-
preroll music
-
Herald: I am very happy to introduce this
year’s update on the “State of the Onion”!
-
This is a talk with about 5 speakers,
so let’s introduce them one by one.
-
First, Roger. He did it the last talk.
He is the founder of the TOR Project,
-
applause
MIT Graduate and Top 100 Global Thinkers.
-
Then we have Jake, a
humble PHD math student
-
applause
-
that is in my opinion not a
National Security threat
-
but a post National Security promise.
-
We have Mike Perry, and I think
it is enough to say about him,
-
that the NSA calls him a worthy adversary.
-
applause
-
He is also the lead dev
of the TOR Browser.
-
And then we have Alison Macrina,
a radical, militant librarian.
-
applause
-
And last but not least: Shari Steele, the
new Executive Director of the TOR Project.
-
applause
-
So without further ado:
This year’s State of the Onion!
-
applause
-
Jacob: Alright, it’s a great
honor to be back here again.
-
And we’re really happy to be able
to introduce so many more faces.
-
It’s no longer the Roger and Jake
show. That’s very important to us.
-
Hopefully next year, we won’t
be here, but we’ll still be alive.
-
So 2015, if I were to express
it in a hand gesture
-
or with a facial expression, it would
look something like “Ooouuw”.
-
It was really a year of big changes. Not
all of them were really good changes.
-
And there were a lot of heavy things
that happened throughout the year.
-
We won’t even be able to cover all of
them because we only have an hour.
-
So we want to focus on the
positive things. I would say that
-
probably the nicest thing is that we are
growing. We’re really, really growing.
-
Not only growing the network,
but we’re growing the community.
-
And in some sense we’re expanding
throughout the whole world in terms of
-
users who are using TOR, what TOR
users are using TOR for, which is
-
of course extremely important that there
is more and more people just doing
-
regular things with TOR, protecting
themselves. But then we have of course
-
lots of specialized things that happen
with the TOR network as well.
-
We have things like OnionBalance and
Ricochet. Really exciting developments.
-
And we’ll talk a bit about all of those
things. One of the most unlikely things,
-
at least when I imagine working
on TOR, say 10 years ago vs. now,
-
is that we’ve worked with some really
unlikely partners. Some of you know
-
that I’m not really a big fan of Silicon
Valley, even though I’m from there.
-
So you know, I sometimes call Facebook
not so nice names, like Stasi-Book.
-
And part of the reason for that is
because I think it is a little bit weird,
-
that you report on all your friends
in order to go to parties.
-
Previously it was to get into the party
and now it is to go to parties.
-
And yet we worked with them on something.
-
Because it turns out that sometimes
you have unlikely temporary alliances.
-
And it turns out that while I personally
may think that they are evil incarnate
-
in some sense, it is the case that
there is at least one good guy there.
-
Alec worked on this fantastic RFC7686,
-
that actually allowed us to help all
Facebook users mitigate some harm.
-
Which is that if they want to be able
to visit Facebook; and I guess
-
the reality is that not using Facebook
for a lot of people is sort of like
-
the “Kill your Television” bumper sticker
of the 90s. For those of you that ever
-
visited rural America. You know that that
wasn’t like a really successful campaign.
-
A lot of people have TVs these days
as well. So it’s a little bit like that,
-
only here we actually built an alternative
where we can mitigate harm.
-
And that’s really incredibly important
because it mitigates harm in all sorts
-
of different pieces of software. It
makes it possible for us to talk to
-
Browser vendors, to DNS resolvers.
And part of this was motivated
-
by some investigative journalism
that I actually did, where I revealed
-
XKeyscore rules, where the US
Government’s National Security Agency
-
was sifting through all of the internet
traffic to look for .onion addresses.
-
So when they saw a DNS request
for .onion they were actually
-
learning .onions by harvesting traffic.
And that really motivated me
-
to want to make it, so that the DNS
resolvers didn’t do that anymore.
-
It was very important, because one
of my core missions with TOR
-
is to make that kind of stuff a
lot harder for the spies to do.
-
And protecting everyday users, even
users who aren’t TOR users, yet.
-
And that’s very important. So working
with Alec on this has been great,
-
because the IETF actually
supports this. And now
-
ICANN will not sell
.onion to anyone.
-
It’s a special use reserved
name. And that’s incredible!
-
applause
-
Roger: OK, so. Is this
thing on? Yes it is, great!
-
So there are a couple of interesting
graphs, that we’re going to give you,
-
of usage scenarios, usage
instances over the past year.
-
So pretty recently we were looking at
the number of people in Russia
-
using TOR. Russia has been talking about
censoring, talking about all sorts of
-
oppression steps. And at
the beginning of November,
-
we moved from 180k people in
Russia each day using TOR
-
up to almost 400k people. And
this is probably a low estimate.
-
So many hundreds of thousands
of people for that two week period,
-
which started with a Russian bomber
getting shot down, were trying to get
-
news from the rest of the world, rather
than news as Russia wanted to show it
-
to them. So that’s
kind of a cool event.
-
Another interesting event: Bangladesh
ended up censoring Facebook
-
and some other websites and a whole
lot of people switched to using TOR.
-
I was actually talking to one of the
Facebook people and they have their own
-
internal statistics about the number of
people connecting over the TOR network
-
to Facebook. And it would be super
cool to super impose these two graphs.
-
Our data is public and open
and we like sharing it.
-
They don’t actually share their data.
But one day it would be really cool
-
to be able to see both of these
graphs at once, to see users shifting
-
from reaching Facebook
directly to going over TOR.
-
The other interesting thing from the
Bangladesh side: I was looking at the
-
Alexa top websites around the
world and we, torproject.org is
-
like 8000th in the global
rankings, but at least
-
for the past couple of weeks
torproject.org has been
-
300th in Bangladesh. So there are a
whole heck of a lot of people there,
-
learning about these privacy things
that can get around local censorship.
-
applause
-
OK, and then an exciting
other story that we’re
-
going to touch on briefly, but
it’s an entire talk on its own.
-
So let me give you a couple
of facts and we’ll go from there.
-
January of 2014 a hundred
relays showed up
-
in the TOR network and we weren’t sure
who was running them, but they weren’t
-
exit relays, so they didn’t seem like
they were such a threat at the time.
-
Fast forward a while later: The
CERT organization inside CMU
-
submitted a presentation to
Blackhat on how cool they were
-
for being able to attack TOR users. And
they talked about how they were going to
-
talk about individual users
that they de-anonymized
-
and how cool they were for that.
And I spent a while trying to extract
-
details from them. And eventually
I learned what their attack was.
-
And then Nick Mathewson, one of
the other TOR developers decided
-
to check the TOR network to see if
anybody was actually doing that attack.
-
I mean it’s CERT, they are the
folks who publicised the phrase
-
“responsible disclosure”. Surely,
they are not actually undermining
-
the TOR network and attacking TOR users.
But then it turns out that somebody was
-
doing the attack. And it was these
100 relays that looked kind of ordinary
-
and innocuous before that. Then I sent
mail to the CERT people, saying:
-
“Hey are those relays yours?” And they
went silent. They have never answered any
-
of my mails since then. So that’s
what we know. It doesn’t look good.
-
One of the key things that we,
TOR, have done from here is
-
we’ve been working on strengthening
the TOR network and getting better
-
at recognizing these things. So
the core of the attack was that
-
they did what’s called a Sybil attack,
where you sign up a lot of relays
-
and you become too large a fraction of the
TOR network. So we’ve been working on
-
a lot of ways to recognize that
an attack like that is happening,
-
and mitigate it, and get rid of it
early. For example Philipp Winter
-
has a bunch of interesting research
areas on recognizing similarity
-
between relays. So you can
automatically start detecting:
-
“Wait a minute, this event
happened, where a lot of relays
-
are more similar than they should
be.” Another example there is:
-
We used to say: “Well I don’t
know who’s running them,
-
but they don’t seem that dangerous. So
OK, it’s good to grow the TOR network.”
-
Now we’re taking the other
approach of “Gosh, that’s weird,
-
let’s get rid of them and then
we’ll ask questions after that.”
-
So we’re trying to be more
aggressive, more conservative
-
at keeping the TOR network
safe from large adversaries.
-
Whether they’re government organizations
or corporations or individuals.
-
Whoever might be attacking it.
-
Jacob: We’ve had a few really big
changes in the TOR community.
-
One of them is that we had
an Interim Executive Director
-
come on in a sort of quick moment
and that’s Roger Dingledine.
-
Some of you probably always thought he
was the Executive Director the whole time.
-
That’s because for a while he was and then
he wasn’t. And then he was back again.
-
And that change was quite a
huge change in that instead of
-
working on a lot of anonymity stuff,
Roger was doing a lot of bureaucratic
-
paperwork which was actually quite
sad for the anonymity world, I think.
-
He probably reviewed fewer papers
and did fewer anonymity things
-
this year than ever before.
Which is really, really sad.
-
But that really lit a fire under us to
make sure that we would actually
-
change that. To make sure that it was
possible to get someone else, who is
-
really good at being an Executive Director
of the TOR Project, to really lead,
-
so that we could have Roger return to
not only being an anonymity researcher,
-
but also the true Spirit
Animal of the TOR Project.
-
He doesn’t look like
an onion, but in spirit.
-
Roger: Slide!
Jacob: laughing
-
Another really big thing that happened
is working with Laura Poitras
-
over the last many years.
She has followed the TOR Project
-
– lots of people like to follow the
people on the TOR Project –
-
but we consented to her following us.
And she made a film, “Citizenfour”,
-
I think some of you… have
any of you seen this film?
-
applause
Quite amazingly,
-
she won an Oscar. Actually, she
basically won every film prize.
-
applause
-
One of the key things is that people
in this room that work on Free Software
-
were explicitly thanked. If you work
on Tails, if you work on GnuPG,
-
if you work on SecureDrop,
OTR, TOR, …
-
She specifically said in
the credits of the film:
-
This film wouldn’t have been
possible without that Free Software.
-
Actually making her job and
the jobs of her source
-
and other people involved…
making that possible.
-
And so her winning that Oscar
in some sense feels like
-
closing a really big loop that had
been open for a very long time.
-
And it’s really great and she,
I think, would really wish that she
-
could be here today, again. She
sends her regards, and she is really,
-
really thankful for everybody here that
writes Free Software for freedom!
-
applause
-
Roger: So another exciting event
that happened in 2015 is that reddit
-
gave us 83.000$. They had some
extra profit and they decided
-
that they would give it to 10 non-profits
chosen from among the Redditer community.
-
And there were people who came to me
and said: “Hey Roger, you really have to,
-
you know, start advocating, start
teaching everybody, why TOR should be
-
one of them.” And I said: “Oh, I’m
busy. Those things never work.
-
You know, they’ll choose somebody
else.” And so it turns out that we were
-
the 10th out of 10 without doing
any advocacy work whatsoever
-
to the reddit community, which is super
cool that they care about us so much.
-
Also reddit divided the ten equally. So
even though we were the 10th out of 10,
-
we got 10% of the donations
that they were giving out.
-
applause
-
Jake: One of the really –
I would say one of the oddest things
-
about working at the TOR Project for me
is that TOR has supported me through
-
really crazy times. So when I was
being detained by the US Government
-
or having my property stolen by fascist
pigs in the United States Government’s
-
border checkpoints, TOR didn’t fire me.
TOR always backed me and always
-
kept me safe. And many people often look
like they wanted to kill me from stress,
-
but often they didn’t, which was nice.
Or they didn’t get close enough
-
and I could move fast enough. But
they were always very helpful. And
-
they’ve really helped me to
go and do things to speak for
-
anonymous users who can’t go
other places. And one of the places
-
which I was most honored to go in the
last year – I was actually scheduled
-
to go there with Caspar Bowden, but
unfortunately he was ill at the time.
-
And as you know, Caspar
has since passed away.
-
But we were scheduled to go together and
TOR was supporting us both, actually,
-
to go to this. And it resulted, I believe,
-
in a very amazing meeting in
Geneva at the United Nations,
-
where the special rapporteur actually
endorsed TOR and off-the-record messaging
-
and encryption programs,
and privacy, and free software.
-
Saying that they are absolutely essential.
And in fact their use should be encouraged
-
from a human rights perspective. And in
fact the really amazing part about it is
-
he didn’t do it only from the perspective
of free speech. And this is important,
-
because actually there are other rights.
And we should think about them.
-
So for example the right to form
and to hold an idea is a right
-
that cannot be abridged. The right
to free speech can be abridged
-
in many free societies, but what is
in your head and how you form it
-
is something where… that is not
a right that can be abridged.
-
And he wrote this in the report. And
he, when writing this report with
-
many other people, made it very clear that
this is something we need to keep in mind.
-
That when we talk about private spaces
online, where groups may collaborate
-
to form ideas, to be able to create
a political platform for example,
-
to be able to make democratic change,
they need to be able to use the internet
-
to freely exchange those ideas in a secure
and anonymized, encrypted fashion.
-
And that helps them to form and to hold
ideas. And obviously that helps them later
-
to express free speech ideas. And that’s
a huge thing to have the United Nations
-
endorse basically what many of us in this
room have been saying for, well… decades.
-
Roger: So the UN thing is really cool.
We’ve also been doing some other
-
policy angles. So Steven Murdoch, who
is a professor in England and also
-
part of the TOR community, has worked
really hard at teaching the British folks,
-
that their new backdoor laws and
their new terrible laws are actually
-
not what any reasonable country wants.
So he’s put a huge amount of energy into
-
basically advocating for freedom for
them. And similarly Paul Syverson,
-
part of the TOR community, basically
ended up writing a post note for the UK
-
about how the dark web is
misunderstood. See previous talk.
-
So we’ve been doing quite a bit
of education at the policy level
-
to try to teach the world, that encryption
is good and safe and worthwhile
-
and should be the default
around the world.
-
Jake: And there is a kind of interesting
thing here. Maybe a little contentious
-
with some people in the TOR community.
But I just wanted to make it really clear.
-
We have the TOR Project, which is
a non-profit in the United States.
-
And we have a much wider TOR
community all around the world.
-
And in Berlin we have a really, really
like an incredible TOR community.
-
We have people like Donncha working
on OnionBalance. We have people like
-
Leif Ryge working on bananaphone. We
have all of these different people working
-
on all sorts of Free Software. And many
of those people don’t actually work
-
for the TOR Project. They’re community
members, they’re volunteers,
-
there is some of privacy students.
And so the Renewable Freedom Foundation
-
actually funded the creation
of a sort of separate space
-
in Berlin where people work on these
kinds of things, which is not affiliated
-
with US Government money. It’s
not affiliated with the TOR Project
-
as some sort of corporate thing.
It’s not a multinational thing.
-
It’s really the peer-to-peer version in
some sense of what we’ve already had
-
in other places. And it’s really great
and I wanted to just thank Moritz
-
who made that happen and to all the
people like Aaron Gibson, and Juris
-
who actually put that space together
and made it possible. So in Berlin,
-
there is a space, not just c-base,
not just CCCB, but actually
-
a place which is about anonymity.
It’s called Zwiebelraum.
-
And this is a place in which people are
working on this Free Software. And they
-
are doing it in an independent manner.
And we hope actually that people will
-
come together and support that, because
we need more spaces like that, that
-
are not directly affiliated with the TOR
Project, necessarily, but where we have
-
an aligned mission about reproduceable
builds in Free Software and also
-
about anonymity and actually about caring
about Free Speech. And actually making
-
it happen. And really building spaces
like that all around the world. So if you
-
have a place in your town where you want
to work on those things, we would really
-
hope that you will work on building that.
I called it “general cipher punkery”.
-
I feel like that’s a good description.
There’s lots of stuff to be done.
-
And now for a Marxist joke: So we
discovered the division of labor,
-
which was a really important discovery.
We’re about 180 years too late,
-
but we started to split up where it didn’t
go very well, the Marxist asked why.
-
Cheers, cheers!
So the Vegas Teams are really simple.
-
Basically we have a bunch of people
that previously they did everything.
-
And this really doesn’t work. It’s very
stressful and it’s very frustrating
-
and it leads to people doing lots and
lots of things in a very unfocused way.
-
And so we split it up! And it actually
happened naturally, it was emergent.
-
So e.g. Mike Perry, who’s gonna talk
about the Applications Team’s work
-
in a second here, he was
already leading this,
-
he was really making this happen. And
so we just made it more explicit. And,
-
in fact we created a way of communicating
and reporting back so that
-
you don’t have to, like, drink from the
fire hose about absolutely everything
-
that’s happening everywhere, but you can
sort of tune in to those things, which
-
means we get higher-level understandings
and that is a really, incredibly useful
-
thing that has made us much more
productive. And what was part of the
-
growing pains of the last year actually
was figuring out how to make that work
-
because we’re a pretty flat group in terms
of a community and a pretty flat group
-
in terms of an organization writing
Free Software and advocating.
-
And so that’s a really incredibly good
thing which will come up all the time.
-
You’ll hear people talking about the
Metrics Team or the Network Team or the
-
Applications Team or the Community Team.
And that’s what we’re talking about.
-
In that sense. So we tried to formalize it
and in some ways we may be moving in a
-
sort of Debian model a little bit. And
we’ll see how that actually goes. So we
-
have a really great person here to
explain the work of the Metrics Team.
-
Roger: OK, so I’m gonna tell you a little
bit about what the Metrics Team has been
-
working on lately to give you a
sense of some of the components
-
of the TOR community. So there are 5 or
10 people who work on the Metrics Team.
-
We actually only pay one-ish of them;
so most of them are volunteers
-
and that’s… on the one hand that’s great.
It’s wonderful that there are researchers
-
all around the world who are contributing
and helping to visualize and helping to do
-
analysis on the data. On the other hand
it’s sort of sad that we don’t have a full
-
team of full-time people who are working
on this all the time. So it’d be great
-
to have your assistance
working on this. So,
-
actually Metrics has been accumulating
all sorts of analysis tools
-
over the past 5 years. So there are up to
30 different little tools. There’s Atlas
-
and Globe and Stem and 20-something more
which is a challenge to keep coordinated,
-
a challenge to keep maintained. So
they’ve been working on how to integrate
-
these things and make them more
usable and maintainable and extensible.
-
So one example that they… so they wrote
some slides for me to present here.
-
One example that they were looking
at, to give you an example of how
-
this analysis works, is bad relays in the
TOR network. So maybe that’s an exit relay
-
that runs, but it modifies traffic, or
it watches traffic or something.
-
Maybe it’s a relay that signs up
as a Hidden Service directory
-
and then when you publish your
onion address to it, it goes to visit it
-
or it puts it on a big list or something
like that. Or maybe bad relays are Sybils
-
who – we were talking earlier about
the 2014 attack where a 100 relays
-
showed up at once and we, the directory
authorities have a couple of ways of
-
addressing that relays. One of them is
each of the directory authorities can say:
-
“That relay needs to get out of the
network! We just cut it out of the
-
network.” We can also say: “Bad exit!”
We can also say: “That relay is no longer
-
gonna be used as an exit!” So even though
it advertises that it can reach Blockchain
-
and other websites, clients choose not to
do it that way. So that’s the background.
-
One of the tools that Damian wrote a while
ago is called Tor-Consensus-Health and it
-
looks every hour at the new list of relays
in the network and it tries to figure out:
-
“Is there something suspicious that
just happened at this point?” And in this
-
case it looks for a bunch of new relays
showing up all at the same time with
-
similar characteristics and it sends email
to a list. So that’s useful. The second
-
piece of the analysis is “OK, what do you
do when that happens?” So we get an email
-
saying “Hey, 40 new relays showed up,
what’s up with that?” So there’s a real
-
challenge there to decide: do we allow
the TOR network to grow – sounds good –
-
or do we wonder who these people are
and try to contact them or cut them out of
-
the network or constrain what fraction
of the network they can become.
-
So Philipp Winter also has a
visualization, in this case of basically
-
which relays were around on a given month.
So the X axis is all of the different
-
relays in the month and the Y axis is each
hour during that month. And they’ve sorted
-
the relays here by how much they were
present in the given month. And you’ll
-
notice the red blocks over there are
relays that showed up at the same time
-
and they’d been consistently present at
the same time since then. So that’s kind
-
of suspicious. That’s “Hey, wait a minute,
what’s that pattern going on there?”
-
So this is a cool way of visualizing and
being able to drill down and say:
-
“Wait a minute, that pattern right there,
something weird just happened.”
-
So part of the challenge in general for
the Metrics Team is: they have a Terabyte
-
of interesting data of what the network
has looked like over the years –
-
how do you turn that into “Wait a minute,
that right there is something mysterious
-
that just happened. Let’s look at it
more.” So you can look at it from
-
the visualization side but you can also
– there’s a tool called Onionoo where
-
you can basically query it, all sorts
of queries in it, it dumps the data
-
back on to you. So we’ve got a Terabyte
of interesting data out there, what
-
the relays are on the network, what
sort of statistics they been reporting,
-
when they’re up, when they’re down,
whether they change keys a lot,
-
whether they change IP addresses a lot.
So we encourage you to investigate and
-
look at these tools etc. So there’s
a new website we set up this year
-
called CollecTor, collector.torproject.org
that has all of these different data sets
-
and pointers to all these different
libraries and tools etc. that you too
-
can use to investigate, graph-visualize
etc. So here’s another example.
-
At this point we’re looking at the 9
directory authorities in the network.
-
Each of them votes its opinion about
each relay. So whether the relay’s fast,
-
or stable, or looks like a good exit or
maybe we should vote about “Bad Exit”
-
for it. So the grey lines are: all of the
directory authorities thought that
-
it didn’t deserve the flag and it’s very
clear. The green lines are: enough of the
-
directory authorities said that the relay
should get the flag, also very clear.
-
And all the brown and light green etc.
in the middle are contradictions.
-
That’s where some of the directory
authorities said “Yes it’s fast” and some
-
of them said “No, it’s not fast”. And this
gives us a visualization, a way to see
-
whether most of the directory authorities
are agreeing with each other.
-
We should look at this over time and if
suddenly there’s a huge brown area
-
then we can say “Wait a minute,
something’s going on”, where maybe
-
a set of relays are trying to look good to
these directory authorities and trying
-
not to look good to these. So basically
it helps us to recognize patterns
-
of weird things going on. So on CollecTor
you can find all sorts of data sets
-
and you can fetch them and do your
analysis of them. And Tor Metrics
-
– metrics.torproject.org – has a bunch of
examples of this analysis, where you can
-
look at graphs of the number of people
connecting from different countries, the
-
number of relays over time, the number
of new relays, the number of bridges,
-
users connecting to bridges etc. There
are 3 different libraries that help you
-
to parse these various data sets. So
there’s one in Python, one in Java,
-
one in Go; so whichever one of those
you enjoy most you can grab and start
-
doing analysis. They do weekly or so
IRC meetings, so the TOR Metrics Team
-
invites you to show up on January 7th
and they would love to have your help.
-
They have a bunch of really interesting
data, they have a bunch of really
-
interesting analysis tools and they’re
missing curious people. So show up,
-
start asking questions about the data, try
to learn what’s going on. And you can
-
learn more about them, on
the Metrics Team, there.
-
And then I’m gonna pass it on to Mike.
-
applause
-
Mike: OK, so Hello everyone! So, I’ll be
telling ’bout the Applications Team part
-
of the Vegas plan that
Jake introduced. Basically,
-
the Applications Team was created to
bring together all the aspects of TOR
-
and the extended community that are
working on anything that’s user facing.
-
So anything with a user interface that
the user will directly interact with,
-
that’s an application on
either Mobile or Desktop.
-
So to start, obviously we had the
TOR Browser, that’s sort of like
-
a flagship application that most people
are familiar with when they think of TOR.
-
Recently we’ve added OrFox which is a
project by the Guardianproject to port
-
the TOR Browser patches to Android
and that’s currently in Alpha Status. But
-
it’s available on the Guardianproject’s
F-Droid Repo. We also have 2 chat clients:
-
TorMessenger and Ricochet and both with
different security properties. I will be
-
getting to it later. So I guess, first
off let’s talk about what happened
-
in the TOR Browser world in 2015.
Basically most of the, or a good deal
-
of our work is spent keeping up
with the Firefox release treadmill.
-
That includes responding
to emergency releases,
-
auditing changes in the Firefox code
base making sure that their features
-
adhere to our privacy model and making
sure that our releases come out
-
the same day as the official
Firefox releases so that there’s
-
no vulnerability exposure to known
vulnerabilities after they’re disclosed.
-
That has been a little bit rough to over
2015. I believe there is a solid 3..4
-
months where it felt like we were doing
a release every 2 weeks. Due to either
-
log jam or random unassessed
vulnerability or any arbitrary
-
security issue with Firefox. But we did…
despite treading all that water we did
-
manage to get quite a bit of work done.
As always our work on the browser focuses
-
in 3 main areas: privacy, security
and usability. Our privacy work is
-
primarily focused around making sure that
any new browser feature doesn’t enable
-
new vectors for 3rd party tracking. So no
ways for a 3rd party content resource to
-
store state or cookies or blob URIs
or some of the newer features.
-
There’s a new cash API. These sorts
of things need to all be isolated
-
to the URL bar domain to prevent 3rd
parties from being able to track you.
-
From being able to recognize it’s the same
you when you log in to Facebook and
-
when you visit CNN, and CNN loads
the Facebook Like buttons, e.g.
-
Additionally we have done a lot of work on
fingerprinting defences, the Alpha Release
-
ships a set of fonts for the
Linux users so that the
-
font fingerprinting can be normalized
since a lot of Linux users tend to have
-
different fonts installed on their
systems. As well as tries to normalize
-
the font list that allowed for Windows
and Mac users where they often get
-
additional fonts from 3rd party
applications that install them.
-
On the security front the major exciting
piece is the security slider. So with iSEC
-
Partners’ help we did a review of all the
Firefox vulnerabilities and categorized
-
them based on the component that they were
in as well as their prevalence on the web.
-
And came up with 4 positions that allow
you to choose, basically trade off,
-
functionality for vulnerability surface
reduction. And this was actually quite
-
successful. It turned out that
all of the Pwn2own exploits
-
against Firefox were actually blocked
for non-https sites at medium/high.
-
And if you enable the high security
level they were blocked for everything.
-
We additionally released address
sanitizer hardened builds, these are…
-
basically should… especially the higher
security levels of the security slider
-
should protect against various memory
safety issues in the browser and also
-
help us diagnose issues very rapidly.
-
And of course we now sign our Windows
packages using a hardware security module
-
from DigiCert. The usability improvements
were primarily focused around this UI and
-
this new Onion Menus you can see if you
remember the old menu. There was quite a
-
lot more options there. We sort of
condensed and consolidated options and
-
eliminated and combined as much as we
could. An additionally displayed the
-
circuit for the current URL bar domain.
In 2016 we’ll be focusing mostly on again
-
the same 3 areas. Our main goal for
privacy is to try and convince Mozilla
-
that they want to adopt our idea of
isolating 3rd party identifiers at least
-
to the point of if the user goes into the
Preferences and tries to disable 3rd party
-
cookies, will let you do the same thing
for DOM storage, Cash, blob URIs,
-
worker threads, and all these
other sources of shared state.
-
We’re very excited about their work on a
multi-process sandbox, additionally even
-
application-level sandboxing, it should
be… without Mozilla’s sandbox,
-
we should still be able to prevent the
browser from bypassing TOR using SecComp
-
or AppArmor or SeatBelt or one of
these other sandboxing technologies.
-
We’re looking forward to trying to
get that rolled out. And we’re doing
-
exploit bounties! We’ll be
partnering with HackerOne,
-
who’ll be announcing this shortly. The
program will start out invite-only
-
and then… just, so we can get
used to the flow and scale up
-
and then we’ll make it public later in the
year to basically provide people with
-
incentive to review our code to look
for vulnerabilities that might be
-
specific to our applications. And of
course the usual usability improving,
-
security, improving installation. And we’d
like to improve the censorship and bridges
-
ability flow as well hoping to automate
the discovery of bridges and inform you
-
if your bridges become unreachable.
So TOR messenger
-
is one of our 2 chat clients, also
part of the Applications Team.
-
Basically, the goal there was to minimize
the amount of configuration that
-
the user had to do if they wanted to
use one of their existing chat clients
-
with TOR and OTR. Now this is based
-
on another Mozilla platform – Instantbird
which is based on Thunderbird.
-
This allows us to share a lot of the
TOR Browser configuration codes
-
for managing the TOR process and
configuring bridges. So the user has a
-
very similar configuration
experience to the browser
-
when they first start it up. It also has
some additional memory safety advantages
-
– all the protocol parsers are written
in Javascript. This basically…
-
one of the major things when we
were looking at candidates for
-
a messaging client was we wanted to avoid
the problems of libpurple in the past
-
where there’s been a lot of, like, remote
code execution vulnerabilities with
-
protocol parsing. Now there are some
trade-offs here, obviously, when you’re
-
dealing with a browser product. You
still have a html window rendering
-
the messages. But it is XSS filtered and
even if an XSS exploit were to get through
-
to run Javascript in your messaging
window that Javascript would still be
-
unprivileged. So they need an additional
browser-style exploit. And that filter has
-
been reviewed by Mozilla and additionally
we’re looking into removing Javascript
-
from that messaging window at all.
It should be completely possible to just
-
display a reduced, slightly less sexy
version of the same window at perhaps
-
another higher security level without
Javascript involved at all in that window.
-
So we will hand off to Jake now to
describe some of the security properties
-
and differences between TOR
messenger and Ricochet.
-
Jacob: Just to be clear about this: We
wanted to sort of echo what Phil Rogaway
-
has recently said. He wrote a really
wonderful paper quite recently about the
-
moral character of cryptographic work and
Phil Rogaway for those of you that don’t
-
know is one of the sort of like amazing
cryptographers, very humble, really
-
wonderful man who was really a little bit
sad that cryptographers and people
-
working on security software don’t take
the adversaries seriously. So they use
-
Alice and Bob, and Mallory and they have
cutie icons and they look very happy.
-
We wanted to make it clear what we thought
the adversary was. Which is definitely not
-
a cutie adversary. When anonymity fails
for Muslims that live in Pakistan, or e.g.
-
the guys that are giving a talk later
today, the CAGE guys, when anonymity fails
-
for them they get detained or they get
murdered or they end up in Guantanamo Bay
-
or other things like that. So it’s a
serious thing. And we wanted to talk about
-
what that looks like. So e.g. a lot of you
use jabber.ccc.de, I guess. Don’t raise
-
your hands. You should decentralize. Stop
using jabber.ccc.de because we should
-
decentralize. But that said if you do,
this is sort of what it looks like, right?
-
There’s the possibility for targeted
attacks when you connect. There’s the
-
possibility that the Social Graph e.g. of
your buddy list, that that would be on the
-
server. It would be possible that there’s
a bug on any Jabber server anywhere.
-
So of course you know that if you’re using
Gmail with Jabber, you know that they are
-
prison providers. So if you got a pretty
big problem there and the attacker, again,
-
is not a cutie attacker, it’s, you know,
I like the Grim Reaper, that fit that
-
Mike chose, if you like that’s accurate.
And now if you see one of the protections
-
you’ll have for communicating with your
peers is off-the-record messaging. That’s
-
basically the thing. But that’s a very
slap together protocol in a sense. Because
-
it’s hacks on top of hacks. Where you
know you compose TOR with Jabber and TLS
-
and maybe you still have a certificate
authority in there somewhere. Or maybe you
-
have a TOR Hidden Service but then your
status updates they don’t have any
-
encryption at all, for example. Or, again,
your roster is an actual thing that
-
someone can see, including every time you
send a message to those people the server
-
sees that. So, that said, TOR messenger is
really great because it meets users where
-
they already are. Right? So e.g. actually
one other point here is if you use a piece
-
of software like Adium, there is actually
a bug filed against Adium where someone
-
said “Please disable logging-by-default
because Chelsea Manning went to prison
-
because of your logging policy”. And the
people working on Adium in this bug report
-
basically said: “Good!” That’s horrifying!
Right? So what if we made it as reasonable
-
as possible, as configuration-free as
possible using TOR, using OTR, trying to
-
remove libpurple which is a whole like…
it’s a flock of Zerodays flying in
-
formation. Right? So we wanted to kill the
bird in a sense but also not we want to
-
help provide an incentive for improving.
And so that’s where TOR messenger fits.
-
But we also want to experiment with next
generation stuff. And one of those things
-
is written by a really great guy on our
community, almost single-handedly, without
-
any funding at all, and his name is
“special”, that’s actually his name. He’s
-
also special. But it’s really nice,
because actually, if you solve the problem
-
of telling your friend your name, if
you’re familiar with the properties of
-
Hidden Services where you have a self-
authenticating name you know that you’re
-
talking to the person that you think you
are because you’ve already done a key
-
exchange. The important part of the key
exchange. And so one of the things that
-
you’ll see very clearly is that there is
no more server. Right? So there’s no more
-
jabber.ccc.de in this picture. So this is
a really good example of how we might
-
decentralize, actually. It’s an experiment
right now but it means no more servers. It
-
uses the TOR network’s TOR Hidden Service
protocol and everybody actually becomes a
-
TOR Hidden Service for chatting with their
buddies. And it’s end-to-end encrypted and
-
it’s anonymized and of course this means
that your Social Graph is a traffic
-
analysis problem, it’s no longer a list on
a server. And it means your metadata is
-
as protected as we currently know how
to do in a low-latency anonymity network.
-
And in the future one of the really nice
things about this is that it will be
-
possible – or we think it will be
possible – to even make it better in a
-
sense, e.g. multiple chats, sending
files, sending pictures, in other words,
-
everything becomes, instead of a certainty
we move it towards probability. And the
-
probability is in your favour.
-
Mike: Yes, additionally, I’ll be working
on various forms of panning for cases like
-
this to basically increase this high…
the probability that there will be
-
concurrent traffic at the same time from
multiple TOR clients, which will further
-
frustrate the discovery of the Social
Graph based on simple traffic analysis
-
especially for low-traffic cases such as
Ricochet. So just to wrap up that
-
TOR Applications piece: in 2016 we’re
trying to focus heavily on usability and
-
gin more people to be able to use TOR,
omitting the barriers to finding TOR,
-
downloading TOR, being able especially
for censored users, and being able to
-
install TOR. There’s still some snags,
various difficulties that cause people to
-
stop at various stages of that process and
we want to try and work for to eliminate
-
them. We also, of course, want to increase
coordination: share graphics, visual
-
aesthetics and coordinate the ability to
share the TOR process. And we also want to
-
create a space for more experimentation,
for more things like Ricochet. There’s
-
probably a lot more ideas like Ricochet
out there. There could be leverages
-
of TOR protocol and especially Hidden
Services in creative ways. So we’re
-
looking to create an official sanctioned
space as part of TOR to give them a home.
-
And to look for that in the coming
months on the TOR blog.
-
Jacob: Alright, I just wanted to put in a
picture of a guy wearing a Slayer T-Shirt.
-
So there it is. That’s Trevor Paglen. Some
of you may remember him from such things
-
as helping to film Citizenfour, building
Satellites that burn up in space so that
-
are actually currently on other
satellites. And this on the left is
-
Leif Ryge, he’s sort of the person that
taught me how to use computers. And he is
-
an incredible Free Software developer.
Trevor Paglen and myself, and this is
-
a cube, the Autonomy Cube which we talked
about last year. Because we think that
-
culture is very important and we think
that it’s important to actually get people
-
to understand the struggle that exists
right now. So this is installed in a
-
museum right now in Germany, in the city
of Oldenburg, at the Edith-Russ-Haus. And
-
it actually opened several months ago,
it’s filled with classified documents, it
-
has really interesting things to go and
read. I highly encourage you to go and
-
read. We built a reading room about
anonymity papers, about things that are
-
happening. About how corporations track
you, and then the entire museum is an
-
Open-WiFi network that routs you
transparently through TOR. So in Germany
-
a free open WiFi network that isn’t run by
Freifunk – much respect to them – we
-
wanted to make it possible for you to just
go and have the ability to bootstrap
-
yourself anonymously if you needed to. And
also these four boards are Novena boards.
-
And these Novena boards are Free and Open
Hardware devices made by Bunnie and Sean
-
in Singapore where you could, if you
wanted to, download the schematics and
-
fab it yourself. And it’s running the
Debian GNU Linux universal operating
-
system. And it’s an actual TOR exit node
with absolutely every port allowed. So the
-
museum’s infrastructure itself on the
city’s internet connection actually is a
-
TOR exit node for the whole world to be
able to use the internet anonymously.
-
applause
-
But the museum’s infrastructure is not
just helping people in Oldenburg, it’s
-
helping people all around the world to be
able to communicate anonymously and it’s
-
quite amazing actually because when
cultural institutions stand up for this
-
we recognize it’s not just a problem of
over-there stand. We have mass-surveillance
-
and corporate surveillance in the West
and we need to deal with that. Here, by
-
creating spaces like this. But that said,
we also need to make sure that we create
-
spaces in people’s minds all around the
world. And I want to introduce to you
-
someone who’s incredibly awesome, the
most bad-ass radical librarian around,
-
this is Alison.
Alison is going to talk about…
-
Alison: …Library Freedom Project! Hi!
Thank you so much! I’m so excited
-
to be here, it’s my first CCC and I’m on
stage, and it’s very… exciting. So I’m
-
going to talk to you a little bit about my
organization, Library Freedom Project.
-
I’m the director and what we do: we have
a partnership with TOR project to do
-
community outreach around TOR and other
privacy-enhancing technologies. Making
-
TOR network more strong and making tools
like TOR Browser more ubiquitous and
-
mainstream, all with the help of a
coalition of radical militant librarians.
-
So we introduced you to the Library
Freedom Project back in February. We told
-
you a little bit about the kind of work
that we do, mostly in US libraries,
-
increasingly internationally. Where
essentially we teach them about tools like
-
TOR Browser, how to install it on their
local computers, how to teach it into
-
computer classes that they offer for free
in the library or one-on-one technology
-
sessions for their community. And we’ve
had a really amazing year since then.
-
In addition to working with the TOR
project we’re really fortunate to work
-
with the American Civil Liberties Union
(ACLU). If you’re not familiar with them,
-
they’re basically… they’re the bad asses
who’ve been suing the US Intelligence
-
Agencies and Police for about a 100 years.
That is me with 2 people from the ACLU
-
Massachusetts, Jessy Rossman who is a
surveillance law expert and Kay Croqueford
-
who is an activist for the ACLU. And
they’re here, if you see that human buy
-
them a drink and ask them about the
surveillance capabilities of the US Police.
-
applause
-
So, it’s really cool! It’s a great
partnership with the ACLU because
-
basically they can teach why we need to
use tools like TOR Browser. So how to use
-
them is super-super important but you need
to know about the authorizations, the
-
programs, all the bad laws and the uses of
them against ordinary people. So, why do
-
we teach this stuff to librarians? It’s
basically for 2 big reasons. One of them
-
is that libraries and librarians have an
amazing history of activism around
-
privacy, fighting surveillance and
fighting censorship in the US where
-
I live. Librarians were some of the
staunchest opponents of the USA Patriot
-
Act from the beginning when it was
codified back in 2002. They made T-Shirts
-
that said “Another hysterical librarian
for Privacy” because of the…
-
The Attorney General at the time called
them “hysterical” for the fact that they
-
didn’t want this awful authorization to go
through. And of course then after Snowden
-
we learned many more things about just
how bad the Patriot Act was. So librarians
-
were some of the first people to oppose
that. They also have fought back against
-
National Security Letters which are the US
Government informational requests that
-
sometimes go to software providers and
other internet services. They have an
-
attached gag order that basically says:
“You have to give this information about
-
your users and you can’t tell anyone that
you got it.” Well, libraries got one of
-
these and fought back against that in one.
applause
-
They also, all the way back in the 1950s
even, at the height of Anti-Communist
-
Fervor and FUD, around the time of the
House on American Activities Committee,
-
librarians came out with this amazing
statement, called the “Freedom to Read”
-
Statement that I think really is a
beautiful text. It’s about 2 pages long
-
and it is their commitment to privacy and
democratic ideals made manifest.
-
And I have a little excerpt from it here.
I’m not gonna read the whole thing to you
-
’cause I understand I’m all too
pressed for time. But the last line is
-
my favourite. It says: “Freedom itself is
a dangerous way of life. But it is ours.”
-
So everybody go and get that tattooed!
You know, on your forehead or whatever.
-
applause
-
So, the history of activism is one of the
big things. There’s a second part that
-
is more practical. Libraries have an
amazing relationship to the local
-
communities. That doesn’t really exist
anywhere else especially in this era of
-
privatization and the destruction of
public commons. Libraries have already
-
free computer classes in many places,
sometimes the only free computer help that
-
you can get anywhere. They offer free
computer terminals to many people who
-
don’t have any other computer access.
They’re trusted community spaces, they
-
already teach about a whole number of
things. So we think they’re really the
-
ideal location for people to learn about
things like TOR Browser. So it’s been
-
going really well. This year we have
visited hundreds of different locations.
-
We’ve trained about 2300 librarians in the
US, in Canada and a few other countries,
-
Australia, UK and Ireland. We held an
amazing conference, you might recognize
-
this as Noisebridge. Any Noisebridge fans
here? I hope so. Come on, there’s got to
-
be more Noisebridge fans than that!
Christ! We had an amazing conference in
-
Noisebridge and actually my co-organizer
is also here, April Glaser, so you can buy
-
her a drink, she’s right over there. There
has been a huge response from the library
-
community. They wanna learn about TOR
Browser, they’re so excited that finally
-
there’s a practical way for them to help
protect their patrons’ privacy. They’ve
-
cared about this stuff from an ideological
and ethical standpoint for a really long
-
time, and now they know that there are
tools that they can actually use and
-
implement in their libraries and teach to
their community to help them take back
-
their privacy. We’re really lucky that not
only do we get to teach librarians but
-
occasionally we get invited to visit
the local communities themselves.
-
So, here we teach how to teach privacy
classes with TOR as a big focus.
-
But sometimes we get to meet the local
community members themselves. So I want to
-
show you this picture of a recent visit
that I made to Yonkers, New York. It was
-
a class just for teens. They’re all
holding TOR stickers if you can see that
-
and Library Freedom Project stickers.
This is a great picture that sort of is
-
emblematic of the kind of communities
that we get to visit. Yonkers is one of
-
the poorest cities in the US. These kids
are… many of them are immigrants, their
-
parents are immigrants, they face
surveillance and state violence as a
-
matter of their regular everyday lives.
For them privacy is not just a human
-
right but it’s sometimes a matter of life
and death. And these kids are just some
-
of the amazing people that we get to see.
Also, just to give you an idea of how the
-
public perception around privacy is
shifting in my anecdotal experience:
-
we had 65 teenagers come to this class!
If you have a teenager or if you’ve been
-
a teenager you know teenagers don’t show
up for stuff, they don’t do that. 65 kids
-
came to this! And they were so excited!
This was just the group that was left over
-
at the end that had so many questions and
wanted more stickers to bring back to
-
their friends. So it’s pretty cool stuff.
Recently we embarked on a new project
-
bringing TOR relays into libraries. This
is Nima Fatemi with me, when we set up
-
our pilot at a library in New Hampshire
which is the state just above where I live
-
in the United States. And we basically
decided to do this project because we
-
thought it was a really great continuation
of the work that we were already doing,
-
teaching and training librarians around
using TOR. We wanted to take a step
-
further and take the infrastructure that
libraries already have; many of them are
-
moving to really fast internet, they can
donate an IP address and some bandwidth.
-
And they… many of them want to do kind
of the next thing to help protect privacy
-
and not just in their local communities,
as well. They want to help protect
-
internet freedom everywhere. So we thought
it was a really great sort of next step to
-
go. So we set up our pilot project in New
Hampshire. It went pretty well, we got a
-
lot of great press attention, a lot of
really great local and global community
-
support. We also got the attention of
the Department of Homeland Security.
-
applause
-
Basically they contacted the local Police
in this town in New Hampshire and they
-
said: “You know, this is stupid, and bad,
and criminal and you should shut this
-
down!” And the library was understandably
shaken by this and temporarily suspended
-
the operation of the relay. So we
responded by writing a letter, an open
-
letter from Library Freedom Project, from
TOR project, from ACLU and a broad
-
coalition of public interest groups and
luminary individuals including the
-
Electronic Frontier Foundation (EFF), the
Freedom of the Press Foundation, the Free
-
Software Foundation and all of our other
friends many of whom are in this audience
-
today. We wrote this letter to the library
basically affirming our commitment to
-
them, how much we are proud of them for
participating in this project and how much
-
we wanted them to continue. We put a lot
of nice, you know, ideological, why this
-
is important, warm fuzzy stuff. We also
got EFF to start a petition for us and
-
over a weekend we got about 4500
signatures from all over the world, the
-
library was flooded with emails, calls.
Only one negative one. Just one out of
-
hundreds. And that person was a little
confused, so I’m not even counting that
-
necessarily. It was like a conspiracy type thing.
So we got this amazing support and this
-
was all in anticipation of their board
meeting that was gonna happen a few days
-
later where the board was gonna decide
what to do about the relay. So Nima and I
-
show up to New Hampshire on a Tuesday
Night and you might imagine what a library
-
board meeting in rural New Hampshire is
typically like. It was nothing like that.
-
So we get outside and there’s a protest
happening already. Many people holding
-
Pro-TOR signs. This was just a glimpse of
it. And the look on my face is because
-
someone pointed to a very small child and
said: “Alison, look at that child over
-
there”. This tiny little girl was holding
a sign that said “Dammit Big Brother” and
-
I was like “I’m done, that’s it, I got to
go home!” So we went into the board
-
meeting and we were met with about 4 dozen
people and media and a huge amount of
-
support. Many of the community members
expressed how much they loved TOR, that
-
this whole incident made them download TOR
and check it out for themselves. Basically
-
it galvanized this community into a
greater level of support than we even had
-
when we initially set it up about a month
earlier. People who had no idea that the
-
library was doing this heard about it
because it got a huge amount of media
-
attention thanks to a story by Julia
Angwin in ProPublica that broke the news
-
to everybody and then it just went like
wildfire. So as you might imagine the
-
relay went back online that night. We were
super-successful. Everybody in the
-
community was incredibly excited about it
and supportive. And what has happened now
-
is that this community has sort of… like
I said they’ve been galvanized to support
-
TOR even more. The library has now allowed
at some of their staff time and travel
-
budget to help other libraries in the area
set up TOR relays. They’re speaking about
-
TOR…
applause
-
Thank you!
They’re speaking about TOR at conferences.
-
And this has really caught on in the
greater library community as well. So I
-
mentioned already the kind of success that
we’ve had at Library Freedom Project in
-
teaching tools like TOR Browser and
getting folks to bring us in for trainings.
-
This is even bigger than that! Libraries
are now organizing their, you know, staff
-
training days around, you know, “Should we
participate in the TOR relay project?” or
-
“How can we do this best?”, “What’s the
best angle for us?” So we’re really
-
excited to do announce that we’re gonna
be continuing the relay project at scale.
-
Nima Fatemi, who is now also in this
picture again, I’m really sad that he
-
can’t be here, he is wonderful and
essential to this project. But he will now
-
be able to travel across the US and we
hope to go a little further opening up
-
more relays in libraries. We’re gonna
continue teaching, of course, about TOR
-
Browser and other privacy-enhancing Free
Software. We’re now gonna incorporate some
-
other TOR services, so we’re really
excited to bring “Let’s Encrypt” into
-
libraries. And while we’re there, why not
run a Hidden Service on the library’s web
-
server. Among many other things. The other
goals for Library Freedom Project: to take
-
this to a much more international level.
So if you want to do this in your country,
-
you know your librarian, put them in touch
with us. You can follow our progress on
-
LibraryFreedomProject.org or
@libraryfreedom on Twidder. And we’re
-
always sort of posting on Tor Blog about
stuff that’s going on with us, so…
-
Thank you so much for letting me tell you
about it. It’s really a pleasure to be
-
here!
applause
-
Jacob: So, that’s a really tough act to
follow! But we’re very pressed for time
-
now. And we want to make sure that we can
tell you two big things. And one of them
-
is that, as you know, we were looking for
an Executive Director because our Spirit
-
Animal, Roger,…
Roger: Slide…
-
Jacob: Right… He couldn’t do it all. And
in fact we needed someone to help us. And
-
we needed someone to help us who has the
respect not only of the community here but
-
the community, basically, all around the
world. And we couldn’t think of a better
-
person, in fact, when we came up with a
list of people. The person that we ended
-
up with was the Dream Candidate for a
number of the people in the TOR Project
-
and around the world. And so, I mean, I
have to say that I’m so excited, I’m so
-
excited that we have her as our Executive
Director. I used to think that our ship
-
was going to sink, that we would all go to
prison, and that may still happen, the
-
second part. But the first part, for sure,
is not going to happen. We found someone
-
who I believe will keep the TOR Project
going long after all of us are dead and
-
buried. Hopefully, not in shallow graves.
So, this is Shari Steele!
-
applause
-
Shari: Hi!
applause
-
Thanks! Thanks, it’s actually so fun to be
back in this community. And I wasn’t gone
-
for very long. I had so much for
retirement. It didn’t work out for me.
-
But, that’s OK, I’m really excited. I have
had – we’re so tight on time – so I want
-
to just tell you there are 2 big mandates
that I was given when I first was hired.
-
And one is: Help build a great
infrastructure so that TOR Project is
-
sustainable. Working on that! The other
thing is: Money! We need to diversify our
-
funding sources, as everybody knows here.
The Government funding has been really
-
difficult for us specifically because it’s
all restricted. And so it limits the kinds
-
of things we want to do. When you get the
developers in a room blue-skying about the
-
things that they want to do, it’s
incredible! Really, really brilliant
-
people who want to do great things but
they’re really limited when the funding
-
says they have to do particular things. So
we happen to be doing our very first ever
-
crowd funding campaign right now. I want
to give a shout out to Katina Bishop who
-
is here somewhere and who is running
the campaign for us and is just doing an
-
amazing job. As of last count which is a
couple of days ago, we had over 3000
-
individual donors and over 120.000 Dollars
which is incredible for our very first
-
time when we didn’t even really have a
mechanism in place to be collecting this
-
money, even. So, it’s really great! And I
wanna also say we have a limited number
-
of these T-Shirts that I brought in a
suitcase from Seattle. So, and they’re
-
gonna be available, if you come down to
the Wau Holland booth at the Noisy Square.
-
Come talk with us! Give a donation!
We’re doing a special: it’s normally a
-
100 Dollar donation to get a shirt, but
for the conference we’ll do, for 60 Euro
-
you can get a shirt and it would be great
you’d be able to show your support. And
-
you can also donate online if you don’t
wanna do that here. That’s the URL. And
-
to end, we’d like to have a
word from Down Under!
-
Video starts
-
Video Intro Violin Music
-
Good Day to you! Fellow Members of the
Intergalactic Resistance against Dystopian
-
bastardry! It is I, George Orwell, with an
urgent message from Planet Earth, as it
-
embarks on a new orbit. Transmitting via
the Juice Channeling Portal. Our time is
-
short. So let’s get straight to the point.
Shall we? This transmission goes out to
-
all you internet citizens. Denizens of
the one remaining free frequency. In whose
-
hands rests the fate of humanity.
Lord… f_ckin’ help us!
-
typewriter typing sounds
-
When I last appeared to you, I warned you
noobs: You must not lose the Internet! Now
-
before I proceed, let us clarify one
crucial thing. The Internet is not Virtual
-
Reality, it is actual Reality.
typewriter typing sounds
-
Are you still with me? Good. Now ask
yourselves: Would you let some fascist
-
dictate with whom you can and cannot
communicate? Because that’s what happens
-
every time a government blacklists a
website domain. Would you let anyone force
-
you to get all your information from cable
TV? That’s effectively the case if you
-
allow corporations to kill Net Neutrality.
typewriter typing sounds
-
Would you let the Thought Police install
telescreens in your house, monitor and
-
record everything you do, every time you
move, every word you’ve read, to peer into
-
the most private nook of all, your head?
BECAUSE THAT’S WHAT HAPPENS when
-
you let your governments monitor the net
and enact mandatory data-retention laws!
-
smashing sounds
-
If you answered “No” to all those
questions, then we can safely deduce
-
that terms like “Online”, “IRL” and “in
Cyberspace” are Newspeak. They confuse the
-
truth: There is no “Cybersphere”. There
is only life. Here. It follows that if you
-
have an oppressive Internet, you have
an oppressive society, too. Remember:
-
online is real life…
typewriter typing sounds
-
Your Digital Rights are no different from
everyday human rights! And don’t give me
-
that BS that you don’t care about
Privacy because you have nothing to hide.
-
That’s pure Doublethink. As comrade
Snowden clearly explained, that’s like
-
saying you don’t care about Free Speech
because you have nothing to say!
-
Stick that up your memory
holes and smoke it, noobs!
-
Pigs Arse, the portal is closing, I’m
losing you! I’ll leave you with a new tool
-
to use. I assume you’ve all been fitted
with one of these spying devices. Well,
-
here’s an app you can use in spite of
this. It’s called Signal, and, yes, it’s
-
free and simple. Install it and tell all
your contacts to mingle then all your
-
calls and texts will be encrypted. So even
if Big Brother sees them the c_nt won’t be
-
able to read them. Hahaa! Now that’s
a smartphone! Our time is up!
-
typewriter typing sounds
Until the next transmission. Heed the
-
words of George Orwell. Or
should I say: George TORwell?
-
typewriter typing sounds
-
Remember, just as I went to Spain to fight
the dirty fascists you can come to Onion
-
land and fight Big Brother’s filthy
tactics. If you’re a Pro run a node and
-
strengthen the code. Or if you’re in the
Outer Party and can afford it, send TOR
-
some of your dough. Special Salute to
all my comrades, the “State of the Onion”.
-
Happy Hacking! Now go forth and
f_ck up Big Brother. That mendacious
-
motherf_cking, c_ck-sucking bastard
son of a corporatist b_tch…
-
Video Outro Music
-
applause
-
Jacob: So, I think that’s all the time
that we have. Thank you very much for
-
coming. And thank you all
for your material support.
-
applause
-
Herald: Unfortunately we won’t have time
for a Q&A. But I heard that some of the
-
crew will now go to the Wau Holland booth
at Noisy Square down in the Foyer and
-
might be ready to answer
questions there. If you have any.
-
postroll music
-
Subtitles created by c3subtitles.de
in 2016. Join and help us!
