48:18.910
Statement that I think really is a[br]beautiful text. It’s about 2 pages long

0:48:18.910,0:48:26.080
and it is their commitment to privacy and[br]democratic ideals made manifest.

0:48:26.080,0:48:29.310
And I have a little excerpt from it here.[br]I’m not gonna read the whole thing to you

0:48:29.310,0:48:32.500
’cause I understand I’m all too[br]pressed for time. But the last line is

0:48:32.500,0:48:37.600
my favourite. It says: “Freedom itself is[br]a dangerous way of life. But it is ours.”

0:48:37.600,0:48:40.960
So everybody go and get that tattooed![br]You know, on your forehead or whatever.

0:48:40.960,0:48:44.150
<i>applause</i>

0:48:44.150,0:48:49.490
So, the history of activism is one of the[br]big things. There’s a second part that

0:48:49.490,0:48:52.420
is more practical. Libraries have an[br]amazing relationship to the local

0:48:52.420,0:48:56.859
communities. That doesn’t really exist[br]anywhere else especially in this era of

0:48:56.859,0:49:01.650
privatization and the destruction of[br]public commons. Libraries have already

0:49:01.650,0:49:05.520
free computer classes in many places,[br]sometimes the only free computer help that

0:49:05.520,0:49:10.609
you can get anywhere. They offer free[br]computer terminals to many people who

0:49:10.609,0:49:14.480
don’t have any other computer access.[br]They’re trusted community spaces, they

0:49:14.480,0:49:18.400
already teach about a whole number of[br]things. So we think they’re really the

0:49:18.400,0:49:24.310
ideal location for people to learn about[br]things like TOR Browser. So it’s been

0:49:24.310,0:49:31.010
going really well. This year we have[br]visited hundreds of different locations.

0:49:31.010,0:49:36.230
We’ve trained about 2300 librarians in the[br]US, in Canada and a few other countries,

0:49:36.230,0:49:43.150
Australia, UK and Ireland. We held an[br]amazing conference, you might recognize

0:49:43.150,0:49:47.630
this as Noisebridge. Any Noisebridge fans[br]here? I hope so. Come on, there’s got to

0:49:47.630,0:49:50.470
be more Noisebridge fans than that![br]Christ! We had an amazing conference in

0:49:50.470,0:49:54.050
Noisebridge and actually my co-organizer[br]is also here, April Glaser, so you can buy

0:49:54.050,0:49:58.540
her a drink, she’s right over there. There[br]has been a huge response from the library

0:49:58.540,0:50:02.290
community. They wanna learn about TOR[br]Browser, they’re so excited that finally

0:50:02.290,0:50:06.910
there’s a practical way for them to help[br]protect their patrons’ privacy. They’ve

0:50:06.910,0:50:12.000
cared about this stuff from an ideological[br]and ethical standpoint for a really long

0:50:12.000,0:50:15.980
time, and now they know that there are[br]tools that they can actually use and

0:50:15.980,0:50:19.090
implement in their libraries and teach to[br]their community to help them take back

0:50:19.090,0:50:25.400
their privacy. We’re really lucky that not[br]only do we get to teach librarians but

0:50:25.400,0:50:29.590
occasionally we get invited to visit[br]the local communities themselves.

0:50:29.590,0:50:33.770
So, here we teach how to teach privacy[br]classes with TOR as a big focus.

0:50:33.770,0:50:37.460
But sometimes we get to meet the local[br]community members themselves. So I want to

0:50:37.460,0:50:41.850
show you this picture of a recent visit[br]that I made to Yonkers, New York. It was

0:50:41.850,0:50:46.050
a class just for teens. They’re all[br]holding TOR stickers if you can see that

0:50:46.050,0:50:50.369
and Library Freedom Project stickers.[br]This is a great picture that sort of is

0:50:50.369,0:50:54.130
emblematic of the kind of communities[br]that we get to visit. Yonkers is one of

0:50:54.130,0:50:59.160
the poorest cities in the US. These kids[br]are… many of them are immigrants, their

0:50:59.160,0:51:02.790
parents are immigrants, they face[br]surveillance and state violence as a

0:51:02.790,0:51:07.970
matter of their regular everyday lives.[br]For them privacy is not just a human

0:51:07.970,0:51:12.520
right but it’s sometimes a matter of life[br]and death. And these kids are just some

0:51:12.520,0:51:16.820
of the amazing people that we get to see.[br]Also, just to give you an idea of how the

0:51:16.820,0:51:21.230
public perception around privacy is[br]shifting in my anecdotal experience:

0:51:21.230,0:51:25.890
we had 65 teenagers come to this class![br]If you have a teenager or if you’ve been

0:51:25.890,0:51:30.359
a teenager you know teenagers don’t show[br]up for stuff, they don’t do that. 65 kids

0:51:30.359,0:51:34.340
came to this! And they were so excited![br]This was just the group that was left over

0:51:34.340,0:51:38.420
at the end that had so many questions and[br]wanted more stickers to bring back to

0:51:38.420,0:51:44.300
their friends. So it’s pretty cool stuff.[br]Recently we embarked on a new project

0:51:44.300,0:51:50.150
bringing TOR relays into libraries. This[br]is Nima Fatemi with me, when we set up

0:51:50.150,0:51:55.390
our pilot at a library in New Hampshire[br]which is the state just above where I live

0:51:55.390,0:52:02.040
in the United States. And we basically[br]decided to do this project because we

0:52:02.040,0:52:05.500
thought it was a really great continuation[br]of the work that we were already doing,

0:52:05.500,0:52:10.080
teaching and training librarians around[br]using TOR. We wanted to take a step

0:52:10.080,0:52:13.690
further and take the infrastructure that[br]libraries already have; many of them are

0:52:13.690,0:52:19.490
moving to really fast internet, they can[br]donate an IP address and some bandwidth.

0:52:19.490,0:52:24.430
And they… many of them want to do kind[br]of the next thing to help protect privacy

0:52:24.430,0:52:27.750
and not just in their local communities,[br]as well. They want to help protect

0:52:27.750,0:52:31.720
internet freedom everywhere. So we thought[br]it was a really great sort of next step to

0:52:31.720,0:52:35.480
go. So we set up our pilot project in New[br]Hampshire. It went pretty well, we got a

0:52:35.480,0:52:39.130
lot of great press attention, a lot of[br]really great local and global community

0:52:39.130,0:52:44.550
support. We also got the attention of[br]the Department of Homeland Security.

0:52:44.550,0:52:49.610
<i>applause</i>

0:52:49.610,0:52:53.100
Basically they contacted the local Police[br]in this town in New Hampshire and they

0:52:53.100,0:52:57.160
said: “You know, this is stupid, and bad,[br]and criminal and you should shut this

0:52:57.160,0:53:02.640
down!” And the library was understandably[br]shaken by this and temporarily suspended

0:53:02.640,0:53:09.210
the operation of the relay. So we[br]responded by writing a letter, an open

0:53:09.210,0:53:13.440
letter from Library Freedom Project, from[br]TOR project, from ACLU and a broad

0:53:13.440,0:53:17.000
coalition of public interest groups and[br]luminary individuals including the

0:53:17.000,0:53:21.109
Electronic Frontier Foundation (EFF), the[br]Freedom of the Press Foundation, the Free

0:53:21.109,0:53:24.350
Software Foundation and all of our other[br]friends many of whom are in this audience

0:53:24.350,0:53:28.720
today. We wrote this letter to the library[br]basically affirming our commitment to

0:53:28.720,0:53:32.359
them, how much we are proud of them for[br]participating in this project and how much

0:53:32.359,0:53:36.830
we wanted them to continue. We put a lot[br]of nice, you know, ideological, why this

0:53:36.830,0:53:41.520
is important, warm fuzzy stuff. We also[br]got EFF to start a petition for us and

0:53:41.520,0:53:46.270
over a weekend we got about 4500[br]signatures from all over the world, the

0:53:46.270,0:53:51.659
library was flooded with emails, calls.[br]Only one negative one. Just one out of

0:53:51.659,0:53:55.770
hundreds. And that person was a little[br]confused, so I’m not even counting that

0:53:55.770,0:54:03.230
necessarily. It was like a conspiracy type thing.[br]So we got this amazing support and this

0:54:03.230,0:54:06.880
was all in anticipation of their board[br]meeting that was gonna happen a few days

0:54:06.880,0:54:12.150
later where the board was gonna decide[br]what to do about the relay. So Nima and I

0:54:12.150,0:54:16.270
show up to New Hampshire on a Tuesday[br]Night and you might imagine what a library

0:54:16.270,0:54:20.770
board meeting in rural New Hampshire is[br]typically like. It was nothing like that.

0:54:20.770,0:54:26.270
So we get outside and there’s a protest[br]happening already. Many people holding

0:54:26.270,0:54:32.070
Pro-TOR signs. This was just a glimpse of[br]it. And the look on my face is because

0:54:32.070,0:54:35.740
someone pointed to a very small child and[br]said: “Alison, look at that child over

0:54:35.740,0:54:39.120
there”. This tiny little girl was holding[br]a sign that said “Dammit Big Brother” and

0:54:39.120,0:54:45.650
I was like “I’m done, that’s it, I got to[br]go home!” So we went into the board

0:54:45.650,0:54:52.980
meeting and we were met with about 4 dozen[br]people and media and a huge amount of

0:54:52.980,0:54:57.859
support. Many of the community members[br]expressed how much they loved TOR, that

0:54:57.859,0:55:03.790
this whole incident made them download TOR[br]and check it out for themselves. Basically

0:55:03.790,0:55:07.590
it galvanized this community into a[br]greater level of support than we even had

0:55:07.590,0:55:12.119
when we initially set it up about a month[br]earlier. People who had no idea that the

0:55:12.119,0:55:15.660
library was doing this heard about it[br]because it got a huge amount of media

0:55:15.660,0:55:20.859
attention thanks to a story by Julia[br]Angwin in ProPublica that broke the news

0:55:20.859,0:55:26.130
to everybody and then it just went like[br]wildfire. So as you might imagine the

0:55:26.130,0:55:29.920
relay went back online that night. We were[br]super-successful. Everybody in the

0:55:29.920,0:55:34.920
community was incredibly excited about it[br]and supportive. And what has happened now

0:55:34.920,0:55:41.099
is that this community has sort of… like[br]I said they’ve been galvanized to support

0:55:41.099,0:55:46.520
TOR even more. The library has now allowed[br]at some of their staff time and travel

0:55:46.520,0:55:51.920
budget to help other libraries in the area[br]set up TOR relays. They’re speaking about

0:55:51.920,0:55:57.010
TOR…[br]<i>applause</i>

0:55:57.010,0:55:59.900
Thank you![br]They’re speaking about TOR at conferences.

0:55:59.900,0:56:05.300
And this has really caught on in the[br]greater library community as well. So I

0:56:05.300,0:56:08.450
mentioned already the kind of success that[br]we’ve had at Library Freedom Project in

0:56:08.450,0:56:12.520
teaching tools like TOR Browser and[br]getting folks to bring us in for trainings.

0:56:12.520,0:56:17.630
This is even bigger than that! Libraries[br]are now organizing their, you know, staff

0:56:17.630,0:56:21.920
training days around, you know, “Should we[br]participate in the TOR relay project?” or

0:56:21.920,0:56:27.110
“How can we do this best?”, “What’s the[br]best angle for us?” So we’re really

0:56:27.110,0:56:31.590
excited to do announce that we’re gonna[br]be continuing the relay project at scale.

0:56:31.590,0:56:35.270
Nima Fatemi, who is now also in this[br]picture again, I’m really sad that he

0:56:35.270,0:56:38.930
can’t be here, he is wonderful and[br]essential to this project. But he will now

0:56:38.930,0:56:45.680
be able to travel across the US and we[br]hope to go a little further opening up

0:56:45.680,0:56:49.380
more relays in libraries. We’re gonna[br]continue teaching, of course, about TOR

0:56:49.380,0:56:53.780
Browser and other privacy-enhancing Free[br]Software. We’re now gonna incorporate some

0:56:53.780,0:56:58.160
other TOR services, so we’re really[br]excited to bring “Let’s Encrypt” into

0:56:58.160,0:57:01.489
libraries. And while we’re there, why not[br]run a Hidden Service on the library’s web

0:57:01.489,0:57:06.280
server. Among many other things. The other[br]goals for Library Freedom Project: to take

0:57:06.280,0:57:11.650
this to a much more international level.[br]So if you want to do this in your country,

0:57:11.650,0:57:15.590
you know your librarian, put them in touch[br]with us. You can follow our progress on

0:57:15.590,0:57:19.690
LibraryFreedomProject.org or[br]@libraryfreedom on Twidder. And we’re

0:57:19.690,0:57:22.950
always sort of posting on Tor Blog about[br]stuff that’s going on with us, so…

0:57:22.950,0:57:26.480
Thank you so much for letting me tell you[br]about it. It’s really a pleasure to be

0:57:26.480,0:57:40.520
here![br]<i>applause</i>

0:57:40.520,0:57:45.060
Jacob: So, that’s a really tough act to[br]follow! But we’re very pressed for time

0:57:45.060,0:57:48.740
now. And we want to make sure that we can[br]tell you two big things. And one of them

0:57:48.740,0:57:52.040
is that, as you know, we were looking for[br]an Executive Director because our Spirit

0:57:52.040,0:57:56.550
Animal, Roger,…[br]Roger: Slide…

0:57:56.550,0:58:01.730
Jacob: Right… He couldn’t do it all. And[br]in fact we needed someone to help us. And

0:58:01.730,0:58:05.869
we needed someone to help us who has the[br]respect not only of the community here but

0:58:05.869,0:58:10.709
the community, basically, all around the[br]world. And we couldn’t think of a better

0:58:10.709,0:58:15.380
person, in fact, when we came up with a[br]list of people. The person that we ended

0:58:15.380,0:58:19.440
up with was the Dream Candidate for a[br]number of the people in the TOR Project

0:58:19.440,0:58:24.260
and around the world. And so, I mean, I[br]have to say that I’m so excited, I’m so

0:58:24.260,0:58:28.040
excited that we have her as our Executive[br]Director. I used to think that our ship

0:58:28.040,0:58:32.300
was going to sink, that we would all go to[br]prison, and that may still happen, the

0:58:32.300,0:58:39.609
second part. But the first part, for sure,[br]is not going to happen. We found someone

0:58:39.609,0:58:44.379
who I believe will keep the TOR Project[br]going long after all of us are dead and

0:58:44.379,0:58:50.510
buried. Hopefully, not in shallow graves.[br]So, this is Shari Steele!

0:58:50.510,0:58:58.540
<i>applause</i>

0:58:58.540,0:59:00.740
Shari: Hi![br]<i>applause</i>

0:59:00.740,0:59:05.400
Thanks! Thanks, it’s actually so fun to be[br]back in this community. And I wasn’t gone

0:59:05.400,0:59:08.650
for very long. I had so much for[br]retirement. It didn’t work out for me.

0:59:08.650,0:59:14.289
But, that’s OK, I’m really excited. I have[br]had – we’re so tight on time – so I want

0:59:14.289,0:59:18.000
to just tell you there are 2 big mandates[br]that I was given when I first was hired.

0:59:18.000,0:59:22.320
And one is: Help build a great[br]infrastructure so that TOR Project is

0:59:22.320,0:59:27.330
sustainable. Working on that! The other[br]thing is: Money! We need to diversify our

0:59:27.330,0:59:31.330
funding sources, as everybody knows here.[br]The Government funding has been really

0:59:31.330,0:59:35.680
difficult for us specifically because it’s[br]all restricted. And so it limits the kinds

0:59:35.680,0:59:41.430
of things we want to do. When you get the[br]developers in a room blue-skying about the

0:59:41.430,0:59:44.900
things that they want to do, it’s[br]incredible! Really, really brilliant

0:59:44.900,0:59:48.040
people who want to do great things but[br]they’re really limited when the funding

0:59:48.040,0:59:52.960
says they have to do particular things. So[br]we happen to be doing our very first ever

0:59:52.960,0:59:59.010
crowd funding campaign right now. I want[br]to give a shout out to Katina Bishop who

0:59:59.010,1:00:03.450
is here somewhere and who is running[br]the campaign for us and is just doing an

1:00:03.450,1:00:09.779
amazing job. As of last count which is a[br]couple of days ago, we had over 3000

1:00:09.779,1:00:15.090
individual donors and over 120.000 Dollars[br]which is incredible for our very first

1:00:15.090,1:00:18.820
time when we didn’t even really have a[br]mechanism in place to be collecting this

1:00:18.820,1:00:24.540
money, even. So, it’s really great! And I[br]wanna also say we have a limited number

1:00:24.540,1:00:31.070
of these T-Shirts that I brought in a[br]suitcase from Seattle. So, and they’re

1:00:31.070,1:00:36.160
gonna be available, if you come down to[br]the Wau Holland booth at the Noisy Square.

1:00:36.160,1:00:39.619
Come talk with us! Give a donation![br]We’re doing a special: it’s normally a

1:00:39.619,1:00:46.310
100 Dollar donation to get a shirt, but[br]for the conference we’ll do, for 60 Euro

1:00:46.310,1:00:50.320
you can get a shirt and it would be great[br]you’d be able to show your support. And

1:00:50.320,1:00:56.869
you can also donate online if you don’t[br]wanna do that here. That’s the URL. And

1:00:56.869,1:01:01.109
to end, we’d like to have a[br]word from Down Under!

1:01:01.109,1:01:05.079
<i>Video starts</i>

1:01:05.079,1:01:09.859
<i>Video Intro Violin Music</i>

1:01:09.859,1:01:15.030
Good Day to you! Fellow Members of the[br]Intergalactic Resistance against Dystopian

1:01:15.030,1:01:20.550
bastardry! It is I, George Orwell, with an[br]urgent message from Planet Earth, as it

1:01:20.550,1:01:25.670
embarks on a new orbit. Transmitting via[br]the Juice Channeling Portal. Our time is

1:01:25.670,1:01:30.290
short. So let’s get straight to the point.[br]Shall we? This transmission goes out to

1:01:30.290,1:01:35.420
all you internet citizens. Denizens of[br]the one remaining free frequency. In whose

1:01:35.420,1:01:40.869
hands rests the fate of humanity.[br]Lord… f_ckin’ help us!

1:01:40.869,1:01:42.869
<i>typewriter typing sounds</i>

1:01:42.869,1:01:48.560
When I last appeared to you, I warned you[br]noobs: You must not lose the Internet! Now

1:01:48.560,1:01:54.140
before I proceed, let us clarify one[br]crucial thing. The Internet is not Virtual

1:01:54.140,1:02:00.450
Reality, it is actual Reality.[br]<i>typewriter typing sounds</i>

1:02:00.450,1:02:05.420
Are you still with me? Good. Now ask[br]yourselves: Would you let some fascist

1:02:05.420,1:02:09.180
dictate with whom you can and cannot[br]communicate? Because that’s what happens

1:02:09.180,1:02:13.700
every time a government blacklists a[br]website domain. Would you let anyone force

1:02:13.700,1:02:18.490
you to get all your information from cable[br]TV? That’s effectively the case if you

1:02:18.490,1:02:24.800
allow corporations to kill Net Neutrality.[br]<i>typewriter typing sounds</i>

1:02:24.800,1:02:29.160
Would you let the Thought Police install[br]telescreens in your house, monitor and

1:02:29.160,1:02:34.010
record everything you do, every time you[br]move, every word you’ve read, to peer into

1:02:34.010,1:02:37.880
the most private nook of all, your head?[br]BECAUSE THAT’S WHAT HAPPENS when

1:02:37.880,1:02:42.540
you let your governments monitor the net[br]and enact mandatory data-retention laws!

1:02:42.540,1:02:48.200
<i>smashing sounds</i>

1:02:48.200,1:02:52.480
If you answered “No” to all those[br]questions, then we can safely deduce

1:02:52.480,1:02:59.600
that terms like “Online”, “IRL” and “in[br]Cyberspace” are Newspeak. They confuse the

1:02:59.600,1:03:05.040
truth: There is no “Cybersphere”. There[br]is only life. Here. It follows that if you

1:03:05.040,1:03:09.380
have an oppressive Internet, you have[br]an oppressive society, too. Remember:

1:03:09.380,1:03:11.490
online is real life…[br]<i>typewriter typing sounds</i>

1:03:11.490,1:03:15.950
Your Digital Rights are no different from[br]everyday human rights! And don’t give me

1:03:15.950,1:03:20.089
that BS that you don’t care about[br]Privacy because you have nothing to hide.

1:03:20.089,1:03:24.570
That’s pure Doublethink. As comrade[br]Snowden clearly explained, that’s like

1:03:24.570,1:03:28.730
saying you don’t care about Free Speech[br]because you have nothing to say!

1:03:28.730,1:03:32.970
Stick that up your memory[br]holes and smoke it, noobs!

1:03:32.970,1:03:37.650
Pigs Arse, the portal is closing, I’m[br]losing you! I’ll leave you with a new tool

1:03:37.650,1:03:42.689
to use. I assume you’ve all been fitted[br]with one of these spying devices. Well,

1:03:42.689,1:03:46.420
here’s an app you can use in spite of[br]this. It’s called Signal, and, yes, it’s

1:03:46.420,1:03:50.660
free and simple. Install it and tell all[br]your contacts to mingle then all your

1:03:50.660,1:03:54.520
calls and texts will be encrypted. So even[br]if Big Brother sees them the c_nt won’t be

1:03:54.520,1:04:00.490
able to read them. Hahaa! Now that’s[br]a smartphone! Our time is up!

1:04:00.490,1:04:04.230
<i>typewriter typing sounds</i>[br]Until the next transmission. Heed the

1:04:04.230,1:04:09.740
words of George Orwell. Or[br]should I say: George TORwell?

1:04:09.740,1:04:14.870
<i>typewriter typing sounds</i>

1:04:14.870,1:04:19.609
Remember, just as I went to Spain to fight[br]the dirty fascists you can come to Onion

1:04:19.609,1:04:24.089
land and fight Big Brother’s filthy[br]tactics. If you’re a Pro run a node and

1:04:24.089,1:04:28.180
strengthen the code. Or if you’re in the[br]Outer Party and can afford it, send TOR

1:04:28.180,1:04:33.720
some of your dough. Special Salute to[br]all my comrades, the “State of the Onion”.

1:04:33.720,1:04:38.109
Happy Hacking! Now go forth and[br]f_ck up Big Brother. That mendacious

1:04:38.109,1:04:42.539
motherf_cking, c_ck-sucking bastard[br]son of a corporatist b_tch…

1:04:42.539,1:04:52.910
<i>Video Outro Music</i>

1:04:52.910,1:05:00.999
<i>applause</i>

1:05:00.999,1:05:05.410
Jacob: So, I think that’s all the time[br]that we have. Thank you very much for

1:05:05.410,1:05:08.760
coming. And thank you all[br]for your material support.

1:05:08.760,1:05:35.370
<i>applause</i>

1:05:35.370,1:05:41.720
Herald: Unfortunately we won’t have time[br]for a Q&A. But I heard that some of the

1:05:41.720,1:05:49.940
crew will now go to the Wau Holland booth[br]at Noisy Square down in the Foyer and

1:05:49.940,1:05:54.790
might be ready to answer[br]questions there. If you have any.

1:05:54.790,1:05:59.330
<i>postroll music</i>

1:05:59.330,1:06:05.881
Subtitles created by c3subtitles.de[br]in 2016. Join and help us!