WEBVTT

00:00:00.000 --> 00:00:11.019
<i>preroll music</i>

00:00:11.019 --> 00:00:18.269
Herald: I am very happy to introduce this
year’s update on the “State of the Onion”!

00:00:18.269 --> 00:00:23.969
This is a talk with about 5 speakers,
so let’s introduce them one by one.

00:00:23.969 --> 00:00:28.529
First, Roger. He did it the last talk.
He is the founder of the TOR Project,

00:00:28.529 --> 00:00:35.979
<i>applause</i>
MIT Graduate and Top 100 Global Thinkers.

00:00:35.979 --> 00:00:39.059
Then we have Jake, a
humble PHD math student

00:00:39.059 --> 00:00:42.410
<i>applause</i>

00:00:42.410 --> 00:00:46.350
that is in my opinion not a
National Security threat

00:00:46.350 --> 00:00:51.190
but a post National Security promise.

00:00:51.190 --> 00:00:55.129
We have Mike Perry, and I think
it is enough to say about him,

00:00:55.129 --> 00:00:58.700
that the NSA calls him a worthy adversary.

00:00:58.700 --> 00:01:04.909
<i>applause</i>

00:01:04.909 --> 00:01:09.250
He is also the lead dev
of the TOR Browser.

00:01:09.250 --> 00:01:14.220
And then we have Alison Macrina,
a radical, militant librarian.

00:01:14.220 --> 00:01:21.270
<i>applause</i>

00:01:21.270 --> 00:01:28.040
And last but not least: Shari Steele, the
new Executive Director of the TOR Project.

00:01:28.040 --> 00:01:35.500
<i>applause</i>

00:01:35.500 --> 00:01:40.220
So without further ado:
This year’s State of the Onion!

00:01:40.220 --> 00:01:45.230
<i>applause</i>

00:01:45.230 --> 00:01:49.490
Jacob: Alright, it’s a great
honor to be back here again.

00:01:49.490 --> 00:01:52.640
And we’re really happy to be able
to introduce so many more faces.

00:01:52.640 --> 00:01:56.770
It’s no longer the Roger and Jake
show. That’s very important to us.

00:01:56.770 --> 00:02:01.430
Hopefully next year, we won’t
be here, but we’ll still be alive.

00:02:01.430 --> 00:02:05.660
So 2015, if I were to express
it in a hand gesture

00:02:05.660 --> 00:02:10.310
or with a facial expression, it would
look something like “Ooouuw”.

00:02:10.310 --> 00:02:15.460
It was really a year of big changes. Not
all of them were really good changes.

00:02:15.460 --> 00:02:18.450
And there were a lot of heavy things
that happened throughout the year.

00:02:18.450 --> 00:02:22.020
We won’t even be able to cover all of
them because we only have an hour.

00:02:22.020 --> 00:02:25.760
So we want to focus on the
positive things. I would say that

00:02:25.760 --> 00:02:30.120
probably the nicest thing is that we are
growing. We’re really, really growing.

00:02:30.120 --> 00:02:33.200
Not only growing the network,
but we’re growing the community.

00:02:33.200 --> 00:02:37.030
And in some sense we’re expanding
throughout the whole world in terms of

00:02:37.030 --> 00:02:41.450
users who are using TOR, what TOR
users are using TOR for, which is

00:02:41.450 --> 00:02:45.200
of course extremely important that there
is more and more people just doing

00:02:45.200 --> 00:02:49.260
regular things with TOR, protecting
themselves. But then we have of course

00:02:49.260 --> 00:02:52.100
lots of specialized things that happen
with the TOR network as well.

00:02:52.100 --> 00:02:56.290
We have things like OnionBalance and
Ricochet. Really exciting developments.

00:02:56.290 --> 00:03:01.060
And we’ll talk a bit about all of those
things. One of the most unlikely things,

00:03:01.060 --> 00:03:05.990
at least when I imagine working
on TOR, say 10 years ago vs. now,

00:03:05.990 --> 00:03:09.750
is that we’ve worked with some really
unlikely partners. Some of you know

00:03:09.750 --> 00:03:17.190
that I’m not really a big fan of Silicon
Valley, even though I’m from there.

00:03:17.190 --> 00:03:21.860
So you know, I sometimes call Facebook
not so nice names, like Stasi-Book.

00:03:21.860 --> 00:03:24.190
And part of the reason for that is
because I think it is a little bit weird,

00:03:24.190 --> 00:03:28.250
that you report on all your friends
in order to go to parties.

00:03:28.250 --> 00:03:32.459
Previously it was to get into the party
and now it is to go to parties.

00:03:32.459 --> 00:03:35.860
And yet we worked with them on something.

00:03:35.860 --> 00:03:39.680
Because it turns out that sometimes
you have unlikely temporary alliances.

00:03:39.680 --> 00:03:43.490
And it turns out that while I personally
may think that they are evil incarnate

00:03:43.490 --> 00:03:48.470
in some sense, it is the case that
there is at least one good guy there.

00:03:48.470 --> 00:03:52.640
Alec worked on this fantastic RFC7686,

00:03:52.640 --> 00:03:58.130
that actually allowed us to help all
Facebook users mitigate some harm.

00:03:58.130 --> 00:04:01.540
Which is that if they want to be able
to visit Facebook; and I guess

00:04:01.540 --> 00:04:05.280
the reality is that not using Facebook
for a lot of people is sort of like

00:04:05.280 --> 00:04:08.590
the “Kill your Television” bumper sticker
of the 90s. For those of you that ever

00:04:08.590 --> 00:04:13.470
visited rural America. You know that that
wasn’t like a really successful campaign.

00:04:13.470 --> 00:04:18.469
A lot of people have TVs these days
as well. So it’s a little bit like that,

00:04:18.469 --> 00:04:22.370
only here we actually built an alternative
where we can mitigate harm.

00:04:22.370 --> 00:04:25.400
And that’s really incredibly important
because it mitigates harm in all sorts

00:04:25.400 --> 00:04:29.129
of different pieces of software. It
makes it possible for us to talk to

00:04:29.129 --> 00:04:32.900
Browser vendors, to DNS resolvers.
And part of this was motivated

00:04:32.900 --> 00:04:36.569
by some investigative journalism
that I actually did, where I revealed

00:04:36.569 --> 00:04:41.090
XKeyscore rules, where the US
Government’s National Security Agency

00:04:41.090 --> 00:04:45.159
was sifting through all of the internet
traffic to look for .onion addresses.

00:04:45.159 --> 00:04:49.169
So when they saw a DNS request
for .onion they were actually

00:04:49.169 --> 00:04:52.919
learning .onions by harvesting traffic.
And that really motivated me

00:04:52.919 --> 00:04:55.779
to want to make it, so that the DNS
resolvers didn’t do that anymore.

00:04:55.779 --> 00:05:00.819
It was very important, because one
of my core missions with TOR

00:05:00.819 --> 00:05:04.699
is to make that kind of stuff a
lot harder for the spies to do.

00:05:04.699 --> 00:05:08.980
And protecting everyday users, even
users who aren’t TOR users, yet.

00:05:08.980 --> 00:05:12.300
And that’s very important. So working
with Alec on this has been great,

00:05:12.300 --> 00:05:16.169
because the IETF actually
supports this. And now

00:05:16.169 --> 00:05:20.190
ICANN will not sell
.onion to anyone.

00:05:20.190 --> 00:05:24.250
It’s a special use reserved
name. And that’s incredible!

00:05:24.250 --> 00:05:31.269
<i>applause</i>

00:05:31.269 --> 00:05:34.599
Roger: OK, so. Is this
thing on? Yes it is, great!

00:05:34.599 --> 00:05:37.370
So there are a couple of interesting
graphs, that we’re going to give you,

00:05:37.370 --> 00:05:42.490
of usage scenarios, usage
instances over the past year.

00:05:42.490 --> 00:05:46.539
So pretty recently we were looking at
the number of people in Russia

00:05:46.539 --> 00:05:51.199
using TOR. Russia has been talking about
censoring, talking about all sorts of

00:05:51.199 --> 00:05:55.979
oppression steps. And at
the beginning of November,

00:05:55.979 --> 00:06:01.219
we moved from 180k people in
Russia each day using TOR

00:06:01.219 --> 00:06:05.749
up to almost 400k people. And
this is probably a low estimate.

00:06:05.749 --> 00:06:10.159
So many hundreds of thousands
of people for that two week period,

00:06:10.159 --> 00:06:14.619
which started with a Russian bomber
getting shot down, were trying to get

00:06:14.619 --> 00:06:18.319
news from the rest of the world, rather
than news as Russia wanted to show it

00:06:18.319 --> 00:06:22.460
to them. So that’s
kind of a cool event.

00:06:22.460 --> 00:06:26.139
Another interesting event: Bangladesh
ended up censoring Facebook

00:06:26.139 --> 00:06:30.229
and some other websites and a whole
lot of people switched to using TOR.

00:06:30.229 --> 00:06:32.909
I was actually talking to one of the
Facebook people and they have their own

00:06:32.909 --> 00:06:37.819
internal statistics about the number of
people connecting over the TOR network

00:06:37.819 --> 00:06:42.279
to Facebook. And it would be super
cool to super impose these two graphs.

00:06:42.279 --> 00:06:45.749
Our data is public and open
and we like sharing it.

00:06:45.749 --> 00:06:49.520
They don’t actually share their data.
But one day it would be really cool

00:06:49.520 --> 00:06:53.110
to be able to see both of these
graphs at once, to see users shifting

00:06:53.110 --> 00:06:57.259
from reaching Facebook
directly to going over TOR.

00:06:57.259 --> 00:07:00.050
The other interesting thing from the
Bangladesh side: I was looking at the

00:07:00.050 --> 00:07:04.499
Alexa top websites around the
world and we, torproject.org is

00:07:04.499 --> 00:07:08.539
like 8000th in the global
rankings, but at least

00:07:08.539 --> 00:07:11.649
for the past couple of weeks
torproject.org has been

00:07:11.649 --> 00:07:16.849
300th in Bangladesh. So there are a
whole heck of a lot of people there,

00:07:16.849 --> 00:07:22.889
learning about these privacy things
that can get around local censorship.

00:07:22.889 --> 00:07:28.289
<i>applause</i>

00:07:28.289 --> 00:07:32.270
OK, and then an exciting
other story that we’re

00:07:32.270 --> 00:07:35.900
going to touch on briefly, but
it’s an entire talk on its own.

00:07:35.900 --> 00:07:40.439
So let me give you a couple
of facts and we’ll go from there.

00:07:40.439 --> 00:07:44.069
January of 2014 a hundred
relays showed up

00:07:44.069 --> 00:07:47.699
in the TOR network and we weren’t sure
who was running them, but they weren’t

00:07:47.699 --> 00:07:52.159
exit relays, so they didn’t seem like
they were such a threat at the time.

00:07:52.159 --> 00:07:57.839
Fast forward a while later: The
CERT organization inside CMU

00:07:57.839 --> 00:08:01.929
submitted a presentation to
Blackhat on how cool they were

00:08:01.929 --> 00:08:05.939
for being able to attack TOR users. And
they talked about how they were going to

00:08:05.939 --> 00:08:09.610
talk about individual users
that they de-anonymized

00:08:09.610 --> 00:08:12.990
and how cool they were for that.
And I spent a while trying to extract

00:08:12.990 --> 00:08:17.479
details from them. And eventually
I learned what their attack was.

00:08:17.479 --> 00:08:21.169
And then Nick Mathewson, one of
the other TOR developers decided

00:08:21.169 --> 00:08:25.050
to check the TOR network to see if
anybody was actually doing that attack.

00:08:25.050 --> 00:08:29.099
I mean it’s CERT, they are the
folks who publicised the phrase

00:08:29.099 --> 00:08:33.059
“responsible disclosure”. Surely,
they are not actually undermining

00:08:33.059 --> 00:08:36.679
the TOR network and attacking TOR users.
But then it turns out that somebody was

00:08:36.679 --> 00:08:40.880
doing the attack. And it was these
100 relays that looked kind of ordinary

00:08:40.880 --> 00:08:44.759
and innocuous before that. Then I sent
mail to the CERT people, saying:

00:08:44.759 --> 00:08:48.540
“Hey are those relays yours?” And they
went silent. They have never answered any

00:08:48.540 --> 00:08:54.269
of my mails since then. So that’s
what we know. It doesn’t look good.

00:08:54.269 --> 00:08:58.009
One of the key things that we,
TOR, have done from here is

00:08:58.009 --> 00:09:01.459
we’ve been working on strengthening
the TOR network and getting better

00:09:01.459 --> 00:09:05.389
at recognizing these things. So
the core of the attack was that

00:09:05.389 --> 00:09:09.150
they did what’s called a Sybil attack,
where you sign up a lot of relays

00:09:09.150 --> 00:09:13.449
and you become too large a fraction of the
TOR network. So we’ve been working on

00:09:13.449 --> 00:09:18.339
a lot of ways to recognize that
an attack like that is happening,

00:09:18.339 --> 00:09:22.139
and mitigate it, and get rid of it
early. For example Philipp Winter

00:09:22.139 --> 00:09:26.819
has a bunch of interesting research
areas on recognizing similarity

00:09:26.819 --> 00:09:30.670
between relays. So you can
automatically start detecting:

00:09:30.670 --> 00:09:33.920
“Wait a minute, this event
happened, where a lot of relays

00:09:33.920 --> 00:09:38.480
are more similar than they should
be.” Another example there is:

00:09:38.480 --> 00:09:41.610
We used to say: “Well I don’t
know who’s running them,

00:09:41.610 --> 00:09:45.399
but they don’t seem that dangerous. So
OK, it’s good to grow the TOR network.”

00:09:45.399 --> 00:09:48.940
Now we’re taking the other
approach of “Gosh, that’s weird,

00:09:48.940 --> 00:09:52.470
let’s get rid of them and then
we’ll ask questions after that.”

00:09:52.470 --> 00:09:56.009
So we’re trying to be more
aggressive, more conservative

00:09:56.009 --> 00:09:59.880
at keeping the TOR network
safe from large adversaries.

00:09:59.880 --> 00:10:04.620
Whether they’re government organizations
or corporations or individuals.

00:10:04.620 --> 00:10:12.029
Whoever might be attacking it.

00:10:12.029 --> 00:10:17.220
Jacob: We’ve had a few really big
changes in the TOR community.

00:10:17.220 --> 00:10:20.610
One of them is that we had
an Interim Executive Director

00:10:20.610 --> 00:10:25.930
come on in a sort of quick moment
and that’s Roger Dingledine.

00:10:25.930 --> 00:10:28.850
Some of you probably always thought he
was the Executive Director the whole time.

00:10:28.850 --> 00:10:33.279
That’s because for a while he was and then
he wasn’t. And then he was back again.

00:10:33.279 --> 00:10:37.490
And that change was quite a
huge change in that instead of

00:10:37.490 --> 00:10:41.190
working on a lot of anonymity stuff,
Roger was doing a lot of bureaucratic

00:10:41.190 --> 00:10:44.519
paperwork which was actually quite
sad for the anonymity world, I think.

00:10:44.519 --> 00:10:48.160
He probably reviewed fewer papers
and did fewer anonymity things

00:10:48.160 --> 00:10:51.790
this year than ever before.
Which is really, really sad.

00:10:51.790 --> 00:10:55.050
But that really lit a fire under us to
make sure that we would actually

00:10:55.050 --> 00:10:58.839
change that. To make sure that it was
possible to get someone else, who is

00:10:58.839 --> 00:11:02.399
really good at being an Executive Director
of the TOR Project, to really lead,

00:11:02.399 --> 00:11:06.459
so that we could have Roger return to
not only being an anonymity researcher,

00:11:06.459 --> 00:11:09.240
but also the true Spirit
Animal of the TOR Project.

00:11:09.240 --> 00:11:13.440
He doesn’t look like
an onion, but in spirit.

00:11:13.440 --> 00:11:19.540
Roger: Slide!
Jacob: <i>laughing</i>

00:11:19.540 --> 00:11:22.329
Another really big thing that happened
is working with Laura Poitras

00:11:22.329 --> 00:11:27.800
over the last many years.
She has followed the TOR Project

00:11:27.800 --> 00:11:31.129
– lots of people like to follow the
people on the TOR Project –

00:11:31.129 --> 00:11:35.639
but we consented to her following us.
And she made a film, “Citizenfour”,

00:11:35.639 --> 00:11:39.000
I think some of you… have
any of you seen this film?

00:11:39.000 --> 00:11:45.170
<i>applause</i>
Quite amazingly,

00:11:45.170 --> 00:11:48.499
she won an Oscar. Actually, she
basically won every film prize.

00:11:48.499 --> 00:11:57.269
<i>applause</i>

00:11:57.269 --> 00:12:01.170
One of the key things is that people
in this room that work on Free Software

00:12:01.170 --> 00:12:04.819
were explicitly thanked. If you work
on Tails, if you work on GnuPG,

00:12:04.819 --> 00:12:08.649
if you work on SecureDrop,
OTR, TOR, …

00:12:08.649 --> 00:12:11.459
She specifically said in
the credits of the film:

00:12:11.459 --> 00:12:15.490
This film wouldn’t have been
possible without that Free Software.

00:12:15.490 --> 00:12:18.939
Actually making her job and
the jobs of her source

00:12:18.939 --> 00:12:22.000
and other people involved…
making that possible.

00:12:22.000 --> 00:12:25.750
And so her winning that Oscar
in some sense feels like

00:12:25.750 --> 00:12:29.480
closing a really big loop that had
been open for a very long time.

00:12:29.480 --> 00:12:33.000
And it’s really great and she,
I think, would really wish that she

00:12:33.000 --> 00:12:37.660
could be here today, again. She
sends her regards, and she is really,

00:12:37.660 --> 00:12:42.470
really thankful for everybody here that
writes Free Software for freedom!

00:12:42.470 --> 00:12:47.909
<i>applause</i>

00:12:47.909 --> 00:12:51.639
Roger: So another exciting event
that happened in 2015 is that reddit

00:12:51.639 --> 00:12:55.660
gave us 83.000$. They had some
extra profit and they decided

00:12:55.660 --> 00:13:00.839
that they would give it to 10 non-profits
chosen from among the Redditer community.

00:13:00.839 --> 00:13:03.839
And there were people who came to me
and said: “Hey Roger, you really have to,

00:13:03.839 --> 00:13:06.939
you know, start advocating, start
teaching everybody, why TOR should be

00:13:06.939 --> 00:13:10.290
one of them.” And I said: “Oh, I’m
busy. Those things never work.

00:13:10.290 --> 00:13:13.810
You know, they’ll choose somebody
else.” And so it turns out that we were

00:13:13.810 --> 00:13:18.550
the 10th out of 10 without doing
any advocacy work whatsoever

00:13:18.550 --> 00:13:22.509
to the reddit community, which is super
cool that they care about us so much.

00:13:22.509 --> 00:13:27.089
Also reddit divided the ten equally. So
even though we were the 10th out of 10,

00:13:27.089 --> 00:13:31.200
we got 10% of the donations
that they were giving out.

00:13:31.200 --> 00:13:37.870
<i>applause</i>

00:13:37.870 --> 00:13:41.149
Jake: One of the really –
I would say one of the oddest things

00:13:41.149 --> 00:13:46.120
about working at the TOR Project for me
is that TOR has supported me through

00:13:46.120 --> 00:13:49.629
really crazy times. So when I was
being detained by the US Government

00:13:49.629 --> 00:13:54.550
or having my property stolen by fascist
pigs in the United States Government’s

00:13:54.550 --> 00:13:59.329
border checkpoints, TOR didn’t fire me.
TOR always backed me and always

00:13:59.329 --> 00:14:03.379
kept me safe. And many people often look
like they wanted to kill me from stress,

00:14:03.379 --> 00:14:06.389
but often they didn’t, which was nice.
Or they didn’t get close enough

00:14:06.389 --> 00:14:10.669
and I could move fast enough. But
they were always very helpful. And

00:14:10.669 --> 00:14:14.949
they’ve really helped me to
go and do things to speak for

00:14:14.949 --> 00:14:18.430
anonymous users who can’t go
other places. And one of the places

00:14:18.430 --> 00:14:22.220
which I was most honored to go in the
last year – I was actually scheduled

00:14:22.220 --> 00:14:25.569
to go there with Caspar Bowden, but
unfortunately he was ill at the time.

00:14:25.569 --> 00:14:29.899
And as you know, Caspar
has since passed away.

00:14:29.899 --> 00:14:32.999
But we were scheduled to go together and
TOR was supporting us both, actually,

00:14:32.999 --> 00:14:38.319
to go to this. And it resulted, I believe,

00:14:38.319 --> 00:14:41.519
in a very amazing meeting in
Geneva at the United Nations,

00:14:41.519 --> 00:14:45.779
where the special rapporteur actually
endorsed TOR and off-the-record messaging

00:14:45.779 --> 00:14:49.729
and encryption programs,
and privacy, and free software.

00:14:49.729 --> 00:14:54.680
Saying that they are absolutely essential.
And in fact their use should be encouraged

00:14:54.680 --> 00:14:59.629
from a human rights perspective. And in
fact the really amazing part about it is

00:14:59.629 --> 00:15:03.649
he didn’t do it only from the perspective
of free speech. And this is important,

00:15:03.649 --> 00:15:07.139
because actually there are other rights.
And we should think about them.

00:15:07.139 --> 00:15:10.370
So for example the right to form
and to hold an idea is a right

00:15:10.370 --> 00:15:14.079
that cannot be abridged. The right
to free speech can be abridged

00:15:14.079 --> 00:15:18.589
in many free societies, but what is
in your head and how you form it

00:15:18.589 --> 00:15:22.040
is something where… that is not
a right that can be abridged.

00:15:22.040 --> 00:15:25.579
And he wrote this in the report. And
he, when writing this report with

00:15:25.579 --> 00:15:29.899
many other people, made it very clear that
this is something we need to keep in mind.

00:15:29.899 --> 00:15:34.249
That when we talk about private spaces
online, where groups may collaborate

00:15:34.249 --> 00:15:37.850
to form ideas, to be able to create
a political platform for example,

00:15:37.850 --> 00:15:41.220
to be able to make democratic change,
they need to be able to use the internet

00:15:41.220 --> 00:15:46.319
to freely exchange those ideas in a secure
and anonymized, encrypted fashion.

00:15:46.319 --> 00:15:50.889
And that helps them to form and to hold
ideas. And obviously that helps them later

00:15:50.889 --> 00:15:55.470
to express free speech ideas. And that’s
a huge thing to have the United Nations

00:15:55.470 --> 00:16:02.409
endorse basically what many of us in this
room have been saying for, well… decades.

00:16:02.409 --> 00:16:05.459
Roger: So the UN thing is really cool.
We’ve also been doing some other

00:16:05.459 --> 00:16:09.879
policy angles. So Steven Murdoch, who
is a professor in England and also

00:16:09.879 --> 00:16:14.350
part of the TOR community, has worked
really hard at teaching the British folks,

00:16:14.350 --> 00:16:18.490
that their new backdoor laws and
their new terrible laws are actually

00:16:18.490 --> 00:16:23.240
not what any reasonable country wants.
So he’s put a huge amount of energy into

00:16:23.240 --> 00:16:27.680
basically advocating for freedom for
them. And similarly Paul Syverson,

00:16:27.680 --> 00:16:32.569
part of the TOR community, basically
ended up writing a post note for the UK

00:16:32.569 --> 00:16:36.790
about how the dark web is
misunderstood. See previous talk.

00:16:36.790 --> 00:16:40.680
So we’ve been doing quite a bit
of education at the policy level

00:16:40.680 --> 00:16:44.910
to try to teach the world, that encryption
is good and safe and worthwhile

00:16:44.910 --> 00:16:50.070
and should be the default
around the world.

00:16:50.070 --> 00:16:54.050
Jake: And there is a kind of interesting
thing here. Maybe a little contentious

00:16:54.050 --> 00:16:57.279
with some people in the TOR community.
But I just wanted to make it really clear.

00:16:57.279 --> 00:17:01.170
We have the TOR Project, which is
a non-profit in the United States.

00:17:01.170 --> 00:17:04.569
And we have a much wider TOR
community all around the world.

00:17:04.569 --> 00:17:07.950
And in Berlin we have a really, really
like an incredible TOR community.

00:17:07.950 --> 00:17:11.380
We have people like Donncha working
on OnionBalance. We have people like

00:17:11.380 --> 00:17:14.810
Leif Ryge working on bananaphone. We
have all of these different people working

00:17:14.810 --> 00:17:17.970
on all sorts of Free Software. And many
of those people don’t actually work

00:17:17.970 --> 00:17:21.240
for the TOR Project. They’re community
members, they’re volunteers,

00:17:21.240 --> 00:17:26.010
there is some of privacy students.
And so the Renewable Freedom Foundation

00:17:26.010 --> 00:17:30.050
actually funded the creation
of a sort of separate space

00:17:30.050 --> 00:17:33.980
in Berlin where people work on these
kinds of things, which is not affiliated

00:17:33.980 --> 00:17:38.100
with US Government money. It’s
not affiliated with the TOR Project

00:17:38.100 --> 00:17:41.360
as some sort of corporate thing.
It’s not a multinational thing.

00:17:41.360 --> 00:17:46.630
It’s really the peer-to-peer version in
some sense of what we’ve already had

00:17:46.630 --> 00:17:49.650
in other places. And it’s really great
and I wanted to just thank Moritz

00:17:49.650 --> 00:17:54.350
who made that happen and to all the
people like Aaron Gibson, and Juris

00:17:54.350 --> 00:17:57.900
who actually put that space together
and made it possible. So in Berlin,

00:17:57.900 --> 00:18:01.740
there is a space, not just c-base,
not just CCCB, but actually

00:18:01.740 --> 00:18:05.600
a place which is about anonymity.
It’s called Zwiebelraum.

00:18:05.600 --> 00:18:09.430
And this is a place in which people are
working on this Free Software. And they

00:18:09.430 --> 00:18:12.340
are doing it in an independent manner.
And we hope actually that people will

00:18:12.340 --> 00:18:16.400
come together and support that, because
we need more spaces like that, that

00:18:16.400 --> 00:18:20.670
are not directly affiliated with the TOR
Project, necessarily, but where we have

00:18:20.670 --> 00:18:24.280
an aligned mission about reproduceable
builds in Free Software and also

00:18:24.280 --> 00:18:29.300
about anonymity and actually about caring
about Free Speech. And actually making

00:18:29.300 --> 00:18:33.110
it happen. And really building spaces
like that all around the world. So if you

00:18:33.110 --> 00:18:36.140
have a place in your town where you want
to work on those things, we would really

00:18:36.140 --> 00:18:40.340
hope that you will work on building that.
I called it “general cipher punkery”.

00:18:40.340 --> 00:18:44.300
I feel like that’s a good description.
There’s lots of stuff to be done.

00:18:44.300 --> 00:18:48.940
And now for a Marxist joke: So we
discovered the division of labor,

00:18:48.940 --> 00:18:52.570
which was a really important discovery.
We’re about 180 years too late,

00:18:52.570 --> 00:18:58.310
but we started to split up where it didn’t
go very well, the Marxist asked why.

00:18:58.310 --> 00:19:02.410
Cheers, cheers!
So the Vegas Teams are really simple.

00:19:02.410 --> 00:19:06.620
Basically we have a bunch of people
that previously they did everything.

00:19:06.620 --> 00:19:10.130
And this really doesn’t work. It’s very
stressful and it’s very frustrating

00:19:10.130 --> 00:19:14.470
and it leads to people doing lots and
lots of things in a very unfocused way.

00:19:14.470 --> 00:19:18.740
And so we split it up! And it actually
happened naturally, it was emergent.

00:19:18.740 --> 00:19:24.010
So e.g. Mike Perry, who’s gonna talk
about the Applications Team’s work

00:19:24.010 --> 00:19:28.280
in a second here, he was
already leading this,

00:19:28.280 --> 00:19:32.370
he was really making this happen. And
so we just made it more explicit. And,

00:19:32.370 --> 00:19:36.650
in fact we created a way of communicating
and reporting back so that

00:19:36.650 --> 00:19:39.850
you don’t have to, like, drink from the
fire hose about absolutely everything

00:19:39.850 --> 00:19:42.430
that’s happening everywhere, but you can
sort of tune in to those things, which

00:19:42.430 --> 00:19:46.970
means we get higher-level understandings
and that is a really, incredibly useful

00:19:46.970 --> 00:19:49.740
thing that has made us much more
productive. And what was part of the

00:19:49.740 --> 00:19:53.500
growing pains of the last year actually
was figuring out how to make that work

00:19:53.500 --> 00:19:57.210
because we’re a pretty flat group in terms
of a community and a pretty flat group

00:19:57.210 --> 00:20:02.060
in terms of an organization writing
Free Software and advocating.

00:20:02.060 --> 00:20:06.500
And so that’s a really incredibly good
thing which will come up all the time.

00:20:06.500 --> 00:20:09.770
You’ll hear people talking about the
Metrics Team or the Network Team or the

00:20:09.770 --> 00:20:13.650
Applications Team or the Community Team.
And that’s what we’re talking about.

00:20:13.650 --> 00:20:17.630
In that sense. So we tried to formalize it
and in some ways we may be moving in a

00:20:17.630 --> 00:20:23.840
sort of Debian model a little bit. And
we’ll see how that actually goes. So we

00:20:23.840 --> 00:20:28.470
have a really great person here to
explain the work of the Metrics Team.

00:20:28.470 --> 00:20:32.350
Roger: OK, so I’m gonna tell you a little
bit about what the Metrics Team has been

00:20:32.350 --> 00:20:36.570
working on lately to give you a
sense of some of the components

00:20:36.570 --> 00:20:40.890
of the TOR community. So there are 5 or
10 people who work on the Metrics Team.

00:20:40.890 --> 00:20:45.350
We actually only pay one-ish of them;
so most of them are volunteers

00:20:45.350 --> 00:20:48.980
and that’s… on the one hand that’s great.
It’s wonderful that there are researchers

00:20:48.980 --> 00:20:53.750
all around the world who are contributing
and helping to visualize and helping to do

00:20:53.750 --> 00:20:57.980
analysis on the data. On the other hand
it’s sort of sad that we don’t have a full

00:20:57.980 --> 00:21:02.530
team of full-time people who are working
on this all the time. So it’d be great

00:21:02.530 --> 00:21:07.710
to have your assistance
working on this. So,

00:21:07.710 --> 00:21:12.430
actually Metrics has been accumulating
all sorts of analysis tools

00:21:12.430 --> 00:21:16.990
over the past 5 years. So there are up to
30 different little tools. There’s Atlas

00:21:16.990 --> 00:21:22.410
and Globe and Stem and 20-something more
which is a challenge to keep coordinated,

00:21:22.410 --> 00:21:26.690
a challenge to keep maintained. So
they’ve been working on how to integrate

00:21:26.690 --> 00:21:32.090
these things and make them more
usable and maintainable and extensible.

00:21:32.090 --> 00:21:36.370
So one example that they… so they wrote
some slides for me to present here.

00:21:36.370 --> 00:21:40.050
One example that they were looking
at, to give you an example of how

00:21:40.050 --> 00:21:45.540
this analysis works, is bad relays in the
TOR network. So maybe that’s an exit relay

00:21:45.540 --> 00:21:50.520
that runs, but it modifies traffic, or
it watches traffic or something.

00:21:50.520 --> 00:21:56.150
Maybe it’s a relay that signs up
as a Hidden Service directory

00:21:56.150 --> 00:21:59.970
and then when you publish your
onion address to it, it goes to visit it

00:21:59.970 --> 00:22:04.370
or it puts it on a big list or something
like that. Or maybe bad relays are Sybils

00:22:04.370 --> 00:22:09.580
who – we were talking earlier about
the 2014 attack where a 100 relays

00:22:09.580 --> 00:22:14.750
showed up at once and we, the directory
authorities have a couple of ways of

00:22:14.750 --> 00:22:19.500
addressing that relays. One of them is
each of the directory authorities can say:

00:22:19.500 --> 00:22:22.670
“That relay needs to get out of the
network! We just cut it out of the

00:22:22.670 --> 00:22:27.900
network.” We can also say: “Bad exit!”
We can also say: “That relay is no longer

00:22:27.900 --> 00:22:33.240
gonna be used as an exit!” So even though
it advertises that it can reach Blockchain

00:22:33.240 --> 00:22:39.320
and other websites, clients choose not to
do it that way. So that’s the background.

00:22:39.320 --> 00:22:44.920
One of the tools that Damian wrote a while
ago is called Tor-Consensus-Health and it

00:22:44.920 --> 00:22:49.570
looks every hour at the new list of relays
in the network and it tries to figure out:

00:22:49.570 --> 00:22:53.000
“Is there something suspicious that
just happened at this point?” And in this

00:22:53.000 --> 00:22:57.920
case it looks for a bunch of new relays
showing up all at the same time with

00:22:57.920 --> 00:23:04.530
similar characteristics and it sends email
to a list. So that’s useful. The second

00:23:04.530 --> 00:23:08.910
piece of the analysis is “OK, what do you
do when that happens?” So we get an email

00:23:08.910 --> 00:23:13.960
saying “Hey, 40 new relays showed up,
what’s up with that?” So there’s a real

00:23:13.960 --> 00:23:18.790
challenge there to decide: do we allow
the TOR network to grow – sounds good –

00:23:18.790 --> 00:23:23.280
or do we wonder who these people are
and try to contact them or cut them out of

00:23:23.280 --> 00:23:29.600
the network or constrain what fraction
of the network they can become.

00:23:29.600 --> 00:23:35.150
So Philipp Winter also has a
visualization, in this case of basically

00:23:35.150 --> 00:23:41.310
which relays were around on a given month.
So the X axis is all of the different

00:23:41.310 --> 00:23:46.100
relays in the month and the Y axis is each
hour during that month. And they’ve sorted

00:23:46.100 --> 00:23:51.010
the relays here by how much they were
present in the given month. And you’ll

00:23:51.010 --> 00:23:55.120
notice the red blocks over there are
relays that showed up at the same time

00:23:55.120 --> 00:23:59.320
and they’d been consistently present at
the same time since then. So that’s kind

00:23:59.320 --> 00:24:03.070
of suspicious. That’s “Hey, wait a minute,
what’s that pattern going on there?”

00:24:03.070 --> 00:24:07.260
So this is a cool way of visualizing and
being able to drill down and say:

00:24:07.260 --> 00:24:10.780
“Wait a minute, that pattern right there,
something weird just happened.”

00:24:10.780 --> 00:24:14.470
So part of the challenge in general for
the Metrics Team is: they have a Terabyte

00:24:14.470 --> 00:24:18.350
of interesting data of what the network
has looked like over the years –

00:24:18.350 --> 00:24:23.650
how do you turn that into “Wait a minute,
that right there is something mysterious

00:24:23.650 --> 00:24:27.320
that just happened. Let’s look at it
more.” So you can look at it from

00:24:27.320 --> 00:24:31.650
the visualization side but you can also
– there’s a tool called Onionoo where

00:24:31.650 --> 00:24:35.290
you can basically query it, all sorts
of queries in it, it dumps the data

00:24:35.290 --> 00:24:39.940
back on to you. So we’ve got a Terabyte
of interesting data out there, what

00:24:39.940 --> 00:24:44.810
the relays are on the network, what
sort of statistics they been reporting,

00:24:44.810 --> 00:24:48.930
when they’re up, when they’re down,
whether they change keys a lot,

00:24:48.930 --> 00:24:55.080
whether they change IP addresses a lot.
So we encourage you to investigate and

00:24:55.080 --> 00:24:59.410
look at these tools etc. So there’s
a new website we set up this year

00:24:59.410 --> 00:25:05.180
called CollecTor, collector.torproject.org
that has all of these different data sets

00:25:05.180 --> 00:25:09.270
and pointers to all these different
libraries and tools etc. that you too

00:25:09.270 --> 00:25:15.030
can use to investigate, graph-visualize
etc. So here’s another example.

00:25:15.030 --> 00:25:19.280
At this point we’re looking at the 9
directory authorities in the network.

00:25:19.280 --> 00:25:24.620
Each of them votes its opinion about
each relay. So whether the relay’s fast,

00:25:24.620 --> 00:25:31.060
or stable, or looks like a good exit or
maybe we should vote about “Bad Exit”

00:25:31.060 --> 00:25:35.850
for it. So the grey lines are: all of the
directory authorities thought that

00:25:35.850 --> 00:25:41.120
it didn’t deserve the flag and it’s very
clear. The green lines are: enough of the

00:25:41.120 --> 00:25:45.310
directory authorities said that the relay
should get the flag, also very clear.

00:25:45.310 --> 00:25:49.960
And all the brown and light green etc.
in the middle are contradictions.

00:25:49.960 --> 00:25:53.290
That’s where some of the directory
authorities said “Yes it’s fast” and some

00:25:53.290 --> 00:25:58.710
of them said “No, it’s not fast”. And this
gives us a visualization, a way to see

00:25:58.710 --> 00:26:02.800
whether most of the directory authorities
are agreeing with each other.

00:26:02.800 --> 00:26:06.290
We should look at this over time and if
suddenly there’s a huge brown area

00:26:06.290 --> 00:26:10.930
then we can say “Wait a minute,
something’s going on”, where maybe

00:26:10.930 --> 00:26:15.080
a set of relays are trying to look good to
these directory authorities and trying

00:26:15.080 --> 00:26:19.700
not to look good to these. So basically
it helps us to recognize patterns

00:26:19.700 --> 00:26:26.070
of weird things going on. So on CollecTor
you can find all sorts of data sets

00:26:26.070 --> 00:26:32.690
and you can fetch them and do your
analysis of them. And Tor Metrics

00:26:32.690 --> 00:26:38.280
– metrics.torproject.org – has a bunch of
examples of this analysis, where you can

00:26:38.280 --> 00:26:42.430
look at graphs of the number of people
connecting from different countries, the

00:26:42.430 --> 00:26:46.700
number of relays over time, the number
of new relays, the number of bridges,

00:26:46.700 --> 00:26:52.530
users connecting to bridges etc. There
are 3 different libraries that help you

00:26:52.530 --> 00:26:56.210
to parse these various data sets. So
there’s one in Python, one in Java,

00:26:56.210 --> 00:27:01.160
one in Go; so whichever one of those
you enjoy most you can grab and start

00:27:01.160 --> 00:27:07.860
doing analysis. They do weekly or so
IRC meetings, so the TOR Metrics Team

00:27:07.860 --> 00:27:11.950
invites you to show up on January 7th
and they would love to have your help.

00:27:11.950 --> 00:27:15.340
They have a bunch of really interesting
data, they have a bunch of really

00:27:15.340 --> 00:27:21.460
interesting analysis tools and they’re
missing curious people. So show up,

00:27:21.460 --> 00:27:25.240
start asking questions about the data, try
to learn what’s going on. And you can

00:27:25.240 --> 00:27:28.305
learn more about them, on
the Metrics Team, there.

00:27:28.305 --> 00:27:32.055
And then I’m gonna pass it on to Mike.

00:27:32.055 --> 00:27:38.720
<i>applause</i>

00:27:38.720 --> 00:27:43.750
Mike: OK, so Hello everyone! So, I’ll be
telling ’bout the Applications Team part

00:27:43.750 --> 00:27:48.600
of the Vegas plan that
Jake introduced. Basically,

00:27:48.600 --> 00:27:54.060
the Applications Team was created to
bring together all the aspects of TOR

00:27:54.060 --> 00:27:58.500
and the extended community that are
working on anything that’s user facing.

00:27:58.500 --> 00:28:02.890
So anything with a user interface that
the user will directly interact with,

00:28:02.890 --> 00:28:08.550
that’s an application on
either Mobile or Desktop.

00:28:08.550 --> 00:28:13.020
So to start, obviously we had the
TOR Browser, that’s sort of like

00:28:13.020 --> 00:28:18.620
a flagship application that most people
are familiar with when they think of TOR.

00:28:18.620 --> 00:28:22.990
Recently we’ve added OrFox which is a
project by the Guardianproject to port

00:28:22.990 --> 00:28:28.050
the TOR Browser patches to Android
and that’s currently in Alpha Status. But

00:28:28.050 --> 00:28:34.190
it’s available on the Guardianproject’s
F-Droid Repo. We also have 2 chat clients:

00:28:34.190 --> 00:28:39.020
TorMessenger and Ricochet and both with
different security properties. I will be

00:28:39.020 --> 00:28:44.290
getting to it later. So I guess, first
off let’s talk about what happened

00:28:44.290 --> 00:28:51.070
in the TOR Browser world in 2015.
Basically most of the, or a good deal

00:28:51.070 --> 00:28:56.520
of our work is spent keeping up
with the Firefox release treadmill.

00:28:56.520 --> 00:29:01.620
That includes responding
to emergency releases,

00:29:01.620 --> 00:29:06.730
auditing changes in the Firefox code
base making sure that their features

00:29:06.730 --> 00:29:10.940
adhere to our privacy model and making
sure that our releases come out

00:29:10.940 --> 00:29:15.060
the same day as the official
Firefox releases so that there’s

00:29:15.060 --> 00:29:20.130
no vulnerability exposure to known
vulnerabilities after they’re disclosed.

00:29:20.130 --> 00:29:24.870
That has been a little bit rough to over
2015. I believe there is a solid 3..4

00:29:24.870 --> 00:29:29.500
months where it felt like we were doing
a release every 2 weeks. Due to either

00:29:29.500 --> 00:29:38.880
log jam or random unassessed
vulnerability or any arbitrary

00:29:38.880 --> 00:29:43.620
security issue with Firefox. But we did…
despite treading all that water we did

00:29:43.620 --> 00:29:48.710
manage to get quite a bit of work done.
As always our work on the browser focuses

00:29:48.710 --> 00:29:54.700
in 3 main areas: privacy, security
and usability. Our privacy work is

00:29:54.700 --> 00:30:00.330
primarily focused around making sure that
any new browser feature doesn’t enable

00:30:00.330 --> 00:30:05.720
new vectors for 3rd party tracking. So no
ways for a 3rd party content resource to

00:30:05.720 --> 00:30:12.570
store state or cookies or blob URIs
or some of the newer features.

00:30:12.570 --> 00:30:16.940
There’s a new cash API. These sorts
of things need to all be isolated

00:30:16.940 --> 00:30:20.840
to the URL bar domain to prevent 3rd
parties from being able to track you.

00:30:20.840 --> 00:30:25.180
From being able to recognize it’s the same
you when you log in to Facebook and

00:30:25.180 --> 00:30:31.730
when you visit CNN, and CNN loads
the Facebook Like buttons, e.g.

00:30:31.730 --> 00:30:36.530
Additionally we have done a lot of work on
fingerprinting defences, the Alpha Release

00:30:36.530 --> 00:30:41.250
ships a set of fonts for the
Linux users so that the

00:30:41.250 --> 00:30:45.340
font fingerprinting can be normalized
since a lot of Linux users tend to have

00:30:45.340 --> 00:30:49.920
different fonts installed on their
systems. As well as tries to normalize

00:30:49.920 --> 00:30:54.380
the font list that allowed for Windows
and Mac users where they often get

00:30:54.380 --> 00:30:59.670
additional fonts from 3rd party
applications that install them.

00:30:59.670 --> 00:31:05.120
On the security front the major exciting
piece is the security slider. So with iSEC

00:31:05.120 --> 00:31:11.810
Partners’ help we did a review of all the
Firefox vulnerabilities and categorized

00:31:11.810 --> 00:31:16.680
them based on the component that they were
in as well as their prevalence on the web.

00:31:16.680 --> 00:31:21.970
And came up with 4 positions that allow
you to choose, basically trade off,

00:31:21.970 --> 00:31:26.080
functionality for vulnerability surface
reduction. And this was actually quite

00:31:26.080 --> 00:31:31.870
successful. It turned out that
all of the Pwn2own exploits

00:31:31.870 --> 00:31:39.990
against Firefox were actually blocked
for non-https sites at medium/high.

00:31:39.990 --> 00:31:46.270
And if you enable the high security
level they were blocked for everything.

00:31:46.270 --> 00:31:50.130
We additionally released address
sanitizer hardened builds, these are…

00:31:50.130 --> 00:31:54.150
basically should… especially the higher
security levels of the security slider

00:31:54.150 --> 00:31:58.810
should protect against various memory
safety issues in the browser and also

00:31:58.810 --> 00:32:04.630
help us diagnose issues very rapidly.

00:32:04.630 --> 00:32:10.380
And of course we now sign our Windows
packages using a hardware security module

00:32:10.380 --> 00:32:16.850
from DigiCert. The usability improvements
were primarily focused around this UI and

00:32:16.850 --> 00:32:21.100
this new Onion Menus you can see if you
remember the old menu. There was quite a

00:32:21.100 --> 00:32:24.400
lot more options there. We sort of
condensed and consolidated options and

00:32:24.400 --> 00:32:29.490
eliminated and combined as much as we
could. An additionally displayed the

00:32:29.490 --> 00:32:37.360
circuit for the current URL bar domain.
In 2016 we’ll be focusing mostly on again

00:32:37.360 --> 00:32:41.910
the same 3 areas. Our main goal for
privacy is to try and convince Mozilla

00:32:41.910 --> 00:32:48.160
that they want to adopt our idea of
isolating 3rd party identifiers at least

00:32:48.160 --> 00:32:52.150
to the point of if the user goes into the
Preferences and tries to disable 3rd party

00:32:52.150 --> 00:32:57.860
cookies, will let you do the same thing
for DOM storage, Cash, blob URIs,

00:32:57.860 --> 00:33:02.760
worker threads, and all these
other sources of shared state.

00:33:02.760 --> 00:33:07.910
We’re very excited about their work on a
multi-process sandbox, additionally even

00:33:07.910 --> 00:33:13.580
application-level sandboxing, it should
be… without Mozilla’s sandbox,

00:33:13.580 --> 00:33:18.620
we should still be able to prevent the
browser from bypassing TOR using SecComp

00:33:18.620 --> 00:33:22.640
or AppArmor or SeatBelt or one of
these other sandboxing technologies.

00:33:22.640 --> 00:33:25.410
We’re looking forward to trying to
get that rolled out. And we’re doing

00:33:25.410 --> 00:33:30.500
exploit bounties! We’ll be
partnering with HackerOne,

00:33:30.500 --> 00:33:34.080
who’ll be announcing this shortly. The
program will start out invite-only

00:33:34.080 --> 00:33:37.200
and then… just, so we can get
used to the flow and scale up

00:33:37.200 --> 00:33:41.810
and then we’ll make it public later in the
year to basically provide people with

00:33:41.810 --> 00:33:46.560
incentive to review our code to look
for vulnerabilities that might be

00:33:46.560 --> 00:33:51.130
specific to our applications. And of
course the usual usability improving,

00:33:51.130 --> 00:33:57.470
security, improving installation. And we’d
like to improve the censorship and bridges

00:33:57.470 --> 00:34:02.780
ability flow as well hoping to automate
the discovery of bridges and inform you

00:34:02.780 --> 00:34:08.639
if your bridges become unreachable.
So TOR messenger

00:34:08.639 --> 00:34:13.230
is one of our 2 chat clients, also
part of the Applications Team.

00:34:13.230 --> 00:34:17.540
Basically, the goal there was to minimize
the amount of configuration that

00:34:17.540 --> 00:34:21.360
the user had to do if they wanted to
use one of their existing chat clients

00:34:21.360 --> 00:34:26.780
with TOR and OTR. Now this is based

00:34:26.780 --> 00:34:32.290
on another Mozilla platform – Instantbird
which is based on Thunderbird.

00:34:32.290 --> 00:34:38.300
This allows us to share a lot of the
TOR Browser configuration codes

00:34:38.300 --> 00:34:42.120
for managing the TOR process and
configuring bridges. So the user has a

00:34:42.120 --> 00:34:47.270
very similar configuration
experience to the browser

00:34:47.270 --> 00:34:53.139
when they first start it up. It also has
some additional memory safety advantages

00:34:53.139 --> 00:34:58.770
– all the protocol parsers are written
in Javascript. This basically…

00:34:58.770 --> 00:35:03.660
one of the major things when we
were looking at candidates for

00:35:03.660 --> 00:35:08.470
a messaging client was we wanted to avoid
the problems of libpurple in the past

00:35:08.470 --> 00:35:11.980
where there’s been a lot of, like, remote
code execution vulnerabilities with

00:35:11.980 --> 00:35:16.860
protocol parsing. Now there are some
trade-offs here, obviously, when you’re

00:35:16.860 --> 00:35:22.560
dealing with a browser product. You
still have a html window rendering

00:35:22.560 --> 00:35:30.090
the messages. But it is XSS filtered and
even if an XSS exploit were to get through

00:35:30.090 --> 00:35:34.320
to run Javascript in your messaging
window that Javascript would still be

00:35:34.320 --> 00:35:40.030
unprivileged. So they need an additional
browser-style exploit. And that filter has

00:35:40.030 --> 00:35:44.270
been reviewed by Mozilla and additionally
we’re looking into removing Javascript

00:35:44.270 --> 00:35:48.740
from that messaging window at all.
It should be completely possible to just

00:35:48.740 --> 00:35:54.950
display a reduced, slightly less sexy
version of the same window at perhaps

00:35:54.950 --> 00:36:00.670
another higher security level without
Javascript involved at all in that window.

00:36:00.670 --> 00:36:04.070
So we will hand off to Jake now to
describe some of the security properties

00:36:04.070 --> 00:36:06.090
and differences between TOR
messenger and Ricochet.

00:36:06.090 --> 00:36:12.220
Jacob: Just to be clear about this: We
wanted to sort of echo what Phil Rogaway

00:36:12.220 --> 00:36:16.440
has recently said. He wrote a really
wonderful paper quite recently about the

00:36:16.440 --> 00:36:20.910
moral character of cryptographic work and
Phil Rogaway for those of you that don’t

00:36:20.910 --> 00:36:24.310
know is one of the sort of like amazing
cryptographers, very humble, really

00:36:24.310 --> 00:36:29.990
wonderful man who was really a little bit
sad that cryptographers and people

00:36:29.990 --> 00:36:34.890
working on security software don’t take
the adversaries seriously. So they use

00:36:34.890 --> 00:36:39.610
Alice and Bob, and Mallory and they have
cutie icons and they look very happy.

00:36:39.610 --> 00:36:44.620
We wanted to make it clear what we thought
the adversary was. Which is definitely not

00:36:44.620 --> 00:36:53.090
a cutie adversary. When anonymity fails
for Muslims that live in Pakistan, or e.g.

00:36:53.090 --> 00:36:56.580
the guys that are giving a talk later
today, the CAGE guys, when anonymity fails

00:36:56.580 --> 00:37:01.420
for them they get detained or they get
murdered or they end up in Guantanamo Bay

00:37:01.420 --> 00:37:05.480
or other things like that. So it’s a
serious thing. And we wanted to talk about

00:37:05.480 --> 00:37:11.400
what that looks like. So e.g. a lot of you
use jabber.ccc.de, I guess. Don’t raise

00:37:11.400 --> 00:37:16.530
your hands. You should decentralize. Stop
using jabber.ccc.de because we should

00:37:16.530 --> 00:37:20.960
decentralize. But that said if you do,
this is sort of what it looks like, right?

00:37:20.960 --> 00:37:24.090
There’s the possibility for targeted
attacks when you connect. There’s the

00:37:24.090 --> 00:37:29.080
possibility that the Social Graph e.g. of
your buddy list, that that would be on the

00:37:29.080 --> 00:37:32.740
server. It would be possible that there’s
a bug on any Jabber server anywhere.

00:37:32.740 --> 00:37:36.380
So of course you know that if you’re using
Gmail with Jabber, you know that they are

00:37:36.380 --> 00:37:40.100
prison providers. So if you got a pretty
big problem there and the attacker, again,

00:37:40.100 --> 00:37:44.410
is not a cutie attacker, it’s, you know,
I like the Grim Reaper, that fit that

00:37:44.410 --> 00:37:48.820
Mike chose, if you like that’s accurate.
And now if you see one of the protections

00:37:48.820 --> 00:37:51.770
you’ll have for communicating with your
peers is off-the-record messaging. That’s

00:37:51.770 --> 00:37:57.770
basically the thing. But that’s a very
slap together protocol in a sense. Because

00:37:57.770 --> 00:38:02.720
it’s hacks on top of hacks. Where you
know you compose TOR with Jabber and TLS

00:38:02.720 --> 00:38:05.860
and maybe you still have a certificate
authority in there somewhere. Or maybe you

00:38:05.860 --> 00:38:09.550
have a TOR Hidden Service but then your
status updates they don’t have any

00:38:09.550 --> 00:38:16.430
encryption at all, for example. Or, again,
your roster is an actual thing that

00:38:16.430 --> 00:38:19.110
someone can see, including every time you
send a message to those people the server

00:38:19.110 --> 00:38:24.820
sees that. So, that said, TOR messenger is
really great because it meets users where

00:38:24.820 --> 00:38:28.930
they already are. Right? So e.g. actually
one other point here is if you use a piece

00:38:28.930 --> 00:38:33.420
of software like Adium, there is actually
a bug filed against Adium where someone

00:38:33.420 --> 00:38:37.630
said “Please disable logging-by-default
because Chelsea Manning went to prison

00:38:37.630 --> 00:38:41.620
because of your logging policy”. And the
people working on Adium in this bug report

00:38:41.620 --> 00:38:48.710
basically said: “Good!” That’s horrifying!
Right? So what if we made it as reasonable

00:38:48.710 --> 00:38:54.590
as possible, as configuration-free as
possible using TOR, using OTR, trying to

00:38:54.590 --> 00:38:58.650
remove libpurple which is a whole like…
it’s a flock of Zerodays flying in

00:38:58.650 --> 00:39:07.640
formation. Right? So we wanted to kill the
bird in a sense but also not we want to

00:39:07.640 --> 00:39:14.360
help provide an incentive for improving.
And so that’s where TOR messenger fits.

00:39:14.360 --> 00:39:19.670
But we also want to experiment with next
generation stuff. And one of those things

00:39:19.670 --> 00:39:25.120
is written by a really great guy on our
community, almost single-handedly, without

00:39:25.120 --> 00:39:30.760
any funding at all, and his name is
“special”, that’s actually his name. He’s

00:39:30.760 --> 00:39:37.020
also special. But it’s really nice,
because actually, if you solve the problem

00:39:37.020 --> 00:39:40.810
of telling your friend your name, if
you’re familiar with the properties of

00:39:40.810 --> 00:39:44.940
Hidden Services where you have a self-
authenticating name you know that you’re

00:39:44.940 --> 00:39:47.690
talking to the person that you think you
are because you’ve already done a key

00:39:47.690 --> 00:39:51.780
exchange. The important part of the key
exchange. And so one of the things that

00:39:51.780 --> 00:39:58.790
you’ll see very clearly is that there is
no more server. Right? So there’s no more

00:39:58.790 --> 00:40:05.130
jabber.ccc.de in this picture. So this is
a really good example of how we might

00:40:05.130 --> 00:40:09.119
decentralize, actually. It’s an experiment
right now but it means no more servers. It

00:40:09.119 --> 00:40:14.500
uses the TOR network’s TOR Hidden Service
protocol and everybody actually becomes a

00:40:14.500 --> 00:40:18.720
TOR Hidden Service for chatting with their
buddies. And it’s end-to-end encrypted and

00:40:18.720 --> 00:40:23.360
it’s anonymized and of course this means
that your Social Graph is a traffic

00:40:23.360 --> 00:40:27.980
analysis problem, it’s no longer a list on
a server. And it means your metadata is

00:40:27.980 --> 00:40:32.790
as protected as we currently know how
to do in a low-latency anonymity network.

00:40:32.790 --> 00:40:36.480
And in the future one of the really nice
things about this is that it will be

00:40:36.480 --> 00:40:41.850
possible – or we think it will be
possible – to even make it better in a

00:40:41.850 --> 00:40:46.920
sense, e.g. multiple chats, sending
files, sending pictures, in other words,

00:40:46.920 --> 00:40:50.780
everything becomes, instead of a certainty
we move it towards probability. And the

00:40:50.780 --> 00:40:52.890
probability is in your favour.

00:40:52.890 --> 00:41:00.000
Mike: Yes, additionally, I’ll be working
on various forms of panning for cases like

00:41:00.000 --> 00:41:04.140
this to basically increase this high…
the probability that there will be

00:41:04.140 --> 00:41:10.000
concurrent traffic at the same time from
multiple TOR clients, which will further

00:41:10.000 --> 00:41:13.720
frustrate the discovery of the Social
Graph based on simple traffic analysis

00:41:13.720 --> 00:41:21.940
especially for low-traffic cases such as
Ricochet. So just to wrap up that

00:41:21.940 --> 00:41:29.230
TOR Applications piece: in 2016 we’re
trying to focus heavily on usability and

00:41:29.230 --> 00:41:34.950
gin more people to be able to use TOR,
omitting the barriers to finding TOR,

00:41:34.950 --> 00:41:40.110
downloading TOR, being able especially
for censored users, and being able to

00:41:40.110 --> 00:41:45.100
install TOR. There’s still some snags,
various difficulties that cause people to

00:41:45.100 --> 00:41:49.560
stop at various stages of that process and
we want to try and work for to eliminate

00:41:49.560 --> 00:41:53.320
them. We also, of course, want to increase
coordination: share graphics, visual

00:41:53.320 --> 00:42:00.900
aesthetics and coordinate the ability to
share the TOR process. And we also want to

00:42:00.900 --> 00:42:04.540
create a space for more experimentation,
for more things like Ricochet. There’s

00:42:04.540 --> 00:42:08.810
probably a lot more ideas like Ricochet
out there. There could be leverages

00:42:08.810 --> 00:42:12.150
of TOR protocol and especially Hidden
Services in creative ways. So we’re

00:42:12.150 --> 00:42:16.130
looking to create an official sanctioned
space as part of TOR to give them a home.

00:42:16.130 --> 00:42:21.280
And to look for that in the coming
months on the TOR blog.

00:42:21.280 --> 00:42:26.600
Jacob: Alright, I just wanted to put in a
picture of a guy wearing a Slayer T-Shirt.

00:42:26.600 --> 00:42:31.380
So there it is. That’s Trevor Paglen. Some
of you may remember him from such things

00:42:31.380 --> 00:42:36.150
as helping to film Citizenfour, building
Satellites that burn up in space so that

00:42:36.150 --> 00:42:41.030
are actually currently on other
satellites. And this on the left is

00:42:41.030 --> 00:42:45.550
Leif Ryge, he’s sort of the person that
taught me how to use computers. And he is

00:42:45.550 --> 00:42:49.050
an incredible Free Software developer.
Trevor Paglen and myself, and this is

00:42:49.050 --> 00:42:52.640
a cube, the Autonomy Cube which we talked
about last year. Because we think that

00:42:52.640 --> 00:42:57.220
culture is very important and we think
that it’s important to actually get people

00:42:57.220 --> 00:43:01.500
to understand the struggle that exists
right now. So this is installed in a

00:43:01.500 --> 00:43:06.470
museum right now in Germany, in the city
of Oldenburg, at the Edith-Russ-Haus. And

00:43:06.470 --> 00:43:10.810
it actually opened several months ago,
it’s filled with classified documents, it

00:43:10.810 --> 00:43:14.000
has really interesting things to go and
read. I highly encourage you to go and

00:43:14.000 --> 00:43:18.060
read. We built a reading room about
anonymity papers, about things that are

00:43:18.060 --> 00:43:22.990
happening. About how corporations track
you, and then the entire museum is an

00:43:22.990 --> 00:43:27.730
Open-WiFi network that routs you
transparently through TOR. So in Germany

00:43:27.730 --> 00:43:32.520
a free open WiFi network that isn’t run by
Freifunk – much respect to them – we

00:43:32.520 --> 00:43:36.869
wanted to make it possible for you to just
go and have the ability to bootstrap

00:43:36.869 --> 00:43:43.030
yourself anonymously if you needed to. And
also these four boards are Novena boards.

00:43:43.030 --> 00:43:47.730
And these Novena boards are Free and Open
Hardware devices made by Bunnie and Sean

00:43:47.730 --> 00:43:51.220
in Singapore where you could, if you
wanted to, download the schematics and

00:43:51.220 --> 00:43:55.990
fab it yourself. And it’s running the
Debian GNU Linux universal operating

00:43:55.990 --> 00:44:01.350
system. And it’s an actual TOR exit node
with absolutely every port allowed. So the

00:44:01.350 --> 00:44:06.780
museum’s infrastructure itself on the
city’s internet connection actually is a

00:44:06.780 --> 00:44:13.619
TOR exit node for the whole world to be
able to use the internet anonymously.

00:44:13.619 --> 00:44:20.340
<i>applause</i>

00:44:20.340 --> 00:44:24.170
But the museum’s infrastructure is not
just helping people in Oldenburg, it’s

00:44:24.170 --> 00:44:28.830
helping people all around the world to be
able to communicate anonymously and it’s

00:44:28.830 --> 00:44:31.830
quite amazing actually because when
cultural institutions stand up for this

00:44:31.830 --> 00:44:35.960
we recognize it’s not just a problem of
over-there stand. We have mass-surveillance

00:44:35.960 --> 00:44:40.850
and corporate surveillance in the West
and we need to deal with that. Here, by

00:44:40.850 --> 00:44:45.550
creating spaces like this. But that said,
we also need to make sure that we create

00:44:45.550 --> 00:44:49.250
spaces in people’s minds all around the
world. And I want to introduce to you

00:44:49.250 --> 00:44:55.380
someone who’s incredibly awesome, the
most bad-ass radical librarian around,

00:44:55.380 --> 00:44:58.830
this is Alison.
Alison is going to talk about…

00:44:58.830 --> 00:45:03.130
Alison: …Library Freedom Project! Hi!
Thank you so much! I’m so excited

00:45:03.130 --> 00:45:09.290
to be here, it’s my first CCC and I’m on
stage, and it’s very… exciting. So I’m

00:45:09.290 --> 00:45:12.750
going to talk to you a little bit about my
organization, Library Freedom Project.

00:45:12.750 --> 00:45:18.400
I’m the director and what we do: we have
a partnership with TOR project to do

00:45:18.400 --> 00:45:23.440
community outreach around TOR and other
privacy-enhancing technologies. Making

00:45:23.440 --> 00:45:28.260
TOR network more strong and making tools
like TOR Browser more ubiquitous and

00:45:28.260 --> 00:45:35.540
mainstream, all with the help of a
coalition of radical militant librarians.

00:45:35.540 --> 00:45:40.040
So we introduced you to the Library
Freedom Project back in February. We told

00:45:40.040 --> 00:45:43.520
you a little bit about the kind of work
that we do, mostly in US libraries,

00:45:43.520 --> 00:45:48.930
increasingly internationally. Where
essentially we teach them about tools like

00:45:48.930 --> 00:45:54.669
TOR Browser, how to install it on their
local computers, how to teach it into

00:45:54.669 --> 00:45:59.080
computer classes that they offer for free
in the library or one-on-one technology

00:45:59.080 --> 00:46:04.350
sessions for their community. And we’ve
had a really amazing year since then.

00:46:04.350 --> 00:46:08.470
In addition to working with the TOR
project we’re really fortunate to work

00:46:08.470 --> 00:46:12.470
with the American Civil Liberties Union
(ACLU). If you’re not familiar with them,

00:46:12.470 --> 00:46:16.480
they’re basically… they’re the bad asses
who’ve been suing the US Intelligence

00:46:16.480 --> 00:46:22.710
Agencies and Police for about a 100 years.
That is me with 2 people from the ACLU

00:46:22.710 --> 00:46:27.550
Massachusetts, Jessy Rossman who is a
surveillance law expert and Kay Croqueford

00:46:27.550 --> 00:46:31.000
who is an activist for the ACLU. And
they’re here, if you see that human buy

00:46:31.000 --> 00:46:35.070
them a drink and ask them about the
surveillance capabilities of the US Police.

00:46:35.070 --> 00:46:37.980
<i>applause</i>

00:46:37.980 --> 00:46:43.300
So, it’s really cool! It’s a great
partnership with the ACLU because

00:46:43.300 --> 00:46:48.580
basically they can teach why we need to
use tools like TOR Browser. So how to use

00:46:48.580 --> 00:46:52.260
them is super-super important but you need
to know about the authorizations, the

00:46:52.260 --> 00:46:57.369
programs, all the bad laws and the uses of
them against ordinary people. So, why do

00:46:57.369 --> 00:47:01.770
we teach this stuff to librarians? It’s
basically for 2 big reasons. One of them

00:47:01.770 --> 00:47:06.470
is that libraries and librarians have an
amazing history of activism around

00:47:06.470 --> 00:47:11.450
privacy, fighting surveillance and
fighting censorship in the US where

00:47:11.450 --> 00:47:16.090
I live. Librarians were some of the
staunchest opponents of the USA Patriot

00:47:16.090 --> 00:47:20.350
Act from the beginning when it was
codified back in 2002. They made T-Shirts

00:47:20.350 --> 00:47:25.869
that said “Another hysterical librarian
for Privacy” because of the…

00:47:25.869 --> 00:47:29.720
The Attorney General at the time called
them “hysterical” for the fact that they

00:47:29.720 --> 00:47:33.400
didn’t want this awful authorization to go
through. And of course then after Snowden

00:47:33.400 --> 00:47:37.369
we learned many more things about just
how bad the Patriot Act was. So librarians

00:47:37.369 --> 00:47:40.800
were some of the first people to oppose
that. They also have fought back against

00:47:40.800 --> 00:47:45.060
National Security Letters which are the US
Government informational requests that

00:47:45.060 --> 00:47:49.750
sometimes go to software providers and
other internet services. They have an

00:47:49.750 --> 00:47:53.060
attached gag order that basically says:
“You have to give this information about

00:47:53.060 --> 00:47:56.430
your users and you can’t tell anyone that
you got it.” Well, libraries got one of

00:47:56.430 --> 00:47:58.900
these and fought back against that in one.
<i>applause</i>

00:47:58.900 --> 00:48:05.640
They also, all the way back in the 1950s
even, at the height of Anti-Communist

00:48:05.640 --> 00:48:10.790
Fervor and FUD, around the time of the
House on American Activities Committee,

00:48:10.790 --> 00:48:13.509
librarians came out with this amazing
statement, called the “Freedom to Read”

00:48:13.509 --> 00:48:18.910
Statement that I think really is a
beautiful text. It’s about 2 pages long

00:48:18.910 --> 00:48:26.080
and it is their commitment to privacy and
democratic ideals made manifest.

00:48:26.080 --> 00:48:29.310
And I have a little excerpt from it here.
I’m not gonna read the whole thing to you

00:48:29.310 --> 00:48:32.500
’cause I understand I’m all too
pressed for time. But the last line is

00:48:32.500 --> 00:48:37.600
my favourite. It says: “Freedom itself is
a dangerous way of life. But it is ours.”

00:48:37.600 --> 00:48:40.960
So everybody go and get that tattooed!
You know, on your forehead or whatever.

00:48:40.960 --> 00:48:44.150
<i>applause</i>

00:48:44.150 --> 00:48:49.490
So, the history of activism is one of the
big things. There’s a second part that

00:48:49.490 --> 00:48:52.420
is more practical. Libraries have an
amazing relationship to the local

00:48:52.420 --> 00:48:56.859
communities. That doesn’t really exist
anywhere else especially in this era of

00:48:56.859 --> 00:49:01.650
privatization and the destruction of
public commons. Libraries have already

00:49:01.650 --> 00:49:05.520
free computer classes in many places,
sometimes the only free computer help that

00:49:05.520 --> 00:49:10.609
you can get anywhere. They offer free
computer terminals to many people who

00:49:10.609 --> 00:49:14.480
don’t have any other computer access.
They’re trusted community spaces, they

00:49:14.480 --> 00:49:18.400
already teach about a whole number of
things. So we think they’re really the

00:49:18.400 --> 00:49:24.310
ideal location for people to learn about
things like TOR Browser. So it’s been

00:49:24.310 --> 00:49:31.010
going really well. This year we have
visited hundreds of different locations.

00:49:31.010 --> 00:49:36.230
We’ve trained about 2300 librarians in the
US, in Canada and a few other countries,

00:49:36.230 --> 00:49:43.150
Australia, UK and Ireland. We held an
amazing conference, you might recognize

00:49:43.150 --> 00:49:47.630
this as Noisebridge. Any Noisebridge fans
here? I hope so. Come on, there’s got to

00:49:47.630 --> 00:49:50.470
be more Noisebridge fans than that!
Christ! We had an amazing conference in

00:49:50.470 --> 00:49:54.050
Noisebridge and actually my co-organizer
is also here, April Glaser, so you can buy

00:49:54.050 --> 00:49:58.540
her a drink, she’s right over there. There
has been a huge response from the library

00:49:58.540 --> 00:50:02.290
community. They wanna learn about TOR
Browser, they’re so excited that finally

00:50:02.290 --> 00:50:06.910
there’s a practical way for them to help
protect their patrons’ privacy. They’ve

00:50:06.910 --> 00:50:12.000
cared about this stuff from an ideological
and ethical standpoint for a really long

00:50:12.000 --> 00:50:15.980
time, and now they know that there are
tools that they can actually use and

00:50:15.980 --> 00:50:19.090
implement in their libraries and teach to
their community to help them take back

00:50:19.090 --> 00:50:25.400
their privacy. We’re really lucky that not
only do we get to teach librarians but

00:50:25.400 --> 00:50:29.590
occasionally we get invited to visit
the local communities themselves.

00:50:29.590 --> 00:50:33.770
So, here we teach how to teach privacy
classes with TOR as a big focus.

00:50:33.770 --> 00:50:37.460
But sometimes we get to meet the local
community members themselves. So I want to

00:50:37.460 --> 00:50:41.850
show you this picture of a recent visit
that I made to Yonkers, New York. It was

00:50:41.850 --> 00:50:46.050
a class just for teens. They’re all
holding TOR stickers if you can see that

00:50:46.050 --> 00:50:50.369
and Library Freedom Project stickers.
This is a great picture that sort of is

00:50:50.369 --> 00:50:54.130
emblematic of the kind of communities
that we get to visit. Yonkers is one of

00:50:54.130 --> 00:50:59.160
the poorest cities in the US. These kids
are… many of them are immigrants, their

00:50:59.160 --> 00:51:02.790
parents are immigrants, they face
surveillance and state violence as a

00:51:02.790 --> 00:51:07.970
matter of their regular everyday lives.
For them privacy is not just a human

00:51:07.970 --> 00:51:12.520
right but it’s sometimes a matter of life
and death. And these kids are just some

00:51:12.520 --> 00:51:16.820
of the amazing people that we get to see.
Also, just to give you an idea of how the

00:51:16.820 --> 00:51:21.230
public perception around privacy is
shifting in my anecdotal experience:

00:51:21.230 --> 00:51:25.890
we had 65 teenagers come to this class!
If you have a teenager or if you’ve been

00:51:25.890 --> 00:51:30.359
a teenager you know teenagers don’t show
up for stuff, they don’t do that. 65 kids

00:51:30.359 --> 00:51:34.340
came to this! And they were so excited!
This was just the group that was left over

00:51:34.340 --> 00:51:38.420
at the end that had so many questions and
wanted more stickers to bring back to

00:51:38.420 --> 00:51:44.300
their friends. So it’s pretty cool stuff.
Recently we embarked on a new project

00:51:44.300 --> 00:51:50.150
bringing TOR relays into libraries. This
is Nima Fatemi with me, when we set up

00:51:50.150 --> 00:51:55.390
our pilot at a library in New Hampshire
which is the state just above where I live

00:51:55.390 --> 00:52:02.040
in the United States. And we basically
decided to do this project because we

00:52:02.040 --> 00:52:05.500
thought it was a really great continuation
of the work that we were already doing,

00:52:05.500 --> 00:52:10.080
teaching and training librarians around
using TOR. We wanted to take a step

00:52:10.080 --> 00:52:13.690
further and take the infrastructure that
libraries already have; many of them are

00:52:13.690 --> 00:52:19.490
moving to really fast internet, they can
donate an IP address and some bandwidth.

00:52:19.490 --> 00:52:24.430
And they… many of them want to do kind
of the next thing to help protect privacy

00:52:24.430 --> 00:52:27.750
and not just in their local communities,
as well. They want to help protect

00:52:27.750 --> 00:52:31.720
internet freedom everywhere. So we thought
it was a really great sort of next step to

00:52:31.720 --> 00:52:35.480
go. So we set up our pilot project in New
Hampshire. It went pretty well, we got a

00:52:35.480 --> 00:52:39.130
lot of great press attention, a lot of
really great local and global community

00:52:39.130 --> 00:52:44.550
support. We also got the attention of
the Department of Homeland Security.

00:52:44.550 --> 00:52:49.610
<i>applause</i>

00:52:49.610 --> 00:52:53.100
Basically they contacted the local Police
in this town in New Hampshire and they

00:52:53.100 --> 00:52:57.160
said: “You know, this is stupid, and bad,
and criminal and you should shut this

00:52:57.160 --> 00:53:02.640
down!” And the library was understandably
shaken by this and temporarily suspended

00:53:02.640 --> 00:53:09.210
the operation of the relay. So we
responded by writing a letter, an open

00:53:09.210 --> 00:53:13.440
letter from Library Freedom Project, from
TOR project, from ACLU and a broad

00:53:13.440 --> 00:53:17.000
coalition of public interest groups and
luminary individuals including the

00:53:17.000 --> 00:53:21.109
Electronic Frontier Foundation (EFF), the
Freedom of the Press Foundation, the Free

00:53:21.109 --> 00:53:24.350
Software Foundation and all of our other
friends many of whom are in this audience

00:53:24.350 --> 00:53:28.720
today. We wrote this letter to the library
basically affirming our commitment to

00:53:28.720 --> 00:53:32.359
them, how much we are proud of them for
participating in this project and how much

00:53:32.359 --> 00:53:36.830
we wanted them to continue. We put a lot
of nice, you know, ideological, why this

00:53:36.830 --> 00:53:41.520
is important, warm fuzzy stuff. We also
got EFF to start a petition for us and

00:53:41.520 --> 00:53:46.270
over a weekend we got about 4500
signatures from all over the world, the

00:53:46.270 --> 00:53:51.659
library was flooded with emails, calls.
Only one negative one. Just one out of

00:53:51.659 --> 00:53:55.770
hundreds. And that person was a little
confused, so I’m not even counting that

00:53:55.770 --> 00:54:03.230
necessarily. It was like a conspiracy type thing.
So we got this amazing support and this

00:54:03.230 --> 00:54:06.880
was all in anticipation of their board
meeting that was gonna happen a few days

00:54:06.880 --> 00:54:12.150
later where the board was gonna decide
what to do about the relay. So Nima and I

00:54:12.150 --> 00:54:16.270
show up to New Hampshire on a Tuesday
Night and you might imagine what a library

00:54:16.270 --> 00:54:20.770
board meeting in rural New Hampshire is
typically like. It was nothing like that.

00:54:20.770 --> 00:54:26.270
So we get outside and there’s a protest
happening already. Many people holding

00:54:26.270 --> 00:54:32.070
Pro-TOR signs. This was just a glimpse of
it. And the look on my face is because

00:54:32.070 --> 00:54:35.740
someone pointed to a very small child and
said: “Alison, look at that child over

00:54:35.740 --> 00:54:39.120
there”. This tiny little girl was holding
a sign that said “Dammit Big Brother” and

00:54:39.120 --> 00:54:45.650
I was like “I’m done, that’s it, I got to
go home!” So we went into the board

00:54:45.650 --> 00:54:52.980
meeting and we were met with about 4 dozen
people and media and a huge amount of

00:54:52.980 --> 00:54:57.859
support. Many of the community members
expressed how much they loved TOR, that

00:54:57.859 --> 00:55:03.790
this whole incident made them download TOR
and check it out for themselves. Basically

00:55:03.790 --> 00:55:07.590
it galvanized this community into a
greater level of support than we even had

00:55:07.590 --> 00:55:12.119
when we initially set it up about a month
earlier. People who had no idea that the

00:55:12.119 --> 00:55:15.660
library was doing this heard about it
because it got a huge amount of media

00:55:15.660 --> 00:55:20.859
attention thanks to a story by Julia
Angwin in ProPublica that broke the news

00:55:20.859 --> 00:55:26.130
to everybody and then it just went like
wildfire. So as you might imagine the

00:55:26.130 --> 00:55:29.920
relay went back online that night. We were
super-successful. Everybody in the

00:55:29.920 --> 00:55:34.920
community was incredibly excited about it
and supportive. And what has happened now

00:55:34.920 --> 00:55:41.099
is that this community has sort of… like
I said they’ve been galvanized to support

00:55:41.099 --> 00:55:46.520
TOR even more. The library has now allowed
at some of their staff time and travel

00:55:46.520 --> 00:55:51.920
budget to help other libraries in the area
set up TOR relays. They’re speaking about

00:55:51.920 --> 00:55:57.010
TOR…
<i>applause</i>

00:55:57.010 --> 00:55:59.900
Thank you!
They’re speaking about TOR at conferences.

00:55:59.900 --> 00:56:05.300
And this has really caught on in the
greater library community as well. So I

00:56:05.300 --> 00:56:08.450
mentioned already the kind of success that
we’ve had at Library Freedom Project in

00:56:08.450 --> 00:56:12.520
teaching tools like TOR Browser and
getting folks to bring us in for trainings.

00:56:12.520 --> 00:56:17.630
This is even bigger than that! Libraries
are now organizing their, you know, staff

00:56:17.630 --> 00:56:21.920
training days around, you know, “Should we
participate in the TOR relay project?” or

00:56:21.920 --> 00:56:27.110
“How can we do this best?”, “What’s the
best angle for us?” So we’re really

00:56:27.110 --> 00:56:31.590
excited to do announce that we’re gonna
be continuing the relay project at scale.

00:56:31.590 --> 00:56:35.270
Nima Fatemi, who is now also in this
picture again, I’m really sad that he

00:56:35.270 --> 00:56:38.930
can’t be here, he is wonderful and
essential to this project. But he will now

00:56:38.930 --> 00:56:45.680
be able to travel across the US and we
hope to go a little further opening up

00:56:45.680 --> 00:56:49.380
more relays in libraries. We’re gonna
continue teaching, of course, about TOR

00:56:49.380 --> 00:56:53.780
Browser and other privacy-enhancing Free
Software. We’re now gonna incorporate some

00:56:53.780 --> 00:56:58.160
other TOR services, so we’re really
excited to bring “Let’s Encrypt” into

00:56:58.160 --> 00:57:01.489
libraries. And while we’re there, why not
run a Hidden Service on the library’s web

00:57:01.489 --> 00:57:06.280
server. Among many other things. The other
goals for Library Freedom Project: to take

00:57:06.280 --> 00:57:11.650
this to a much more international level.
So if you want to do this in your country,

00:57:11.650 --> 00:57:15.590
you know your librarian, put them in touch
with us. You can follow our progress on

00:57:15.590 --> 00:57:19.690
LibraryFreedomProject.org or
@libraryfreedom on Twidder. And we’re

00:57:19.690 --> 00:57:22.950
always sort of posting on Tor Blog about
stuff that’s going on with us, so…

00:57:22.950 --> 00:57:26.480
Thank you so much for letting me tell you
about it. It’s really a pleasure to be

00:57:26.480 --> 00:57:40.520
here!
<i>applause</i>

00:57:40.520 --> 00:57:45.060
Jacob: So, that’s a really tough act to
follow! But we’re very pressed for time

00:57:45.060 --> 00:57:48.740
now. And we want to make sure that we can
tell you two big things. And one of them

00:57:48.740 --> 00:57:52.040
is that, as you know, we were looking for
an Executive Director because our Spirit

00:57:52.040 --> 00:57:56.550
Animal, Roger,…
Roger: Slide…

00:57:56.550 --> 00:58:01.730
Jacob: Right… He couldn’t do it all. And
in fact we needed someone to help us. And

00:58:01.730 --> 00:58:05.869
we needed someone to help us who has the
respect not only of the community here but

00:58:05.869 --> 00:58:10.709
the community, basically, all around the
world. And we couldn’t think of a better

00:58:10.709 --> 00:58:15.380
person, in fact, when we came up with a
list of people. The person that we ended

00:58:15.380 --> 00:58:19.440
up with was the Dream Candidate for a
number of the people in the TOR Project

00:58:19.440 --> 00:58:24.260
and around the world. And so, I mean, I
have to say that I’m so excited, I’m so

00:58:24.260 --> 00:58:28.040
excited that we have her as our Executive
Director. I used to think that our ship

00:58:28.040 --> 00:58:32.300
was going to sink, that we would all go to
prison, and that may still happen, the

00:58:32.300 --> 00:58:39.609
second part. But the first part, for sure,
is not going to happen. We found someone

00:58:39.609 --> 00:58:44.379
who I believe will keep the TOR Project
going long after all of us are dead and

00:58:44.379 --> 00:58:50.510
buried. Hopefully, not in shallow graves.
So, this is Shari Steele!

00:58:50.510 --> 00:58:58.540
<i>applause</i>

00:58:58.540 --> 00:59:00.740
Shari: Hi!
<i>applause</i>

00:59:00.740 --> 00:59:05.400
Thanks! Thanks, it’s actually so fun to be
back in this community. And I wasn’t gone

00:59:05.400 --> 00:59:08.650
for very long. I had so much for
retirement. It didn’t work out for me.

00:59:08.650 --> 00:59:14.289
But, that’s OK, I’m really excited. I have
had – we’re so tight on time – so I want

00:59:14.289 --> 00:59:18.000
to just tell you there are 2 big mandates
that I was given when I first was hired.

00:59:18.000 --> 00:59:22.320
And one is: Help build a great
infrastructure so that TOR Project is

00:59:22.320 --> 00:59:27.330
sustainable. Working on that! The other
thing is: Money! We need to diversify our

00:59:27.330 --> 00:59:31.330
funding sources, as everybody knows here.
The Government funding has been really

00:59:31.330 --> 00:59:35.680
difficult for us specifically because it’s
all restricted. And so it limits the kinds

00:59:35.680 --> 00:59:41.430
of things we want to do. When you get the
developers in a room blue-skying about the

00:59:41.430 --> 00:59:44.900
things that they want to do, it’s
incredible! Really, really brilliant

00:59:44.900 --> 00:59:48.040
people who want to do great things but
they’re really limited when the funding

00:59:48.040 --> 00:59:52.960
says they have to do particular things. So
we happen to be doing our very first ever

00:59:52.960 --> 00:59:59.010
crowd funding campaign right now. I want
to give a shout out to Katina Bishop who

00:59:59.010 --> 01:00:03.450
is here somewhere and who is running
the campaign for us and is just doing an

01:00:03.450 --> 01:00:09.779
amazing job. As of last count which is a
couple of days ago, we had over 3000

01:00:09.779 --> 01:00:15.090
individual donors and over 120.000 Dollars
which is incredible for our very first

01:00:15.090 --> 01:00:18.820
time when we didn’t even really have a
mechanism in place to be collecting this

01:00:18.820 --> 01:00:24.540
money, even. So, it’s really great! And I
wanna also say we have a limited number

01:00:24.540 --> 01:00:31.070
of these T-Shirts that I brought in a
suitcase from Seattle. So, and they’re

01:00:31.070 --> 01:00:36.160
gonna be available, if you come down to
the Wau Holland booth at the Noisy Square.

01:00:36.160 --> 01:00:39.619
Come talk with us! Give a donation!
We’re doing a special: it’s normally a

01:00:39.619 --> 01:00:46.310
100 Dollar donation to get a shirt, but
for the conference we’ll do, for 60 Euro

01:00:46.310 --> 01:00:50.320
you can get a shirt and it would be great
you’d be able to show your support. And

01:00:50.320 --> 01:00:56.869
you can also donate online if you don’t
wanna do that here. That’s the URL. And

01:00:56.869 --> 01:01:01.109
to end, we’d like to have a
word from Down Under!

01:01:01.109 --> 01:01:05.079
<i>Video starts</i>

01:01:05.079 --> 01:01:09.859
<i>Video Intro Violin Music</i>

01:01:09.859 --> 01:01:15.030
Good Day to you! Fellow Members of the
Intergalactic Resistance against Dystopian

01:01:15.030 --> 01:01:20.550
bastardry! It is I, George Orwell, with an
urgent message from Planet Earth, as it

01:01:20.550 --> 01:01:25.670
embarks on a new orbit. Transmitting via
the Juice Channeling Portal. Our time is

01:01:25.670 --> 01:01:30.290
short. So let’s get straight to the point.
Shall we? This transmission goes out to

01:01:30.290 --> 01:01:35.420
all you internet citizens. Denizens of
the one remaining free frequency. In whose

01:01:35.420 --> 01:01:40.869
hands rests the fate of humanity.
Lord… f_ckin’ help us!

01:01:40.869 --> 01:01:42.869
<i>typewriter typing sounds</i>

01:01:42.869 --> 01:01:48.560
When I last appeared to you, I warned you
noobs: You must not lose the Internet! Now

01:01:48.560 --> 01:01:54.140
before I proceed, let us clarify one
crucial thing. The Internet is not Virtual

01:01:54.140 --> 01:02:00.450
Reality, it is actual Reality.
<i>typewriter typing sounds</i>

01:02:00.450 --> 01:02:05.420
Are you still with me? Good. Now ask
yourselves: Would you let some fascist

01:02:05.420 --> 01:02:09.180
dictate with whom you can and cannot
communicate? Because that’s what happens

01:02:09.180 --> 01:02:13.700
every time a government blacklists a
website domain. Would you let anyone force

01:02:13.700 --> 01:02:18.490
you to get all your information from cable
TV? That’s effectively the case if you

01:02:18.490 --> 01:02:24.800
allow corporations to kill Net Neutrality.
<i>typewriter typing sounds</i>

01:02:24.800 --> 01:02:29.160
Would you let the Thought Police install
telescreens in your house, monitor and

01:02:29.160 --> 01:02:34.010
record everything you do, every time you
move, every word you’ve read, to peer into

01:02:34.010 --> 01:02:37.880
the most private nook of all, your head?
BECAUSE THAT’S WHAT HAPPENS when

01:02:37.880 --> 01:02:42.540
you let your governments monitor the net
and enact mandatory data-retention laws!

01:02:42.540 --> 01:02:48.200
<i>smashing sounds</i>

01:02:48.200 --> 01:02:52.480
If you answered “No” to all those
questions, then we can safely deduce

01:02:52.480 --> 01:02:59.600
that terms like “Online”, “IRL” and “in
Cyberspace” are Newspeak. They confuse the

01:02:59.600 --> 01:03:05.040
truth: There is no “Cybersphere”. There
is only life. Here. It follows that if you

01:03:05.040 --> 01:03:09.380
have an oppressive Internet, you have
an oppressive society, too. Remember:

01:03:09.380 --> 01:03:11.490
online is real life…
<i>typewriter typing sounds</i>

01:03:11.490 --> 01:03:15.950
Your Digital Rights are no different from
everyday human rights! And don’t give me

01:03:15.950 --> 01:03:20.089
that BS that you don’t care about
Privacy because you have nothing to hide.

01:03:20.089 --> 01:03:24.570
That’s pure Doublethink. As comrade
Snowden clearly explained, that’s like

01:03:24.570 --> 01:03:28.730
saying you don’t care about Free Speech
because you have nothing to say!

01:03:28.730 --> 01:03:32.970
Stick that up your memory
holes and smoke it, noobs!

01:03:32.970 --> 01:03:37.650
Pigs Arse, the portal is closing, I’m
losing you! I’ll leave you with a new tool

01:03:37.650 --> 01:03:42.689
to use. I assume you’ve all been fitted
with one of these spying devices. Well,

01:03:42.689 --> 01:03:46.420
here’s an app you can use in spite of
this. It’s called Signal, and, yes, it’s

01:03:46.420 --> 01:03:50.660
free and simple. Install it and tell all
your contacts to mingle then all your

01:03:50.660 --> 01:03:54.520
calls and texts will be encrypted. So even
if Big Brother sees them the c_nt won’t be

01:03:54.520 --> 01:04:00.490
able to read them. Hahaa! Now that’s
a smartphone! Our time is up!

01:04:00.490 --> 01:04:04.230
<i>typewriter typing sounds</i>
Until the next transmission. Heed the

01:04:04.230 --> 01:04:09.740
words of George Orwell. Or
should I say: George TORwell?

01:04:09.740 --> 01:04:14.870
<i>typewriter typing sounds</i>

01:04:14.870 --> 01:04:19.609
Remember, just as I went to Spain to fight
the dirty fascists you can come to Onion

01:04:19.609 --> 01:04:24.089
land and fight Big Brother’s filthy
tactics. If you’re a Pro run a node and

01:04:24.089 --> 01:04:28.180
strengthen the code. Or if you’re in the
Outer Party and can afford it, send TOR

01:04:28.180 --> 01:04:33.720
some of your dough. Special Salute to
all my comrades, the “State of the Onion”.

01:04:33.720 --> 01:04:38.109
Happy Hacking! Now go forth and
f_ck up Big Brother. That mendacious

01:04:38.109 --> 01:04:42.539
motherf_cking, c_ck-sucking bastard
son of a corporatist b_tch…

01:04:42.539 --> 01:04:52.910
<i>Video Outro Music</i>

01:04:52.910 --> 01:05:00.999
<i>applause</i>

01:05:00.999 --> 01:05:05.410
Jacob: So, I think that’s all the time
that we have. Thank you very much for

01:05:05.410 --> 01:05:08.760
coming. And thank you all
for your material support.

01:05:08.760 --> 01:05:35.370
<i>applause</i>

01:05:35.370 --> 01:05:41.720
Herald: Unfortunately we won’t have time
for a Q&A. But I heard that some of the

01:05:41.720 --> 01:05:49.940
crew will now go to the Wau Holland booth
at Noisy Square down in the Foyer and

01:05:49.940 --> 01:05:54.790
might be ready to answer
questions there. If you have any.

01:05:54.790 --> 01:05:59.330
<i>postroll music</i>

01:05:59.330 --> 01:06:05.881
Subtitles created by c3subtitles.de
in 2016. Join and help us!