rc3 preroll music Herald: Our next speakers are Gus and GeKo from the Tor project. They both came on onto the project. A couple have been working with the project for a long time now, and a couple of years ago, they both came on as employees. Gus, as the team leader, as the community lead of the project and Georg as the network team leader, who has been working on improving the health of the network and making sure that bad relays are removed. Give them all a great round of applause from home and welcome to the stage, guys. Take it away. Georg: Hello, everyone, hello. This is Georg from the Tor project, and I have got with me today to talk about the State of the Onion, a yearly thing, and we are really happy to be here at the CCC and think about providing an update, what we did, what we are excited about next year and what is basically in the pipeline. Before we start, assuming we have some folks watching this talk, wondering what this Tor thing is? We thought about picking them up, getting them up to speed and talking about what we are actually talking about here. So, Tor is concerned with the online anonymity and censorship circumvention. It's referred to as free software, and we actually have an open network of relay operators and relays and operated by volunteers. But that's not the only meaning of Tor. You find you are as well, you know, in a community of researchers, developers, users, and you mentioned relay operators. As a project. We are a US 501c3 nonprofit organization. So, that's the different notions of Tor you might encounter. So, what is actually the Tor design? How does it help with the anonymity goal or censorship circumvention goal? So, I assume you have two parties who want to communicate over the internet, and they want particular. Alice wants to hide the location of their IP address, so they can connect directly to Bob because that would be obvious where they are coming from. So, they try to get their traffic through multiple relays. So, no single relay can actually betray Alice here and find out now what Alice is up to, or actually, where she is coming from. So, what Alice is doing, or actually Alice's Tor-client on her machine is picking a path through the network where through relays mentioned here with R1, R2 and R3 before she's finally reaching Bob. So, this looks like some something like this here, and at the end, Alice is asking the exit relay or relay three on this slide to connect to Bob, and then they can talk to each other. That's the basic underlying concept of Tor. Then there's the problem that we sometimes see censorship in the wild, which means that adversaries trying to prevent Alice from actually reaching the Tor-Network and so that she can benefit from the privacy properties that the Network is providing. And in this case, the direct connection to the cloud above there with the public relays as presented. And what Alice needs to do is to connect to so-called bridges, which are nonpublic relays in this case, which bridge work as a first hop. And then she is picking the usual remaining two hops before connecting to Bob. So, this is a rough idea of how Tor is trying to prevent censorship. Or to bypass censorship to be more correctly and which will play a role in the coming slides because we talk a bunch about censorship, work we do and have done and want to do. So, that's basically Tor in a nutshell. That's there are many more things to Tor, but that's hopefully enough to understand what the following updates are about. So, if you recall the previous slides, that was basically trying to provide privacy at the network layer for users hiding the IP addresses. But as we know, the web, in particular browsers, are large beasts, and that's by far not enough anymore to guarantee any meaningful privacy on the internet because of all of the tracking mechanisms and arrays of fingerprint users. So, a couple of years ago, we essentially started to provide a tool called Tor Browser, which is essentially a fork of Firefox and has dozens of patches on top of that. So, we can actually provide the privacy guarantees we think are important. And this tool got some, you know, some meaningful updates over the year. And one of these is that we overhauled the Tor connection experience. Some of you who are already familiar with Tor browser, know about this weird modal dialog popping up once. This is (virtual) browser, which was, up until the Tor browser 10.5, the default way of connecting to the tunnel broker program, the Tor browser. And this is gone because that's a really weird experience if you have any other browser, what is happening once you started? You get a browser window and then start searching or typing or whatever. You never get any modal dialog, which is a UX experience, which is not really the best. So we fixed that. There's no modal dialog during startup anymore, and there are easy ways to an easy way to connect automatically now. So, you don't even see this particular sort of screen anymore, or was giving you much smoother experience for your Tor browser usage, which is pretty exciting. Then we finally deployed Snowflake, which is a means for helping censored users on the internet, which is, you know, kind of next, next, next-level step in the arms race against censors. And this has been in the works for a couple of years and has been testing for months in our alpha release series and finally made it earlier this year and stable. And you can see in this on this graph how the usage grew over time, starting with the initial launch and the stable series at the beginning of July this year. You see, there's a continually growing numbers of snowflake users you see at the right side, the despite up and down, and we'll talk about this a bit later. But it's a growth, and we can see this, and we can hear the feedback for users. So, what you can help is. Running snowflakes, how this was going to work is a thing Gus will explain later on. But that's already a thing you can try to remember and getting out of this talk, so you can help censored users. Um, yeah, that's two of the high notes for this year for the next year and upcoming years, we plan to make it even easier to help censored users around the world, for instance, by faster updating the D4 bridges. we ship with the Tor browser. Usually, what's happening right now is that once we want to bundle new bridges to Tor browser, we have to have a new release, which is pretty cumbersome and slow, and we want to make this faster that you can keep your Tor browser but get updated bridges if there are any available which we can ship. And then we continue working on the general idea of just helping users bypassing the censorship, though they should have a button like "I am censored" and then Tor browser should figure out everything it needs to provide working bridges for the user and the particular region where they are. That's the kind of the golden standard we want to get to. So, this will be pretty exciting work then for another project, actually a multi-year project, which we recently started, I want you to give an update. The Tor browser thing is pretty cool in the sense that you have an app, and then you have per app settings kind per app means of providing privacy properties, but particularly on Mobile, where you have kind of dozens or hundreds of apps. It's pretty cumbersome if it's usable or possible at all to configure. Every app to every app to use Tor as a proxy, so what we want, or we actually want to what you just want on mobile at least, is a way to him to route all safe traffic and specific safe applications through Tor. You don't want to configure this per app, though. That's that's not the way to go. That's a pretty "VPN" like functionality to do. I put "VPN" in quotes here because that's kind of a working, you know, concept we would probably want to come up with the better term at the final product, because VPN is kind of tainted and people have particular understandings of what this means. VPN is, and you have kind of a new tool here which was trying to fill the niche and provide better guarantees than regular VPNs do. So, we want probably come up with a different term. But that's pretty close from the functionality point of view. What we want to do and the bonus points here as well are that, We can easily expand our censorship circumvention means to the whole device and don't have to deal with that on a per app basis, either. The work is done with our friends from the Guardian project and the LEAP Encryption Access Project, which is exciting, and we plan to have this available on Android first, likely starting in 2023. Maybe already at the end of next year, we'll see. As I said, it's a multi-year project spanning different teams at Tor. It's using Arti the new rust based (talk line) we are currently writing. So, that's a pretty exciting project, and we hope you make serious progress over next year. So let me leave the application part right now and talk a bit about what we could call network health. The one of the points which frequently comes up, which is important, is our work in the bad relay area. All the dealing with malicious relays remains hard with our limited resources. We removed, for instance, several large groups of actually relays in early 2021 and used this actually as kind of a wake-up call to seriously invest in this area, which means writing new scanners for detecting malicious behavior and do a better monitoring for malicious behavior at the network. And I think over the year. I'm confident to say that we actually are going to have a safer Tor network and compared with previous years, I think it's fair to say as well that we right now have a safer Tor network as well compared to what we had in the previous year. So, that is exciting progress. Worth mentioning here, but that's not enough, right? So, what we actually want to do to provide an even safer experience and tackling the the the problem of malicious relays more at the core, is leveraging trust in our relay community, helping with those problems. And the key points to take away here is that is. It mixed approach in the sense that we have technical tools helping, that really work. But as well this is a social approach, which is important here because we can't solve the problem of malicious relays on the technical means alone. And this is the thing we take into account right now already started successfully, I think with experiments, for instance, we removed like three weeks ago, two large groups of relays which we deemed to be malicious, which were perfectly configured from a configuration perspective. Then all the my family settings, and they had a contact info information side, which was supposed to be non-spoofable. So, they did all the technical parts right, but still, once we start to contact them and tried to talk to them, it was pretty clear they were very likely malicious, and we removed them quickly from the network, which showed us once more that there's a social component here too, which is important. And this will be the priority for the network health team, not only for the team. I mean, yes, the community team involved as well, and other teams too. But it would be important for the Tor project in 2022. And what this means at the end, you know, taking trust into account is not set yet. That could be the idea that we say, OK, we have here a large group of trusted relays, and they get more traffic to see a lot more traffic to see from uses compared to the non-trusted group. This has performance implications and many other implications, which we need to explore in detail. Starting this year, but more next year, and probably for the coming years, which actually brings me to my final point for my part, which is talking to you a bit about Tor performance and the work we did this year and what's coming up next. So, if you look at these and this graph of those two graphs, you see a growing gap between the bandwidth, which is virtualized on the network and the actually used bandwidth over the years, starting from, you know, kind of 2011 and continuing up until today. This is kind of counterintuitive because one of the things we usually get, as, kind of most of the most important complaint, is that Tor is slow? So, so what's the issue here? If you have so much kind of surplus bandwidth, but it's not getting used, but on the other hand, users are complaining Tor is slow. So, we have a project which is trying to solve those problems. We think that a big part of this equation is coming up in that good congestion control for the Tor Network, which was lacking so far. So, that we have an overall better bandwidth usage. And this could be implemented this year, which is exciting, and will be deployed next year. And we hopefully see not this growing gap anymore, but a shrinking gap. Additionally, one thing we sorely missed was feedback for relay operators, whether their relays are doing well, whether they are overloaded and whether they can improve settings and make the proper modifications. So, we implemented a series of kind of warnings or triggers which relay operators can monitor and we from the Tor Project side can monitor as well. And then we can ping relay operators and helping them figure out their stuff and getting those issues fixed. Resolving the overload they see on their relays and planned for 2022 as well is that we start to do better load balancing by figuring out which relays are seriously overloaded and moving traffic from them back to less overloaded relays, giving an overall better performance and user experience for all users. So, I think that's all I had to say from my side. Thanks for listening and our Gus will pick this up. Gus: Thank you, Georg. So, hello. This is Gus from the Tor project. And today I will talk a little bit about the Community Team and our work on the Tor community, so we will cover the new user support forum, our new gamification project. The "run a bridge" campaign that we started last month, and we are also going to talk about the Tor censorship in Russia. So, for the third forum, we at the beginning of this year, we start to think about having a place where people can ask questions. That is not the mailing list. So, in 2021, what looks like a support forum? You know how where users can do questions and receive help. So, email and use of the communication are nice, are cool and important because people in certain regions, they can access this resource. They can send an email from Iran, from China, from Russia now, and they can access our documentation. But you are thinking about, are there other ways to reach out to this community to find places, to find a way, for them to communicate and ask questions? So, part of GS plan is to,..., The first part of this plan is to have a Tor forum, so people can access this information and ask questions on your support forum. That's friendly, and you can store an app on your phone and contact and talk with others. And later, we'll talk about the second part of this plan. So, we launched the Tor Forum jazzier in October, and it has been very nice, and I invite everyone to join our forum. The other project that we are doing in the community team is the gamification project for relay operators. So, the idea is to understand what, what are the motivations, how we can incentivize better the Tor network, how we can grow, the Tor network, basically, or why people are stopping children relays. So, we are doing this as part of our internship, and Nico is our intern, and she is doing this work, and we have a survey online, so people can ask some questions and give feedback about their experience, running relays. And last month in November, we launched our campaign to get more bridges and in as far as ... Well, Bridges are very important for users, living in censored countries. This is how they are going to connect to the Tor network. So, our plan was to have 200 new obfs4 bridges. obfs4 is a pluggable transport that can obfuscate your Tor connection. And we, ... so the plan was 200 new bridges and the campaign staffs at now are at 947 new running Bridges. 847 new obfs4 bridges, and the network size about from 1200 to 2000 new bridges overall. So, the campaign was a real success and we ... and you can see on the graph here on the screen how the campaign changed the course of the network size here. And so, this campaign started in November and December, a situation just happened. So, at the beginning of December, we received a lot of users asking for support in Russia and what it was not? Well, we usually have some users asking for help, but this time was different. We received, like a lot of user support requests, basically emails asking for Tor bridges, and that was very strange because we didn't know anything happening. So, we start to investigate with OONI which is the "Open Observatory of Network Interference" to understand what was happening. So, we start to see some anomalies on the Tor net in Russia, basically blocking not just our website, but also the Tor network and not only the Tor network, but also some Tor bridges. And that was like, ... we started to look into that to understand what was happening. So, we start to collect information, and we put together (...) Ticket and a few days later, we received an email from Russian authorities saying that they were going to block the Torproject domain, and basically, failed to give us a reason, and we didn't understand what was happening, so we, ... I'm going to skip the lawyer part and the reason that they are blocking the Tor project website and I will focus on what they are actually doing and how that is impacting the Tor network and the Tor community. So, Russia is the second- largest country of Tor users, after users in the United States, Russia, Germany, Netherlands and other countries that are the top 10 top 20 countries that are using Tor. In the end, as we start to look at the metrics and see that the numbers of our users were decreasing in December. And we also saw that the bridge users also increasing. So, you can see clearly the impact of the censorship on just a graph here and just a graph is available on the metrics portal too. So, the summary here is, well, On December 1st, the Russian authorities they blocked Tor Directory Authorities. So if you have Tor followed on your computer, you cannot bootstrap Tor. They block Tor Browser Bridges. So if you have Tor browser installed, you cannot use these bridges. They also block a domain fronting with Azure. So if you try to bypass censorship, that was not going to work. They also blocked Snowflake, which we will talk about a little bit later. And they also blocked a bunch of Tor bridges in different internet providers. So, it depends on where you are in Russia, you can use Tor. But in other places, that was going to be more complicated. And the only way to bypass the censorship at the time on December 1st was to use a bridge from https://bridges.torproject.org or from our email. And so, we start to fight the censorship, we launched our Telegram bot that you can get a bridge and that the bridges is not blocked in Russia. And we tasked these bridges on all of these points on Russia to see if they are blocked, if they are blocked we ask for relay operator to hold that IP address. So, Tor Bridges are working, and we are checking if they are checking in, recording if they are working. That are community also fought back and that our committee spin up like more than 400 new Tor bridges in just a few days. I mean, we have amazing volunteers translating Tor user support guides in Russian, and doing after the first block on December 1st. The anti-censorship thing also provide a fix for snowflake, and just fix what's available on Tor browser, the last release. So, you can see onto the graph that Snowflake was around like less than 2000 users, but after December, you can see it take a while, but then such increase the number of snowflake users, basically because of Russia. And you can see just a graph here. There's a decrease here, is because the server crashed after too many users. So, we fixed the server, and we start to get more users. So, if you want to help people inside this country, you can run a Tor bridge, or you can run a snowflake proxy and that that will be very helpful for Tor users in Russia. And a new update, during Christmas, we also had a new round of censorship in Russia. More bridges were blocked between December 23 and 24. We are going to reach out to relay operators, and we are going to contact them and say, OK, you need to rotate your IP address if you want to get back in the game and fight censorship. And we are going to do that and just (check) if snowflake is working fine, and we have been working with doing the other support with Russian users. And we already answered more than 1300 Help requests since December 1st. Just for comparison, we resolved 1400 support tickets between January and November. So, in one month, we already have more user support request from Russia than, you know, in 12 months, basically. So, uh, so I will do a call here for the international community to spin up a Tor bridge or run a snowflake proxy. If you can't, if you cannot run a bridge, you can donate to relay associations. If you cannot donate, you can help and teach our users about Tor bridges. Or you can help localize Tor in Russian. Or you can do. We can apply pressure like if you are part of a digital rights organization or your organization and help us to make pressure on the Russian government. And stand up and start (a directory) like Edward Snowden did and publish messages calling the Russian government to stop blocking Tor. How to get involved. We are available on our IRC and Matrix channels. You can join us, our mailing list. They are public and you can see what we are talking, and you can help. You can also join the Tor Forum and you can contribute on GitLab. And for next year, we are going to improve. We are going to continue to improve our user support tools for users living in censored countries or regions. So one of our ideas is to provide a Telegram chat channel, so users can communicate and have and get user support on Telegram. We are going to continue to develop the Tor relay gamification project, and continue to organize our trainings in the global south, in Latin America and Africa, and organize relay operators meetups. Today we are going to have our relay operator meet- up at 10:00 p.m. German time. And the link you can find on the Tor relay mailing list. And also, if you search on Twitter, on social media, you can also find that, um. And today we just covered some topics from the state of the onion. One month ago, we did a huge presentation like two and a half hours about anti-censorship from the rising UX SysAdmin team and many other updates about Arti, about virtual or non deprecation and many other topics. And you can watch that on YouTube. So, I think that's it from my side, and we are open for more questions. Herald: Thank you so much, guys. Like obviously, Tor is a really important project and that's honestly great to see how dedicated you are to basically helping everyone. I was actually. Now we're going to go on to the question, and I was actually wondering something myself before we head over to taking the ones coming in from the internet. Basically, I as far as I understand like when you working with bridges and making sure to like, avoid this censorship and everything like as far as I understand, an important tool in this process are the meek-bridges where you use huge cloud providers to basically mask traffic to Tor. It's like regular HTTPS website traffic. Does that not work in the case of Russia or like what does the attack threat situation look like at the moment? And that's the landscape. Gus: I can answer in two parts. The first part is that some cloud providers, they don't like domain fronting. And so, Amazon and others, they change their policy, and they start to block, well, not just block, but to remove projects that were using domain fronting. So, the only cloud provider that allows Tor or allow Tor to do that was Azure, and we had to limit the bandwidth on that. So if you use meek- Azure on Tor browser, it's going to be very slow. And one thing that we saw, just as the first part, like the providers, they don't like that they were enforcing us to stalk, or we will remove just support. The other thing is that the bill, like the cost of running a meek-Azure bridge or a meek-Amazon bridge, but it that was too high and too costly. So, snowflake is the next step here because it uses domain fronting to connect you to a Tor proxy. It's not like proxy, and the cost will be like very cheap. So, you can get the benefit of domain fronting, and you can use a lot of proxies to connect Tor users. And that will not cost a lot of money for the Tor project or for Tor users. So, that is the way to go here is not to look back, but look forward.Laugh Herald: It sounds so cool. Like obviously it seems that this was very important and actually hearing like some of the problems that you guys are facing in your fight, I think that's very interesting for all of us. So questions from the audience. The first one is that the apps that you're making like the question is, whether they would make you identifiable. So basically, if exactly those five apps are always calling home over the same Tor nodes, the question is if that if someone could link that back to you? Georg: Hmm. Do you want to talk about this Gus? Or should I? Gus: Go ahead. Georg: Yeah, I think this should not be the case. I mean, depending on what kind of apps you have, how they are configured and such and potential, you know, timing signatures and stuff. So, that's one of the things we're concerned, for instance, with Tor browser and trying to really make sure to break this up in the sense that folks can't learn anything about those patterns you have. It's hard, in particular, if adversaries can monitor, you know, exit nodes or endpoints over a long period of time. But generally, you should be protected from this kind of threat. Herald: Right. That makes sense. So, the next question is that if they understand correctly, the Tor organization is registered in the United States, could the project be in danger of any government pressure to be discontinued, And have you guys have a plan to move to more neutral countries like Switzerland or similar? Gus: So from my point of view, I don't think we suffer any pressure right now from US government. So, I think. Would what would you be interested? Well, one thing that is important is one thing is that the Tor project and the other thing is the Tor network. The Tor Network is,... we have directed authorities in different countries and that just to avoid this kind of government pressure against the Tor network. So, I think the question would be more like finding different ways to fund, ..., make Tor sustainable, not just. Like diversifying our funds, so we don't be so connected with a government, are one source provider of resource. I think just it's happening right now. Isabella, the executive director, has changing a lot of our money income. And if you look back in the Tor history, US government was adding a lot of money through to the TOR project in different by different ways, you know, like a human rights projects and internet freedom projects. And just was basically how Tor is and was funded by U.S. government, but not just U.S. government, other governments like Swedish government too. So, I think I would be more concerned about the Tor directed authorities being in just one country, and that's not true. We are in different countries and they so far I don't I never heard any kind of pressure from the U.S. government against the nonprofit, call it the Tor project. So, I think that it's basically, my answer here. Herald: That's good to hear. And now on to maybe a little bit lighter question, do Tor browser users have any chance or hope to see less captchas in the future? Georg: Yeah. Yeah. I think we do have some hope, there is, ... I mean, not just only hope. But we have work ongoing solving this from different angles. The first one is outreach to major providers trying to understand why they are blocking Tor or why they provide, captchas and working with them to come up with solutions, which are not only deployable by them, but by the wider industry. So, there is a knowledge gap here and then trying to, ..., based on that, trying to figure out how we can solve this problem. And that's not only from , you know, policy angle, but we plan to look into technical means as well. For instance. There's the idea of providing tokens to Tor users, so they can, which they can spend anonymously at websites, for instance, and the websites can look for that and try to regulate the traffic, keeping the noisy bots out while providing good service to our users providing such a token. That's another thing that won't be solved next year. It's a multi-year project, too. We are a small organization, so there has to be some kind of prioritization. But that's definitely on our radar and a serious problem for us. So, we should fix this. Herald: Sounds like great initiatives and also like that going some of the way in order to some extent legitimize the use of the Tor browser. Maybe not as much in common society, but also when actually visiting different websites. Georg: Yeah, exactly. Herald: Nice. Next up is whether you guys are planning to figure out some kind of solutions for firewalls, for instance, the corporate ones that are slowing traffic down. Georg: I know, Gus, do you. Do you have some, you know, queries or complaints from users for this particular issue? I'm not sure about that. Gus: Yeah, I and. I just want to be a very specific question, I .... Herald: It's also very fair to just say that it's not a problem that you've heard a lot of complaints about, Georg: Right. Gus: Yeah, sure, that's true. We I didn't hear about that. Like the captacha one is a popular one, but I never heard. Georg: I think they're a bunch of larger things to fry here, there. It's not really in our not even our top 10. So there. Herald: Right? I guess it can also be very hard for you guys to like, work with figuring out how to prioritize all the different initiatives and wishes that that people have. Georg: Yeah, definitely. Herald: Cool. So unfortunately, we don't have time for any more questions right now, but there is a break-out room that people can come to, and you will answer any further questions. For now, we are going to have a break on this channel before the next talk that's going on at 20:00, which is (in German) "Cookiebanner, das Online-Werbe-Ökosystem und Google, Preisträger BigBrotherAwards 2021" For now, thank you very much, guys. Take care and maybe we'll see you in the break-out room. postroll music Subtitles created by c3subtitles.de in the year 2021. Join, and help us!