[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:11.31,Default,,0000,0000,0000,,{\i1}32C3 preroll music{\i0}
Dialogue: 0,0:00:11.31,0:00:15.89,Default,,0000,0000,0000,,Herald: I welcome you to “TOR Onion\NServices – more useful than you think!”
Dialogue: 0,0:00:15.89,0:00:19.34,Default,,0000,0000,0000,,This talk is presented by George
Dialogue: 0,0:00:19.34,0:00:24.64,Default,,0000,0000,0000,,– who is a core developer of TOR and he is\Nalso a developer of the Hidden Services –
Dialogue: 0,0:00:24.64,0:00:30.50,Default,,0000,0000,0000,,by David Goulet – who is a developer\Nfor the TOR Hidden Services –
Dialogue: 0,0:00:30.50,0:00:35.44,Default,,0000,0000,0000,,and by Roger, who is founder of the\NTOR Project, an MIT Graduate and
Dialogue: 0,0:00:35.44,0:00:38.46,Default,,0000,0000,0000,,the Foreign Policy Magazine\Ncalls him: he is one of the
Dialogue: 0,0:00:38.46,0:00:42.74,Default,,0000,0000,0000,,Top 100 Global Thinkers.\NI think that speaks for himself.
Dialogue: 0,0:00:42.74,0:00:49.64,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:00:49.64,0:00:54.18,Default,,0000,0000,0000,,Today we will hear examples of Hidden\NServices for really cool use cases,
Dialogue: 0,0:00:54.18,0:00:57.88,Default,,0000,0000,0000,,but also we will hear about security\Nfixes that make the Hidden Services
Dialogue: 0,0:00:57.88,0:01:00.78,Default,,0000,0000,0000,,even more safer and\Nstronger for all of us.
Dialogue: 0,0:01:00.78,0:01:05.96,Default,,0000,0000,0000,,Stage free for “TOR Onion Services –\Nmore useful than all of us think”
Dialogue: 0,0:01:05.96,0:01:11.44,Default,,0000,0000,0000,,{\i1}applause{\i0}\NRoger: Great!
Dialogue: 0,0:01:11.44,0:01:14.67,Default,,0000,0000,0000,,Hi, I’m going to pause while\Nwe get our slides up, I hope…
Dialogue: 0,0:01:14.67,0:01:18.25,Default,,0000,0000,0000,,Hopefully that will be a quick\Nand easy event – perfect!
Dialogue: 0,0:01:18.25,0:01:21.84,Default,,0000,0000,0000,,Okay, so. Hi, I’m Roger,\Nthis is George, this is David.
Dialogue: 0,0:01:21.84,0:01:26.55,Default,,0000,0000,0000,,We’re going to tell you about TOR Hidden\NServices or TOR Onion Services.
Dialogue: 0,0:01:26.55,0:01:30.60,Default,,0000,0000,0000,,They’re basically synonyms, originally\Nthey were called TOR Hidden Services
Dialogue: 0,0:01:30.60,0:01:35.87,Default,,0000,0000,0000,,because the original idea was that\Nyou hide the location of the service;
Dialogue: 0,0:01:35.87,0:01:39.60,Default,,0000,0000,0000,,and then a lot of people started\Nusing them for other features,
Dialogue: 0,0:01:39.60,0:01:43.51,Default,,0000,0000,0000,,other security properties, so we’ve been\Nshifting to the name Onion Services.
Dialogue: 0,0:01:43.51,0:01:46.41,Default,,0000,0000,0000,,So we’ll switch back and\Nforth in what we call them.
Dialogue: 0,0:01:46.41,0:01:51.22,Default,,0000,0000,0000,,So, a spoiler before we start.\NThis is not a talk about the dark web,
Dialogue: 0,0:01:51.22,0:01:54.50,Default,,0000,0000,0000,,there is no dark web.\NIt’s just a couple of
Dialogue: 0,0:01:54.50,0:01:59.16,Default,,0000,0000,0000,,websites out there that are protected\Nby other security properties.
Dialogue: 0,0:01:59.16,0:02:03.05,Default,,0000,0000,0000,,So we’ll talk a lot more about\Nthat. You can think of it as:
Dialogue: 0,0:02:03.05,0:02:08.80,Default,,0000,0000,0000,,HTTPS is a way of getting encryption and\Nsecurity when you’re going to a website
Dialogue: 0,0:02:08.80,0:02:12.93,Default,,0000,0000,0000,,and .onion is another way of getting\Nencryption and security when you’re
Dialogue: 0,0:02:12.93,0:02:17.75,Default,,0000,0000,0000,,going to a website. So, journalists\Nlike writing articles about the
Dialogue: 0,0:02:17.75,0:02:22.92,Default,,0000,0000,0000,,huge iceberg with 95% of\Nthe web is in the dark web.
Dialogue: 0,0:02:22.92,0:02:26.29,Default,,0000,0000,0000,,That’s nonsense! So we’re gonna try\Nand tell you a little bit more about
Dialogue: 0,0:02:26.29,0:02:30.66,Default,,0000,0000,0000,,what actually is Hidden Services\Nand Onion Services and
Dialogue: 0,0:02:30.66,0:02:35.03,Default,,0000,0000,0000,,who uses them and what\Nthings they can do with them.
Dialogue: 0,0:02:35.03,0:02:37.92,Default,,0000,0000,0000,,How many people here know\Nquite a bit about how TOR works
Dialogue: 0,0:02:37.92,0:02:40.94,Default,,0000,0000,0000,,and what TOR is and so on? I’m\Nhoping everybody raises their hand!
Dialogue: 0,0:02:40.94,0:02:43.77,Default,,0000,0000,0000,,Awesome, okay. We can\Nskip all of that, perfect!
Dialogue: 0,0:02:43.77,0:02:46.91,Default,,0000,0000,0000,,So TOR is a US non-profit,
Dialogue: 0,0:02:46.91,0:02:51.75,Default,,0000,0000,0000,,it’s open-source, it’s a\Nnetwork of about 8000 relays.
Dialogue: 0,0:02:51.75,0:02:55.64,Default,,0000,0000,0000,,One of the fun things about TOR is the\Ncommunity of researchers, and developers,
Dialogue: 0,0:02:55.64,0:02:59.62,Default,,0000,0000,0000,,and users, and activists, and\Nadvocates, all around the world.
Dialogue: 0,0:02:59.62,0:03:03.94,Default,,0000,0000,0000,,Every time I go to a new city, there’s\Na research group at the university
Dialogue: 0,0:03:03.94,0:03:07.32,Default,,0000,0000,0000,,who wants me to teach them what\Nthe open research questions are
Dialogue: 0,0:03:07.32,0:03:11.24,Default,,0000,0000,0000,,and how they can improve, how\Nthey can help you improve TOR.
Dialogue: 0,0:03:11.24,0:03:13.82,Default,,0000,0000,0000,,So, the basic idea is,\Nyou have your software,
Dialogue: 0,0:03:13.82,0:03:16.31,Default,,0000,0000,0000,,it pulls down a list of the 8000 relays,
Dialogue: 0,0:03:16.31,0:03:18.38,Default,,0000,0000,0000,,and it builds a path through 3 of them
Dialogue: 0,0:03:18.38,0:03:20.84,Default,,0000,0000,0000,,so that no single relay gets to learn
Dialogue: 0,0:03:20.84,0:03:24.35,Default,,0000,0000,0000,,where you’re coming from\Nand where you’re going.
Dialogue: 0,0:03:24.35,0:03:28.44,Default,,0000,0000,0000,,And you can see up at the top\Nhere, there is a .onion address.
Dialogue: 0,0:03:28.44,0:03:32.49,Default,,0000,0000,0000,,So basically Hidden Services,\Nor Onion Services, are
Dialogue: 0,0:03:32.49,0:03:36.59,Default,,0000,0000,0000,,in your browser, in your TOR browser,\Nyou go to an alternate type of
Dialogue: 0,0:03:36.59,0:03:40.49,Default,,0000,0000,0000,,domain name, that ends in .onion,\Nand then you end up at that website.
Dialogue: 0,0:03:40.49,0:03:44.38,Default,,0000,0000,0000,,So here’s an example of\Na riseup.net website,
Dialogue: 0,0:03:44.38,0:03:47.76,Default,,0000,0000,0000,,which we are reaching using\Nthe onion address for it
Dialogue: 0,0:03:47.76,0:03:53.14,Default,,0000,0000,0000,,rather than black.riseup.net.
Dialogue: 0,0:03:53.14,0:03:57.28,Default,,0000,0000,0000,,Okay, so, I talked about the building\Nblock before, how you use TOR normally
Dialogue: 0,0:03:57.28,0:04:01.37,Default,,0000,0000,0000,,to build a 3-hop circuit through the\Nnetwork. Once you have that building block,
Dialogue: 0,0:04:01.37,0:04:03.85,Default,,0000,0000,0000,,then you can glue two of them together.
Dialogue: 0,0:04:03.85,0:04:08.14,Default,,0000,0000,0000,,So you’ve got Alice over here,\Nconnecting into the TOR network,
Dialogue: 0,0:04:08.14,0:04:11.33,Default,,0000,0000,0000,,and you’ve got Bob, the website,\Nconnecting into the TOR network,
Dialogue: 0,0:04:11.33,0:04:12.95,Default,,0000,0000,0000,,and they rendez-vous in the middle.
Dialogue: 0,0:04:12.95,0:04:16.51,Default,,0000,0000,0000,,So Alice is getting her anonymity,\Nher 3 hops inside TOR,
Dialogue: 0,0:04:16.51,0:04:19.70,Default,,0000,0000,0000,,Bob is getting his anonymity,\Nhis 3 hops inside of TOR,
Dialogue: 0,0:04:19.70,0:04:21.09,Default,,0000,0000,0000,,and they meet in the middle.
Dialogue: 0,0:04:21.09,0:04:25.52,Default,,0000,0000,0000,,So Alice doesn’t know where Bob is,\NBob doesn’t know where Alice is,
Dialogue: 0,0:04:25.52,0:04:27.97,Default,,0000,0000,0000,,and the point in the middle\Ndoesn’t know either of them,
Dialogue: 0,0:04:27.97,0:04:32.03,Default,,0000,0000,0000,,yet they can reach each other, and\Nget some cool security properties.
Dialogue: 0,0:04:32.03,0:04:34.53,Default,,0000,0000,0000,,So, some of these cool\Nsecurity properties:
Dialogue: 0,0:04:34.53,0:04:37.61,Default,,0000,0000,0000,,One of the really cool ones is that\Nthat .onion name that you saw
Dialogue: 0,0:04:37.61,0:04:41.83,Default,,0000,0000,0000,,with the base32
Dialogue: 0,0:04:41.83,0:04:44.33,Default,,0000,0000,0000,,big pile of 16 characters,
Dialogue: 0,0:04:44.33,0:04:48.31,Default,,0000,0000,0000,,that is the hash of the public\Nkey which is the Onion Service,
Dialogue: 0,0:04:48.31,0:04:51.77,Default,,0000,0000,0000,,which is the Onion address.\NSo they’re self-authenticating, meaning
Dialogue: 0,0:04:51.77,0:04:54.33,Default,,0000,0000,0000,,if I have the right onion address,
Dialogue: 0,0:04:54.33,0:04:57.41,Default,,0000,0000,0000,,I can be sure that I’m\Nconnecting to the website,
Dialogue: 0,0:04:57.41,0:05:00.29,Default,,0000,0000,0000,,to the service, that’s\Nassociated with that key.
Dialogue: 0,0:05:00.29,0:05:03.03,Default,,0000,0000,0000,,So I don’t need some sort\Nof Certificate Authority model
Dialogue: 0,0:05:03.03,0:05:06.34,Default,,0000,0000,0000,,where I trust Turkish\NTelecom to not lie to me.
Dialogue: 0,0:05:06.34,0:05:09.63,Default,,0000,0000,0000,,It’s all built-in, self-authenticating,
Dialogue: 0,0:05:09.63,0:05:11.90,Default,,0000,0000,0000,,I don’t need any external resources
Dialogue: 0,0:05:11.90,0:05:15.79,Default,,0000,0000,0000,,to convince myself that I’m\Ngoing to the right place.
Dialogue: 0,0:05:15.79,0:05:19.21,Default,,0000,0000,0000,,Along with that, is, they’re\Nend-to-end encrypted.
Dialogue: 0,0:05:19.21,0:05:22.97,Default,,0000,0000,0000,,So I know that nobody\Nbetween my TOR client
Dialogue: 0,0:05:22.97,0:05:26.08,Default,,0000,0000,0000,,and the TOR client on the\NService side is able to read,
Dialogue: 0,0:05:26.08,0:05:28.95,Default,,0000,0000,0000,,or intercept, or \Nman-in-the-middle the traffic.
Dialogue: 0,0:05:28.95,0:05:31.70,Default,,0000,0000,0000,,So there are some other\Ninteresting features also,
Dialogue: 0,0:05:31.70,0:05:34.51,Default,,0000,0000,0000,,one of them is the NAT punching feature.
Dialogue: 0,0:05:34.51,0:05:37.13,Default,,0000,0000,0000,,If you offer an Onion Service,
Dialogue: 0,0:05:37.13,0:05:40.27,Default,,0000,0000,0000,,there’s no reason to allow\Nincoming connections to it.
Dialogue: 0,0:05:40.27,0:05:44.45,Default,,0000,0000,0000,,So I can run an Onion Service\Ndeep inside the corporate firewall,
Dialogue: 0,0:05:44.45,0:05:48.50,Default,,0000,0000,0000,,or behind Comcast’s firewall,\Nor wherever I want to,
Dialogue: 0,0:05:48.50,0:05:50.48,Default,,0000,0000,0000,,and people are able to reach it.
Dialogue: 0,0:05:50.48,0:05:54.52,Default,,0000,0000,0000,,So there are a lot of people from\Nthe systems administration side
Dialogue: 0,0:05:54.52,0:06:00.76,Default,,0000,0000,0000,,who say: “I’m going to offer an Onion\Naddress for my home SSH server,
Dialogue: 0,0:06:00.76,0:06:04.09,Default,,0000,0000,0000,,and now the only way that I can\Nconnect back into my home box
Dialogue: 0,0:06:04.09,0:06:07.95,Default,,0000,0000,0000,,is via the TOR network.\NI get end-to-end encryption,
Dialogue: 0,0:06:07.95,0:06:11.57,Default,,0000,0000,0000,,I get self-authentication,\Nand there’s no other way in.
Dialogue: 0,0:06:11.57,0:06:14.52,Default,,0000,0000,0000,,I just firewall all incoming connections
Dialogue: 0,0:06:14.52,0:06:18.47,Default,,0000,0000,0000,,and so the only surface area\Nthat I expose to the world
Dialogue: 0,0:06:18.47,0:06:22.28,Default,,0000,0000,0000,,is, if you’re using my onion\Naddress, you reach my SSH port.
Dialogue: 0,0:06:22.28,0:06:24.91,Default,,0000,0000,0000,,I don’t allow any other\Npackets in of any sort.”
Dialogue: 0,0:06:24.91,0:06:28.90,Default,,0000,0000,0000,,So that’s a cool example\Nof how security people
Dialogue: 0,0:06:28.90,0:06:31.63,Default,,0000,0000,0000,,use Onion Services.
Dialogue: 0,0:06:31.63,0:06:35.72,Default,,0000,0000,0000,,George: So, hello, we have some\Nstatistics for you to show you,
Dialogue: 0,0:06:35.72,0:06:39.49,Default,,0000,0000,0000,,to give you an idea of the\Ncurrent maturity of the system.
Dialogue: 0,0:06:39.49,0:06:43.79,Default,,0000,0000,0000,,We got these statistics by asking\Nrelays to send us information
Dialogue: 0,0:06:43.79,0:06:47.27,Default,,0000,0000,0000,,about the Hidden Service\Nactivity they see.
Dialogue: 0,0:06:47.27,0:06:50.19,Default,,0000,0000,0000,,Only a small fraction of relays\Nis reporting these statistics,
Dialogue: 0,0:06:50.19,0:06:53.89,Default,,0000,0000,0000,,so we extrapolate\Nfrom this small fraction.
Dialogue: 0,0:06:53.89,0:06:57.53,Default,,0000,0000,0000,,So that’s why these statistics can\Nhave lots of ups and downs,
Dialogue: 0,0:06:57.53,0:07:00.97,Default,,0000,0000,0000,,and noise, and everything, but anyway,\Nthey can give you a basic idea.
Dialogue: 0,0:07:00.97,0:07:04.96,Default,,0000,0000,0000,,So, this first statistic is the number of\NHidden Services on the network,
Dialogue: 0,0:07:04.96,0:07:10.18,Default,,0000,0000,0000,,and you can see that it’s about\N30.000 Hidden Services, give or take,
Dialogue: 0,0:07:10.18,0:07:15.01,Default,,0000,0000,0000,,and it’s a pretty small number if you\Ncompare it to the whole Internet,
Dialogue: 0,0:07:15.01,0:07:19.46,Default,,0000,0000,0000,,I don’t even know, it’s basically\Nin the early adoption stages.
Dialogue: 0,0:07:19.46,0:07:22.43,Default,,0000,0000,0000,,And we also have\Nanother statistic, this one,
Dialogue: 0,0:07:22.43,0:07:28.37,Default,,0000,0000,0000,,which is the traffic that the Hidden\NServices are generating, basically.
Dialogue: 0,0:07:28.37,0:07:32.79,Default,,0000,0000,0000,,On the top, you can see the total traffic\Nthat the whole network is pushing.
Dialogue: 0,0:07:32.79,0:07:36.41,Default,,0000,0000,0000,,It’s about, I don’t know, 60.000 megabits,
Dialogue: 0,0:07:36.41,0:07:39.85,Default,,0000,0000,0000,,and the bottom graph is the\NHidden-Service-specific traffic,
Dialogue: 0,0:07:39.85,0:07:42.46,Default,,0000,0000,0000,,and you can see that\Nit’s like 1000 megabits.
Dialogue: 0,0:07:42.46,0:07:45.75,Default,,0000,0000,0000,,Like, a very small\Nfraction, basically. So,
Dialogue: 0,0:07:45.75,0:07:50.23,Default,,0000,0000,0000,,Hidden Services are still a\Nvery small part of TOR. And,
Dialogue: 0,0:07:50.23,0:07:54.18,Default,,0000,0000,0000,,if you don’t understand this\Nnumber thing very well,
Dialogue: 0,0:07:54.18,0:07:58.17,Default,,0000,0000,0000,,we did some calculations and stuff,\Nand we have this new figure for you,
Dialogue: 0,0:07:58.17,0:08:02.92,Default,,0000,0000,0000,,which is that basically 5% of\Nclient traffic is Hidden Services.
Dialogue: 0,0:08:02.92,0:08:06.71,Default,,0000,0000,0000,,From the whole TOR, 5% is\NHidden Services, basically.
Dialogue: 0,0:08:06.71,0:08:10.35,Default,,0000,0000,0000,,You can handle this as you want.
Dialogue: 0,0:08:10.35,0:08:14.33,Default,,0000,0000,0000,,So, and, we did this whole\Nthing like a year ago,
Dialogue: 0,0:08:14.33,0:08:19.37,Default,,0000,0000,0000,,and we spent lots of time like figuring\Nout how to collect statistics,
Dialogue: 0,0:08:19.37,0:08:22.18,Default,,0000,0000,0000,,how to get from the values\Nthemselves to those graphs,
Dialogue: 0,0:08:22.18,0:08:26.73,Default,,0000,0000,0000,,how to obfuscate the statistics in\Nsuch a way that we don’t reveal
Dialogue: 0,0:08:26.73,0:08:29.59,Default,,0000,0000,0000,,any information about any clients,
Dialogue: 0,0:08:29.59,0:08:34.17,Default,,0000,0000,0000,,and we wrote a tech report about\Nit, that you can find in this link
Dialogue: 0,0:08:34.17,0:08:38.33,Default,,0000,0000,0000,,if you’re interested in looking more\N[at] how the whole thing works,
Dialogue: 0,0:08:38.33,0:08:43.10,Default,,0000,0000,0000,,and we even wrote a proposal, so if you\Ngoogle for TOR Project, proposal 238,
Dialogue: 0,0:08:43.10,0:08:49.50,Default,,0000,0000,0000,,you can find more information,\Nand, yeah, that’s it.
Dialogue: 0,0:08:51.14,0:08:54.93,Default,,0000,0000,0000,,Roger: Okay, so, how did\Nthis whole thing start?
Dialogue: 0,0:08:54.93,0:08:57.77,Default,,0000,0000,0000,,We’re going to go through a\Ncouple of years at the beginning.
Dialogue: 0,0:08:57.77,0:09:01.32,Default,,0000,0000,0000,,In 2004, I wrote the original\NHidden Service code,
Dialogue: 0,0:09:01.32,0:09:03.51,Default,,0000,0000,0000,,and I basically wrote it as a toy.
Dialogue: 0,0:09:03.51,0:09:06.85,Default,,0000,0000,0000,,It was an example: “We\Nhave this thing called TOR,
Dialogue: 0,0:09:06.85,0:09:09.70,Default,,0000,0000,0000,,and use it as a building\Nblock, look what we can do!
Dialogue: 0,0:09:09.70,0:09:12.29,Default,,0000,0000,0000,,We can connect 2 TOR circuits together,
Dialogue: 0,0:09:12.29,0:09:16.13,Default,,0000,0000,0000,,and then you can run a service like this.”
Dialogue: 0,0:09:16.13,0:09:18.86,Default,,0000,0000,0000,,Basically nobody used it for a few years.
Dialogue: 0,0:09:18.86,0:09:21.42,Default,,0000,0000,0000,,One of my friends set\Nup a hidden wiki where,
Dialogue: 0,0:09:21.42,0:09:24.50,Default,,0000,0000,0000,,if you run an Onion Service,\Nthen you can go to the wiki,
Dialogue: 0,0:09:24.50,0:09:26.97,Default,,0000,0000,0000,,and sign up your address\Nso that people can find it.
Dialogue: 0,0:09:26.97,0:09:30.93,Default,,0000,0000,0000,,And there were some example services.\NBut for the first couple of years,
Dialogue: 0,0:09:30.93,0:09:34.88,Default,,0000,0000,0000,,it basically wasn’t used,\Nwasn’t interesting.
Dialogue: 0,0:09:34.88,0:09:39.63,Default,,0000,0000,0000,,The first really interesting use\Ncase was the Zyprexa documents.
Dialogue: 0,0:09:39.63,0:09:42.25,Default,,0000,0000,0000,,So this was in 2005, 2006.
Dialogue: 0,0:09:42.25,0:09:45.97,Default,,0000,0000,0000,,There’s a huge pharmaceutical\Ncompany called Eli Lilly
Dialogue: 0,0:09:45.97,0:09:50.40,Default,,0000,0000,0000,,and they have an antipsychotic\Ndrug called Zyprexa
Dialogue: 0,0:09:50.40,0:09:54.36,Default,,0000,0000,0000,,and it turns out that it was\Ngiving people diabetes
Dialogue: 0,0:09:54.36,0:09:57.86,Default,,0000,0000,0000,,and harming them, and killing\Nthem, and they knew about it.
Dialogue: 0,0:09:57.86,0:10:01.64,Default,,0000,0000,0000,,And somebody leaked 11.000\Ndocuments onto the Internet
Dialogue: 0,0:10:01.64,0:10:04.76,Default,,0000,0000,0000,,showing that this drug\Ncompany knew about the fact
Dialogue: 0,0:10:04.76,0:10:07.20,Default,,0000,0000,0000,,that they were harming their customers.
Dialogue: 0,0:10:07.20,0:10:11.28,Default,,0000,0000,0000,,And of course the drug company sent\Na cease and desist to the website,
Dialogue: 0,0:10:11.28,0:10:13.86,Default,,0000,0000,0000,,and it went away, and it\Ncame up somewhere else,
Dialogue: 0,0:10:13.86,0:10:16.36,Default,,0000,0000,0000,,and they sent a cease and desist,\Nand it was bouncing around,
Dialogue: 0,0:10:16.36,0:10:20.68,Default,,0000,0000,0000,,and suddenly somebody set up a TOR\NHidden Service with all of the documents,
Dialogue: 0,0:10:20.68,0:10:25.13,Default,,0000,0000,0000,,and Eli Lilly had no idea how to send\Na cease and desist to that address,
Dialogue: 0,0:10:25.13,0:10:27.83,Default,,0000,0000,0000,,and a lot of people were able to read
Dialogue: 0,0:10:27.83,0:10:31.16,Default,,0000,0000,0000,,the corruption and problems\Nwith this drug company.
Dialogue: 0,0:10:31.16,0:10:34.97,Default,,0000,0000,0000,,So that was… on the one hand, yay!
Dialogue: 0,0:10:34.97,0:10:39.11,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:10:39.11,0:10:43.14,Default,,0000,0000,0000,,On the one hand, that’s really cool. Here\Nwe are, we have a censorship-resistant
Dialogue: 0,0:10:43.14,0:10:46.86,Default,,0000,0000,0000,,privacy thing, somebody\Nused it to get information out
Dialogue: 0,0:10:46.86,0:10:51.28,Default,,0000,0000,0000,,about a huge company that\Nwas hurting people, great!
Dialogue: 0,0:10:51.28,0:10:55.50,Default,,0000,0000,0000,,On the other hand, it set\Nus up where ever after,
Dialogue: 0,0:10:55.50,0:10:57.80,Default,,0000,0000,0000,,people looked at Hidden Services and said:
Dialogue: 0,0:10:57.80,0:11:01.43,Default,,0000,0000,0000,,“Well, how do I find a document\Nthat some large organization’s
Dialogue: 0,0:11:01.43,0:11:06.14,Default,,0000,0000,0000,,going to be angry about? I’m going\Nto set up a website for leaking things,
Dialogue: 0,0:11:06.14,0:11:10.19,Default,,0000,0000,0000,,I’m gonna set up a website for something\Nelse that the Man wants to shut down.”
Dialogue: 0,0:11:10.19,0:11:13.74,Default,,0000,0000,0000,,So the first example of\NHidden Services pointed us
Dialogue: 0,0:11:13.74,0:11:17.56,Default,,0000,0000,0000,,in a direction where, after\Nthat, a lot of people
Dialogue: 0,0:11:17.56,0:11:22.41,Default,,0000,0000,0000,,thought that that’s what\NHidden Services were about.
Dialogue: 0,0:11:22.41,0:11:24.55,Default,,0000,0000,0000,,So, that leads to the next year,
Dialogue: 0,0:11:24.55,0:11:28.36,Default,,0000,0000,0000,,Wikileaks set up a Hidden Service\Nfor their submission engine,
Dialogue: 0,0:11:28.36,0:11:32.24,Default,,0000,0000,0000,,and it’s not that they wanted to\Nhide the location of the server.
Dialogue: 0,0:11:32.24,0:11:35.68,Default,,0000,0000,0000,,The server was in Sweden, everybody\Nknew the server was in Sweden.
Dialogue: 0,0:11:35.68,0:11:40.09,Default,,0000,0000,0000,,But they wanted to give extra security\Nto users who were trying to get there.
Dialogue: 0,0:11:40.09,0:11:44.77,Default,,0000,0000,0000,,One of the really interesting properties\Nthat they used from Hidden Services
Dialogue: 0,0:11:44.77,0:11:48.08,Default,,0000,0000,0000,,is the fact that if you\Ngo to the .onion site
Dialogue: 0,0:11:48.08,0:11:51.57,Default,,0000,0000,0000,,from your normal browser,\Nit totally doesn’t work.
Dialogue: 0,0:11:51.57,0:11:54.02,Default,,0000,0000,0000,,And this was a security feature for them.
Dialogue: 0,0:11:54.02,0:11:57.84,Default,,0000,0000,0000,,Because they wanted to make\Nsure that if you’re a leaker,
Dialogue: 0,0:11:57.84,0:12:00.77,Default,,0000,0000,0000,,and you’re doing it wrong,\Nyou’re configuring things wrong,
Dialogue: 0,0:12:00.77,0:12:02.35,Default,,0000,0000,0000,,then it totally fails from the beginning.
Dialogue: 0,0:12:02.35,0:12:06.43,Default,,0000,0000,0000,,They wanted to completely remove\Nthe chance that you accidentally think
Dialogue: 0,0:12:06.43,0:12:09.75,Default,,0000,0000,0000,,that you’re using TOR\Ncorrectly and being safe
Dialogue: 0,0:12:09.75,0:12:12.54,Default,,0000,0000,0000,,when actually you screwed\Nup and you’re not using TOR.
Dialogue: 0,0:12:12.54,0:12:15.33,Default,,0000,0000,0000,,So they wanted to use Onion Services
Dialogue: 0,0:12:15.33,0:12:18.05,Default,,0000,0000,0000,,as another layer of security for the user,
Dialogue: 0,0:12:18.05,0:12:21.28,Default,,0000,0000,0000,,to protect the user from screwing up.
Dialogue: 0,0:12:21.28,0:12:24.100,Default,,0000,0000,0000,,Now fast forward a couple of more years,\Nthere’s another organization in Italy
Dialogue: 0,0:12:24.100,0:12:28.94,Default,,0000,0000,0000,,called GlobaLeaks, where they’ve\Nset up basically a mechanism where,
Dialogue: 0,0:12:28.94,0:12:31.59,Default,,0000,0000,0000,,if you have something you\Nwant to share with the world,
Dialogue: 0,0:12:31.59,0:12:35.83,Default,,0000,0000,0000,,then you can be connected to a journalist\Nthrough this GlobaLeaks platform.
Dialogue: 0,0:12:35.83,0:12:40.20,Default,,0000,0000,0000,,And they actually have been\Ngoing around to governments,
Dialogue: 0,0:12:40.20,0:12:43.11,Default,,0000,0000,0000,,convincing them to set\Nup GlobaLeaks platforms.
Dialogue: 0,0:12:43.11,0:12:45.29,Default,,0000,0000,0000,,So they’ve gone to the Italian government,
Dialogue: 0,0:12:45.29,0:12:48.18,Default,,0000,0000,0000,,they’ve gone to the Philippine government,
Dialogue: 0,0:12:48.18,0:12:51.67,Default,,0000,0000,0000,,and basically they say:\N“Look, this is a way for you
Dialogue: 0,0:12:51.67,0:12:54.69,Default,,0000,0000,0000,,to report on corruption,\Nto hear about corruption
Dialogue: 0,0:12:54.69,0:12:57.99,Default,,0000,0000,0000,,inside your country.” Now, if you\Ngo to a government, and you say:
Dialogue: 0,0:12:57.99,0:13:01.41,Default,,0000,0000,0000,,“I hear there is corruption,\Nhere’s a way to report on it.”
Dialogue: 0,0:13:01.41,0:13:04.25,Default,,0000,0000,0000,,not everybody in the government\Nwill be happy with that.
Dialogue: 0,0:13:04.25,0:13:08.33,Default,,0000,0000,0000,,But one of the features is,\Nyou can very easily say:
Dialogue: 0,0:13:08.33,0:13:12.11,Default,,0000,0000,0000,,“Can you help me set up an\Nanti-corruption whistleblowing site
Dialogue: 0,0:13:12.11,0:13:16.74,Default,,0000,0000,0000,,for the country next door? I would be\Nhappy to… you know they’ve got corruption,
Dialogue: 0,0:13:16.74,0:13:19.84,Default,,0000,0000,0000,,so how about they provide\Nthe corruption site?”
Dialogue: 0,0:13:19.84,0:13:23.68,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:13:23.68,0:13:27.00,Default,,0000,0000,0000,,So it’s really cool that GlobaLeaks\Nis playing the political game,
Dialogue: 0,0:13:27.00,0:13:33.23,Default,,0000,0000,0000,,trying to demonstrate that making\Nthese things public is worthwhile.
Dialogue: 0,0:13:33.23,0:13:37.14,Default,,0000,0000,0000,,And, of course, here’s a picture of a\Ncute cat, we have to have one of those,
Dialogue: 0,0:13:37.14,0:13:41.83,Default,,0000,0000,0000,,and WildLeaks is a really\Ngood example of a positive,
Dialogue: 0,0:13:41.83,0:13:46.44,Default,,0000,0000,0000,,I mean, this is a way where if you\Nsee somebody killing a rhinoceros
Dialogue: 0,0:13:46.44,0:13:49.40,Default,,0000,0000,0000,,or elephant or something in\NAfrica, and you know about it,
Dialogue: 0,0:13:49.40,0:13:51.82,Default,,0000,0000,0000,,upload it to WildLeaks, and\Nthen they can learn more
Dialogue: 0,0:13:51.82,0:13:55.78,Default,,0000,0000,0000,,about poaching and\Nextinction events and so on.
Dialogue: 0,0:13:55.78,0:13:59.75,Default,,0000,0000,0000,,So, it’s hard to argue with anti-poaching,
Dialogue: 0,0:13:59.75,0:14:02.79,Default,,0000,0000,0000,,anti-corruption sites like that.
Dialogue: 0,0:14:02.79,0:14:06.97,Default,,0000,0000,0000,,And that moves us to SecureDrop,\Nthere’s a group in the US
Dialogue: 0,0:14:06.97,0:14:10.82,Default,,0000,0000,0000,,that is working on another\Nexample of how to connect
Dialogue: 0,0:14:10.82,0:14:14.74,Default,,0000,0000,0000,,people with interesting information\Nto journalists who want to write about it.
Dialogue: 0,0:14:14.74,0:14:17.72,Default,,0000,0000,0000,,And they’ve actually connected\Nwith the New Yorker and a lot of
Dialogue: 0,0:14:17.72,0:14:21.31,Default,,0000,0000,0000,,high-profile newspapers,
Dialogue: 0,0:14:21.31,0:14:26.28,Default,,0000,0000,0000,,to be able to provide a way for people\Nto securely provide information
Dialogue: 0,0:14:26.28,0:14:31.89,Default,,0000,0000,0000,,to those journalists. And they say that\Nit has been used in high-profile events,
Dialogue: 0,0:14:31.89,0:14:34.42,Default,,0000,0000,0000,,and they won’t tell us which\Nevents, which is great!
Dialogue: 0,0:14:34.42,0:14:38.07,Default,,0000,0000,0000,,That’s exactly how it’s\Nsupposed to work.
Dialogue: 0,0:14:38.07,0:14:42.97,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:14:42.97,0:14:45.98,Default,,0000,0000,0000,,David: Hello. So, continuing\Nour timeline here,
Dialogue: 0,0:14:45.98,0:14:49.71,Default,,0000,0000,0000,,this very cool thing happened\Nin 2014, where Aphex Twin,
Dialogue: 0,0:14:49.71,0:14:53.03,Default,,0000,0000,0000,,this electronic experimental guy,
Dialogue: 0,0:14:53.03,0:14:56.71,Default,,0000,0000,0000,,released his album Syro through\Nan onion address on Twitter,
Dialogue: 0,0:14:56.71,0:14:59.92,Default,,0000,0000,0000,,and he got 4.000 Retweets.\NSo we encourage you guys
Dialogue: 0,0:14:59.92,0:15:04.16,Default,,0000,0000,0000,,to consider this method\Nof releasing all your stuff,
Dialogue: 0,0:15:04.16,0:15:09.28,Default,,0000,0000,0000,,and the complementary ways to\Nrelease it would be the open web.
Dialogue: 0,0:15:09.28,0:15:11.91,Default,,0000,0000,0000,,So, onion addresses.
Dialogue: 0,0:15:11.91,0:15:16.10,Default,,0000,0000,0000,,Following that, we got\NBlockchain, recently,
Dialogue: 0,0:15:16.10,0:15:19.56,Default,,0000,0000,0000,,in 2014, let’s say two years ago.
Dialogue: 0,0:15:19.56,0:15:22.26,Default,,0000,0000,0000,,They discovered that\Nfor security concerns,
Dialogue: 0,0:15:22.26,0:15:25.74,Default,,0000,0000,0000,,when you’re using TOR, the exit nodes,
Dialogue: 0,0:15:25.74,0:15:27.69,Default,,0000,0000,0000,,some exit nodes, and malicious exit nodes,
Dialogue: 0,0:15:27.69,0:15:30.72,Default,,0000,0000,0000,,were rewriting the Bitcoin addresses.
Dialogue: 0,0:15:30.72,0:15:32.88,Default,,0000,0000,0000,,So for security concerns, they changed…
Dialogue: 0,0:15:32.88,0:15:37.26,Default,,0000,0000,0000,,if you go… you come to\Nblockchain.info from TOR,
Dialogue: 0,0:15:37.26,0:15:39.08,Default,,0000,0000,0000,,they tell you to use the onion address
Dialogue: 0,0:15:39.08,0:15:42.25,Default,,0000,0000,0000,,so you get all the fancy properties\Nof end-to-end encryption,
Dialogue: 0,0:15:42.25,0:15:44.56,Default,,0000,0000,0000,,and so on, and so forth.
Dialogue: 0,0:15:44.56,0:15:50.26,Default,,0000,0000,0000,,As of still today, we know\Nthat malicious exit nodes exist,
Dialogue: 0,0:15:50.26,0:15:53.57,Default,,0000,0000,0000,,and they do rewrite Bitcoin addresses.
Dialogue: 0,0:15:53.57,0:15:55.95,Default,,0000,0000,0000,,Don’t be alarmed, it’s not like HAL3000’s,
Dialogue: 0,0:15:55.95,0:16:00.47,Default,,0000,0000,0000,,the thing is that, we at the TOR\NProject are actively monitoring
Dialogue: 0,0:16:00.47,0:16:05.01,Default,,0000,0000,0000,,the network at the exit nodes
Dialogue: 0,0:16:05.01,0:16:07.01,Default,,0000,0000,0000,,for these kinds of craziness.
Dialogue: 0,0:16:07.01,0:16:10.59,Default,,0000,0000,0000,,And we need more help from\Neveryone, from the community,
Dialogue: 0,0:16:10.59,0:16:13.01,Default,,0000,0000,0000,,to find those, so we can block them,
Dialogue: 0,0:16:13.01,0:16:15.75,Default,,0000,0000,0000,,remove them, so fuck\Nthose. Fuck those guys.
Dialogue: 0,0:16:15.75,0:16:20.88,Default,,0000,0000,0000,,And Blockchain took action\Nwith Onion Services. So, great.
Dialogue: 0,0:16:20.88,0:16:23.87,Default,,0000,0000,0000,,Roger: And Facebook set up a\NHidden Service recently as well,
Dialogue: 0,0:16:23.87,0:16:26.22,Default,,0000,0000,0000,,an onion address for their website.
Dialogue: 0,0:16:26.22,0:16:28.97,Default,,0000,0000,0000,,So, the first thing many of\Nyou might be thinking is:
Dialogue: 0,0:16:28.97,0:16:33.12,Default,,0000,0000,0000,,“Wait a minute, I don’t understand,\NFacebook is a website on the Internet,
Dialogue: 0,0:16:33.12,0:16:36.39,Default,,0000,0000,0000,,why do they need a Hidden Service,\Nwhy do they need an onion address?”
Dialogue: 0,0:16:36.39,0:16:41.63,Default,,0000,0000,0000,,So, the first answer is, they worry\Nabout users in interesting countries.
Dialogue: 0,0:16:41.63,0:16:45.99,Default,,0000,0000,0000,,Say you’ve got a Facebook user in\NTurkey or Tunisia or something like that,
Dialogue: 0,0:16:45.99,0:16:47.58,Default,,0000,0000,0000,,and they try to go to Facebook,
Dialogue: 0,0:16:47.58,0:16:51.10,Default,,0000,0000,0000,,and the local DNS server lies to them\Nand sends them somewhere else,
Dialogue: 0,0:16:51.10,0:16:55.39,Default,,0000,0000,0000,,or Turkish Telecom, which is a certificate\Nauthority that everybody trusts,
Dialogue: 0,0:16:55.39,0:16:57.53,Default,,0000,0000,0000,,ends up pretending to be Facebook.
Dialogue: 0,0:16:57.53,0:17:00.38,Default,,0000,0000,0000,,You man-in-the-middle them,\Nnow there’s certificate pinning
Dialogue: 0,0:17:00.38,0:17:03.69,Default,,0000,0000,0000,,and other challenges like that,\Nand maybe those are good starts.
Dialogue: 0,0:17:03.69,0:17:07.72,Default,,0000,0000,0000,,But wouldn’t it be cool just to skip the\Nwhole certificate authority infrastructure
Dialogue: 0,0:17:07.72,0:17:12.05,Default,,0000,0000,0000,,and say “Here’s an address”, where\Nif you go to this in your TOR Browser,
Dialogue: 0,0:17:12.05,0:17:14.67,Default,,0000,0000,0000,,you don’t have to worry\Nabout PGP hijacking,
Dialogue: 0,0:17:14.67,0:17:16.95,Default,,0000,0000,0000,,you don’t have to worry\Nabout certificate authorities,
Dialogue: 0,0:17:16.95,0:17:20.40,Default,,0000,0000,0000,,you don’t have to worry about DNS,\Nit’s all inside the TOR network,
Dialogue: 0,0:17:20.40,0:17:23.38,Default,,0000,0000,0000,,and it takes care of the security\Nproperties I talked about before.
Dialogue: 0,0:17:23.38,0:17:26.42,Default,,0000,0000,0000,,So, that’s a really cool\Nway that they can switch.
Dialogue: 0,0:17:26.42,0:17:29.07,Default,,0000,0000,0000,,I was talking to one of the\NFacebook people earlier.
Dialogue: 0,0:17:29.07,0:17:33.81,Default,,0000,0000,0000,,He doesn’t want me to tell the number of\Nusers who are using Facebook over TOR,
Dialogue: 0,0:17:33.81,0:17:37.76,Default,,0000,0000,0000,,but it’s many hundreds of thousands.\NIt’s a shockingly high number of users.
Dialogue: 0,0:17:37.76,0:17:41.71,Default,,0000,0000,0000,,So, wouldn’t it be cool if we\Ncan switch many of those users
Dialogue: 0,0:17:41.71,0:17:44.83,Default,,0000,0000,0000,,from connecting to Facebook.com over TOR,
Dialogue: 0,0:17:44.83,0:17:47.06,Default,,0000,0000,0000,,to connecting to Facebook’s onion address,
Dialogue: 0,0:17:47.06,0:17:50.55,Default,,0000,0000,0000,,and then reduce the\Nload on the exit relays,
Dialogue: 0,0:17:50.55,0:17:53.75,Default,,0000,0000,0000,,so that it’s faster and\Neasier and scales better
Dialogue: 0,0:17:53.75,0:17:59.22,Default,,0000,0000,0000,,for the people connecting to websites\Nthat aren’t onion addresses?
Dialogue: 0,0:17:59.22,0:18:02.38,Default,,0000,0000,0000,,So, I was thinking about\Nthis at the very beginning
Dialogue: 0,0:18:02.38,0:18:04.89,Default,,0000,0000,0000,,and I was thinking: “Wait\Na minute, I don’t get it,
Dialogue: 0,0:18:04.89,0:18:08.29,Default,,0000,0000,0000,,Facebook has an onion address,\Nbut they have a real address,
Dialogue: 0,0:18:08.29,0:18:11.98,Default,,0000,0000,0000,,why do we need the other one?”\NAnd then I was thinking back.
Dialogue: 0,0:18:11.98,0:18:15.29,Default,,0000,0000,0000,,So, you remember 10 years ago,\Nwhen people were running websites
Dialogue: 0,0:18:15.29,0:18:18.32,Default,,0000,0000,0000,,and the administrator on the website said:
Dialogue: 0,0:18:18.32,0:18:22.71,Default,,0000,0000,0000,,“I don’t need to offer HTTPS for\Nmy website, because my users…”
Dialogue: 0,0:18:22.71,0:18:26.19,Default,,0000,0000,0000,,and then they had some bullshit excuse\Nabout how their users didn’t need security
Dialogue: 0,0:18:26.19,0:18:29.25,Default,,0000,0000,0000,,or didn’t need encryption,\Nor something like that.
Dialogue: 0,0:18:29.25,0:18:31.53,Default,,0000,0000,0000,,And now, 10 years later, we all think
Dialogue: 0,0:18:31.53,0:18:34.62,Default,,0000,0000,0000,,that the people saying: “I don’t\Nneed HTTPS for my website”…
Dialogue: 0,0:18:34.62,0:18:38.08,Default,,0000,0000,0000,,we think they’re greedy and\Nshort-sighted, and selfish,
Dialogue: 0,0:18:38.08,0:18:40.45,Default,,0000,0000,0000,,and they’re not thinking\Nabout their users.
Dialogue: 0,0:18:40.45,0:18:43.94,Default,,0000,0000,0000,,I think the Onion Service thing\Nis exactly the same thing.
Dialogue: 0,0:18:43.94,0:18:46.29,Default,,0000,0000,0000,,Right now, there are\Nplenty of people saying:
Dialogue: 0,0:18:46.29,0:18:51.01,Default,,0000,0000,0000,,“I already have HTTPS, I don’t need\Nan onion address for my website
Dialogue: 0,0:18:51.01,0:18:54.81,Default,,0000,0000,0000,,because my users…” and then\Nthey have some lame explanation.
Dialogue: 0,0:18:54.81,0:18:59.09,Default,,0000,0000,0000,,So hopefully in a couple of years,\Nit will be self-evident to everybody
Dialogue: 0,0:18:59.09,0:19:02.38,Default,,0000,0000,0000,,that users should be the ones to choose
Dialogue: 0,0:19:02.38,0:19:04.60,Default,,0000,0000,0000,,what sort of security\Nproperties they want.
Dialogue: 0,0:19:04.60,0:19:08.88,Default,,0000,0000,0000,,It shouldn’t be about what the\Nwebsite thinks the user should have.
Dialogue: 0,0:19:08.88,0:19:11.41,Default,,0000,0000,0000,,I should have the choice\Nwhen I’m going to Facebook.
Dialogue: 0,0:19:11.41,0:19:15.55,Default,,0000,0000,0000,,Do I go to the HTTP version,\Ndo I go to the HTTPS version,
Dialogue: 0,0:19:15.55,0:19:17.57,Default,,0000,0000,0000,,do I go the onion version?
Dialogue: 0,0:19:17.57,0:19:20.72,Default,,0000,0000,0000,,It should be up to me to\Ndecide what my situation is
Dialogue: 0,0:19:20.72,0:19:23.01,Default,,0000,0000,0000,,and get the security\Nproperties that I want.
Dialogue: 0,0:19:23.01,0:19:26.98,Default,,0000,0000,0000,,The other challenge here, I’ve talked\Nto some researchers a while ago
Dialogue: 0,0:19:26.98,0:19:30.95,Default,,0000,0000,0000,,who said: “I found a copy of\NFacebook on the dark web”
Dialogue: 0,0:19:30.95,0:19:33.95,Default,,0000,0000,0000,,and I was thinking: “Wait a minute,
Dialogue: 0,0:19:33.95,0:19:36.82,Default,,0000,0000,0000,,you didn’t find a copy of\NFacebook on the dark web,
Dialogue: 0,0:19:36.82,0:19:41.04,Default,,0000,0000,0000,,there’s a mechanism for securely\Ngetting to the website called Facebook,
Dialogue: 0,0:19:41.04,0:19:43.10,Default,,0000,0000,0000,,and it’s called Onion Services.
Dialogue: 0,0:19:43.10,0:19:46.83,Default,,0000,0000,0000,,There’s no separate dark web,\Nit’s about transport encryption,
Dialogue: 0,0:19:46.83,0:19:52.15,Default,,0000,0000,0000,,it’s about a way of reaching\Nthe destination more safely.”
Dialogue: 0,0:19:52.15,0:19:54.04,Default,,0000,0000,0000,,One of the other really cool things,
Dialogue: 0,0:19:54.04,0:19:56.97,Default,,0000,0000,0000,,Facebook didn’t just set\Nup an onion address,
Dialogue: 0,0:19:56.97,0:20:00.94,Default,,0000,0000,0000,,they got an HTTPS certificate\Nfor their onion address.
Dialogue: 0,0:20:00.94,0:20:03.39,Default,,0000,0000,0000,,They got an EV cert,\Nthe kind that shows you
Dialogue: 0,0:20:03.39,0:20:06.45,Default,,0000,0000,0000,,the green little bar that says:\N“This is Facebook”
Dialogue: 0,0:20:06.45,0:20:08.83,Default,,0000,0000,0000,,for their onion address.\NThey went to Digicert,
Dialogue: 0,0:20:08.83,0:20:12.96,Default,,0000,0000,0000,,and Digicert gave them an SSL certificate
Dialogue: 0,0:20:12.96,0:20:17.61,Default,,0000,0000,0000,,for their onion address, so now you can\Nget both of them at once. Which is
Dialogue: 0,0:20:17.61,0:20:22.75,Default,,0000,0000,0000,,an amazing new step that we hadn’t\Neven been thinking about at the time.
Dialogue: 0,0:20:22.75,0:20:25.42,Default,,0000,0000,0000,,So, what does this give them?\NWhy is this valuable?
Dialogue: 0,0:20:25.42,0:20:28.21,Default,,0000,0000,0000,,One of them is, on the browser side,
Dialogue: 0,0:20:28.21,0:20:31.97,Default,,0000,0000,0000,,when you’re going to an HTTPS URL,
Dialogue: 0,0:20:31.97,0:20:34.91,Default,,0000,0000,0000,,the browser knows to\Ntreat those cookies better,
Dialogue: 0,0:20:34.91,0:20:36.52,Default,,0000,0000,0000,,and to not leak certain things,
Dialogue: 0,0:20:36.52,0:20:39.63,Default,,0000,0000,0000,,and there’s all sorts of security\Nand privacy improvements
Dialogue: 0,0:20:39.63,0:20:42.39,Default,,0000,0000,0000,,that browsers do when you’re going there.
Dialogue: 0,0:20:42.39,0:20:44.52,Default,,0000,0000,0000,,And we don’t want to teach the browser
Dialogue: 0,0:20:44.52,0:20:48.55,Default,,0000,0000,0000,,that if it’s HTTPS or .onion then be safe.
Dialogue: 0,0:20:48.55,0:20:50.50,Default,,0000,0000,0000,,The other nice thing, on the server side,
Dialogue: 0,0:20:50.50,0:20:52.95,Default,,0000,0000,0000,,Facebook didn’t have to change anything.
Dialogue: 0,0:20:52.95,0:20:55.42,Default,,0000,0000,0000,,This is another way of reaching\Nthe Facebook server.
Dialogue: 0,0:20:55.42,0:20:59.47,Default,,0000,0000,0000,,That’s all there is to it.
Dialogue: 0,0:20:59.47,0:21:02.87,Default,,0000,0000,0000,,And then, another cool thing:
Dialogue: 0,0:21:02.87,0:21:08.30,Default,,0000,0000,0000,,It turns out that the only way\Nto get a wildcard EV certificate
Dialogue: 0,0:21:08.30,0:21:10.34,Default,,0000,0000,0000,,is for an onion domain.
Dialogue: 0,0:21:10.34,0:21:14.09,Default,,0000,0000,0000,,It’s actually written into, like,\Nthe certificate authority world,
Dialogue: 0,0:21:14.09,0:21:18.05,Default,,0000,0000,0000,,that there is a grand exception\Nfor onion addresses.
Dialogue: 0,0:21:18.05,0:21:22.56,Default,,0000,0000,0000,,You can’t get a wildcard EV cert\Nunless it’s for an onion address.
Dialogue: 0,0:21:22.56,0:21:26.20,Default,,0000,0000,0000,,So this is super duper\Nendorsement of Onion Services
Dialogue: 0,0:21:26.20,0:21:29.96,Default,,0000,0000,0000,,from the certificate authority people.
Dialogue: 0,0:21:29.96,0:21:35.10,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:21:35.10,0:21:37.96,Default,,0000,0000,0000,,But let’s take a step even further.
Dialogue: 0,0:21:37.96,0:21:41.50,Default,,0000,0000,0000,,Wouldn’t it be cool if we take\Nthe Let’s Encrypt project
Dialogue: 0,0:21:41.50,0:21:44.88,Default,,0000,0000,0000,,and they bundle a TOR client in
Dialogue: 0,0:21:44.88,0:21:48.11,Default,,0000,0000,0000,,with each web server that’s\Noffering the Let’s Encrypt system?
Dialogue: 0,0:21:48.11,0:21:51.95,Default,,0000,0000,0000,,So every time you sign up for Let’s\NEncrypt, you also click the button
Dialogue: 0,0:21:51.95,0:21:55.18,Default,,0000,0000,0000,,saying: “And I want an onion\Naddress for my website”,
Dialogue: 0,0:21:55.18,0:21:57.33,Default,,0000,0000,0000,,and they automatically,\Nin the same certificate…
Dialogue: 0,0:21:57.33,0:22:02.21,Default,,0000,0000,0000,,you get one for riseup.net,\Nand as an alternate name,
Dialogue: 0,0:22:02.21,0:22:05.18,Default,,0000,0000,0000,,it’s blahblahblah.onion.\NIt’s in the same certificate.
Dialogue: 0,0:22:05.18,0:22:07.71,Default,,0000,0000,0000,,So users can go to your website directly
Dialogue: 0,0:22:07.71,0:22:09.91,Default,,0000,0000,0000,,or they can go there\Nover the onion address
Dialogue: 0,0:22:09.91,0:22:12.56,Default,,0000,0000,0000,,and either way you\Nprovide the SSL certificate
Dialogue: 0,0:22:12.56,0:22:14.07,Default,,0000,0000,0000,,that keeps everybody safe.
Dialogue: 0,0:22:14.07,0:22:18.03,Default,,0000,0000,0000,,Wouldn’t it be cool if every time\Nsomebody signs up for Let’s Encrypt,
Dialogue: 0,0:22:18.03,0:22:21.58,Default,,0000,0000,0000,,they get an onion address\Nfor free for their website,
Dialogue: 0,0:22:21.58,0:22:25.84,Default,,0000,0000,0000,,so that everybody can choose how\Nthey want to reach that website?
Dialogue: 0,0:22:25.84,0:22:33.31,Default,,0000,0000,0000,,{\i1}applause, cheering{\i0}
Dialogue: 0,0:22:33.31,0:22:36.89,Default,,0000,0000,0000,,Now, there are a few problems\Nwith that. One of the big ones is,
Dialogue: 0,0:22:36.89,0:22:41.13,Default,,0000,0000,0000,,we want some way of binding\Nthe riseup.net address
Dialogue: 0,0:22:41.13,0:22:44.96,Default,,0000,0000,0000,,to the onion address,\Nso that when I go to riseup.net
Dialogue: 0,0:22:44.96,0:22:47.47,Default,,0000,0000,0000,,I know that I’m going to\Nthe correct onion address.
Dialogue: 0,0:22:47.47,0:22:50.30,Default,,0000,0000,0000,,So we need some way to vouch for them
Dialogue: 0,0:22:50.30,0:22:52.76,Default,,0000,0000,0000,,and connect them through\Nsignatures or something.
Dialogue: 0,0:22:52.76,0:22:55.52,Default,,0000,0000,0000,,It can be done, but somebody\Nneeds to work out the details.
Dialogue: 0,0:22:55.52,0:22:57.40,Default,,0000,0000,0000,,The other policy barrier is,
Dialogue: 0,0:22:57.40,0:23:00.66,Default,,0000,0000,0000,,right now, the certificate\Nauthority people
Dialogue: 0,0:23:00.66,0:23:04.07,Default,,0000,0000,0000,,say you cannot get an\Nonion address for a DV cert,
Dialogue: 0,0:23:04.07,0:23:07.60,Default,,0000,0000,0000,,the normal kind of cert.\NYou can only get it for an EV cert.
Dialogue: 0,0:23:07.60,0:23:10.58,Default,,0000,0000,0000,,And Alec over here is leading the charge
Dialogue: 0,0:23:10.58,0:23:12.57,Default,,0000,0000,0000,,to convince them that that makes no sense,
Dialogue: 0,0:23:12.57,0:23:15.78,Default,,0000,0000,0000,,so hopefully in the next couple\Nof years, with all of your help,
Dialogue: 0,0:23:15.78,0:23:17.78,Default,,0000,0000,0000,,they will realize that onion addresses are
Dialogue: 0,0:23:17.78,0:23:22.41,Default,,0000,0000,0000,,just like all the other\Naddresses in the world.
Dialogue: 0,0:23:22.41,0:23:26.08,Default,,0000,0000,0000,,Which leads to another really\Ncool feature from this year.
Dialogue: 0,0:23:26.08,0:23:31.67,Default,,0000,0000,0000,,We got IETF to publicly\Nspecify, in a real RFC,
Dialogue: 0,0:23:31.67,0:23:34.74,Default,,0000,0000,0000,,that the .onion domain is a special case,
Dialogue: 0,0:23:34.74,0:23:38.12,Default,,0000,0000,0000,,and they’re not going to give\Nit out in any other way. So…
Dialogue: 0,0:23:38.12,0:23:40.19,Default,,0000,0000,0000,,{\i1}applause{\i0}\Nyeah!
Dialogue: 0,0:23:40.19,0:23:45.72,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:23:45.72,0:23:48.85,Default,,0000,0000,0000,,So the first effect here is\Nthat we have actual approval
Dialogue: 0,0:23:48.85,0:23:53.81,Default,,0000,0000,0000,,of Onion Services from the IETF\Nand other standards committees.
Dialogue: 0,0:23:53.81,0:23:57.12,Default,,0000,0000,0000,,But the second effect, which\Nis a second-order effect, is,
Dialogue: 0,0:23:57.12,0:24:00.96,Default,,0000,0000,0000,,now we can go to the browsers,\Nand the DNS resolvers,
Dialogue: 0,0:24:00.96,0:24:04.60,Default,,0000,0000,0000,,and say, whenever you\Nsee an onion resolve,
Dialogue: 0,0:24:04.60,0:24:07.29,Default,,0000,0000,0000,,cut it right there, because you\Nknow that it’s not going into TOR,
Dialogue: 0,0:24:07.29,0:24:09.80,Default,,0000,0000,0000,,and you know that it shouldn’t\Ngo out onto the network.
Dialogue: 0,0:24:09.80,0:24:12.72,Default,,0000,0000,0000,,So now, when you’re in your\Nnormal Internet Explorer,
Dialogue: 0,0:24:12.72,0:24:15.25,Default,,0000,0000,0000,,and you accidentally click\Non an onion address,
Dialogue: 0,0:24:15.25,0:24:18.40,Default,,0000,0000,0000,,Internet Explorer knows\Nthat that’s a local address,
Dialogue: 0,0:24:18.40,0:24:20.26,Default,,0000,0000,0000,,that shouldn’t go out onto the network.
Dialogue: 0,0:24:20.26,0:24:23.23,Default,,0000,0000,0000,,So we can keep people\Nsafer, in ordinary browsers
Dialogue: 0,0:24:23.23,0:24:28.65,Default,,0000,0000,0000,,that otherwise wouldn’t\Neven care that we exist.
Dialogue: 0,0:24:28.65,0:24:32.68,Default,,0000,0000,0000,,George: OK, so, so far we’ve been talking\Nabout websites and Hidden Services,
Dialogue: 0,0:24:32.68,0:24:35.54,Default,,0000,0000,0000,,but this is not all that\NHidden Services can do.
Dialogue: 0,0:24:35.54,0:24:38.72,Default,,0000,0000,0000,,Basically, you can do any sort of TCP
Dialogue: 0,0:24:38.72,0:24:41.29,Default,,0000,0000,0000,,thing you want to do over Hidden Services.
Dialogue: 0,0:24:41.29,0:24:45.74,Default,,0000,0000,0000,,We’re going to show you a few\Nexamples of third-party applications
Dialogue: 0,0:24:45.74,0:24:47.79,Default,,0000,0000,0000,,that have been developed\Nfor Hidden Services
Dialogue: 0,0:24:47.79,0:24:50.47,Default,,0000,0000,0000,,and do various interesting things.
Dialogue: 0,0:24:50.47,0:24:54.56,Default,,0000,0000,0000,,First of all, OnionShare is\Na file transfer application
Dialogue: 0,0:24:54.56,0:24:58.74,Default,,0000,0000,0000,,where you basically download this\Nthing, and then you feed it a file,
Dialogue: 0,0:24:58.74,0:25:02.94,Default,,0000,0000,0000,,and then it exposes a HTTP\Nserver that you can,
Dialogue: 0,0:25:02.94,0:25:06.66,Default,,0000,0000,0000,,that basically hosts your file, an\Nonion address that hosts your file,
Dialogue: 0,0:25:06.66,0:25:10.30,Default,,0000,0000,0000,,and you can give that a URL, you\Ncan give that URL to your friends,
Dialogue: 0,0:25:10.30,0:25:14.35,Default,,0000,0000,0000,,and they can just put it on their TOR\NBrowser and download the file easily.
Dialogue: 0,0:25:14.35,0:25:16.63,Default,,0000,0000,0000,,It’s quite convenient, nicely made,
Dialogue: 0,0:25:16.63,0:25:20.37,Default,,0000,0000,0000,,and I think various organizations
Dialogue: 0,0:25:20.37,0:25:23.82,Default,,0000,0000,0000,,like the Intercept and stuff, are\Nusing it to transfer files internally.
Dialogue: 0,0:25:23.82,0:25:28.34,Default,,0000,0000,0000,,And it works fine so far,\Nas far as we know.
Dialogue: 0,0:25:28.34,0:25:33.22,Default,,0000,0000,0000,,Then the various Hidden Services\Nare quite good for doing messaging
Dialogue: 0,0:25:33.22,0:25:36.89,Default,,0000,0000,0000,,because basically both sides are anonymous
Dialogue: 0,0:25:36.89,0:25:40.80,Default,,0000,0000,0000,,and this gives a nice twist to\Nwhen you talk to some person
Dialogue: 0,0:25:40.80,0:25:44.06,Default,,0000,0000,0000,,and one way to do so is Ricochet,
Dialogue: 0,0:25:44.06,0:25:46.73,Default,,0000,0000,0000,,which is an application that allows you
Dialogue: 0,0:25:46.73,0:25:49.41,Default,,0000,0000,0000,,to talk one-to-one to other people.
Dialogue: 0,0:25:49.41,0:25:54.31,Default,,0000,0000,0000,,It’s decentralized, because\Nit works over Hidden Services.
Dialogue: 0,0:25:54.31,0:25:57.74,Default,,0000,0000,0000,,That’s actually quite useful,\Nbecause, for example,
Dialogue: 0,0:25:57.74,0:26:02.41,Default,,0000,0000,0000,,a few months ago, the Jabber CCC\Nserver got shut down for a few days
Dialogue: 0,0:26:02.41,0:26:04.86,Default,,0000,0000,0000,,and you couldn’t talk\Nto anyone, basically,
Dialogue: 0,0:26:04.86,0:26:07.31,Default,,0000,0000,0000,,but if you used Ricochet, you were fine,
Dialogue: 0,0:26:07.31,0:26:10.13,Default,,0000,0000,0000,,because they can shut down the CCC server
Dialogue: 0,0:26:10.13,0:26:14.49,Default,,0000,0000,0000,,but they probably can’t shut down\Nthe whole TOR network so easily.
Dialogue: 0,0:26:14.49,0:26:19.01,Default,,0000,0000,0000,,It also has a nice slick UI,\Nwhich is quite refreshing
Dialogue: 0,0:26:19.01,0:26:22.70,Default,,0000,0000,0000,,if you’re used to the usual\NUIs of the open-source world.
Dialogue: 0,0:26:22.70,0:26:25.94,Default,,0000,0000,0000,,And, anyway, you can…
Dialogue: 0,0:26:25.94,0:26:29.49,Default,,0000,0000,0000,,you can download it from\Nthat web server there.
Dialogue: 0,0:26:29.49,0:26:31.14,Default,,0000,0000,0000,,And then there is Pond,
Dialogue: 0,0:26:31.14,0:26:35.27,Default,,0000,0000,0000,,which is a more experimental\Navant-garde messaging application,
Dialogue: 0,0:26:35.27,0:26:40.54,Default,,0000,0000,0000,,which is basically a mix between\Nmessaging and mix nets.
Dialogue: 0,0:26:40.54,0:26:44.88,Default,,0000,0000,0000,,It basically uses a server which\Ndelays your messages and stuff,
Dialogue: 0,0:26:44.88,0:26:48.44,Default,,0000,0000,0000,,which makes it much harder\Nfor a network adversary
Dialogue: 0,0:26:48.44,0:26:51.29,Default,,0000,0000,0000,,to know when you’re sending\Nor receiving messages,
Dialogue: 0,0:26:51.29,0:26:55.09,Default,,0000,0000,0000,,because you also send chaff,\Nand fake traffic and stuff.
Dialogue: 0,0:26:55.09,0:26:56.71,Default,,0000,0000,0000,,It’s super-experimental,
Dialogue: 0,0:26:56.71,0:26:59.24,Default,,0000,0000,0000,,the author doesn’t even\Nwant us to really endorse it,
Dialogue: 0,0:26:59.24,0:27:04.74,Default,,0000,0000,0000,,but information is free and\Nyou can visit that website
Dialogue: 0,0:27:04.74,0:27:08.93,Default,,0000,0000,0000,,to learn more about it.
Dialogue: 0,0:27:08.93,0:27:11.79,Default,,0000,0000,0000,,David: So, there’s also,\Nfor many years now,
Dialogue: 0,0:27:11.79,0:27:15.58,Default,,0000,0000,0000,,plenty of services and tools that exist.\NGeorge just showed us some tools,
Dialogue: 0,0:27:15.58,0:27:19.34,Default,,0000,0000,0000,,but now there’s services like\NJabber, SMTP, and IMAP,
Dialogue: 0,0:27:19.34,0:27:22.64,Default,,0000,0000,0000,,from the Riseup guys, but not\Nonly Riseup, but Systemli,
Dialogue: 0,0:27:22.64,0:27:25.36,Default,,0000,0000,0000,,Autistici, and Calyx Institute for Jabber.
Dialogue: 0,0:27:25.36,0:27:28.06,Default,,0000,0000,0000,,And it’s more and more and\Nmore Jabber servers right now
Dialogue: 0,0:27:28.06,0:27:30.97,Default,,0000,0000,0000,,that are federating TOR through the Onions
Dialogue: 0,0:27:30.97,0:27:33.42,Default,,0000,0000,0000,,for server-to-server\Nand also client-to-server.
Dialogue: 0,0:27:33.42,0:27:37.14,Default,,0000,0000,0000,,And this has been around for a long time,\Nand it serves many, many, many users.
Dialogue: 0,0:27:37.14,0:27:41.02,Default,,0000,0000,0000,,I think Riseup has more than\N30.000 users on their Jabbers.
Dialogue: 0,0:27:41.02,0:27:42.94,Default,,0000,0000,0000,,Another neat thing about them is,
Dialogue: 0,0:27:42.94,0:27:47.77,Default,,0000,0000,0000,,very recently, that Debian\Ncreated their package repository
Dialogue: 0,0:27:47.77,0:27:51.69,Default,,0000,0000,0000,,and now you can use an onion address\Nto just update your Debian system.
Dialogue: 0,0:27:51.69,0:27:56.39,Default,,0000,0000,0000,,And you use this amazing package\Nwhich is apt-tor-transport and, hop!,
Dialogue: 0,0:27:56.39,0:28:01.37,Default,,0000,0000,0000,,you can update everything through an onion\Naddress, it will detect it automatically.
Dialogue: 0,0:28:01.37,0:28:04.71,Default,,0000,0000,0000,,But then, there’s also much\Nmore that happened recently.
Dialogue: 0,0:28:04.71,0:28:08.15,Default,,0000,0000,0000,,Also the GPG key servers\Nexist as an onion address.
Dialogue: 0,0:28:08.15,0:28:11.81,Default,,0000,0000,0000,,So you can update your GPG key,
Dialogue: 0,0:28:11.81,0:28:14.23,Default,,0000,0000,0000,,and download a signature,\Nand so on, and so forth,
Dialogue: 0,0:28:14.23,0:28:17.97,Default,,0000,0000,0000,,which in a way hides\Nfrom global observers,
Dialogue: 0,0:28:17.97,0:28:21.00,Default,,0000,0000,0000,,because we know they exist,\Nall your social graph
Dialogue: 0,0:28:21.00,0:28:25.53,Default,,0000,0000,0000,,because, well, you’re in an\Nend-to-end encrypted channel.
Dialogue: 0,0:28:25.53,0:28:27.82,Default,,0000,0000,0000,,Of course it can go to\NGPG servers, that’s true,
Dialogue: 0,0:28:27.82,0:28:31.93,Default,,0000,0000,0000,,but still at least on the\Nwire, it’s hidden. Very nice.
Dialogue: 0,0:28:31.93,0:28:36.21,Default,,0000,0000,0000,,Now, DuckDuckGo of course, they have\NJabbers and they also have Hidden Service.
Dialogue: 0,0:28:36.21,0:28:40.41,Default,,0000,0000,0000,,And I talked to the DuckDuckGo\Npeople a few months ago maybe,
Dialogue: 0,0:28:40.41,0:28:43.83,Default,,0000,0000,0000,,I don’t remember. But the point is,\Nthey have many, many, many users
Dialogue: 0,0:28:43.83,0:28:47.27,Default,,0000,0000,0000,,coming through their onion\Naddresses. The Pirate Bay also.
Dialogue: 0,0:28:47.27,0:28:51.90,Default,,0000,0000,0000,,So, the point of all this is that,\Nwith Facebook and Blockchain,
Dialogue: 0,0:28:51.90,0:28:55.29,Default,,0000,0000,0000,,and all those we’ve seen\N– and we actually know that
Dialogue: 0,0:28:55.29,0:28:59.03,Default,,0000,0000,0000,,several Alexa 500 top websites
Dialogue: 0,0:28:59.03,0:29:02.97,Default,,0000,0000,0000,,are currently deploying onion addresses.
Dialogue: 0,0:29:02.97,0:29:08.33,Default,,0000,0000,0000,,And the point here is, between\Nthe TOR network, the onion space
Dialogue: 0,0:29:08.33,0:29:14.21,Default,,0000,0000,0000,,and the open Internet…\NIf all sites are on both sides, well,
Dialogue: 0,0:29:14.21,0:29:17.69,Default,,0000,0000,0000,,it becomes one side. It’s just different\Nways of accessing the information.
Dialogue: 0,0:29:17.69,0:29:21.27,Default,,0000,0000,0000,,So please, please, please go to your \Ncompanies, go to your organization,
Dialogue: 0,0:29:21.27,0:29:23.63,Default,,0000,0000,0000,,deploy onion addresses,\Nand make them public.
Dialogue: 0,0:29:23.63,0:29:28.42,Default,,0000,0000,0000,,Help us have much more.
Dialogue: 0,0:29:28.42,0:29:31.25,Default,,0000,0000,0000,,Roger: Let me, before I get to\Nthe next one, re-emphasize
Dialogue: 0,0:29:31.25,0:29:33.77,Default,,0000,0000,0000,,the point that George was\Nmaking about Ricochet.
Dialogue: 0,0:29:33.77,0:29:37.01,Default,,0000,0000,0000,,So Ricochet is an alternate chat program
Dialogue: 0,0:29:37.01,0:29:39.94,Default,,0000,0000,0000,,where every user is\Ntheir own onion address.
Dialogue: 0,0:29:39.94,0:29:42.28,Default,,0000,0000,0000,,Every user is their own Onion Service.
Dialogue: 0,0:29:42.28,0:29:45.64,Default,,0000,0000,0000,,And you talk from one Onion\NService to the other Onion Service.
Dialogue: 0,0:29:45.64,0:29:49.53,Default,,0000,0000,0000,,You don’t have to know where the person is\Nor necessarily even who the person is.
Dialogue: 0,0:29:49.53,0:29:52.39,Default,,0000,0000,0000,,And there’s no middle,\Nthere’s no central point
Dialogue: 0,0:29:52.39,0:29:54.56,Default,,0000,0000,0000,,to go and learn all the accounts,
Dialogue: 0,0:29:54.56,0:29:56.66,Default,,0000,0000,0000,,and who’s friends with who, and so on.
Dialogue: 0,0:29:56.66,0:30:00.54,Default,,0000,0000,0000,,There’s nothing to break into in the\Nmiddle where you can spy on everybody.
Dialogue: 0,0:30:00.54,0:30:04.18,Default,,0000,0000,0000,,Everything is decentralized,\Neverybody is their own onion address.
Dialogue: 0,0:30:04.18,0:30:09.25,Default,,0000,0000,0000,,So I think that’s a key point\Nas an alternate chat paradigm
Dialogue: 0,0:30:09.25,0:30:13.04,Default,,0000,0000,0000,,where hopefully we can switch away\Nfrom the centralization model.
Dialogue: 0,0:30:13.04,0:30:19.01,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:30:19.01,0:30:21.33,Default,,0000,0000,0000,,Okay. So, on to phase 2,\Na brief diversion.
Dialogue: 0,0:30:21.33,0:30:25.12,Default,,0000,0000,0000,,We’ve been talking to a bunch of\Nresearchers over the past few years
Dialogue: 0,0:30:25.12,0:30:28.13,Default,,0000,0000,0000,,about, they want to do\Nresearch on TOR to study
Dialogue: 0,0:30:28.13,0:30:31.88,Default,,0000,0000,0000,,how many users there are,\Nor how many people go to Facebook,
Dialogue: 0,0:30:31.88,0:30:35.37,Default,,0000,0000,0000,,or all sorts of other\Nresearch questions, and
Dialogue: 0,0:30:35.37,0:30:39.61,Default,,0000,0000,0000,,sometimes they do it in dangerous\Nways, or inappropriate ways.
Dialogue: 0,0:30:39.61,0:30:43.78,Default,,0000,0000,0000,,So we’ve been working on guidelines\Nto help people who want to do it safely
Dialogue: 0,0:30:43.78,0:30:48.01,Default,,0000,0000,0000,,actually be able to not harm\Npeople or minimize the harm.
Dialogue: 0,0:30:48.01,0:30:49.89,Default,,0000,0000,0000,,So here are some of the guidelines.
Dialogue: 0,0:30:49.89,0:30:53.87,Default,,0000,0000,0000,,First one is, try to attack your\Nown traffic, try to attack yourself,
Dialogue: 0,0:30:53.87,0:30:57.61,Default,,0000,0000,0000,,so, if you have a question and you\Nneed to do it on the real TOR network,
Dialogue: 0,0:30:57.61,0:31:01.09,Default,,0000,0000,0000,,you should be the one to generate\Nyour traffic and then try to attack that.
Dialogue: 0,0:31:01.09,0:31:04.59,Default,,0000,0000,0000,,You shouldn’t just pick an\Narbitrary user and attack them
Dialogue: 0,0:31:04.59,0:31:07.46,Default,,0000,0000,0000,,because who knows if that’s a\Nperson in Syria who needs help
Dialogue: 0,0:31:07.46,0:31:12.10,Default,,0000,0000,0000,,or a person in Germany who’s trying to\Nget out from oppression, and so on.
Dialogue: 0,0:31:12.10,0:31:16.80,Default,,0000,0000,0000,,Another approach: only collect data that\Nyou’re willing to publish to the world.
Dialogue: 0,0:31:16.80,0:31:18.91,Default,,0000,0000,0000,,So, too many researchers say:
Dialogue: 0,0:31:18.91,0:31:21.69,Default,,0000,0000,0000,,“Well I’m going to learn all\Nof this interesting stuff,
Dialogue: 0,0:31:21.69,0:31:23.72,Default,,0000,0000,0000,,and I’m going to write it\Ndown on my hard drive,
Dialogue: 0,0:31:23.72,0:31:26.74,Default,,0000,0000,0000,,and I’ll keep it very safe.\NNobody will break in.”
Dialogue: 0,0:31:26.74,0:31:28.85,Default,,0000,0000,0000,,That approach fails every time.
Dialogue: 0,0:31:28.85,0:31:32.49,Default,,0000,0000,0000,,Somebody breaks in, you lose\Nthe data, you forget about it,
Dialogue: 0,0:31:32.49,0:31:34.93,Default,,0000,0000,0000,,so the ethical way to do this is,
Dialogue: 0,0:31:34.93,0:31:37.89,Default,,0000,0000,0000,,only collect stuff that you’re\Nwilling to make public.
Dialogue: 0,0:31:37.89,0:31:41.35,Default,,0000,0000,0000,,Only collect stuff that’s\Nsafe to make public.
Dialogue: 0,0:31:41.35,0:31:45.47,Default,,0000,0000,0000,,And then the other piece, that’s part\Nof what we’re talking about there,
Dialogue: 0,0:31:45.47,0:31:47.36,Default,,0000,0000,0000,,don’t collect data that you don’t need,
Dialogue: 0,0:31:47.36,0:31:49.98,Default,,0000,0000,0000,,so figure out what your\Nresearch question is,
Dialogue: 0,0:31:49.98,0:31:53.77,Default,,0000,0000,0000,,figure out the minimum that you\Ncan collect to answer that question.
Dialogue: 0,0:31:53.77,0:31:57.46,Default,,0000,0000,0000,,For example, if I want to know\Nhow many people connect to Facebook,
Dialogue: 0,0:31:57.46,0:32:01.47,Default,,0000,0000,0000,,I should not collect every destination\Nthat everybody goes to,
Dialogue: 0,0:32:01.47,0:32:04.52,Default,,0000,0000,0000,,and then afterwards count up\Nhow many of them were Facebook.
Dialogue: 0,0:32:04.52,0:32:07.78,Default,,0000,0000,0000,,I should have a counter that\Nsays: Facebook, increment.
Dialogue: 0,0:32:07.78,0:32:09.88,Default,,0000,0000,0000,,And then at the end it outputs a number,
Dialogue: 0,0:32:09.88,0:32:13.13,Default,,0000,0000,0000,,and that’s the only thing that\NI need to know in that case.
Dialogue: 0,0:32:13.13,0:32:15.12,Default,,0000,0000,0000,,So limit the granularity of data.
Dialogue: 0,0:32:15.12,0:32:19.27,Default,,0000,0000,0000,,If you’re counting how many users\Nare connecting from different countries,
Dialogue: 0,0:32:19.27,0:32:22.65,Default,,0000,0000,0000,,and there are very few\Nusers coming from Mauritania,
Dialogue: 0,0:32:22.65,0:32:24.59,Default,,0000,0000,0000,,consider rounding that down to zero,
Dialogue: 0,0:32:24.59,0:32:26.88,Default,,0000,0000,0000,,so that you don’t accidentally harm
Dialogue: 0,0:32:26.88,0:32:29.97,Default,,0000,0000,0000,,the five people in Mauritania\Nwho’re using it today.
Dialogue: 0,0:32:29.97,0:32:32.19,Default,,0000,0000,0000,,So, approach to do this is:
Dialogue: 0,0:32:32.19,0:32:34.47,Default,,0000,0000,0000,,figure out what you’re trying to learn,
Dialogue: 0,0:32:34.47,0:32:37.47,Default,,0000,0000,0000,,describe the benefits to\Nthe world of learning that,
Dialogue: 0,0:32:37.47,0:32:40.81,Default,,0000,0000,0000,,describe the risks to\Npeople around the world
Dialogue: 0,0:32:40.81,0:32:43.92,Default,,0000,0000,0000,,in TOR of the approach that you’re taking,
Dialogue: 0,0:32:43.92,0:32:47.35,Default,,0000,0000,0000,,and then argue that the benefits\Nare outweighing the risks.
Dialogue: 0,0:32:47.35,0:32:50.32,Default,,0000,0000,0000,,And one of the key ways\Nof looking at this is,
Dialogue: 0,0:32:50.32,0:32:54.63,Default,,0000,0000,0000,,if you’re collecting something\Ninteresting, some interesting dataset,
Dialogue: 0,0:32:54.63,0:32:57.39,Default,,0000,0000,0000,,think about whether there\Ncould be somebody else,
Dialogue: 0,0:32:57.39,0:33:00.93,Default,,0000,0000,0000,,somewhere out there in the world,\Nwho has some other dataset,
Dialogue: 0,0:33:00.93,0:33:04.00,Default,,0000,0000,0000,,and when you combine\Ntheir dataset with yours,
Dialogue: 0,0:33:04.00,0:33:07.26,Default,,0000,0000,0000,,somebody learns something new,\Nsomebody gets harmed.
Dialogue: 0,0:33:07.26,0:33:09.55,Default,,0000,0000,0000,,If you can imagine any other dataset
Dialogue: 0,0:33:09.55,0:33:12.32,Default,,0000,0000,0000,,that, when it’s combined\Nwith yours, harms people,
Dialogue: 0,0:33:12.32,0:33:15.36,Default,,0000,0000,0000,,then you need to think harder about that.
Dialogue: 0,0:33:15.36,0:33:18.82,Default,,0000,0000,0000,,And then the last point:\Nuse a test network, when possible.
Dialogue: 0,0:33:18.82,0:33:21.71,Default,,0000,0000,0000,,There’s a tool called chutney,\Nthere’s a tool called Shadow,
Dialogue: 0,0:33:21.71,0:33:25.09,Default,,0000,0000,0000,,where you can run your own internal\NTOR network on one computer,
Dialogue: 0,0:33:25.09,0:33:29.01,Default,,0000,0000,0000,,and if you can do your research\Nthat way, it’s even better.
Dialogue: 0,0:33:29.01,0:33:31.51,Default,,0000,0000,0000,,So, those are great\Nguidelines, sounds good.
Dialogue: 0,0:33:31.51,0:33:33.48,Default,,0000,0000,0000,,We need to encourage\Nmore people to do them,
Dialogue: 0,0:33:33.48,0:33:35.76,Default,,0000,0000,0000,,and, to be fair, this is not going to
Dialogue: 0,0:33:35.76,0:33:38.18,Default,,0000,0000,0000,,stop bad people from doing bad things.
Dialogue: 0,0:33:38.18,0:33:40.94,Default,,0000,0000,0000,,But if you want to do\Nresearch responsibly,
Dialogue: 0,0:33:40.94,0:33:43.65,Default,,0000,0000,0000,,and ethically, without harming TOR users,
Dialogue: 0,0:33:43.65,0:33:46.28,Default,,0000,0000,0000,,then we need to help everybody learn
Dialogue: 0,0:33:46.28,0:33:48.63,Default,,0000,0000,0000,,what the guidelines are\Nto do it more safely.
Dialogue: 0,0:33:48.63,0:33:50.98,Default,,0000,0000,0000,,So here’s an example of a tricky edge case
Dialogue: 0,0:33:50.98,0:33:54.20,Default,,0000,0000,0000,,where we really want to think\Nharder about these things.
Dialogue: 0,0:33:54.20,0:33:57.22,Default,,0000,0000,0000,,One of them is, there are people out there
Dialogue: 0,0:33:57.22,0:34:01.36,Default,,0000,0000,0000,,who want to build a list of every\Nonion address that they can find.
Dialogue: 0,0:34:01.36,0:34:03.90,Default,,0000,0000,0000,,So, you can learn about\Nthat by going to google
Dialogue: 0,0:34:03.90,0:34:07.70,Default,,0000,0000,0000,,and doing a google search on .onion\Nand they give you some addresses.
Dialogue: 0,0:34:07.70,0:34:11.82,Default,,0000,0000,0000,,That’s okay, that seems reasonable.\NIt’s a public dataset, okay, fine.
Dialogue: 0,0:34:11.82,0:34:14.86,Default,,0000,0000,0000,,There’s a more complicated\None, where you are Verisign,
Dialogue: 0,0:34:14.86,0:34:17.62,Default,,0000,0000,0000,,and you run some of the DNS root servers,
Dialogue: 0,0:34:17.62,0:34:22.64,Default,,0000,0000,0000,,and you spy on the DNS\Nqueries of the whole Internet.
Dialogue: 0,0:34:22.64,0:34:27.05,Default,,0000,0000,0000,,And anybody who accidentally\Nsends a .onion DNS query
Dialogue: 0,0:34:27.05,0:34:29.53,Default,,0000,0000,0000,,to your root server, you write it down.
Dialogue: 0,0:34:29.53,0:34:31.98,Default,,0000,0000,0000,,So now you learn all the side-channel
Dialogue: 0,0:34:31.98,0:34:34.79,Default,,0000,0000,0000,,accidentally leaked addresses.
Dialogue: 0,0:34:34.79,0:34:38.41,Default,,0000,0000,0000,,Is that, does that follow our guidelines?\NIs that okay, is that ethical?
Dialogue: 0,0:34:38.41,0:34:41.43,Default,,0000,0000,0000,,It’s kind of complicated,\Nbut I don’t know a way to stop it,
Dialogue: 0,0:34:41.43,0:34:46.03,Default,,0000,0000,0000,,and they already have\Nthe dataset. So, okay, fine.
Dialogue: 0,0:34:46.03,0:34:48.28,Default,,0000,0000,0000,,Now a more complicated one.
Dialogue: 0,0:34:48.28,0:34:52.12,Default,,0000,0000,0000,,What if you’re Comcast, and\Nyou spy on all of your users,
Dialogue: 0,0:34:52.12,0:34:56.46,Default,,0000,0000,0000,,to find out what their DNS queries are,\Nto learn about accidental leakage there.
Dialogue: 0,0:34:56.46,0:34:59.50,Default,,0000,0000,0000,,Again, I’m going to say it’s\Ncomplicated, but it’s probably fine,
Dialogue: 0,0:34:59.50,0:35:02.26,Default,,0000,0000,0000,,they’re already seeing it,\Nthere’s nothing we, TOR, can do
Dialogue: 0,0:35:02.26,0:35:06.21,Default,,0000,0000,0000,,to change our protocol, to make\Npeople accidentally leak these things.
Dialogue: 0,0:35:06.21,0:35:07.94,Default,,0000,0000,0000,,But then option four:
Dialogue: 0,0:35:07.94,0:35:10.81,Default,,0000,0000,0000,,what if you want to learn\Na bunch of onion addresses,
Dialogue: 0,0:35:10.81,0:35:13.48,Default,,0000,0000,0000,,so you run new relays in the TOR network,
Dialogue: 0,0:35:13.48,0:35:15.60,Default,,0000,0000,0000,,and you sign them up and\Nthey get into a position
Dialogue: 0,0:35:15.60,0:35:18.16,Default,,0000,0000,0000,,where they can learn about onion addresses
Dialogue: 0,0:35:18.16,0:35:21.34,Default,,0000,0000,0000,,that are being published,\Nand then you make a list internally.
Dialogue: 0,0:35:21.34,0:35:24.70,Default,,0000,0000,0000,,So that’s actually not cool, because
Dialogue: 0,0:35:24.70,0:35:26.63,Default,,0000,0000,0000,,it’s part of the TOR protocol
Dialogue: 0,0:35:26.63,0:35:29.55,Default,,0000,0000,0000,,that people providing onion addresses
Dialogue: 0,0:35:29.55,0:35:32.20,Default,,0000,0000,0000,,don’t expect those to become public,
Dialogue: 0,0:35:32.20,0:35:34.49,Default,,0000,0000,0000,,and we’ll talk later about\Nways that we have
Dialogue: 0,0:35:34.49,0:35:36.16,Default,,0000,0000,0000,,for being able to fix this.
Dialogue: 0,0:35:36.16,0:35:39.64,Default,,0000,0000,0000,,So, if it’s a protocol problem\Nthat we know how to fix,
Dialogue: 0,0:35:39.64,0:35:43.16,Default,,0000,0000,0000,,and it’s inside TOR, and\Nyou’re misbehaving as a relay,
Dialogue: 0,0:35:43.16,0:35:46.24,Default,,0000,0000,0000,,then that’s not cool.\NSo this is an example where,
Dialogue: 0,0:35:46.24,0:35:50.08,Default,,0000,0000,0000,,it’s sort of hard to reason through\Nwhere we should draw the line,
Dialogue: 0,0:35:50.08,0:35:52.41,Default,,0000,0000,0000,,and I’d love to chat more\Nwith you all after that
Dialogue: 0,0:35:52.41,0:35:55.87,Default,,0000,0000,0000,,about where the line should be.
Dialogue: 0,0:35:55.87,0:35:58.81,Default,,0000,0000,0000,,And that leads to an example
Dialogue: 0,0:35:58.81,0:36:01.49,Default,,0000,0000,0000,,of some research that was done last year,
Dialogue: 0,0:36:01.49,0:36:04.82,Default,,0000,0000,0000,,by, we think, some folks at CMU,
Dialogue: 0,0:36:04.82,0:36:06.74,Default,,0000,0000,0000,,who attacked the TOR network,
Dialogue: 0,0:36:06.74,0:36:09.60,Default,,0000,0000,0000,,and, as far as I can tell,\Ncollected a dataset,
Dialogue: 0,0:36:09.60,0:36:11.57,Default,,0000,0000,0000,,and they collected more than they needed
Dialogue: 0,0:36:11.57,0:36:13.98,Default,,0000,0000,0000,,to answer their research questions.
Dialogue: 0,0:36:13.98,0:36:16.13,Default,,0000,0000,0000,,They didn’t do minimization,
Dialogue: 0,0:36:16.13,0:36:19.60,Default,,0000,0000,0000,,they didn’t attack only their own traffic,\Nthey didn’t use a test network,
Dialogue: 0,0:36:19.60,0:36:23.70,Default,,0000,0000,0000,,they basically violated every one of\Nthe guidelines from two slides ago.
Dialogue: 0,0:36:23.70,0:36:25.100,Default,,0000,0000,0000,,So that’s sort of a sad story,
Dialogue: 0,0:36:25.100,0:36:28.12,Default,,0000,0000,0000,,and that leads to the next question:
Dialogue: 0,0:36:28.12,0:36:31.04,Default,,0000,0000,0000,,Should we have some sort\Nof TOR ethics review board?
Dialogue: 0,0:36:31.04,0:36:34.15,Default,,0000,0000,0000,,Wouldn’t it be cool if, as a researcher,
Dialogue: 0,0:36:34.15,0:36:36.59,Default,,0000,0000,0000,,you write up what you’re trying to learn
Dialogue: 0,0:36:36.59,0:36:39.47,Default,,0000,0000,0000,,and why it’s safe,\Nand how you’re going to do it,
Dialogue: 0,0:36:39.47,0:36:43.26,Default,,0000,0000,0000,,and you show that to other professors\Nwho help you decide whether you’re right,
Dialogue: 0,0:36:43.26,0:36:47.54,Default,,0000,0000,0000,,and then we go to the academic\Nreview journals and conferences,
Dialogue: 0,0:36:47.54,0:36:50.91,Default,,0000,0000,0000,,and we get them to expect,\Nin your research paper,
Dialogue: 0,0:36:50.91,0:36:55.37,Default,,0000,0000,0000,,a little section on why this\Nis responsible research.
Dialogue: 0,0:36:55.37,0:36:58.72,Default,,0000,0000,0000,,And, at that point, it’s expected\Nthat you have thought through that,
Dialogue: 0,0:36:58.72,0:37:03.12,Default,,0000,0000,0000,,and anybody who writes a\Npaper without that section,
Dialogue: 0,0:37:03.12,0:37:06.25,Default,,0000,0000,0000,,everybody knows that they haven’t\Nthought it through as much as they should.
Dialogue: 0,0:37:06.25,0:37:09.96,Default,,0000,0000,0000,,Wouldn’t that be a cool future world\Nwhere research is done more responsibly
Dialogue: 0,0:37:09.96,0:37:13.57,Default,,0000,0000,0000,,around TOR, and around\Nsecurity more generally?
Dialogue: 0,0:37:13.57,0:37:18.81,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:37:18.81,0:37:21.51,Default,,0000,0000,0000,,Okay. So, there are a couple of problems
Dialogue: 0,0:37:21.51,0:37:25.61,Default,,0000,0000,0000,,in TOR Onion Service security right\Nnow. I’m gonna zip through them briefly
Dialogue: 0,0:37:25.61,0:37:28.98,Default,,0000,0000,0000,,so we can actually get to talk about\Nthem in more detail. The first one is,
Dialogue: 0,0:37:28.98,0:37:32.45,Default,,0000,0000,0000,,the onion identity keys are RSA 1024 bits.
Dialogue: 0,0:37:32.45,0:37:36.29,Default,,0000,0000,0000,,So, that is too short.\NWe need to switch to ECC.
Dialogue: 0,0:37:36.29,0:37:38.87,Default,,0000,0000,0000,,Another one is, you, the adversary,
Dialogue: 0,0:37:38.87,0:37:41.89,Default,,0000,0000,0000,,can run relays, and\Nchoose your identity key
Dialogue: 0,0:37:41.89,0:37:44.33,Default,,0000,0000,0000,,so that you end up in the\Nright place in the network
Dialogue: 0,0:37:44.33,0:37:47.90,Default,,0000,0000,0000,,in order to target – censor,\Nsurveil, whatever –
Dialogue: 0,0:37:47.90,0:37:51.27,Default,,0000,0000,0000,,certain onion addresses.\NAnd we’ll talk more about that also.
Dialogue: 0,0:37:51.27,0:37:53.65,Default,,0000,0000,0000,,Another one, I talked about\Nthat a few slides ago,
Dialogue: 0,0:37:53.65,0:37:57.61,Default,,0000,0000,0000,,you can run relays in order to\Nlearn about new onion addresses,
Dialogue: 0,0:37:57.61,0:37:59.65,Default,,0000,0000,0000,,and we’ve got some fixes for that.
Dialogue: 0,0:37:59.65,0:38:02.28,Default,,0000,0000,0000,,So those are 3 that\Nare onion-address specific,
Dialogue: 0,0:38:02.28,0:38:05.55,Default,,0000,0000,0000,,onion-service specific, that we can solve.
Dialogue: 0,0:38:05.55,0:38:08.17,Default,,0000,0000,0000,,And then there are 3 issues\Nthat are much more broad.
Dialogue: 0,0:38:08.17,0:38:10.18,Default,,0000,0000,0000,,One of them is,
Dialogue: 0,0:38:10.18,0:38:12.51,Default,,0000,0000,0000,,bad guys can run hundreds of relays,
Dialogue: 0,0:38:12.51,0:38:15.93,Default,,0000,0000,0000,,and we need to learn how to\Nnotice that and protect against it.
Dialogue: 0,0:38:15.93,0:38:17.95,Default,,0000,0000,0000,,Another one is,
Dialogue: 0,0:38:17.95,0:38:20.05,Default,,0000,0000,0000,,you can run relays to learn more about
Dialogue: 0,0:38:20.05,0:38:22.32,Default,,0000,0000,0000,,the path selection that\Nclients are going to do,
Dialogue: 0,0:38:22.32,0:38:25.68,Default,,0000,0000,0000,,and then there’s website fingerprinting.\NAll of those are separate talks.
Dialogue: 0,0:38:25.68,0:38:28.24,Default,,0000,0000,0000,,I wanted to mention them here,\NI’m happy to talk about them later,
Dialogue: 0,0:38:28.24,0:38:31.60,Default,,0000,0000,0000,,but we don’t have time\Nto get into them in detail.
Dialogue: 0,0:38:31.60,0:38:35.15,Default,,0000,0000,0000,,Okay, phase three, how\Ndo TOR Hidden Services,
Dialogue: 0,0:38:35.15,0:38:38.37,Default,,0000,0000,0000,,TOR Onion Services work right now?\NJust to give you some background,
Dialogue: 0,0:38:38.37,0:38:40.81,Default,,0000,0000,0000,,so that when we talk about\Nthe design improvements,
Dialogue: 0,0:38:40.81,0:38:42.94,Default,,0000,0000,0000,,you have a handle on what’s going on.
Dialogue: 0,0:38:42.94,0:38:46.94,Default,,0000,0000,0000,,So, we’ve got Alice over here, she\Nwants to visit some Hidden Service Bob.
Dialogue: 0,0:38:46.94,0:38:50.32,Default,,0000,0000,0000,,The first step is, Bob generates a key,
Dialogue: 0,0:38:50.32,0:38:53.12,Default,,0000,0000,0000,,and he establishes 3 introduction points,
Dialogue: 0,0:38:53.12,0:38:55.16,Default,,0000,0000,0000,,3 circuits into the TOR network.
Dialogue: 0,0:38:55.16,0:38:58.88,Default,,0000,0000,0000,,And then he publishes, to\Nthe big database in the sky,
Dialogue: 0,0:38:58.88,0:39:00.42,Default,,0000,0000,0000,,“Hi, this is my key,
Dialogue: 0,0:39:00.42,0:39:02.74,Default,,0000,0000,0000,,and these are my 3 introduction points.”
Dialogue: 0,0:39:02.74,0:39:06.49,Default,,0000,0000,0000,,And at that point, Alice somehow\Nlearns his onion address,
Dialogue: 0,0:39:06.49,0:39:09.86,Default,,0000,0000,0000,,and she goes to the database\Nand pulls down the descriptor
Dialogue: 0,0:39:09.86,0:39:12.94,Default,,0000,0000,0000,,that has his key and the\N3 introduction points
Dialogue: 0,0:39:12.94,0:39:15.81,Default,,0000,0000,0000,,and in parallel to that,\Nshe connects to the –
Dialogue: 0,0:39:15.81,0:39:19.12,Default,,0000,0000,0000,,she picks her own rendezvous point,\Nand she builds a TOR circuit there.
Dialogue: 0,0:39:19.12,0:39:23.76,Default,,0000,0000,0000,,So at this point, Bob has 3 introduction\Npoints open in the TOR network,
Dialogue: 0,0:39:23.76,0:39:27.51,Default,,0000,0000,0000,,and Alice has one rendezvous\Npoint open in the TOR network.
Dialogue: 0,0:39:27.51,0:39:31.25,Default,,0000,0000,0000,,And at that point, Alice connects\Nto one of the introduction points
Dialogue: 0,0:39:31.25,0:39:34.67,Default,,0000,0000,0000,,and says: “Hey, I want to connect\Nto you, and I’m waiting over here.
Dialogue: 0,0:39:34.67,0:39:36.67,Default,,0000,0000,0000,,This is the address for\Nmy rendezvous point.
Dialogue: 0,0:39:36.67,0:39:39.66,Default,,0000,0000,0000,,If you want to talk back to me,\NI’m waiting right here.”
Dialogue: 0,0:39:39.66,0:39:42.97,Default,,0000,0000,0000,,And then at that point,\NBob, if he wants to,
Dialogue: 0,0:39:42.97,0:39:45.03,Default,,0000,0000,0000,,makes a connection to\Nthe rendezvous point.
Dialogue: 0,0:39:45.03,0:39:47.41,Default,,0000,0000,0000,,So now Alice has a connection\Nto the rendezvous point,
Dialogue: 0,0:39:47.41,0:39:49.56,Default,,0000,0000,0000,,and Bob has a connection\Nto the rendezvous point,
Dialogue: 0,0:39:49.56,0:39:52.40,Default,,0000,0000,0000,,and at that point they do\Nthe crypto handshake
Dialogue: 0,0:39:52.40,0:39:54.91,Default,,0000,0000,0000,,so that they get end-to-end encryption,
Dialogue: 0,0:39:54.91,0:39:58.14,Default,,0000,0000,0000,,and then, as the last step,\Nthey’re able to send traffic
Dialogue: 0,0:39:58.14,0:40:01.21,Default,,0000,0000,0000,,over that circuit, where Alice has 3 hops,
Dialogue: 0,0:40:01.21,0:40:02.81,Default,,0000,0000,0000,,and Bob has three hops,
Dialogue: 0,0:40:02.81,0:40:05.51,Default,,0000,0000,0000,,and they’re able to provide\Nsecurity from that point.
Dialogue: 0,0:40:05.51,0:40:07.17,Default,,0000,0000,0000,,So that’s a very brief summary
Dialogue: 0,0:40:07.17,0:40:09.38,Default,,0000,0000,0000,,of how the handshake works,
Dialogue: 0,0:40:09.38,0:40:11.89,Default,,0000,0000,0000,,in Hidden Service land.
Dialogue: 0,0:40:11.89,0:40:15.50,Default,,0000,0000,0000,,So, in the previous slide, I was talking\Nabout this database in the sky.
Dialogue: 0,0:40:15.50,0:40:19.27,Default,,0000,0000,0000,,Once upon a time, that\Nwas just 3 computers.
Dialogue: 0,0:40:19.27,0:40:21.12,Default,,0000,0000,0000,,I ran 2 of them.
Dialogue: 0,0:40:21.12,0:40:24.11,Default,,0000,0000,0000,,Another directory authority\Noperator ran the third.
Dialogue: 0,0:40:24.11,0:40:28.42,Default,,0000,0000,0000,,And then, we switched to distributing\Nthat over the entire TOR network,
Dialogue: 0,0:40:28.42,0:40:31.15,Default,,0000,0000,0000,,so there are 8000 relays…
Dialogue: 0,0:40:31.15,0:40:36.92,Default,,0000,0000,0000,,So imagine the hash of each relay’s\Nidentity key on this hash ring.
Dialogue: 0,0:40:36.92,0:40:39.81,Default,,0000,0000,0000,,There are 6 relays at any given point
Dialogue: 0,0:40:39.81,0:40:42.62,Default,,0000,0000,0000,,that are responsible for knowing
Dialogue: 0,0:40:42.62,0:40:44.65,Default,,0000,0000,0000,,where a given Onion Service is.
Dialogue: 0,0:40:44.65,0:40:47.68,Default,,0000,0000,0000,,So, when I’m running my own Onion Service,
Dialogue: 0,0:40:47.68,0:40:50.40,Default,,0000,0000,0000,,I compute which 6 relays they are,
Dialogue: 0,0:40:50.40,0:40:52.39,Default,,0000,0000,0000,,and I publish my descriptor to it,
Dialogue: 0,0:40:52.39,0:40:54.51,Default,,0000,0000,0000,,and when I’m the client\Nand I want to go there,
Dialogue: 0,0:40:54.51,0:40:56.82,Default,,0000,0000,0000,,I compute which 6 relays they are,
Dialogue: 0,0:40:56.82,0:41:00.12,Default,,0000,0000,0000,,and I go to any one of them,\Nand I can fetch the descriptor.
Dialogue: 0,0:41:00.12,0:41:03.26,Default,,0000,0000,0000,,So, the way that we actually generate
Dialogue: 0,0:41:03.26,0:41:07.66,Default,,0000,0000,0000,,the predictable set of\Nwhich relays they are,
Dialogue: 0,0:41:07.66,0:41:10.91,Default,,0000,0000,0000,,is this hash function up on the top.\NSo you look at the onion address,
Dialogue: 0,0:41:10.91,0:41:13.97,Default,,0000,0000,0000,,you look at what day\Nit is, the time period,
Dialogue: 0,0:41:13.97,0:41:16.09,Default,,0000,0000,0000,,and other things that are pretty static.
Dialogue: 0,0:41:16.09,0:41:18.52,Default,,0000,0000,0000,,So that’s how both sides can compute
Dialogue: 0,0:41:18.52,0:41:20.88,Default,,0000,0000,0000,,which relays they should go to
Dialogue: 0,0:41:20.88,0:41:25.63,Default,,0000,0000,0000,,when they’re publishing\Nor fetching a descriptor.
Dialogue: 0,0:41:27.21,0:41:32.23,Default,,0000,0000,0000,,George: Okay, so, back to\Nthe security issues again.
Dialogue: 0,0:41:32.23,0:41:34.29,Default,,0000,0000,0000,,A few years ago, like 2..3 years ago,
Dialogue: 0,0:41:34.29,0:41:36.31,Default,,0000,0000,0000,,we started looking into Hidden Services
Dialogue: 0,0:41:36.31,0:41:38.77,Default,,0000,0000,0000,,and enumerating the various problems.
Dialogue: 0,0:41:38.77,0:41:40.87,Default,,0000,0000,0000,,Various people wrote papers about
Dialogue: 0,0:41:40.87,0:41:43.58,Default,,0000,0000,0000,,some open issues of security and stuff.
Dialogue: 0,0:41:43.58,0:41:47.97,Default,,0000,0000,0000,,So in 2013 we wrote the first proposal
Dialogue: 0,0:41:47.97,0:41:51.18,Default,,0000,0000,0000,,called next generation Hidden Services,
Dialogue: 0,0:41:51.18,0:41:55.10,Default,,0000,0000,0000,,which basically details various\Nways for improving security,
Dialogue: 0,0:41:55.10,0:41:57.91,Default,,0000,0000,0000,,better crypto, blah blah\Nblah, blah blah blah.
Dialogue: 0,0:41:57.91,0:42:02.21,Default,,0000,0000,0000,,This happened like 2 years ago,\Nand we still have not been,
Dialogue: 0,0:42:02.21,0:42:05.92,Default,,0000,0000,0000,,we haven’t started heavily\Ndeveloping, because of the lack of,
Dialogue: 0,0:42:05.92,0:42:09.48,Default,,0000,0000,0000,,basically, developers, since\NHidden Services have been
Dialogue: 0,0:42:09.48,0:42:13.77,Default,,0000,0000,0000,,largely volunteer-driven projects\Nsince like a year ago or so.
Dialogue: 0,0:42:13.77,0:42:17.09,Default,,0000,0000,0000,,So everything was done on\Nour spare time, basically.
Dialogue: 0,0:42:17.09,0:42:21.13,Default,,0000,0000,0000,,But we’ve been writing proposals,
Dialogue: 0,0:42:21.13,0:42:23.98,Default,,0000,0000,0000,,we’ve been active anyway.
Dialogue: 0,0:42:23.98,0:42:27.62,Default,,0000,0000,0000,,We’re going to start looking over\Nthe various security issues
Dialogue: 0,0:42:27.62,0:42:30.92,Default,,0000,0000,0000,,and the ways to fix them, let’s say.
Dialogue: 0,0:42:30.92,0:42:34.70,Default,,0000,0000,0000,,The first one, we call it\NHSDir predictability,
Dialogue: 0,0:42:34.70,0:42:38.55,Default,,0000,0000,0000,,and it touches the subject\Nthat Roger mentioned,
Dialogue: 0,0:42:38.55,0:42:40.40,Default,,0000,0000,0000,,the database in the sky,
Dialogue: 0,0:42:40.40,0:42:43.40,Default,,0000,0000,0000,,which is basically that\Nwhen a Hidden Service…
Dialogue: 0,0:42:43.40,0:42:47.27,Default,,0000,0000,0000,,A Hidden Service every time has\N6 Hidden Service directories,
Dialogue: 0,0:42:47.27,0:42:51.16,Default,,0000,0000,0000,,6 relays of the network\Nbeing responsible for it.
Dialogue: 0,0:42:51.16,0:42:54.97,Default,,0000,0000,0000,,So every day, each Hidden\NService has 6 relays
Dialogue: 0,0:42:54.97,0:42:57.82,Default,,0000,0000,0000,,responsible for it, and it chooses it
Dialogue: 0,0:42:57.82,0:43:00.79,Default,,0000,0000,0000,,using this weird hash formula there.
Dialogue: 0,0:43:00.79,0:43:04.21,Default,,0000,0000,0000,,Which, if you can see, it’s deterministic
Dialogue: 0,0:43:04.21,0:43:07.24,Default,,0000,0000,0000,,so all of them are static,\Napart from time-period
Dialogue: 0,0:43:07.24,0:43:09.38,Default,,0000,0000,0000,,which rotates every day.
Dialogue: 0,0:43:09.38,0:43:11.82,Default,,0000,0000,0000,,But the problem is that,\Nbecause it’s deterministic,
Dialogue: 0,0:43:11.82,0:43:15.72,Default,,0000,0000,0000,,you can basically plug in\Nthe onion address you want
Dialogue: 0,0:43:15.72,0:43:17.46,Default,,0000,0000,0000,,and the time period in the future
Dialogue: 0,0:43:17.46,0:43:19.99,Default,,0000,0000,0000,,and you can basically predict\Nthe result of that function,
Dialogue: 0,0:43:19.99,0:43:22.21,Default,,0000,0000,0000,,in like, 2 months from now.
Dialogue: 0,0:43:22.21,0:43:24.74,Default,,0000,0000,0000,,So, you can basically know
Dialogue: 0,0:43:24.74,0:43:29.02,Default,,0000,0000,0000,,which relays will be responsible\Nfor a Hidden Service in 2 months
Dialogue: 0,0:43:29.02,0:43:32.68,Default,,0000,0000,0000,,and, if you’re a bad guy, maybe you’ll\Ngo and inject yourself to that place
Dialogue: 0,0:43:32.68,0:43:36.09,Default,,0000,0000,0000,,and you will become the\NHSDir of a Hidden Service
Dialogue: 0,0:43:36.09,0:43:39.37,Default,,0000,0000,0000,,and then you can,\Nlike, monitor its activity
Dialogue: 0,0:43:39.37,0:43:41.74,Default,,0000,0000,0000,,or you can do DoS attacks.
Dialogue: 0,0:43:41.74,0:43:44.43,Default,,0000,0000,0000,,So this is not something we like, and
Dialogue: 0,0:43:44.43,0:43:47.67,Default,,0000,0000,0000,,we will attempt to fix it.
Dialogue: 0,0:43:47.67,0:43:51.36,Default,,0000,0000,0000,,Our idea for fixing it is that\Nwe will have to make it,
Dialogue: 0,0:43:51.36,0:43:54.90,Default,,0000,0000,0000,,from deterministic, we will have\Nto turn it into probabilistic thing,
Dialogue: 0,0:43:54.90,0:43:58.76,Default,,0000,0000,0000,,and we do this by adding\Na random value in it.
Dialogue: 0,0:43:58.76,0:44:02.15,Default,,0000,0000,0000,,And this random value is\Nbasically a fresh random value
Dialogue: 0,0:44:02.15,0:44:05.75,Default,,0000,0000,0000,,that the network is going to\Nbe generating every day.
Dialogue: 0,0:44:05.75,0:44:10.56,Default,,0000,0000,0000,,So, how we do this is we use these 9\Ndirectory authorities from the network,
Dialogue: 0,0:44:10.56,0:44:13.70,Default,,0000,0000,0000,,they’re these 9 computers, they’re\Nhardcoded in the source code
Dialogue: 0,0:44:13.70,0:44:16.62,Default,,0000,0000,0000,,and they’re considered semi-trusted.
Dialogue: 0,0:44:16.62,0:44:18.81,Default,,0000,0000,0000,,And basically we wrote the protocol,
Dialogue: 0,0:44:18.81,0:44:22.75,Default,,0000,0000,0000,,that all these 9 directory\Nauthorities do a little dance
Dialogue: 0,0:44:22.75,0:44:27.83,Default,,0000,0000,0000,,and in the end of the day, they have\Na fresh random value every day.
Dialogue: 0,0:44:27.83,0:44:31.88,Default,,0000,0000,0000,,It’s not something new, it uses\Na commit-and-reveal protocol,
Dialogue: 0,0:44:31.88,0:44:35.43,Default,,0000,0000,0000,,which is some way to do some sort of
Dialogue: 0,0:44:35.43,0:44:37.71,Default,,0000,0000,0000,,distributed random number generation.
Dialogue: 0,0:44:37.71,0:44:40.74,Default,,0000,0000,0000,,And then every day they\Nmake this random value,
Dialogue: 0,0:44:40.74,0:44:42.21,Default,,0000,0000,0000,,they put it in the consensus,
Dialogue: 0,0:44:42.21,0:44:46.15,Default,,0000,0000,0000,,and then Hidden Services\Nand Hidden Service users
Dialogue: 0,0:44:46.15,0:44:48.30,Default,,0000,0000,0000,,take the random value from the consensus,
Dialogue: 0,0:44:48.30,0:44:50.69,Default,,0000,0000,0000,,plug it into that formula,\Nand they use it.
Dialogue: 0,0:44:50.69,0:44:53.95,Default,,0000,0000,0000,,And since this is a\Nsupposedly secure protocol,
Dialogue: 0,0:44:53.95,0:44:57.95,Default,,0000,0000,0000,,I shouldn’t be able to predict what the\Nrandom value is going to be in 2 months.
Dialogue: 0,0:44:57.95,0:45:00.04,Default,,0000,0000,0000,,Hence, I cannot go and inject myself
Dialogue: 0,0:45:00.04,0:45:03.93,Default,,0000,0000,0000,,in that position in the\Ndatabase, basically.
Dialogue: 0,0:45:03.93,0:45:08.87,Default,,0000,0000,0000,,And this is the way we fix this problem.
Dialogue: 0,0:45:10.81,0:45:15.66,Default,,0000,0000,0000,,David: Right, continuing now on the\Nnext generation Hidden Services.
Dialogue: 0,0:45:15.66,0:45:18.32,Default,,0000,0000,0000,,The key thing is better crypto.
Dialogue: 0,0:45:18.32,0:45:21.01,Default,,0000,0000,0000,,Right know we have RSA-1024 and SHA-1,
Dialogue: 0,0:45:21.01,0:45:24.41,Default,,0000,0000,0000,,which are considered completely bad to use
Dialogue: 0,0:45:24.41,0:45:26.08,Default,,0000,0000,0000,,and we’re going to use of course
Dialogue: 0,0:45:26.08,0:45:29.80,Default,,0000,0000,0000,,this fancy man there’s work, Daniel.
Dialogue: 0,0:45:29.80,0:45:34.10,Default,,0000,0000,0000,,So it’s basically ED25519\Nfor encrypting and signing
Dialogue: 0,0:45:34.10,0:45:36.56,Default,,0000,0000,0000,,and of course, using SHA-256.
Dialogue: 0,0:45:36.56,0:45:42.27,Default,,0000,0000,0000,,Right now, in TOR, we are experimenting\Nan implementation upstream of SHA-3.
Dialogue: 0,0:45:42.27,0:45:46.81,Default,,0000,0000,0000,,Although, apparently, we’re not sure\Nif SHA-256 or SHA-3 will be used, but
Dialogue: 0,0:45:46.81,0:45:51.29,Default,,0000,0000,0000,,right now SHA-256 is a contender\Nbecause it goes way faster than SHA-3.
Dialogue: 0,0:45:51.29,0:45:56.42,Default,,0000,0000,0000,,SHA-3 has more things. Still pending.\NBut, for now, elliptic curves.
Dialogue: 0,0:45:56.42,0:45:59.86,Default,,0000,0000,0000,,So, what to take of that is:\Nnext generation Hidden Services,
Dialogue: 0,0:45:59.86,0:46:04.05,Default,,0000,0000,0000,,which we are actively\Nworking on right now,
Dialogue: 0,0:46:04.05,0:46:07.77,Default,,0000,0000,0000,,will drop all dead crypto.
Dialogue: 0,0:46:07.77,0:46:09.86,Default,,0000,0000,0000,,One of the big changes that’s coming up
Dialogue: 0,0:46:09.86,0:46:12.69,Default,,0000,0000,0000,,is the onion addresses.
Dialogue: 0,0:46:12.69,0:46:15.86,Default,,0000,0000,0000,,On top you have the current onion address
Dialogue: 0,0:46:15.86,0:46:18.28,Default,,0000,0000,0000,,and it’s going to move to 52 characters,
Dialogue: 0,0:46:18.28,0:46:20.85,Default,,0000,0000,0000,,so, basically, your public key.
Dialogue: 0,0:46:20.85,0:46:24.40,Default,,0000,0000,0000,,This is maybe for you\Nguys considered painful,
Dialogue: 0,0:46:24.40,0:46:26.44,Default,,0000,0000,0000,,and for us it’s extremely painful
Dialogue: 0,0:46:26.44,0:46:30.01,Default,,0000,0000,0000,,to enter this address or just to\Ntype in an address like that,
Dialogue: 0,0:46:30.01,0:46:32.20,Default,,0000,0000,0000,,so, you know, open proposal right now,
Dialogue: 0,0:46:32.20,0:46:35.13,Default,,0000,0000,0000,,or I think there’s an email\Nthread on our mailing list
Dialogue: 0,0:46:35.13,0:46:39.14,Default,,0000,0000,0000,,on coming up with some more fancy way
Dialogue: 0,0:46:39.14,0:46:43.63,Default,,0000,0000,0000,,to remember an onion address that size.
Dialogue: 0,0:46:43.63,0:46:48.81,Default,,0000,0000,0000,,Like, words, remembering words that just\Nmash in together and create that address.
Dialogue: 0,0:46:48.81,0:46:51.35,Default,,0000,0000,0000,,So, yeah.
Dialogue: 0,0:46:51.35,0:46:54.72,Default,,0000,0000,0000,,Now, as the Hidden Service evolves,
Dialogue: 0,0:46:54.72,0:46:58.65,Default,,0000,0000,0000,,one of the things we really\Nwant to do is make them faster.
Dialogue: 0,0:46:58.65,0:47:01.76,Default,,0000,0000,0000,,The big difference between\NHidden Services in the network
Dialogue: 0,0:47:01.76,0:47:04.01,Default,,0000,0000,0000,,and a normal TOR circuit\Nin the network is that
Dialogue: 0,0:47:04.01,0:47:06.19,Default,,0000,0000,0000,,normal TOR circuits usually have 3 hops,
Dialogue: 0,0:47:06.19,0:47:08.28,Default,,0000,0000,0000,,then in Hidden Services you\Nhave 3 hops from the client
Dialogue: 0,0:47:08.28,0:47:12.06,Default,,0000,0000,0000,,and 3 hops from the Service.\NThus you have 6 hops.
Dialogue: 0,0:47:12.06,0:47:16.48,Default,,0000,0000,0000,,So of course much more time\Nto go through all the relays
Dialogue: 0,0:47:16.48,0:47:19.90,Default,,0000,0000,0000,,than the normal circuit. Now we have\Nthis proposal going on which is
Dialogue: 0,0:47:19.90,0:47:24.15,Default,,0000,0000,0000,,Rendezvous Single Onion Services. And\Nthe point is, you’re gonna do the dance,
Dialogue: 0,0:47:24.15,0:47:28.41,Default,,0000,0000,0000,,the introduction, the rendezvous, and\Nthen once you go to the rendezvous,
Dialogue: 0,0:47:28.41,0:47:32.53,Default,,0000,0000,0000,,instead of the service going 3 hops,\Nyou’re gonna go 1 hop to the service.
Dialogue: 0,0:47:32.53,0:47:37.55,Default,,0000,0000,0000,,So in here we have this artist wanting\Nto update their Debian machine,
Dialogue: 0,0:47:37.55,0:47:41.21,Default,,0000,0000,0000,,let’s say that, and the Debian\Nserver doesn’t care really much
Dialogue: 0,0:47:41.21,0:47:44.08,Default,,0000,0000,0000,,about anonymity, because we know\Nwhere the Debian servers are,
Dialogue: 0,0:47:44.08,0:47:48.49,Default,,0000,0000,0000,,and that’s fine. Thus, clients still\Nhave anonymity with the 3 hops,
Dialogue: 0,0:47:48.49,0:47:53.48,Default,,0000,0000,0000,,then the service doesn’t care, so\Nonly 1 hop. And it goes way faster.
Dialogue: 0,0:47:53.48,0:47:58.16,Default,,0000,0000,0000,,So that’s something we hopefully\Nwill end up deploying soon.
Dialogue: 0,0:47:58.16,0:48:01.90,Default,,0000,0000,0000,,Now, the second one is the Single\NOnion Service. It’s roughly the same,
Dialogue: 0,0:48:01.90,0:48:07.43,Default,,0000,0000,0000,,so we have this chef here wanting to go to\Nhis Fairtrade website, you know, whatever,
Dialogue: 0,0:48:07.43,0:48:11.93,Default,,0000,0000,0000,,and the difference here is that\Nwe are going to skip completely
Dialogue: 0,0:48:11.93,0:48:14.79,Default,,0000,0000,0000,,the introduction and rendezvous dance.
Dialogue: 0,0:48:14.79,0:48:17.98,Default,,0000,0000,0000,,And you’re going to do a 3 hop\Ncircuit to a rendezvous point
Dialogue: 0,0:48:17.98,0:48:23.80,Default,,0000,0000,0000,,where the Hidden Service,\Nlet’s say, let’s call it a node,
Dialogue: 0,0:48:23.80,0:48:27.13,Default,,0000,0000,0000,,an introduction point,\Nwhich is the yellow line,
Dialogue: 0,0:48:27.13,0:48:29.85,Default,,0000,0000,0000,,and then the client will go\Nto that introduction point,
Dialogue: 0,0:48:29.85,0:48:32.100,Default,,0000,0000,0000,,and instead of having this current dance
Dialogue: 0,0:48:32.100,0:48:35.40,Default,,0000,0000,0000,,the client extends to the service.
Dialogue: 0,0:48:35.40,0:48:38.24,Default,,0000,0000,0000,,And now we have a 3 hop thing,
Dialogue: 0,0:48:38.24,0:48:43.28,Default,,0000,0000,0000,,no prior work being done\Nfor introduction or rendezvous,
Dialogue: 0,0:48:43.28,0:48:44.73,Default,,0000,0000,0000,,and it goes way faster.
Dialogue: 0,0:48:44.73,0:48:48.62,Default,,0000,0000,0000,,Again, those 2 here and here
Dialogue: 0,0:48:48.62,0:48:54.21,Default,,0000,0000,0000,,are optimization for services\Nthat do not care about anonymity.
Dialogue: 0,0:48:54.21,0:48:58.19,Default,,0000,0000,0000,,And there are plenty of use cases\Nfor that. Facebook, for instance,
Dialogue: 0,0:48:58.19,0:49:01.82,Default,,0000,0000,0000,,or Debian repositories, and so on.
Dialogue: 0,0:49:01.82,0:49:04.84,Default,,0000,0000,0000,,Roger: Am I still on? Great. Facebook\Nand Debian are really excited about
Dialogue: 0,0:49:04.84,0:49:09.23,Default,,0000,0000,0000,,having one of these options so that\Nthey can have all of their users
Dialogue: 0,0:49:09.23,0:49:12.86,Default,,0000,0000,0000,,reach their service with all the cool\Nsecurity properties we talked about
Dialogue: 0,0:49:12.86,0:49:16.05,Default,,0000,0000,0000,,but also a lot faster and more scalable
Dialogue: 0,0:49:16.05,0:49:19.24,Default,,0000,0000,0000,,than the current design.
Dialogue: 0,0:49:19.24,0:49:23.59,Default,,0000,0000,0000,,David: Precisely. So, one of the\Nvery cool things we did this summer
Dialogue: 0,0:49:23.59,0:49:27.93,Default,,0000,0000,0000,,was the TOR summer of privacy.\NWe got some people in,
Dialogue: 0,0:49:27.93,0:49:31.63,Default,,0000,0000,0000,,which we can consider\Ninterns or students whatever,
Dialogue: 0,0:49:31.63,0:49:37.92,Default,,0000,0000,0000,,and one of these projects – that came\Nout of this cool person that is Donncha –
Dialogue: 0,0:49:37.92,0:49:42.07,Default,,0000,0000,0000,,created OnionBalance. So it’s a way\Nof load-balancing Hidden Services.
Dialogue: 0,0:49:42.07,0:49:45.65,Default,,0000,0000,0000,,So as you create a Hidden\NService with the top key,
Dialogue: 0,0:49:45.65,0:49:48.36,Default,,0000,0000,0000,,then you copy that key\Nto multiple machines
Dialogue: 0,0:49:48.36,0:49:51.66,Default,,0000,0000,0000,,so all those servers will\Nstart creating a descriptor.
Dialogue: 0,0:49:51.66,0:49:55.86,Default,,0000,0000,0000,,Basically the descriptor, if you\Ncan remember, is how to reach me.
Dialogue: 0,0:49:55.86,0:50:00.08,Default,,0000,0000,0000,,And we’re going to cherry-pick\Nintroduction points from each
Dialogue: 0,0:50:00.08,0:50:03.95,Default,,0000,0000,0000,,and create a master descriptor\Nthat you can see in that picture;
Dialogue: 0,0:50:03.95,0:50:06.71,Default,,0000,0000,0000,,and that master descriptor\Nis (?) what clients will use.
Dialogue: 0,0:50:06.71,0:50:08.50,Default,,0000,0000,0000,,Thus you load-balance the network
Dialogue: 0,0:50:08.50,0:50:11.63,Default,,0000,0000,0000,,depending on introduction\Npoints and the instance.
Dialogue: 0,0:50:11.63,0:50:13.64,Default,,0000,0000,0000,,And this is great! And we actually know
Dialogue: 0,0:50:13.64,0:50:17.56,Default,,0000,0000,0000,,that Facebook will actively\Nstart beta-testing this thing
Dialogue: 0,0:50:17.56,0:50:20.95,Default,,0000,0000,0000,,so we can have load-balancing and CDNs
Dialogue: 0,0:50:20.95,0:50:26.62,Default,,0000,0000,0000,,and much more easier for onion addresses.
Dialogue: 0,0:50:26.62,0:50:30.44,Default,,0000,0000,0000,,So, just before I give\Nthese slides to Roger,
Dialogue: 0,0:50:30.44,0:50:33.11,Default,,0000,0000,0000,,the next generation Onion\NServices is something
Dialogue: 0,0:50:33.11,0:50:35.43,Default,,0000,0000,0000,,that has been around for 2 years now
Dialogue: 0,0:50:35.43,0:50:39.56,Default,,0000,0000,0000,,and now we’re going to start\Nworking in 2016 actively,
Dialogue: 0,0:50:39.56,0:50:42.72,Default,,0000,0000,0000,,and almost with 4 full-time\Ndevelopers on that.
Dialogue: 0,0:50:42.72,0:50:45.89,Default,,0000,0000,0000,,It’s still not enough, we need more… we\Nneed resources because we need to get away
Dialogue: 0,0:50:45.89,0:50:49.10,Default,,0000,0000,0000,,from our funding that restricts us\Nfor not working on Onion Services
Dialogue: 0,0:50:49.10,0:50:52.18,Default,,0000,0000,0000,,which we have a bit now.\NSo resources is very, very important
Dialogue: 0,0:50:52.18,0:50:54.73,Default,,0000,0000,0000,,so we can get this thing\Nthat’s extremely important.
Dialogue: 0,0:50:54.73,0:50:59.75,Default,,0000,0000,0000,,And in the next year, we hope\Nto get this thing here done.
Dialogue: 0,0:50:59.75,0:51:06.75,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:51:07.32,0:51:10.58,Default,,0000,0000,0000,,Roger: Great, so there are a couple\Nof important takeaways from
Dialogue: 0,0:51:10.58,0:51:12.62,Default,,0000,0000,0000,,what we’ve been describing to you today.
Dialogue: 0,0:51:12.62,0:51:15.93,Default,,0000,0000,0000,,One big one is, there are a lot of
Dialogue: 0,0:51:15.93,0:51:17.89,Default,,0000,0000,0000,,different types of Onion Services out there.
Dialogue: 0,0:51:17.89,0:51:19.69,Default,,0000,0000,0000,,There are a lot more than people think.
Dialogue: 0,0:51:19.69,0:51:22.64,Default,,0000,0000,0000,,Everybody looks at Hidden\NServices and says: “Oh,
Dialogue: 0,0:51:22.64,0:51:25.97,Default,,0000,0000,0000,,they’re for websites that the government\Nhates” or something like that.
Dialogue: 0,0:51:25.97,0:51:30.08,Default,,0000,0000,0000,,But there are examples\Nlike Ricochet, like Facebook,
Dialogue: 0,0:51:30.08,0:51:32.29,Default,,0000,0000,0000,,like GlobaLeaks, like SecureDrop.
Dialogue: 0,0:51:32.29,0:51:34.66,Default,,0000,0000,0000,,All of these different examples are
Dialogue: 0,0:51:34.66,0:51:38.29,Default,,0000,0000,0000,,cool things you can do\Nwith better security properties
Dialogue: 0,0:51:38.29,0:51:42.71,Default,,0000,0000,0000,,for your communication. So it’s not\Nabout hiding where the website is,
Dialogue: 0,0:51:42.71,0:51:44.97,Default,,0000,0000,0000,,it’s about getting more secure ways
Dialogue: 0,0:51:44.97,0:51:48.53,Default,,0000,0000,0000,,of reaching websites and\Nother services around the world.
Dialogue: 0,0:51:48.53,0:51:52.80,Default,,0000,0000,0000,,So another key point: this is still a\Ntiny fraction of the overall TOR network.
Dialogue: 0,0:51:52.80,0:51:55.34,Default,,0000,0000,0000,,We have millions of people\Nusing TOR every day,
Dialogue: 0,0:51:55.34,0:51:59.17,Default,,0000,0000,0000,,and something like 5% of the\Ntraffic through the TOR network
Dialogue: 0,0:51:59.17,0:52:02.05,Default,,0000,0000,0000,,is Hidden-Service,\Nor Onion-Service related.
Dialogue: 0,0:52:02.05,0:52:04.77,Default,,0000,0000,0000,,So it was 3% last year, it’s 5% now,
Dialogue: 0,0:52:04.77,0:52:08.29,Default,,0000,0000,0000,,it’s going up, sounds good,\Nbut it’s still a tiny fraction.
Dialogue: 0,0:52:08.29,0:52:12.27,Default,,0000,0000,0000,,And maybe that’s good, because when\Nyou’re using an Onion Service right now,
Dialogue: 0,0:52:12.27,0:52:14.27,Default,,0000,0000,0000,,you put double load on the TOR network,
Dialogue: 0,0:52:14.27,0:52:17.27,Default,,0000,0000,0000,,because both sides add their own circuit.
Dialogue: 0,0:52:17.27,0:52:20.96,Default,,0000,0000,0000,,Whereas if we switch to some of these\Ndesigns that David was talking about,
Dialogue: 0,0:52:20.96,0:52:24.10,Default,,0000,0000,0000,,then it will be much more scalable\Nand much more efficient
Dialogue: 0,0:52:24.10,0:52:28.78,Default,,0000,0000,0000,,and it would be really cool to\Nhave Amazon, and Facebook,
Dialogue: 0,0:52:28.78,0:52:32.01,Default,,0000,0000,0000,,and Twitter, and Wikipedia, and so on,
Dialogue: 0,0:52:32.01,0:52:36.78,Default,,0000,0000,0000,,all allowing people to get more\Nsecurity, while using TOR,
Dialogue: 0,0:52:36.78,0:52:41.99,Default,,0000,0000,0000,,while protecting places like Facebook\Nfrom learning where they are today.
Dialogue: 0,0:52:41.99,0:52:45.87,Default,,0000,0000,0000,,Another key point, we got all these\Ncool designs that we touched on briefly,
Dialogue: 0,0:52:45.87,0:52:48.94,Default,,0000,0000,0000,,we’d be happy to tell you\Nmore about them after the talk,
Dialogue: 0,0:52:48.94,0:52:52.63,Default,,0000,0000,0000,,and then the last point: You\Nrun a cool service out there,
Dialogue: 0,0:52:52.63,0:52:55.00,Default,,0000,0000,0000,,please set up an onion version of it,
Dialogue: 0,0:52:55.00,0:52:57.75,Default,,0000,0000,0000,,please set up an onion\Naddress for your cool service,
Dialogue: 0,0:52:57.75,0:53:01.49,Default,,0000,0000,0000,,so that the typical average\Nonion service in the world
Dialogue: 0,0:53:01.49,0:53:04.99,Default,,0000,0000,0000,,becomes a totally normal\Nwebsite or other service
Dialogue: 0,0:53:04.99,0:53:09.45,Default,,0000,0000,0000,,that totally ordinary people go to. And\Nthat’s how we will mainstream this thing
Dialogue: 0,0:53:09.45,0:53:11.70,Default,,0000,0000,0000,,and take over the world.
Dialogue: 0,0:53:11.70,0:53:18.70,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:53:18.70,0:53:22.36,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:53:22.36,0:53:24.35,Default,,0000,0000,0000,,And then, as a final point,
Dialogue: 0,0:53:24.35,0:53:27.45,Default,,0000,0000,0000,,we are in the middle of our\Nfirst ever donation campaign.
Dialogue: 0,0:53:27.45,0:53:30.22,Default,,0000,0000,0000,,We are actually trying to grow
Dialogue: 0,0:53:30.22,0:53:32.67,Default,,0000,0000,0000,,a base of people who want to support TOR
Dialogue: 0,0:53:32.67,0:53:35.17,Default,,0000,0000,0000,,in the same way that EFF has done.
Dialogue: 0,0:53:35.17,0:53:38.68,Default,,0000,0000,0000,,So it would be wonderful… I don’t want to\Nthrow away all of our Government funders,
Dialogue: 0,0:53:38.68,0:53:41.35,Default,,0000,0000,0000,,at least not right now, but I\Nwould like to get to the point
Dialogue: 0,0:53:41.35,0:53:44.79,Default,,0000,0000,0000,,where we have other options,\Nmore sustainability,
Dialogue: 0,0:53:44.79,0:53:47.53,Default,,0000,0000,0000,,and we don’t have to look at\Neach new funding proposal
Dialogue: 0,0:53:47.53,0:53:50.60,Default,,0000,0000,0000,,and wonder if we have to\Nun-fund people if we don’t get it.
Dialogue: 0,0:53:50.60,0:53:53.20,Default,,0000,0000,0000,,So I’d love to have much more diversity
Dialogue: 0,0:53:53.20,0:53:56.37,Default,,0000,0000,0000,,in the type of people who\Nare helping TOR to exist
Dialogue: 0,0:53:56.37,0:53:59.04,Default,,0000,0000,0000,,and thrive and help save the world.
Dialogue: 0,0:53:59.04,0:54:01.03,Default,,0000,0000,0000,,So, please consider helping.
Dialogue: 0,0:54:01.03,0:54:07.78,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:54:07.78,0:54:11.67,Default,,0000,0000,0000,,Herald: Thanks a lot for this awesome\Ntalk, we have 6 minutes left for questions
Dialogue: 0,0:54:11.67,0:54:13.64,Default,,0000,0000,0000,,and please line up at the microphones
Dialogue: 0,0:54:13.64,0:54:17.07,Default,,0000,0000,0000,,1, 2, 3, 4, 5, and 6 down here.
Dialogue: 0,0:54:17.07,0:54:19.14,Default,,0000,0000,0000,,And while you are doing that,
Dialogue: 0,0:54:19.14,0:54:21.57,Default,,0000,0000,0000,,we would like to hear a\Nquestion from the Internet.
Dialogue: 0,0:54:21.57,0:54:24.45,Default,,0000,0000,0000,,Signal Angel: Thank you. I have\Na bunch of questions regarding
Dialogue: 0,0:54:24.45,0:54:27.64,Default,,0000,0000,0000,,compromised onion addresses.\NHerald: Start with one.
Dialogue: 0,0:54:27.64,0:54:30.68,Default,,0000,0000,0000,,Signal: Do we have a\Nkind of evil twin problem
Dialogue: 0,0:54:30.68,0:54:35.76,Default,,0000,0000,0000,,and what can I do if my onion\Naddress is compromised?
Dialogue: 0,0:54:35.76,0:54:37.100,Default,,0000,0000,0000,,When there are widespread services
Dialogue: 0,0:54:37.100,0:54:41.83,Default,,0000,0000,0000,,on the TOR net, like Amazon,
Dialogue: 0,0:54:41.83,0:54:45.64,Default,,0000,0000,0000,,how do I know which\None is the official service?
Dialogue: 0,0:54:45.64,0:54:47.25,Default,,0000,0000,0000,,Roger: So the first question, of,
Dialogue: 0,0:54:47.25,0:54:51.42,Default,,0000,0000,0000,,if your onion key gets stolen\Nor something like that,
Dialogue: 0,0:54:51.42,0:54:54.09,Default,,0000,0000,0000,,that’s the same as the SSL problem.
Dialogue: 0,0:54:54.09,0:54:57.27,Default,,0000,0000,0000,,How do you keep your certificate\Nfor your web server safe?
Dialogue: 0,0:54:57.27,0:55:00.75,Default,,0000,0000,0000,,The answer is: you should keep it safe\Njust like you keep everything else safe.
Dialogue: 0,0:55:00.75,0:55:05.17,Default,,0000,0000,0000,,And if somebody gets the key for\Nyour onion address, sucks to be you.
Dialogue: 0,0:55:05.17,0:55:07.58,Default,,0000,0000,0000,,Don’t let them do that.\NFor the second question,
Dialogue: 0,0:55:07.58,0:55:10.89,Default,,0000,0000,0000,,how do you know that a given\Nonion address is Amazon’s?
Dialogue: 0,0:55:10.89,0:55:13.47,Default,,0000,0000,0000,,That ties into the certificate authority,
Dialogue: 0,0:55:13.47,0:55:17.94,Default,,0000,0000,0000,,the https, the EV cert discussion\Nthat we talked about
Dialogue: 0,0:55:17.94,0:55:23.44,Default,,0000,0000,0000,,where we need to somehow bind\Nin Amazon’s SSL certificate
Dialogue: 0,0:55:23.44,0:55:27.53,Default,,0000,0000,0000,,the fact that it’s Amazon, and\Nthis is their alternate onion address.
Dialogue: 0,0:55:27.53,0:55:30.07,Default,,0000,0000,0000,,We need to put those\Nin the same certificate,
Dialogue: 0,0:55:30.07,0:55:32.25,Default,,0000,0000,0000,,so that everybody knows\Nif you’re getting one
Dialogue: 0,0:55:32.25,0:55:35.22,Default,,0000,0000,0000,,then you know it’s really Amazon.
Dialogue: 0,0:55:35.22,0:55:38.73,Default,,0000,0000,0000,,H: Thank you. I would like to hear\Nthe question from microphone 1
Dialogue: 0,0:55:38.73,0:55:41.43,Default,,0000,0000,0000,,and remember to keep it short and concise.
Dialogue: 0,0:55:41.43,0:55:43.59,Default,,0000,0000,0000,,Q: Again, the addressing issue,
Dialogue: 0,0:55:43.59,0:55:47.24,Default,,0000,0000,0000,,switching from 16 to 52 characters is nice
Dialogue: 0,0:55:47.24,0:55:52.39,Default,,0000,0000,0000,,but if we have to change\Nthe algorithm again
Dialogue: 0,0:55:52.39,0:55:54.96,Default,,0000,0000,0000,,wouldn't it be nice\Nto have, like, a prefix
Dialogue: 0,0:55:54.96,0:55:59.55,Default,,0000,0000,0000,,to determine the\Nalgorithm for the address?
Dialogue: 0,0:55:59.55,0:56:02.30,Default,,0000,0000,0000,,Roger: Yes, we actually have\Na couple of extra bits
Dialogue: 0,0:56:02.30,0:56:05.07,Default,,0000,0000,0000,,in that 52 bytes and we could use them
Dialogue: 0,0:56:05.07,0:56:07.28,Default,,0000,0000,0000,,for versioning or all sorts of things.
Dialogue: 0,0:56:07.28,0:56:10.53,Default,,0000,0000,0000,,And there are some examples\Nof that in the proposals,
Dialogue: 0,0:56:10.53,0:56:13.21,Default,,0000,0000,0000,,I don’t think we’ve fixed\Non any answer yet.
Dialogue: 0,0:56:13.21,0:56:16.79,Default,,0000,0000,0000,,So, we’d love to have your help.
Dialogue: 0,0:56:16.79,0:56:19.92,Default,,0000,0000,0000,,H: Thank you. Please, microphone number 3.
Dialogue: 0,0:56:19.92,0:56:22.48,Default,,0000,0000,0000,,Q: Hey, you gave us a couple of examples
Dialogue: 0,0:56:22.48,0:56:24.98,Default,,0000,0000,0000,,from Facebook, and I was just wondering
Dialogue: 0,0:56:24.98,0:56:28.35,Default,,0000,0000,0000,,if there’s any sort of affiliation between
Dialogue: 0,0:56:28.35,0:56:31.76,Default,,0000,0000,0000,,Facebook and TOR, or Facebook\Njust happens to be really keen
Dialogue: 0,0:56:31.76,0:56:36.84,Default,,0000,0000,0000,,on offering their services\Nin less democratic jurisdictions?
Dialogue: 0,0:56:36.84,0:56:39.28,Default,,0000,0000,0000,,Roger: There’s a nice\Nguy named Alec up here,
Dialogue: 0,0:56:39.28,0:56:43.40,Default,,0000,0000,0000,,who on his own thought of making\NFacebook more secure using TOR,
Dialogue: 0,0:56:43.40,0:56:46.49,Default,,0000,0000,0000,,and he went and did it, and then\Nwe realized that he was right,
Dialogue: 0,0:56:46.49,0:56:49.12,Default,,0000,0000,0000,,so we’ve been trying\Nto help him ever since.
Dialogue: 0,0:56:49.12,0:56:53.03,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:56:53.03,0:56:57.60,Default,,0000,0000,0000,,H: Thanks a lot. Microphone number 4.
Dialogue: 0,0:56:57.60,0:57:00.78,Default,,0000,0000,0000,,Q: You said that you want\Nmore and more people
Dialogue: 0,0:57:00.78,0:57:03.100,Default,,0000,0000,0000,,to run Hidden Services.
Dialogue: 0,0:57:03.100,0:57:06.35,Default,,0000,0000,0000,,My question for this is,
Dialogue: 0,0:57:06.35,0:57:09.63,Default,,0000,0000,0000,,are there any guidelines\Non how to do that?
Dialogue: 0,0:57:09.63,0:57:12.68,Default,,0000,0000,0000,,Examples of how to do\Nit with specific services?
Dialogue: 0,0:57:12.68,0:57:16.85,Default,,0000,0000,0000,,Because from what I’ve seen, I tried\Ndoing this for some of the services I run,
Dialogue: 0,0:57:16.85,0:57:20.84,Default,,0000,0000,0000,,that it’s not… it’s painful,\Nmost of the time.
Dialogue: 0,0:57:20.84,0:57:23.81,Default,,0000,0000,0000,,And with the increase of\Nthe addresses right now,
Dialogue: 0,0:57:23.81,0:57:28.20,Default,,0000,0000,0000,,the size of the addresses is going to\Nbecome more and more painful. And
Dialogue: 0,0:57:28.20,0:57:32.23,Default,,0000,0000,0000,,one of the things that\NI’d love to see for release,
Dialogue: 0,0:57:32.23,0:57:35.64,Default,,0000,0000,0000,,for example, a DNS record\Ntype that’s .onion
Dialogue: 0,0:57:35.64,0:57:40.03,Default,,0000,0000,0000,,that you can add for your\Nnormal DNS record
Dialogue: 0,0:57:40.03,0:57:43.03,Default,,0000,0000,0000,,so people can just look into that and
Dialogue: 0,0:57:43.03,0:57:46.78,Default,,0000,0000,0000,,choose between A, AAA,\Nand onion to connect to it.
Dialogue: 0,0:57:46.78,0:57:49.26,Default,,0000,0000,0000,,Roger: Yeah. For that last\None, for the DNS side,
Dialogue: 0,0:57:49.26,0:57:52.34,Default,,0000,0000,0000,,if we have DNSSEC, thumbs up.
Dialogue: 0,0:57:52.34,0:57:54.83,Default,,0000,0000,0000,,If we don’t have DNSSEC,\NI don’t want to have
Dialogue: 0,0:57:54.83,0:57:58.99,Default,,0000,0000,0000,,that terrible security link\Nas one of the first steps.
Dialogue: 0,0:57:58.99,0:58:01.43,Default,,0000,0000,0000,,I don’t want to trust\Nthe local DNS resolver
Dialogue: 0,0:58:01.43,0:58:03.08,Default,,0000,0000,0000,,to tell me I can go somewhere else
Dialogue: 0,0:58:03.08,0:58:05.88,Default,,0000,0000,0000,,and then after that, if I get\Nthe right address, I’m safe.
Dialogue: 0,0:58:05.88,0:58:07.69,Default,,0000,0000,0000,,That sounds terrible.
Dialogue: 0,0:58:07.69,0:58:12.14,Default,,0000,0000,0000,,George: So, on how to set up\NHidden Services correctly,
Dialogue: 0,0:58:12.14,0:58:16.01,Default,,0000,0000,0000,,I think Riseup recently published\Nsome sort of guidelines
Dialogue: 0,0:58:16.01,0:58:19.96,Default,,0000,0000,0000,,with various ways you can tweak\Nit and make it more secure.
Dialogue: 0,0:58:19.96,0:58:23.48,Default,,0000,0000,0000,,I think there are also\Nsome on the TOR Wiki.
Dialogue: 0,0:58:23.48,0:58:26.80,Default,,0000,0000,0000,,But in general you’re right that there are\Nvarious ways you can mess up this thing
Dialogue: 0,0:58:26.80,0:58:29.69,Default,,0000,0000,0000,,and it’s not super easy for anyone here
Dialogue: 0,0:58:29.69,0:58:33.00,Default,,0000,0000,0000,,to set up a Hidden Service right now,
Dialogue: 0,0:58:33.00,0:58:35.31,Default,,0000,0000,0000,,and hopefully in the\Nfuture we will be able
Dialogue: 0,0:58:35.31,0:58:38.75,Default,,0000,0000,0000,,to have an easier way for people\Nto set up Hidden Services,
Dialogue: 0,0:58:38.75,0:58:41.92,Default,,0000,0000,0000,,maybe provide a bundle\Nthat you double-click
Dialogue: 0,0:58:41.92,0:58:45.50,Default,,0000,0000,0000,,and it spawns up a\Nblog, or a Docker image,
Dialogue: 0,0:58:45.50,0:58:49.66,Default,,0000,0000,0000,,I don’t know. It’s still one of the\Nthings we really need to look into.
Dialogue: 0,0:58:49.66,0:58:52.90,Default,,0000,0000,0000,,Roger: It would be really cool to\Nhave a server version of Tails
Dialogue: 0,0:58:52.90,0:58:56.45,Default,,0000,0000,0000,,that has all of this built in\Nwith a, like, Python web server
Dialogue: 0,0:58:56.45,0:59:00.47,Default,,0000,0000,0000,,that’s hard to break into and\Nautomatically configured safely.
Dialogue: 0,0:59:00.47,0:59:03.78,Default,,0000,0000,0000,,That would be something that would\Nmake a lot of people able to do this
Dialogue: 0,0:59:03.78,0:59:07.62,Default,,0000,0000,0000,,more conveniently and not\Nscrew up when they’re doing it.
Dialogue: 0,0:59:07.62,0:59:13.15,Default,,0000,0000,0000,,H: Okay!\N{\i1}applause{\i0}
Dialogue: 0,0:59:13.15,0:59:16.86,Default,,0000,0000,0000,,So we have a bit of less than 1 minute\Nleft, so I would say “Last question”
Dialogue: 0,0:59:16.86,0:59:19.99,Default,,0000,0000,0000,,and let’s say microphone\Nnumber 3 for that.
Dialogue: 0,0:59:19.99,0:59:22.58,Default,,0000,0000,0000,,Q: Hello, I have two small questions.\NH: No, one.
Dialogue: 0,0:59:22.58,0:59:24.80,Default,,0000,0000,0000,,Q: One, okay.\N{\i1}laughter{\i0}
Dialogue: 0,0:59:24.80,0:59:27.55,Default,,0000,0000,0000,,So, I noticed you\Nhave some semi-trusted
Dialogue: 0,0:59:27.55,0:59:30.59,Default,,0000,0000,0000,,assumptions for the random\Nnumber generation
Dialogue: 0,0:59:30.59,0:59:33.40,Default,,0000,0000,0000,,for your relays. Did you consider,
Dialogue: 0,0:59:33.40,0:59:36.65,Default,,0000,0000,0000,,or do you think there’s some merit\Nin using the Bitcoin blockchain
Dialogue: 0,0:59:36.65,0:59:38.100,Default,,0000,0000,0000,,to generate randomness?
Dialogue: 0,0:59:38.100,0:59:42.14,Default,,0000,0000,0000,,George: We considered it. We considered\Nusing the Bitcoin blockchain,
Dialogue: 0,0:59:42.14,0:59:47.17,Default,,0000,0000,0000,,the NIST beacon, all these things, but\Nthere are various engineering issues
Dialogue: 0,0:59:47.17,0:59:51.49,Default,,0000,0000,0000,,like to use the blockchain thing you\Nneed to have 2 verified Merkle trees.
Dialogue: 0,0:59:51.49,0:59:54.11,Default,,0000,0000,0000,,This needs to be coded\Non the TOR codebase.
Dialogue: 0,0:59:54.11,0:59:57.64,Default,,0000,0000,0000,,You also depend on Bitcoin, which is\Na system quite powerful to be honest,
Dialogue: 0,0:59:57.64,1:00:02.16,Default,,0000,0000,0000,,but you probably don’t want to\Ndepend on outside systems, so…
Dialogue: 0,1:00:02.16,1:00:04.46,Default,,0000,0000,0000,,We really considered it, though.
Dialogue: 0,1:00:04.46,1:00:06.28,Default,,0000,0000,0000,,Q: Thank you.
Dialogue: 0,1:00:06.28,1:00:09.20,Default,,0000,0000,0000,,H: Thanks a lot for this\NQ&A, I think you will…
Dialogue: 0,1:00:09.20,1:00:13.54,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,1:00:13.54,1:00:17.27,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,1:00:17.27,1:00:21.28,Default,,0000,0000,0000,,I think you will stick around and be\Navailable for another question-and-answer,
Dialogue: 0,1:00:21.28,1:00:24.53,Default,,0000,0000,0000,,more personal, after the\Nnext upcoming talk, which is
Dialogue: 0,1:00:24.53,1:00:27.63,Default,,0000,0000,0000,,“State of the Onion”, in 15 minutes.
Dialogue: 0,1:00:27.63,1:00:32.98,Default,,0000,0000,0000,,{\i1}postroll music{\i0}
Dialogue: 0,1:00:32.98,1:00:37.83,Default,,0000,0000,0000,,Subtitles created by c3subtitles.de\Nin 2016. Join and help us do more!