WEBVTT
00:00:09.559 --> 00:00:13.359
Herald: So now, the next talk that
we have here for one hour from 8:30
00:00:13.359 --> 00:00:17.689
’til 9:30 PM is “The Tor Network
– we’re living in interesting times”.
00:00:17.689 --> 00:00:21.499
I don’t know how many of you are familiar
with the works of Terry Pratchett.
00:00:21.499 --> 00:00:26.680
But anyways, in the novels of Terry
Pratchett there is the saying:
00:00:26.680 --> 00:00:30.509
“And may you live in interesting
times!” that is actually a curse
00:00:30.509 --> 00:00:33.780
for someone that you especially
dislike; because it usually means
00:00:33.780 --> 00:00:36.700
that you’re in a lot of trouble. So
I guess we’re all very excited
00:00:36.700 --> 00:00:40.610
for this year’s ‘Tor Talk’ by the
everlasting Dream Team:
00:00:40.610 --> 00:00:44.210
Jacob Appelbaum and Roger
Dingledine! There you go!
00:00:44.210 --> 00:00:46.969
cheers and applause
Give it up!
00:00:46.969 --> 00:00:54.659
huge applause
00:00:54.659 --> 00:00:58.320
Jacob Appelbaum: So, thanks very much
to the guy who brought me a Mate.
00:00:58.320 --> 00:01:00.979
I learned his name is Alexander. It’s
never a good idea to take drugs
00:01:00.979 --> 00:01:04.589
from strangers, so I introduced
myself before I drank it. Thank you.
00:01:04.589 --> 00:01:07.370
laughter
00:01:07.370 --> 00:01:11.010
First I wanted to say that following up
after Glenn Greenwald is a great honor
00:01:11.010 --> 00:01:15.250
and a really difficult thing to do, that’s
a really tough act to follow, and
00:01:15.250 --> 00:01:18.860
he’s pretty much one of,
I think, our heroes. So, it’s
00:01:18.860 --> 00:01:22.729
really great to be able to share the stage
with him, even for just a brief moment.
00:01:22.729 --> 00:01:25.500
And I wanted to do something a little
unconventional when we started
00:01:25.500 --> 00:01:28.660
and Roger agreed. Which is that we
want people who have questions
00:01:28.660 --> 00:01:32.439
– since I suspect some things happened
this year that arouse a lot of questions
00:01:32.439 --> 00:01:37.000
in people – we’d like you to write those
questions down, pass them to an Angel
00:01:37.000 --> 00:01:40.940
or to just bring them to the front
of the stage as soon as possible
00:01:40.940 --> 00:01:44.870
during the talk, so that we can answer as
many of your questions as is possible.
00:01:44.870 --> 00:01:47.939
This is a lot of stuff that happened,
there’s a lot of confusion, and we wanna
00:01:47.939 --> 00:01:51.689
make sure that people feel like
we are actually answering
00:01:51.689 --> 00:01:55.620
those questions in a useful way.
And if you wanna do that, it’d be great,
00:01:55.620 --> 00:01:59.100
and otherwise, we’re gonna try to have
the second half of our talk be mostly
00:01:59.100 --> 00:02:03.429
space for questioning.
So with that, here is Roger.
00:02:03.429 --> 00:02:06.659
Roger Dingledine: Okay, so, a lot of
things have happened over this past year,
00:02:06.659 --> 00:02:09.220
and we’re gonna try to cover
as many of them as we can.
00:02:09.220 --> 00:02:12.600
Here’s a great quote
from either NSA or GCHQ,
00:02:12.600 --> 00:02:14.930
I’m actually not sure which one it is.
00:02:14.930 --> 00:02:17.600
But we’re gonna start a little bit
earlier in the process than this
00:02:17.600 --> 00:02:20.840
and work our way up to that.
So, we’re in a war,
00:02:20.840 --> 00:02:23.530
or rather, conflict of perception here.
00:02:23.530 --> 00:02:26.080
There are a lot – I mean,
you saw Glenn’s talk earlier
00:02:26.080 --> 00:02:29.040
– there are a lot of large media
organizations out there
00:02:29.040 --> 00:02:32.500
that are trying to present Tor
in lots of different ways,
00:02:32.500 --> 00:02:35.500
and we all here understand
the value that Tor provides
00:02:35.500 --> 00:02:38.520
to the world, but there are a growing
number of people around the world
00:02:38.520 --> 00:02:41.520
who are learning about Tor
not from our website, or from
00:02:41.520 --> 00:02:44.780
seeing one of these talks or from
learning it from somebody who uses it
00:02:44.780 --> 00:02:48.890
and teaches them how to use it.
But they read the Time Magazine
00:02:48.890 --> 00:02:52.690
or Economist or whatever the
mainstream newspapers are,
00:02:52.690 --> 00:02:57.140
and part of our challenge is how do we
help you, and help the rest of the world
00:02:57.140 --> 00:03:01.370
do outreach and education, so that
people can understand what Tor is for
00:03:01.370 --> 00:03:05.280
and how it works and what
sorts of people actually use it.
00:03:05.280 --> 00:03:09.370
So, e.g. GCHQ has been given instructions
00:03:09.370 --> 00:03:13.230
to try to kill Tor by, I mean, who knows,
maybe they thought of it on their own,
00:03:13.230 --> 00:03:17.590
maybe we can imagine some nearby
governments asked them to do it.
00:03:17.590 --> 00:03:21.150
And part of the challenge…
they say: “we have to kill it
00:03:21.150 --> 00:03:24.780
because of child porn”. And it
turns out that we actually do know
00:03:24.780 --> 00:03:29.150
that some people around the
world are using Tor for child porn.
00:03:29.150 --> 00:03:33.080
E.g. we have talked to
a lot of federal agencies
00:03:33.080 --> 00:03:35.550
who use Tor to fetch child porn.
subdued laughter
00:03:35.550 --> 00:03:37.970
I talked to people in the
FBI who use Tor every day
00:03:37.970 --> 00:03:42.660
to safely reach the websites
that they want to investigate.
00:03:42.660 --> 00:03:46.740
The most crazy example of this is
actually the Internet Watch Foundation.
00:03:46.740 --> 00:03:49.770
How many people here have heard
of the Internet Watch Foundation?
00:03:49.770 --> 00:03:53.560
I see a very small number of hands.
They are the censorship wing
00:03:53.560 --> 00:03:57.580
of the British Government. They are the
sort of quasi-government organization
00:03:57.580 --> 00:04:02.510
who is tasked with coming up with the
blacklist for the internet for England.
00:04:02.510 --> 00:04:07.310
And, we got email from them a few years
ago, saying – not what you’d expect,
00:04:07.310 --> 00:04:10.650
you’d expect “Hey, can you please shut
this thing down, can you turn it off,
00:04:10.650 --> 00:04:13.880
it’s a big hassle for us!” – the
question they asked me was:
00:04:13.880 --> 00:04:17.740
“How can we make Tor faster?”
laughter, applause
00:04:17.740 --> 00:04:21.149
It turns out that they need Tor,
because people report URLs to them,
00:04:21.149 --> 00:04:24.980
they need to fetch them somehow.
It turns out that when you go the URL
00:04:24.980 --> 00:04:27.790
with the allegedly bad stuff on
it and you’re coming from
00:04:27.790 --> 00:04:32.270
the Internet Watch Foundation’s
IP address, they give you kittens!
00:04:32.270 --> 00:04:35.730
laughter
Who would have known?
00:04:35.730 --> 00:04:40.050
laughter, applause
00:04:40.050 --> 00:04:44.700
So it turns out that these censors
need an anonymity system
00:04:44.700 --> 00:04:50.320
in order to censor their internet.
laughter Fun times.
00:04:52.890 --> 00:04:56.670
So another challenge here: at the
same point, one of my side hobbies
00:04:56.670 --> 00:05:01.220
is teaching law enforcement how the
internet works, and how security works
00:05:01.220 --> 00:05:05.530
and how Tor works. So, yeah, their job
does suck, but it’s actually not our fault
00:05:05.530 --> 00:05:09.610
that their job sucks. There are a lot
of different challenges to successfully
00:05:09.610 --> 00:05:13.210
being a good, honest law
enforcement person these days.
00:05:13.210 --> 00:05:17.120
So, e.g. I went to Amsterdam and Brussels
00:05:17.120 --> 00:05:21.120
in January of this past year to try to
teach various law enforcement groups.
00:05:21.120 --> 00:05:24.790
And I ended up having a four-hour
debate with the Dutch regional Police,
00:05:24.790 --> 00:05:28.860
and then another four-hour debate
with a Belgian cybercrime unit,
00:05:28.860 --> 00:05:32.180
and then another four-hour debate
with the Dutch national Police.
00:05:32.180 --> 00:05:36.500
And there are a lot of good-meaning, smart
people in each of these organizations,
00:05:36.500 --> 00:05:41.400
but they end up, as a group, doing
sometimes quite bad things.
00:05:41.400 --> 00:05:45.160
So part of our challenge is: how do we
teach them that Tor is not the enemy
00:05:45.160 --> 00:05:50.840
for them? And there are a couple of
stories that I’ve been trying to refine
00:05:50.840 --> 00:05:55.870
using on them. One of them they always
pull out, the “But what about child porn?
00:05:55.870 --> 00:06:00.280
What about bad people? What about some
creep using Tor to do bad things?”.
00:06:00.280 --> 00:06:04.510
And one of the arguments that I tried on
them was, “Okay, so on the one hand
00:06:04.510 --> 00:06:08.370
we have a girl in Syria
who is alive right now
00:06:08.370 --> 00:06:12.650
because of Tor. Because her family
was able to communicate safely
00:06:12.650 --> 00:06:17.010
and the Syrian military didn’t
break in and murder all of them.
00:06:17.010 --> 00:06:19.950
On the other hand, we have a girl
in America who is getting hassled
00:06:19.950 --> 00:06:24.310
by some creep on the internet
who is stalking her over Tor.”
00:06:24.310 --> 00:06:29.370
So the question is, how do we balance,
how do we value these things?
00:06:29.370 --> 00:06:31.400
How do we assign a value
to the girl in Syria?
00:06:31.400 --> 00:06:33.570
How do we assign a value
to the girl in America
00:06:33.570 --> 00:06:36.700
so that we can decide which
one of these is more important?
00:06:36.700 --> 00:06:40.060
And actually the answer is, you
don’t get to make that choice,
00:06:40.060 --> 00:06:43.260
that’s not the right question to ask.
Because if we take Tor away
00:06:43.260 --> 00:06:46.850
from the girl in Syria, she’s
going to die. If we take Tor away
00:06:46.850 --> 00:06:51.300
from the creep in America, he’s got a lot
of other options for how he can be a creep
00:06:51.300 --> 00:06:54.620
and start stalking people.
So if you’re a bad person,
00:06:54.620 --> 00:06:58.240
for various definitions of ‘bad person’,
and you’re willing to break laws
00:06:58.240 --> 00:07:01.860
or go around social norms,
you’ve got a lot of other options
00:07:01.860 --> 00:07:06.309
besides what Tor provides. Whereas there
are very few tools out there like Tor
00:07:06.309 --> 00:07:11.000
for honest, I’d like to say law-abiding,
00:07:11.000 --> 00:07:15.700
but let’s go with civilization-abiding
citizens out there.
00:07:15.700 --> 00:07:21.110
applause
00:07:21.110 --> 00:07:24.940
Jacob: And it’s important to understand
that this hypothetical thing is actually
00:07:24.940 --> 00:07:28.410
also true for certain values.
So at our Tor developer meeting
00:07:28.410 --> 00:07:33.790
that we had in Munich recently,
that Syrian woman came to us,
00:07:33.790 --> 00:07:38.100
and thanked us for Tor. She said:
“I’m from a city called Homs.
00:07:38.100 --> 00:07:41.940
You might have heard about it,
it’s not a city anymore. I used Tor.
00:07:41.940 --> 00:07:45.150
My family used Tor. We were able to
keep ourselves safe on the internet
00:07:45.150 --> 00:07:49.480
thanks to Tor. So I wanted to come
here to Munich to tell you this.
00:07:49.480 --> 00:07:52.550
Thank you for the work that you’re
doing.” And for people who
00:07:52.550 --> 00:07:56.040
– this was their first dev meeting –
they were completely blown away
00:07:56.040 --> 00:07:58.810
to meet this person. “Wow,
the stuff that we’re working on,
00:07:58.810 --> 00:08:02.590
it really does matter, there
are real people behind it”.
00:08:02.590 --> 00:08:06.260
And we were all, I think, very touched
by it, and all of us know someone
00:08:06.260 --> 00:08:10.420
who has been on the receiving end
of people being jerks on the internet.
00:08:10.420 --> 00:08:12.880
So this is a real thing where there
are real people involved, and
00:08:12.880 --> 00:08:16.440
it’s really important to understand
that if you remove the option
00:08:16.440 --> 00:08:20.130
for that woman in Syria – or you
here in Germany, now that we know
00:08:20.130 --> 00:08:23.430
what Edward Snowden has told the world…
00:08:23.430 --> 00:08:27.090
Those bad guys, those jerks
– for different values of that –
00:08:27.090 --> 00:08:31.210
they always have options. But very
rarely do all of us have options
00:08:31.210 --> 00:08:35.349
that will actually keep us safe.
And Tor is certainly not the only one,
00:08:35.349 --> 00:08:38.850
but right now, and we hope in this
talk you’ll see that we’re making
00:08:38.850 --> 00:08:41.580
the right trade-off by working on Tor.
00:08:41.580 --> 00:08:45.449
Roger: One of the other talks that I give
to them, one of the other stories
00:08:45.449 --> 00:08:49.970
that I give to them, one of the big
questions they always ask me is:
00:08:49.970 --> 00:08:53.690
“But what about terrorists?
Aren’t you helping terrorists?”
00:08:53.690 --> 00:08:58.160
And we can and we should talk about
“What do you mean by terrorists?”
00:08:58.160 --> 00:09:00.689
because in China they have a very
different definition of terrorists
00:09:00.689 --> 00:09:04.290
and in Gaza they have a very
different definition of terrorists, and
00:09:04.290 --> 00:09:07.040
in America, they are always thinking
of a small number of people
00:09:07.040 --> 00:09:11.009
in some Middle-Eastern country who are
trying to blow up buildings or something –
00:09:11.009 --> 00:09:12.709
Jacob: Mohammed Badguy,
I think is his name.
00:09:12.709 --> 00:09:15.600
Roger: Yes, that –
Jacob: In the NSA slides.
00:09:15.600 --> 00:09:19.770
Roger: Yes. So, scenario 1:
00:09:19.770 --> 00:09:23.490
I want to build a tool that
works for millions of people,
00:09:23.490 --> 00:09:26.759
it will work for the next year,
and I can tell you how it works,
00:09:26.759 --> 00:09:30.489
so you can help me evaluate
it. That’s Tor’s problem.
00:09:30.489 --> 00:09:34.769
Scenario 2: I want to build a tool that
will work for the next 2 weeks,
00:09:34.769 --> 00:09:38.480
it will work for 20 people and I’m
not going to tell you about it.
00:09:38.480 --> 00:09:41.740
There are so many more
ways of solving scenario 2
00:09:41.740 --> 00:09:45.220
than solving scenario 1. The bad
guys – for all sorts of definitions –
00:09:45.220 --> 00:09:49.509
the bad guys have a lot more
options on how they can keep safe.
00:09:49.509 --> 00:09:52.329
They don’t have to scale,
it doesn’t have to last forever,
00:09:52.329 --> 00:09:55.170
they don’t want peer review, they
don’t want anybody to even know
00:09:55.170 --> 00:09:58.690
that it’s happening. So the
challenge that Tor has is
00:09:58.690 --> 00:10:02.920
we wanna build something that works for
everybody and that everybody can analyze
00:10:02.920 --> 00:10:07.090
and learn about. That’s a much harder
problem, there are far fewer ways
00:10:07.090 --> 00:10:12.000
of solving that. So, the terrorists,
they got a lot of options.
00:10:12.000 --> 00:10:15.809
That sucks. We need to build tools that
can keep the rest of the world safe.
00:10:15.809 --> 00:10:19.339
Jacob: And it’s important, really, to try
to have some good rhetorical arguments,
00:10:19.339 --> 00:10:23.209
I think. I mean, we sort of
put a few facts up here.
00:10:23.209 --> 00:10:26.829
One interesting point to mention
is that people who really
00:10:26.829 --> 00:10:29.740
don’t want anonymity to exist
in a practical sense, maybe
00:10:29.740 --> 00:10:32.839
not even in a theoretical, Human
Rights sense either, but definitely
00:10:32.839 --> 00:10:36.879
in a practical sense, they’re not really
having honest conversations about it.
00:10:36.879 --> 00:10:40.440
E.g. this DoJ study – the Department
of Justice in the United States – they
00:10:40.440 --> 00:10:44.300
actually started to do a study where they
classified traffic leaving Tor exit nodes.
00:10:44.300 --> 00:10:47.700
Which… it’s interesting that they
were basically probably wiretapping
00:10:47.700 --> 00:10:50.709
an exit node to do that study. And
I wonder how they went about that – but
00:10:50.709 --> 00:10:54.680
nonetheless, they came up with the
number 3% of the traffic being bad.
00:10:54.680 --> 00:10:58.089
And then they aborted the study because
they received many DMCA takedown notices.
00:10:58.089 --> 00:10:59.899
laughter
Roger: Yes, they –
00:10:59.899 --> 00:11:03.000
Jacob: Apparently even the DMCA
is a problem to finding out answers!
00:11:03.000 --> 00:11:04.130
That plague of society! (?)
00:11:04.130 --> 00:11:05.689
Roger: interrupts They asked a
university to run the Tor exit for them
00:11:05.689 --> 00:11:08.429
and they were just starting out
doing their study, and then
00:11:08.429 --> 00:11:11.980
the university started getting
DMCA takedowns and said:
00:11:11.980 --> 00:11:14.759
“Well, we have to stop, the
lawyers told us to stop!”,
00:11:14.759 --> 00:11:18.579
and the Department of Justice said:
“We’re the Department of Justice,
00:11:18.579 --> 00:11:21.100
keep doing it”, and then they
turned it off. laughter
00:11:21.100 --> 00:11:25.060
So, not sure how the balance of power
goes there, but the initial results
00:11:25.060 --> 00:11:28.100
they were looking towards
were about 3% of the traffic
00:11:28.100 --> 00:11:31.470
coming out of that Tor exit node was bad,
00:11:31.470 --> 00:11:35.409
but I haven’t figured out what they mean
by ‘bad’. But I’ll take it if it’s 3%.
00:11:35.409 --> 00:11:41.019
Jacob: And I personally don’t
like to use the word ‘war’
00:11:41.019 --> 00:11:45.739
when talking about the internet.
And I particularly dislike
00:11:45.739 --> 00:11:48.709
when we talk about actual
issues of terrorism.
00:11:48.709 --> 00:11:51.920
And I think that we should talk about it
in terms of perception and conflict.
00:11:51.920 --> 00:11:55.169
And one of the most frustrating
things is: the BBC
00:11:55.169 --> 00:11:58.430
actually has articles on their
website instructing people
00:11:58.430 --> 00:12:02.119
how to use the Silk Road and
Tor together to buy drugs.
00:12:02.119 --> 00:12:07.189
We very, very seriously do
not ever advocate that,
00:12:07.189 --> 00:12:10.009
for a bunch of reasons… Not the
least of which is that even though
00:12:10.009 --> 00:12:13.240
Bitcoin is amazing, it’s not
an anonymous currency.
00:12:13.240 --> 00:12:16.250
And it isn’t the case that these websites
are necessarily a good idea and…
00:12:16.250 --> 00:12:19.949
but it won’t be Tor, I think, that will be
the weakest link. But the fact that
00:12:19.949 --> 00:12:24.949
the BBC promotes that – it’s because
they generally have “A man bites dog”.
00:12:24.949 --> 00:12:28.920
You could say that that’s their
entire Tor related ecosystem.
00:12:28.920 --> 00:12:31.500
Anything that could be just
kind of a little bit interesting,
00:12:31.500 --> 00:12:33.870
they’ll run with it. So they have
something to say about it.
00:12:33.870 --> 00:12:37.320
And in this case they literally were
promoting and pushing for people
00:12:37.320 --> 00:12:41.750
to buy drugs. Which is crazy to me, to
imagine that. And that really impacts
00:12:41.750 --> 00:12:45.540
the way that people perceive the
Tor Project and the Tor Network.
00:12:45.540 --> 00:12:48.160
And what we’re trying to do
is not that particular thing.
00:12:48.160 --> 00:12:51.699
That is a sort of side effect that occurs.
What we want is for every person
00:12:51.699 --> 00:12:55.959
to have the right to speak freely and the
right to read anonymously on the internet.
00:12:55.959 --> 00:12:59.740
Roger: And we also need to keep in
mind the different incentive structures
00:12:59.740 --> 00:13:04.519
that they have. So BBC posted their
first article about Silk Road and Tor.
00:13:04.519 --> 00:13:07.800
And the comment section was
packed with “Oh, wow, thanks!
00:13:07.800 --> 00:13:11.200
Oh, this is great! Oh, I don’t have to go
to the street corner and getting shot!
00:13:11.200 --> 00:13:14.659
Oh! Wow! Thanks! This is great!” Just
comment after comment, of people saying:
00:13:14.659 --> 00:13:18.239
“Thank you for telling me about this!”
And then a week later they posted
00:13:18.239 --> 00:13:23.000
a follow-up article saying “And we
bought some, and it was really good!”
00:13:23.000 --> 00:13:25.870
laughter and applause
00:13:25.870 --> 00:13:29.820
So what motivation are they doing here?
00:13:29.820 --> 00:13:33.179
So their goal in this case is: “Let’s get
more clicks. Doesn’t matter what it takes,
00:13:33.179 --> 00:13:35.920
doesn’t matter what we
destroy while we’re doing it.”
00:13:35.920 --> 00:13:39.870
Jacob: So that has some serious problems,
obviously. Because then there are
00:13:39.870 --> 00:13:44.199
different structures that exist to attack
– as part of the War on Some Drugs –
00:13:44.199 --> 00:13:47.970
and they want to show that their
mission is of course impacted by Tor.
00:13:47.970 --> 00:13:50.459
They want to have an enemy that
they can paint a target on. They want
00:13:50.459 --> 00:13:55.150
something sexy that they can get funding
for. So here’s a little funny story
00:13:55.150 --> 00:13:59.049
about an agent, as it says in the last
point, who showed this massive drop
00:13:59.049 --> 00:14:02.000
in the Tor Network load after Silk
Road was busted. Right? Because
00:14:02.000 --> 00:14:04.950
everybody realizes of course that all
of the anonymity traffic in the world
00:14:04.950 --> 00:14:06.260
must be for elicit (?) things.
00:14:06.260 --> 00:14:08.010
Roger: So this was at a particular meeting
00:14:08.010 --> 00:14:11.551
where they were trying to get more funding
for this. This is a US Government person
00:14:11.551 --> 00:14:15.620
who basically said: “I evaluated
the Tor Network load
00:14:15.620 --> 00:14:19.820
during the Silk Road bust. And
I saw 50% network load drop
00:14:19.820 --> 00:14:23.599
when the Silk Road bust happened.”
So I started out with him
00:14:23.599 --> 00:14:27.639
arguing: “Actually, you know, when
there’s a huge amount of publicity about
00:14:27.639 --> 00:14:30.969
– I don’t know – if Tor is broken, we can
understand, that would be reasonable,
00:14:30.969 --> 00:14:34.540
that some Tor people would stop using
Tor for a little while, in order to wait
00:14:34.540 --> 00:14:37.979
for more facts to come out and then will
be more prepared for it.” But then
00:14:37.979 --> 00:14:41.579
I thought: “You know, wait a minute, we
got the Tor Metrics database. We have
00:14:41.579 --> 00:14:45.120
all of this data of load on the network.”
00:14:45.120 --> 00:14:48.759
So then I went: “Let’s go actually
see if there was a 50% drop on
00:14:48.759 --> 00:14:52.579
the Tor Network!” So the green
line here is the capacity
00:14:52.579 --> 00:14:56.739
of the Tor Network over time. So the
amount of bytes that relays can push
00:14:56.739 --> 00:15:00.119
if we were loading it down
completely. And the purple line is
00:15:00.119 --> 00:15:04.050
the number of bytes that are actually
handled on the network over time.
00:15:04.050 --> 00:15:08.590
Jacob: Can you guess? If you don’t
look at the date at the bottom,
00:15:08.590 --> 00:15:12.150
can you show what that
agent was talking about?
00:15:12.150 --> 00:15:16.060
Or is the agent totally full of shit?
laughter
00:15:16.060 --> 00:15:21.529
Just a… hypothetical question, but if you
have a theo… anyone? Shout it out! Yeah!
00:15:21.529 --> 00:15:23.379
[unintelligible from audience]
00:15:23.379 --> 00:15:29.580
Oh that’s right! It didn’t go down by 50%!
laughter
00:15:29.580 --> 00:15:33.559
Wow! He was completely wrong!
00:15:33.559 --> 00:15:37.410
But just for the record, that’s
where he said there was a drop!
00:15:37.410 --> 00:15:45.509
laughter and applause
00:15:45.509 --> 00:15:48.690
Roger: And while we’ve talked you had
to read these graphs. Here is a graph
00:15:48.690 --> 00:15:52.459
of the overall network growth
over the past 3 or 4 years.
00:15:52.459 --> 00:15:56.369
So the green line, again, is the amount of
capacity. And we’ve seen a bunch of people
00:15:56.369 --> 00:16:00.239
adding fast relays recently,
after the Snowden issues.
00:16:00.239 --> 00:16:03.800
And we’ll talk a little bit later about
what other reasons people are running
00:16:03.800 --> 00:16:10.240
more capacity lately, as the
load on the network goes up.
00:16:10.240 --> 00:16:14.349
Okay. And then there is the
‘Dark Web’. Or the ‘Deep Web’.
00:16:14.349 --> 00:16:17.770
Or the Whatever-else-the-hell-you-call-it
Web. And again,
00:16:17.770 --> 00:16:22.470
this comes back to media trying to
produce as many articles as they can.
00:16:22.470 --> 00:16:27.119
So here’s the basic… I’ll give you
the primer on this ‘Dark Web’ thing.
00:16:27.119 --> 00:16:32.910
Statement 1: “The Dark Web is every web
page out there that Google can’t index.”
00:16:32.910 --> 00:16:36.710
That’s the definition of the Dark Web.
laughter and applause
00:16:36.710 --> 00:16:40.209
applause
00:16:40.209 --> 00:16:45.120
So every Corporate database,
every Government database,
00:16:45.120 --> 00:16:48.869
everything that you access with a
web browser at work or whatever,
00:16:48.869 --> 00:16:52.439
all those things that Google can’t get to,
that is the Dark Web. That’s statement 1.
00:16:52.439 --> 00:16:57.799
Statement 2: “90+X% of web
pages are in the Dark Web.”
00:16:57.799 --> 00:17:01.090
So these were both well-known
facts a year ago.
00:17:01.090 --> 00:17:04.770
Statement 3, that the media has
added this year: “The only way
00:17:04.770 --> 00:17:10.500
to access the Dark Web is through Tor.”
laughter, some applause
00:17:10.500 --> 00:17:13.930
These 3 statements together
sell more and more articles
00:17:13.930 --> 00:17:16.730
because it’s great, people buy them,
they’re all shocked: “Oh my god,
00:17:16.730 --> 00:17:20.009
the web is bigger than I thought,
and it’s all because of Tor”.
00:17:20.009 --> 00:17:25.429
laughter and applause
00:17:25.429 --> 00:17:30.340
Jacob: So, really… the reality of this
is that it’s not actually the case.
00:17:30.340 --> 00:17:33.810
Obviously that’s a completely laughable
thing. And for everyone that’s here –
00:17:33.810 --> 00:17:37.059
not necessarily people watching on the
video stream – but for everyone here,
00:17:37.059 --> 00:17:40.780
I think, you realize how ridiculous
that is. That entire setup
00:17:40.780 --> 00:17:45.080
is obviously a kind of ‘clickbait’, if
you would call it something like that.
00:17:45.080 --> 00:17:48.550
There are a few high-profile Hidden
Services. And actually, this is
00:17:48.550 --> 00:17:51.540
a show of hands: raise your hand
if you run a Tor Hidden Service!
00:17:51.540 --> 00:17:53.250
few hands go up
00:17:53.250 --> 00:17:57.230
Right. So, no one’s ever heard of your
Tor Hidden Service. Almost certainly.
00:17:57.230 --> 00:18:01.250
And these are the ones that people have
heard of. And this is something which is
00:18:01.250 --> 00:18:06.229
kind of a fascinating reality
which is that these 4 sites,
00:18:06.229 --> 00:18:10.190
or these 4 entities have
produced most of the stories
00:18:10.190 --> 00:18:13.801
related to the deep gaping
whatever web, that
00:18:13.801 --> 00:18:18.710
if you wanna call it the Dark Web. And,
in fact, for the most part, it’s been…
00:18:18.710 --> 00:18:22.240
I would say the Top one
e.g., with Wikileaks,
00:18:22.240 --> 00:18:26.040
it’s a positive example. And,
in fact, with GlobaLeaks,
00:18:26.040 --> 00:18:29.380
which is something that Arturo Filastò
and a number of other really great
00:18:29.380 --> 00:18:33.409
Italian hackers here have been working
on, GlobaLeaks, they’re deploying
00:18:33.409 --> 00:18:36.350
more and more Hidden Services that you
also haven’t heard about. For localized
00:18:36.350 --> 00:18:40.410
corruption, reporting and whistleblowing.
But the news doesn’t report about
00:18:40.410 --> 00:18:43.790
Arturo’s great work. The news
reports are on The Farmer’s Market,
00:18:43.790 --> 00:18:48.370
on Freedom Hosting and
on Silk Road. And those things
00:18:48.370 --> 00:18:51.640
also bring out a disproportionate
amount of incredible negative attention.
00:18:51.640 --> 00:18:55.090
In the case of freedom hosting, we
have a developer, Mike Perry, who’s
00:18:55.090 --> 00:18:58.430
kind of the most incredible
evil genius alive today.
00:18:58.430 --> 00:19:02.700
I think he’s probably at about 2 Mike
Perrys right now. That’ll be my guess.
00:19:02.700 --> 00:19:06.460
And he was relentlessly attacked.
00:19:06.460 --> 00:19:10.429
Because he happened to have
a registration for a company
00:19:10.429 --> 00:19:14.690
which had an F and an H in the name.
00:19:14.690 --> 00:19:18.140
Wasn’t actually even close
to what’s up there now.
00:19:18.140 --> 00:19:21.889
And he was relentlessly attacked because
the topics that the other sites have
00:19:21.889 --> 00:19:25.770
as part of their customer base or as part
of the things that they’re pushing online,
00:19:25.770 --> 00:19:29.400
they really pull on people’s
hearts in a big way.
00:19:29.400 --> 00:19:32.500
And that sort of created
a lot of stress. I mean,
00:19:32.500 --> 00:19:35.470
the first issue, Wikileaks, created a
lot of stress for people working on Tor
00:19:35.470 --> 00:19:38.960
in various different ways. But for Mike
Perry, he was personally targeted,
00:19:38.960 --> 00:19:42.840
in sort of Co-Intel-Pro style
harassment. And really sad,
00:19:42.840 --> 00:19:46.690
in a really sad series of events.
And of course, the news
00:19:46.690 --> 00:19:50.250
also picked up on that, in some
negative ways. And they really, really
00:19:50.250 --> 00:19:52.740
picked up on that. And that’s a really
big part of I think you could call it
00:19:52.740 --> 00:19:57.130
a kind of cultural conflict
that we’re in, right now.
00:19:57.130 --> 00:19:59.440
The farmer’s market has also
quite an interesting story.
00:19:59.440 --> 00:20:00.880
Which I think you wanted to tell.
00:20:00.880 --> 00:20:05.230
Roger: Yeah, so, I actually heard from
a DEA person who was involved
00:20:05.230 --> 00:20:09.149
in the eventual bust of
the Farmer’s Market story.
00:20:09.149 --> 00:20:12.880
Long ago there was a website on
the internet, and they sold drugs.
00:20:12.880 --> 00:20:16.629
Oh my god. And there were people
who bought drugs from this website
00:20:16.629 --> 00:20:21.280
and Tor was nowhere in the story. It
was some website in South East Asia.
00:20:21.280 --> 00:20:24.590
And the DEA wanted to take
it down. So they learned…
00:20:24.590 --> 00:20:28.139
I mean the website was public. It was
a public web server. So they sent
00:20:28.139 --> 00:20:31.779
some sort of letter to the country that it
was in. And the country that it was in
00:20:31.779 --> 00:20:35.189
said: “Screw you!”. And then they said:
“Okay, well, I guess we can’t take down
00:20:35.189 --> 00:20:39.479
the web server”. So then they started to
try to investigate the people behind it.
00:20:39.479 --> 00:20:42.789
And it turns out the people
behind it used Hushmail.
00:20:42.789 --> 00:20:46.820
So they were happily communicating
with each other very safely.
00:20:46.820 --> 00:20:50.380
So the folks in the US
sent a letter to Canada.
00:20:50.380 --> 00:20:53.470
And then Canada made Hushmail basically
give them the entire database
00:20:53.470 --> 00:20:58.290
of all the emails that these people
had sent. And then, a year or 2 later,
00:20:58.290 --> 00:21:01.320
these people discovered Tor. And they’re
like: “Hey we should switch our website
00:21:01.320 --> 00:21:05.169
over to Tor and then it will be safe.
That sounds good!”. The DEA people
00:21:05.169 --> 00:21:08.580
were watching them the whole time
looking for a good time to bust them.
00:21:08.580 --> 00:21:11.389
And then they switched over to Tor, and
then 6 months later it was a good time
00:21:11.389 --> 00:21:15.349
to bust them. So then there were all
these newspaper articles about how
00:21:15.349 --> 00:21:18.880
Tor Hidden Services are
obviously broken. And
00:21:18.880 --> 00:21:21.870
the first time I heard the story
I was thinking in myself:
00:21:21.870 --> 00:21:25.869
“Idiot drug sellers use Paypal
– get busted – end of story”.
00:21:25.869 --> 00:21:26.829
laughing
00:21:26.829 --> 00:21:30.320
But they were actually using Paypal
correctly. They had innocent people
00:21:30.320 --> 00:21:33.720
around the world who were receiving
Paypal payments and turning it into some
00:21:33.720 --> 00:21:38.120
Panama based e-currency or
something. So the better lesson
00:21:38.120 --> 00:21:42.330
of the story is: “Idiot drug sellers
use Hushmail – get busted”.
00:21:42.330 --> 00:21:45.010
So there are a lot of different
pieces of all of these.
00:21:45.010 --> 00:21:48.069
Jacob: Don’t use Hushmail!
laughter
00:21:48.069 --> 00:21:51.959
Seriously! It’s a bad idea! And
don’t use things where they have
00:21:51.960 --> 00:21:55.269
a habit of backdooring their
service or cooperating
00:21:55.269 --> 00:21:57.860
with so called ‘lawful interception
orders’. Because it tells you that
00:21:57.860 --> 00:22:03.410
their system is not secure. And it’s clear
that Hushmail falls into that category.
00:22:03.410 --> 00:22:07.220
They fundamentally have chosen that
that is what they would like to do.
00:22:07.220 --> 00:22:10.679
And they should have that reputation.
And we should respect them exactly
00:22:10.679 --> 00:22:14.040
as much as they deserve for that. So
don’t use their service. If you can.
00:22:14.040 --> 00:22:17.229
Especially if you’re gonna do
this kind of stuff. laughter
00:22:17.229 --> 00:22:20.260
Or maybe what I mean is: guys,
do that – use Hushmail.
00:22:20.260 --> 00:22:25.620
But everybody else, protect yourself!
laughter
00:22:25.620 --> 00:22:29.860
So, the thing is that
not every single person
00:22:29.860 --> 00:22:33.350
is actually stupid enough to use Hushmail.
00:22:33.350 --> 00:22:36.690
So as a result, we had started to
see some pretty crazy stuff happen.
00:22:36.690 --> 00:22:39.940
Which we of course knew would happen and
we always understood that this would be
00:22:39.940 --> 00:22:44.389
a vector. So, in this case,
this year we saw,
00:22:44.389 --> 00:22:48.659
I think, one of the probably not
the most interesting exploits
00:22:48.659 --> 00:22:52.480
that we’ve ever seen. But one
of the most interesting exploits
00:22:52.480 --> 00:22:56.400
we’ve ever seen deployed
against a broad scale of users.
00:22:56.400 --> 00:23:00.149
And we’re not exactly sure
who was behind it. Though
00:23:00.149 --> 00:23:04.250
there was an FBI person who went
to court in Ireland and did in fact
00:23:04.250 --> 00:23:08.250
claim that they were behind it. The IP
space that the exploit connected back to
00:23:08.250 --> 00:23:13.789
was either SAIC or NSA.
And I had an exchange
00:23:13.789 --> 00:23:18.200
with one of the guys behind the VUPEN
exploit company. And he has
00:23:18.200 --> 00:23:21.980
on a couple of occasions mentioned
writing exploits for Tor Browser.
00:23:21.980 --> 00:23:25.480
And what he really means is Firefox. And
00:23:25.480 --> 00:23:28.390
this is a serious problem of course. If
they want to target a person, though,
00:23:28.390 --> 00:23:33.240
the first they have to actually find them.
So traditionally, if you’re not using Tor,
00:23:33.240 --> 00:23:36.960
they go to your house, they plug in some
gear. They go to the ISP upstream,
00:23:36.960 --> 00:23:39.619
and they plug in some gear. Or they do
some interception with an IMSI catcher,
00:23:39.619 --> 00:23:43.339
and things like that. Most of these
techniques, I’ll talk about on Monday
00:23:43.340 --> 00:23:48.310
with Claudio. If you’re interested.
But basically it’s the same.
00:23:48.310 --> 00:23:51.380
They find out who you are,
then they begin to target you,
00:23:51.380 --> 00:23:54.559
then they serve you an exploit.
This year one of the differences is
00:23:54.559 --> 00:23:58.759
that they had actually taken over a Tor
Hidden Service. And started to serve up
00:23:58.759 --> 00:24:02.329
an exploit from that. Just trying
to exploit every single person
00:24:02.330 --> 00:24:04.980
that visited the Hidden Service. So there
was a period of time when you could
00:24:04.980 --> 00:24:08.669
really badly troll all of your friends
by just putting a link up where
00:24:08.669 --> 00:24:12.799
it would load in an iFrame and they would
have been exploited. If they were running
00:24:12.799 --> 00:24:16.409
an old version of Firefox. And
an old version of Tor Browser.
00:24:16.409 --> 00:24:19.529
Which was an interesting twist. They
didn’t actually, as far as we know,
00:24:19.529 --> 00:24:24.549
use that exploit against anyone
while it was a fresh Zeroday.
00:24:24.549 --> 00:24:27.539
But they did write it. And they
did serve it out. And they gave
00:24:27.539 --> 00:24:31.909
the rest of the world the payload
to use against whoever they’d like.
00:24:31.909 --> 00:24:36.240
So, when the FBI did this, they basically
gave an exploit against Firefox
00:24:36.240 --> 00:24:40.139
and Tor Browser to the Syrian Electronic
Army who couldn’t have written one,
00:24:40.139 --> 00:24:43.779
even if they wanted to. This is
a really interesting difference
00:24:43.779 --> 00:24:47.919
between other ways that the FBI might
try to bust you, where they can localize
00:24:47.919 --> 00:24:52.530
the damage of hitting untargeted
people who are otherwise innocent,
00:24:52.530 --> 00:24:56.570
especially. But we’ve asked
Firefox to try to integrate
00:24:56.570 --> 00:24:59.559
some of these privacy-related things that
we’ve done. We’d like to be able to be
00:24:59.559 --> 00:25:03.600
more up-to-speed with Firefox and
they generally seem premili, too (?)
00:25:03.600 --> 00:25:08.419
and I think that’s a fair thing to say.
But we have a de-synchronisation.
00:25:08.419 --> 00:25:12.480
But even with that de-synchronisation we
were still ahead of what they were doing
00:25:12.480 --> 00:25:16.329
as far as we can tell. But they
are actually at the point where
00:25:16.329 --> 00:25:20.730
they have hired probably some people
from this community – fuck you –
00:25:20.730 --> 00:25:25.100
and they write those exploits.
applause
00:25:25.100 --> 00:25:28.290
And serve them up.
And so that is a new turn.
00:25:28.290 --> 00:25:32.309
We had not seen that before this year.
And that’s a really serious change.
00:25:32.309 --> 00:25:34.700
As a result we’ve obviously been
looking into Chrome, which has
00:25:34.700 --> 00:25:38.059
a very different architecture. And in some
cases it’s significantly harder to exploit
00:25:38.059 --> 00:25:41.550
than Firefox. Even with just very
straight-forward bugs which should be
00:25:41.550 --> 00:25:44.790
very easy to exploit the Chrome team
has done a good job. We want to have
00:25:44.790 --> 00:25:47.990
a lot of diversity in the different
browsers. But we have a very strict
00:25:47.990 --> 00:25:50.970
set of requirements for protecting
Privacy with Tor Browser.
00:25:50.970 --> 00:25:54.260
And there’s a whole design document
out there. So just adding Tor
00:25:54.260 --> 00:25:58.770
and a web browser together is not quite
enough. You need some actual thoughts.
00:25:58.770 --> 00:26:03.059
That have been – mostly by Mike Perry
and Aron Clark (?) – have been elucidated
00:26:03.059 --> 00:26:06.690
in the Tor Browser design document.
So we’re hoping to work on that.
00:26:06.690 --> 00:26:09.450
If anyone here would like to work on that:
that’s really something where we really
00:26:09.450 --> 00:26:13.570
need some help. Because there is
really only one Mike Perry. Literately
00:26:13.570 --> 00:26:16.019
and figuratively.
00:26:16.019 --> 00:26:19.780
Roger: Okay. Another exciting topic
people have been talking about lately
00:26:19.780 --> 00:26:24.910
is the diversity of funding. A lot of our
funding comes from governments.
00:26:24.910 --> 00:26:28.489
US mostly but some other ones as
well. Because they have things
00:26:28.489 --> 00:26:32.939
that they want us to work on. So once upon
a time when I was looking at fundraising
00:26:32.940 --> 00:26:36.980
and how to get money I would go to places
and I would say: “We’ve got 10 things
00:26:36.980 --> 00:26:41.220
we want to work on. If you
want to fund one of these 10,
00:26:41.220 --> 00:26:45.170
you can help us set our priorities.
We really want to work on
00:26:45.170 --> 00:26:48.240
circumventing censorship, we really want
to work on anonymity, we really want
00:26:48.240 --> 00:26:52.990
to work on Tor Browser safety. So
if you have funding for one of these
00:26:52.990 --> 00:26:56.559
then we’ll focus on the one that
you’re most interested in”.
00:26:56.559 --> 00:27:00.160
So there’s some trade-offs here. On the
one hand government funding is good
00:27:00.160 --> 00:27:04.119
because we can do more things. That’s
great. A lot of the stuff that you’ve seen
00:27:04.119 --> 00:27:08.049
from Tor over the past couple of years
comes from people who are paid full-time
00:27:08.049 --> 00:27:12.090
to be able to work on Tor and focus
on it and not have to worry about
00:27:12.090 --> 00:27:15.480
where they’re gonna pay their rent
or where they’re gonna get food.
00:27:15.480 --> 00:27:19.540
On the other hand it’s bad because
funders can influence our priorities.
00:27:19.540 --> 00:27:23.359
Now, there’s no conspiracy. It’s not
that people come to us and say:
00:27:23.359 --> 00:27:27.320
“Here’s money, do a backdoor, etc.”
We’re never gonna put any backdoors
00:27:27.320 --> 00:27:28.880
in Tor, ever.
00:27:28.880 --> 00:27:29.840
Jacob: Maybe you could tell the story
00:27:29.840 --> 00:27:33.100
about that really high-pitched lady
who tried to get you, to tell you that
00:27:33.100 --> 00:27:36.250
that was your duty and then you explained…
00:27:36.250 --> 00:27:39.659
Roger: Give me a few more details!
laughter
00:27:39.659 --> 00:27:42.190
Jacob: People have approached us,
obviously, in order to try to get us
00:27:42.190 --> 00:27:45.220
to do these types of things. And
this is a serious commitment
00:27:45.220 --> 00:27:48.710
that the whole Tor community gets behind.
Which is that we will never ever
00:27:48.710 --> 00:27:53.309
put in a backdoor. And any time that we
can tell that something has gone wrong
00:27:53.309 --> 00:27:56.480
we try to fix it as soon
as is possible regardless
00:27:56.480 --> 00:28:00.309
– actually I would say for myself – of any
other consequences. That our commitment
00:28:00.309 --> 00:28:03.740
to protecting anonymity
of our user base extends
00:28:03.740 --> 00:28:08.159
beyond any reasonable commitment,
actually. And we really believe
00:28:08.159 --> 00:28:11.139
that commitment. And there are people
that have tried to get us to change that.
00:28:11.139 --> 00:28:15.340
Tried to tell us that “oh, it’s only
because you’re living in the free world,
00:28:15.340 --> 00:28:17.759
and you’re able to have a company
that (?) and make a profit
00:28:17.759 --> 00:28:21.290
that you can even right the supper (?). So
come on! Do your duty!” And of course
00:28:21.290 --> 00:28:24.080
when we tell them we’re non-profit
and that we’re not gonna do it,
00:28:24.080 --> 00:28:27.009
they’re completely
dumbfounded. For example.
00:28:27.009 --> 00:28:29.740
Roger: Now I remember that discussion, yes!
Jacob: Yeah!
00:28:29.740 --> 00:28:34.310
applause
00:28:34.310 --> 00:28:38.669
Roger: This was a discussion with
a US Department of Justice person
00:28:38.669 --> 00:28:43.029
who basically said: “It’s your…
the Congress has given us,
00:28:43.029 --> 00:28:47.180
the Department of Justice, the
right to backdoor everything,
00:28:47.180 --> 00:28:51.269
and you have a tool
that you haven’t made
00:28:51.269 --> 00:28:55.199
easy for us to backdoor. So
it’s your responsibility to fix it
00:28:55.200 --> 00:28:59.460
so that we can use the privileges
and rights given us by Congress
00:28:59.460 --> 00:29:03.769
on surveilling everybody. And
you are taking advantage
00:29:03.769 --> 00:29:07.120
of the situation that we’ve given you
in America where you’ve got good
00:29:07.120 --> 00:29:11.020
freedom of speech and you got other
freedoms etc. You’re stealing
00:29:11.020 --> 00:29:15.009
from the country. You’re cheating on the
process by not giving us the backdoor
00:29:15.009 --> 00:29:19.070
that Congress said we should have”. And
then I said: “Actually we’re a non-profit.
00:29:19.070 --> 00:29:22.949
We work for the public good”. And then
the conversation basically ended.
00:29:22.949 --> 00:29:32.709
She had no further thing to say.
applause
00:29:32.710 --> 00:29:36.440
So part of what we need to do is continue
to make tools that are actually safe
00:29:36.440 --> 00:29:41.770
as tools. Rather than a lot of the other
systems out there. On the other hand,
00:29:41.770 --> 00:29:45.499
every funder we’ve talked to
lately has interesting priorities:
00:29:45.499 --> 00:29:49.279
they wanna pay for censorship-resistance,
they wanna pay for outreach, education,
00:29:49.279 --> 00:29:52.649
training etc. We don’t have any
funders right now who want to pay
00:29:52.649 --> 00:29:57.370
for better anonymity. And it’s really
important for some of the people
00:29:57.370 --> 00:30:00.910
we heard about in the last talk that
they have really good anonymity
00:30:00.910 --> 00:30:04.480
against really large adversaries.
And I’m not just talking about
00:30:04.480 --> 00:30:07.580
American Intelligence Agencies. There
are a lot of Intelligence Agencies
00:30:07.580 --> 00:30:12.820
around the world who are trying
to learn how to surveil everything.
00:30:12.820 --> 00:30:16.350
So what should Tor’s role be here?
00:30:16.350 --> 00:30:19.750
There are a lot of people in the Tor
development community who say:
00:30:19.750 --> 00:30:23.260
“What we really need to do is
focus on writing good code,
00:30:23.260 --> 00:30:26.720
and we’ll let the rest of the world
take care of itself.” There is also
00:30:26.720 --> 00:30:30.010
a trade-off from some of the
funders we have right now.
00:30:30.010 --> 00:30:32.760
Where I could go up and I could say
00:30:32.760 --> 00:30:36.639
a lot of really outrageous
things that I agree with
00:30:36.639 --> 00:30:40.730
and that you agree with. But some
of our funders might wonder
00:30:40.730 --> 00:30:45.120
if they should keep funding us after
that. So part of what we need to do
00:30:45.120 --> 00:30:49.450
is get some funders who are more
comfortable with the messages
00:30:49.450 --> 00:30:53.559
that everybody here would like the
world to hear. So if you know anybody
00:30:53.559 --> 00:30:59.110
who wants to help provide actual
freedom we’d love to hear from you.
00:30:59.110 --> 00:31:03.380
Jacob: And it’s important to understand
that we sort of have an interesting place
00:31:03.380 --> 00:31:07.090
in the world at the moment
where it’s easy to say
00:31:07.090 --> 00:31:11.650
that we shouldn’t be political. And that
in general, there shouldn’t be politics
00:31:11.650 --> 00:31:14.740
in what we’re doing. And
it’s also easy to understand
00:31:14.740 --> 00:31:19.430
that that’s crazy when someone
says that to an extent. Because
00:31:19.430 --> 00:31:23.350
the idea of having free speech, having
the right to read, having the ability
00:31:23.350 --> 00:31:27.530
to reach a website that is beyond
of the power of the state
00:31:27.530 --> 00:31:31.929
– that is a very political thing for
many people. And it is often the privilege
00:31:31.929 --> 00:31:35.419
of some, where they don’t even
realize that’s a political statement.
00:31:35.419 --> 00:31:37.940
applause
And they suggest…
00:31:37.940 --> 00:31:41.720
and that they suggest that we don’t need
to be political. We need to recognize the
00:31:41.720 --> 00:31:45.779
political context that we exist in. And
especially after the summer of Snowden,
00:31:45.779 --> 00:31:50.159
understanding that there
are almost no tools
00:31:50.159 --> 00:31:53.880
that can resist the NSA
and GCHQ. Almost none.
00:31:53.880 --> 00:31:56.710
We did not survive completely
in the summer of Snowden.
00:31:56.710 --> 00:32:01.509
They were able to get some Tor users.
But they couldn’t get all Tor users!
00:32:01.509 --> 00:32:05.099
That’s really important. We change
the economic game for them.
00:32:05.099 --> 00:32:08.530
And that, fundamentally,
is a political issue!
00:32:08.530 --> 00:32:18.259
applause
00:32:18.259 --> 00:32:21.860
But please note that the solution
is not a Partisan solution.
00:32:21.860 --> 00:32:25.760
Where we say: well, some people
are good and some are bad.
00:32:25.760 --> 00:32:29.250
You guys over there, on the left
or on the right, you don’t deserve
00:32:29.250 --> 00:32:32.809
to have freedom of speech. You
don’t have the right to read.
00:32:32.809 --> 00:32:36.219
We aren’t saying that. We’re saying that
the common good of everyone having
00:32:36.219 --> 00:32:39.940
these fundamental rights
protected in a practical way
00:32:39.940 --> 00:32:43.460
is an important thing for us to build
and for all of us to contribute to,
00:32:43.460 --> 00:32:47.139
and for every person to
have. That is, I think,
00:32:47.139 --> 00:32:50.040
the best kind of political solution
we can come up with.
00:32:50.040 --> 00:32:54.110
Though it is a very controversial
one in some ways. I think that
00:32:54.110 --> 00:32:57.890
we can’t actually do it unless everyone
really starts to agree with us.
00:32:57.890 --> 00:33:01.920
And we are making a lot of positive change
in this. As we saw with the network graph.
00:33:01.920 --> 00:33:05.590
But this comes from
Mutual Aid and Solidarity.
00:33:05.590 --> 00:33:09.019
Which most of the people
in this room provide.
00:33:09.019 --> 00:33:12.809
Roger: And that diversity of
users is actually technically
00:33:12.809 --> 00:33:16.289
what makes Tor safe. You need to have
00:33:16.289 --> 00:33:20.549
activists in various countries,
and folks in Russia right now,
00:33:20.549 --> 00:33:24.019
and law enforcement around the
world. You need to have them all
00:33:24.019 --> 00:33:27.580
in the same network. Otherwise
if I see that you’re using Tor,
00:33:27.580 --> 00:33:31.330
I can start guessing why you’re using
Tor. So we need that diversity
00:33:31.330 --> 00:33:35.109
of users. Not just for
a perception perspective
00:33:35.109 --> 00:33:39.180
but for an actual technical perspective.
We need to have all the different
00:33:39.180 --> 00:33:42.350
types of users out there blending
into the same system
00:33:42.350 --> 00:33:46.569
so that they can keep each other
safe. So part of the hobbies
00:33:46.569 --> 00:33:50.370
that each Tor person has,
we’re all getting better
00:33:50.370 --> 00:33:54.049
at outreach to various communities.
So, I mentioned earlier
00:33:54.049 --> 00:33:58.100
that I talked to law enforcement to try
to teach them how these things work.
00:33:58.100 --> 00:34:00.730
Turns out that having Jake talk to
law enforcement is not actually
00:34:00.730 --> 00:34:02.759
the most effective way to
convince them of things
00:34:02.759 --> 00:34:03.759
laughter
so…
00:34:03.759 --> 00:34:07.670
Jacob: I’m, I’m, I’m, eh, you know, my
lawyer gave me some great advice
00:34:07.670 --> 00:34:11.119
which I can tell you without breaking the
privilege of our other communications.
00:34:11.119 --> 00:34:14.129
Which he says: “never miss the
chance to shut the fuck up!”
00:34:14.129 --> 00:34:17.480
laughter
And that I think really really underscores
00:34:17.480 --> 00:34:20.280
why I should not talk to the Police
about why they also need
00:34:20.280 --> 00:34:24.070
traffic analysis resistance, reachability,
network security, privacy and anonymity.
00:34:24.070 --> 00:34:27.250
Roger’s much much more diplomatic.
00:34:27.250 --> 00:34:31.310
Roger: So at the same time we have
people talking to domestic violence
00:34:31.310 --> 00:34:34.789
and abuse groups and teaching them
how to be safe. And at the same time
00:34:34.789 --> 00:34:38.280
we have folks at corporations
learning how to be safe online.
00:34:38.280 --> 00:34:42.389
We hear from large companies
who are saying: “I want to
00:34:42.389 --> 00:34:46.510
put the entire corporate
traffic over Tor
00:34:46.510 --> 00:34:50.230
because we actually do have adversaries
and they actually are spying on us
00:34:50.230 --> 00:34:53.530
and they do want to learn what we’re
doing. So how do we become safe
00:34:53.530 --> 00:34:57.370
from these situations?” So part of
what we need is help from all of you
00:34:57.370 --> 00:35:00.790
to become outreach for all of your
communities. And get better
00:35:00.790 --> 00:35:04.410
at teaching people about why privacy
is important for the communities
00:35:04.410 --> 00:35:08.690
that you’re talking to and learn how to
use their language and convince them
00:35:08.690 --> 00:35:11.480
that these things are important.
And at the same time teach them
00:35:11.480 --> 00:35:15.460
about the other groups out there who
care. So that they can understand
00:35:15.460 --> 00:35:20.730
that it’s a bigger issue than just
whatever they’re most focused on.
00:35:20.730 --> 00:35:25.890
Okay, so, a while ago I wrote up
a list of 3 ways to destroy Tor.
00:35:25.890 --> 00:35:29.210
The first way – we have
a handle on it for a while.
00:35:29.210 --> 00:35:33.710
The first way is: change the laws
or the policies or the cultures
00:35:33.710 --> 00:35:37.080
so that anonymity is outlawed.
And we’re pretty good
00:35:37.080 --> 00:35:40.820
at fighting back in governments
and policy and culture etc.
00:35:40.820 --> 00:35:44.820
and saying: “No, there are good uses of
these things, you can’t take them away
00:35:44.820 --> 00:35:50.470
from the world”. The second way:
Make ISPs hate hosting exit relays.
00:35:50.470 --> 00:35:54.210
And if more and more ISPs say:
“No, I’m not gonna do that”
00:35:54.210 --> 00:35:57.340
then eventually the Tor Network
shrinks reducing the anonymity
00:35:57.340 --> 00:36:00.820
it can provide because there’s not as
much diversity of where you might
00:36:00.820 --> 00:36:04.480
pop out of the Tor Network to go to
the websites. So I think we’re doing
00:36:04.480 --> 00:36:07.690
pretty well fighting that fight.
We’ve known about it for a while.
00:36:07.690 --> 00:36:11.060
It’s one we’ve been focusing on
for a long time. Torservers.net
00:36:11.060 --> 00:36:14.620
and a lot of other groups are doing great
work at building and maintaining
00:36:14.620 --> 00:36:19.250
relationships with ISPs. But the third
one is one that we haven’t focused on
00:36:19.250 --> 00:36:23.490
as much as we should. Which is:
make websites hate Tor users.
00:36:23.490 --> 00:36:27.390
So a growing number of
places are just refusing
00:36:27.390 --> 00:36:30.820
to hear from Tor users
at all. Wikipedia did it
00:36:30.820 --> 00:36:33.910
a long time ago. Google gives
you a captcha if you’re lucky…
00:36:33.910 --> 00:36:38.480
Jacob: That’s the best question, ever!
If you like, that’s a good setup!
00:36:38.480 --> 00:36:42.510
Roger: I’ll cover this one next. So,
00:36:42.510 --> 00:36:46.940
Skype is another interesting example
here. If you run a Tor exit relay
00:36:46.940 --> 00:36:50.340
and you try to skype with somebody
Microsoft hangs up on you.
00:36:50.340 --> 00:36:53.350
And the reason for that is not that
they say: “Oh my god, Tor people
00:36:53.350 --> 00:36:57.500
are abusing Skype!” – Microsoft pays
some commercial company out there
00:36:57.500 --> 00:37:00.950
to give them a blacklist, they don’t even
know what’s on it, and the company
00:37:00.950 --> 00:37:04.770
puts Tor exit IPs on it. And
now Microsoft blacklists all the
00:37:04.770 --> 00:37:08.300
Tor exit relays. And they don’t even know
they’re doing it. They don’t even care.
00:37:08.300 --> 00:37:12.510
So as more and more of these
blacklisting companies exist
00:37:12.510 --> 00:37:16.960
we’re more and more screwed.
So we need help trying to
00:37:16.960 --> 00:37:20.300
learn how to teach all of these
companies how to accept
00:37:20.300 --> 00:37:24.950
users without thinking that IP addresses
are the right way to identify people.
00:37:24.950 --> 00:37:29.120
Jacob: There might also be,
on point 3, a relationship here
00:37:29.120 --> 00:37:32.320
with some of the other
points here. E.g. point 4.
00:37:32.320 --> 00:37:35.870
Which is to say that when
a company does not want to
00:37:35.870 --> 00:37:39.860
give you location anonymity
maybe there’s a reason for that.
00:37:39.860 --> 00:37:44.300
I mean, I personally think that Wikipedia
is great, I don’t feel so great
00:37:44.300 --> 00:37:48.480
about yelp and about Google, most of
the time. And I definitely don’t feel good
00:37:48.480 --> 00:37:51.860
about Skype. Given what we’ve
learned it makes sense
00:37:51.860 --> 00:37:56.930
that they would demonstrate that
they do not respect you as users.
00:37:56.930 --> 00:38:01.680
And the Tor Network as a way to
protect users from them, actually.
00:38:01.680 --> 00:38:05.620
And some of these places will
say that it's basically only being
00:38:05.620 --> 00:38:10.120
used for abuse. Often they won’t have
metrics for it. And they will refuse
00:38:10.120 --> 00:38:14.350
to work with us to come up with inventive
solutions, like e.g. something
00:38:14.350 --> 00:38:18.150
where you have to use a
nym system of some kind,
00:38:18.150 --> 00:38:22.010
in the case of Wikipedia, or something
where you solve a captcha, something
00:38:22.010 --> 00:38:24.800
where you have to have an account,
something where you’re pseudononymous.
00:38:24.800 --> 00:38:29.190
But you get to retain location privacy.
And actually, in a few cases,
00:38:29.190 --> 00:38:32.591
it’s probably better that Tor is blocked
because they don’t even
00:38:32.591 --> 00:38:36.040
provide secure logins when you’re not
using Tor. So it’s not necessarily
00:38:36.040 --> 00:38:40.540
always a good thing to use the services,
anyway. So in a sort of funny sense
00:38:40.540 --> 00:38:43.780
it could be helpful that they’re blocking
Tor. But we would like to improve
00:38:43.780 --> 00:38:48.400
those things. And one thing is
to show that we need to build
00:38:48.400 --> 00:38:52.500
some systems to get these properties. And
we need to show that it is the best thing
00:38:52.500 --> 00:38:56.700
right now that we all can use. And
we need people that are working
00:38:56.700 --> 00:38:59.790
with these companies, with these
communities, to actually help us
00:38:59.790 --> 00:39:04.980
to understand how we can
better serve Tor community,
00:39:04.980 --> 00:39:08.870
but also the Tor community that
overlaps with their community.
00:39:08.870 --> 00:39:12.910
Especially Wikipedia. For me personally,
it kills me that the way that I get
00:39:12.910 --> 00:39:16.130
to edit the Wikipedia, should I edit
it, is that I have to send an email
00:39:16.130 --> 00:39:19.780
to someone, tell them an account I already
have, ask them to set a special flag
00:39:19.780 --> 00:39:25.270
in the Wikipedia database,
and then I can log in and edit.
00:39:25.270 --> 00:39:28.840
That’s not really the ideal solution,
I think. If I’m not being abusive
00:39:28.840 --> 00:39:32.540
on Wikipedia I should be able to
have a pseudononymous way to edit.
00:39:32.540 --> 00:39:35.310
I should be able to anonymously connect.
And I should be able to do that
00:39:35.310 --> 00:39:38.190
from anywhere in the world, especially
when the local network is censoring me
00:39:38.190 --> 00:39:43.340
and my only way to get to the
Wikipedia is to, in fact, use Tor
00:39:43.340 --> 00:39:52.530
or something like it.
applause
00:39:52.530 --> 00:39:57.310
So, the last point on that is this one:
I obviously joked the church man (?)
00:39:57.310 --> 00:40:01.660
Roger: Yeah, so I was showing this to an
anonymity researcher and he started
00:40:01.660 --> 00:40:05.800
yelling: “IPO, IPO, IPO, IPO…” as
soon as he saw this graph of Tor users
00:40:05.800 --> 00:40:10.650
over time. So in the course of a week
or so we added about 4 or 5 million
00:40:10.651 --> 00:40:14.980
Tor clients to the network.
And you’d think: “Oh wow,
00:40:14.980 --> 00:40:19.280
this Snowden thing worked,
it’s great!” But actually,
00:40:19.280 --> 00:40:24.020
some jerk in the Ukraine signed
up his 5 million node botnet.
00:40:24.020 --> 00:40:26.890
Jacob: I mean, one of the good things
about this is that we learned that
00:40:26.890 --> 00:40:30.940
the Tor Network scales to
more than 5 million users.
00:40:30.940 --> 00:40:33.510
Roger: We’ve been working on
scalability: it works!
00:40:33.510 --> 00:40:36.930
applause
00:40:36.930 --> 00:40:41.900
Jacob: We had to make some changes.
There’s e.g. the NTor handshaking
00:40:41.900 --> 00:40:46.180
which is using elliptic curves. That is
something which really helps to reduce
00:40:46.180 --> 00:40:51.680
the load on the relays. This is a pretty
big change. But there’s a lot of work
00:40:51.680 --> 00:40:54.750
that Mike Perry has done with load
balancing, lots of work by Nick Mathewson.
00:40:54.750 --> 00:40:58.770
Lots of changes in the Tor Network
for scalability. But if this had been
00:40:58.770 --> 00:41:01.670
like a real attacker, or if the botnet had
been turned against the Tor Network,
00:41:01.670 --> 00:41:05.580
it probably would have been fatal,
I think. A really interesting detail is
00:41:05.580 --> 00:41:09.900
that this was a botnet for Windows.
And Microsoft has the ability to remove
00:41:09.900 --> 00:41:14.160
things that they flag as malicious.
And so they were going around
00:41:14.160 --> 00:41:18.430
and removing Tor clients from
Microsoft Windows users
00:41:18.430 --> 00:41:22.030
that were part of this botnet. Now when we
talked to them, my understanding is that
00:41:22.030 --> 00:41:25.050
they only removed it when they were
certain that is was a Tor that came
00:41:25.050 --> 00:41:29.270
from this botnet. That’s a lot of power
that Microsoft has there, though!
00:41:29.270 --> 00:41:33.620
If you’re using Windows, trying to be
anonymous, with the device. Bad idea.
00:41:33.620 --> 00:41:36.520
Roger: They actually removed the
bot and left the Tor client because
00:41:36.520 --> 00:41:39.470
they weren’t sure whether they
should remove it. So actually
00:41:39.470 --> 00:41:42.650
all those 5 millions are
still running Tor clients.
00:41:42.650 --> 00:41:47.520
Jacob: Whhoops! So, interesting
point here, summer of Snowden.
00:41:47.520 --> 00:41:51.840
It’s hard to tell. There’s
some piece of information
00:41:51.840 --> 00:41:55.260
that we’re really missing here. Due to
the botnet happening at the same time
00:41:55.260 --> 00:41:59.510
it’s really difficult to understand the
public response to the revelations
00:41:59.510 --> 00:42:03.060
about NSA and spying.
Especially now. I mean:
00:42:03.060 --> 00:42:06.590
we think that most of that is
botnet traffic. Over a million.
00:42:06.590 --> 00:42:10.990
Over a million, where it goes
up. Over almost a 6 million.
00:42:10.990 --> 00:42:14.910
So that’s a serious amount
of traffic, from that botnet.
00:42:14.910 --> 00:42:18.830
And that is a really serious threat to
the Tor Network. It can be (?)
00:42:18.830 --> 00:42:22.500
a couple of different ways. One of
these things, I mentioned before,
00:42:22.500 --> 00:42:25.740
NTor handshake. But another thing
is: if every person in this room
00:42:25.740 --> 00:42:29.350
were to run a Tor relay, even
a middle relay not an exit relay,
00:42:29.350 --> 00:42:32.510
it would make it significantly harder to
melt the Tor Network.
00:42:32.510 --> 00:42:33.510
I actually think
00:42:33.510 --> 00:42:35.240
that would be incredible if you guys
would all do that.
00:42:35.240 --> 00:42:36.490
I don’t think that
all of you will.
00:42:36.490 --> 00:42:38.780
But if you did that would
make it so that we could survive
00:42:38.780 --> 00:42:42.240
other events like this in the future.
00:42:42.240 --> 00:42:49.760
applause
00:42:49.760 --> 00:42:53.220
So someone sent a question which we’re
just gonna go ahead and answer now.
00:42:53.220 --> 00:42:56.900
“When talking of funding for better
anonymity, what do you think,
00:42:56.900 --> 00:42:59.060
in terms of money,
how much could you need?”
00:42:59.060 --> 00:43:01.540
Well here’s a thing:
00:43:01.540 --> 00:43:03.430
if you were willing to fund us
we would really like you.
00:43:03.430 --> 00:43:04.810
Or I would really like it
00:43:04.810 --> 00:43:07.850
especially, since I’m probably the one
that threatens the US Government funding
00:43:07.850 --> 00:43:11.730
of Tor, more than any person in this room.
00:43:11.730 --> 00:43:15.380
I think that it would be great if you
could match the Dollar-to-Dollar
00:43:15.380 --> 00:43:17.830
that Government funders
bring to the table.
00:43:17.830 --> 00:43:18.900
We would really like that.
00:43:18.900 --> 00:43:21.800
It would be amazing if that was possible.
00:43:21.800 --> 00:43:22.950
So there’s actually a hard number
00:43:22.950 --> 00:43:24.250
on the website.
00:43:24.250 --> 00:43:26.850
Or if you wanted to
– as much money as you have.
00:43:26.850 --> 00:43:28.050
laughter
Feel free!
00:43:28.050 --> 00:43:29.050
Either way –
00:43:29.050 --> 00:43:32.860
Roger: To give you a sense of
scale: right now our 2014 budget
00:43:32.860 --> 00:43:37.000
is looking like it will be somewhere
between 2 Mio US and 3 Mio US,
00:43:37.000 --> 00:43:40.850
which is great except we’re trying to
do so many different things at once.
00:43:40.850 --> 00:43:45.160
If it ends up on the 2 Mio US side
we basically have no funding
00:43:45.160 --> 00:43:46.660
for making anonymity better.
00:43:46.660 --> 00:43:48.940
If it ends up
more than that then
00:43:48.940 --> 00:43:51.650
we’re in better shape and
we can make people more safe.
00:43:51.650 --> 00:43:54.770
Jacob: And part of the thing is that we
have to build all sorts of tools that are
00:43:54.770 --> 00:43:56.650
not directly related to Tor.
00:43:56.650 --> 00:43:58.090
In many cases.
00:43:58.090 --> 00:43:59.550
Especially because of the funding.
00:43:59.550 --> 00:44:03.350
But because we want users to be
able to actually use the software
00:44:03.350 --> 00:44:04.390
with something else.
00:44:04.390 --> 00:44:06.440
It’s not nearly
enough to have a Tor.
00:44:06.440 --> 00:44:07.440
You need to be able
00:44:07.440 --> 00:44:08.440
to do something with the Tor.
00:44:08.440 --> 00:44:09.440
You know?
00:44:09.440 --> 00:44:11.310
And that’s a really difficult part.
00:44:11.310 --> 00:44:15.410
But if there’s specific things we would
also be open to alternate funding models
00:44:15.410 --> 00:44:19.340
where we fund very specific tasks e.g.
that would be a really great thing.
00:44:19.340 --> 00:44:21.300
We haven’t really
experimented with that.
00:44:21.300 --> 00:44:24.170
But on that note I wanted to talk
about classified information.
00:44:24.170 --> 00:44:26.730
Everybody ready?
It’s not classified any more,
00:44:26.730 --> 00:44:30.810
it’s on the internet?
I’m not sure. So,
00:44:30.810 --> 00:44:33.620
this is probably the hot topic
I would say.
00:44:33.620 --> 00:44:35.750
Probably the one
everyone wanted to know about.
00:44:35.750 --> 00:44:38.200
So the NSA and GCHQ
00:44:38.200 --> 00:44:41.790
have decided that they
don’t like anonymity,
00:44:41.790 --> 00:44:44.880
and they’re doing everything that
they possibly can to attack it.
00:44:44.880 --> 00:44:47.020
With a few exceptions.
00:44:47.020 --> 00:44:48.640
So there’re
a few different programs
00:44:48.640 --> 00:44:50.786
– I’m gonna talk a lot about this
on Monday. So I don’t wanna go
00:44:50.786 --> 00:44:55.470
into too much detail about the
non-Tor aspects of it. But
00:44:55.470 --> 00:45:01.220
for the Tor side of it – Quick Ant is
what’s called a question-filled data set.
00:45:01.220 --> 00:45:02.530
This is a QFD.
00:45:02.530 --> 00:45:05.910
What that means is it’s TLS related
sessions, as I understand it.
00:45:05.910 --> 00:45:11.860
And it is recording data, i.e.
Data Retention about TLS sessions.
00:45:11.860 --> 00:45:14.720
It’s pulled from a larger thing –
Flying Pig.
00:45:14.720 --> 00:45:17.900
Which was revealed on I think,
a Brazilian Television clip, or someone
00:45:17.900 --> 00:45:22.310
photographed a moving
picture of Glenn’s screen.
00:45:22.310 --> 00:45:25.930
That program is kind of scary.
But not too scary.
00:45:25.930 --> 00:45:28.930
Just looks like after the fact (?) Data
Retention.
00:45:28.930 --> 00:45:29.930
Quantum Insert
00:45:29.930 --> 00:45:34.540
on the other hand is a pretty
straightforward man-on-the-side-attack.
00:45:34.540 --> 00:45:38.230
Foxacid, which is another thing which
we know that’s used against Tor users,
00:45:38.230 --> 00:45:42.270
is basically just the ‘Tailored Access
and Operations’ web server farm
00:45:42.270 --> 00:45:43.470
where they serve out malware.
00:45:43.470 --> 00:45:45.560
Sort of like a watering hole attack.
Except
00:45:45.560 --> 00:45:48.330
in this case they also combine it with
Quantum Insert.
00:45:48.330 --> 00:45:49.330
So that when you visit
00:45:49.330 --> 00:45:53.600
your Yahoo mail
– NSA and GCHQ love Yahoo –
00:45:53.600 --> 00:45:57.520
even when you use Tor
they basically redirect you
00:45:57.520 --> 00:46:01.210
by just tagging a little bit of data
into the TCP connection. And
00:46:01.210 --> 00:46:03.570
of course Tor does its job, it flows all
the way back to you.
00:46:03.570 --> 00:46:04.980
Your web browser
then loads it.
00:46:04.980 --> 00:46:06.150
You’re now connected to
their server.
00:46:06.150 --> 00:46:09.130
Their server delivers
malicious code.
00:46:09.130 --> 00:46:12.390
And the use it
is to pop somebody.
00:46:12.390 --> 00:46:17.040
From what I understand it took
them 8 months to hit one guy.
00:46:17.040 --> 00:46:21.850
That’s fucking great, I think, that
we went from ‘everybody all the time
00:46:21.850 --> 00:46:24.230
applause
being compromisable’ to ‘they have to
00:46:24.230 --> 00:46:29.180
very carefully pick one person
and work for a long time’.
00:46:29.180 --> 00:46:31.120
They really believe that
that’s the right target.
00:46:31.120 --> 00:46:32.430
They really understand that
00:46:32.430 --> 00:46:36.250
that is someone that they
want to go after. And
00:46:36.250 --> 00:46:38.630
if that person were to keep their browser
up-to-date they probably would have been
00:46:38.630 --> 00:46:40.970
ahead of the game.
Not exactly sure.
00:46:40.970 --> 00:46:43.250
But there are some other things
that are really dangerous.
00:46:43.250 --> 00:46:45.580
Which is
Quantum Cookie, e.g. Quantum Cookie
00:46:45.580 --> 00:46:49.240
is a program where basically
they’re able to elicit
00:46:49.240 --> 00:46:53.190
from a connection other connections
from your web browser
00:46:53.190 --> 00:46:55.760
which will get you to
leak cookie information.
00:46:55.760 --> 00:46:58.180
So let’s say you happen to
log-in to a Yahoo account.
00:46:58.180 --> 00:47:00.750
And that was a known
selector for surveillance.
00:47:00.750 --> 00:47:03.920
And then they thought you might also have
a Gmail cookie that wasn’t marked secure
00:47:03.920 --> 00:47:07.970
and you might also have another
search engine; or you might have
00:47:07.970 --> 00:47:08.970
some other cookies.
00:47:08.970 --> 00:47:10.870
Then they would
basically insert things that your browser
00:47:10.870 --> 00:47:14.530
will then request insecurely over the same
connection, to (?) tie them together,
00:47:14.530 --> 00:47:15.680
correlate that.
00:47:15.680 --> 00:47:17.910
And then they will extract
it and they’ll be able to tell that
00:47:17.910 --> 00:47:20.000
this selector is linked to
these other selectors.
00:47:20.000 --> 00:47:22.370
’Cause they basically been able
to actively probe.
00:47:22.370 --> 00:47:25.650
A solution to that is
‘Https Everywhere’ which we already ship
00:47:25.650 --> 00:47:29.480
in the Tor Browser Bundle
but also to be aware about
00:47:29.480 --> 00:47:33.090
session isolation to maybe
even if you’re using things
00:47:33.090 --> 00:47:36.940
where you’re trying to it as securely as
possible – not every site will offer TLS
00:47:36.940 --> 00:47:40.690
to actually make sure that the
Tor browser only has the exact
00:47:40.690 --> 00:47:43.980
set of credentials you need for the thing
you’re doing at that time.
00:47:43.980 --> 00:47:46.240
So that’s
00:47:46.240 --> 00:47:48.220
incredibly straight-forward stuff.
00:47:48.220 --> 00:47:49.790
In terms of the hacker
community this is like
00:47:49.790 --> 00:47:52.410
not even really interesting, actually.
00:47:52.410 --> 00:47:53.800
The thing that makes it interesting is
00:47:53.800 --> 00:47:55.920
that they do it at internet scale.
00:47:55.920 --> 00:47:57.100
And that they’re trying to watch
00:47:57.100 --> 00:47:59.610
the entire internet all the time.
00:47:59.610 --> 00:48:01.110
Another interesting fact about this is
00:48:01.110 --> 00:48:04.520
that you would imagine that not
routing through Five Eyes countries
00:48:04.520 --> 00:48:06.350
would make you safer in some way.
00:48:06.350 --> 00:48:08.650
I don’t think that’s actually true.
00:48:08.650 --> 00:48:12.480
From what I can tell they actually
have some restrictions, if you route
00:48:12.480 --> 00:48:13.980
through the Five Eyes countries.
00:48:13.980 --> 00:48:16.050
And if you are not in
a Five Eyes country,
00:48:16.050 --> 00:48:20.230
like Germany, they have no restrictions.
00:48:20.230 --> 00:48:24.000
So if you behave differently we know
from an anonymity perspective
00:48:24.000 --> 00:48:25.580
that that’s worse for you.
00:48:25.580 --> 00:48:28.410
And if you behave differently
in this particular way
00:48:28.410 --> 00:48:31.960
then there are legal answers that
show that you shouldn’t break out
00:48:31.960 --> 00:48:35.990
from the regular way that Tor
users and Tor clients behave.
00:48:35.990 --> 00:48:39.460
But the key point to take home is
that every single person here
00:48:39.460 --> 00:48:43.790
has the same set of problems
if they’re not using Tor.
00:48:43.790 --> 00:48:46.490
And it is easier for them.
00:48:46.490 --> 00:48:48.090
So that’s a huge,
huge difference.
00:48:48.090 --> 00:48:53.240
And the last point, I think is a key one
which Roger has a great story for.
00:48:53.240 --> 00:48:57.350
Roger: Yeah, so they… the story
here is they look at Tor traffic
00:48:57.350 --> 00:48:59.010
coming out of Tor exit relays.
00:48:59.010 --> 00:49:00.740
They don’t know who the person is.
And they have
00:49:00.740 --> 00:49:04.110
to make a decision there: do I try the
Quantum Insert and the Foxacid,
00:49:04.110 --> 00:49:06.750
do I try to break into their browser?
Or do I leave them alone.
00:49:06.750 --> 00:49:10.210
And when they see the Tor flow
they don’t know who it is.
00:49:10.210 --> 00:49:11.830
So on the one hand, that’s great.
00:49:11.830 --> 00:49:13.770
They can’t do target attacks.
00:49:13.770 --> 00:49:15.460
They have to do broad
attacks and then
00:49:15.460 --> 00:49:19.130
check/wait (?) later to see whether
they broke into the right person.
00:49:19.130 --> 00:49:22.520
But as soon as the Guardian
articles went up about this,
00:49:22.520 --> 00:49:26.530
DNI – the something National Intelligence
– put out a press release, saying:
00:49:26.530 --> 00:49:32.200
“We’d like to assure everybody
that we never attack Americans”.
00:49:32.200 --> 00:49:36.360
Jacob: So first of all – on behalf of
the American people and the US Government
00:49:36.360 --> 00:49:40.380
which I do not represent:
I’m so sorry that
00:49:40.380 --> 00:49:43.700
my country keeps embarrassing the rest
of the reasonable Americans, of which
00:49:43.700 --> 00:49:48.250
there are plenty, many of us that are not
James Clapper, that total fucking asshole.
00:49:48.250 --> 00:49:54.550
applause
00:49:54.550 --> 00:49:55.540
to Roger:
We have 5 minutes.
00:49:55.540 --> 00:49:57.430
applause
00:49:57.430 --> 00:50:01.560
Roger: So the reason why that story is
particularly interesting is that: I talked
00:50:01.560 --> 00:50:05.000
to an actual NSA person a couple of weeks
ago… and I’m like: “Wait, you never attack
00:50:05.000 --> 00:50:09.050
Americans but you have to blank-and-attack
everybody and then find out who it was”.
00:50:09.050 --> 00:50:12.690
And he said: “Oh no no no no, we watch
them log into Facebook and if they log in
00:50:12.690 --> 00:50:14.790
as the user we’re trying to attack
then we attack them.
00:50:14.790 --> 00:50:15.790
No problem.”
00:50:15.790 --> 00:50:19.230
Jacob: And they do the blanket
dragnet surveillance. So,
00:50:19.230 --> 00:50:22.330
an interesting point of course is that we
always heard…
00:50:22.330 --> 00:50:23.570
I once met someone
00:50:23.570 --> 00:50:26.500
who explained to me: “The NSA obviously
runs lots of Tor nodes like they were
00:50:26.500 --> 00:50:28.850
like 90.000 Tor nodes”,
I think was the number.
00:50:28.850 --> 00:50:31.860
I wish we had 90.000 Tor nodes.
That’d be incredible.
00:50:31.860 --> 00:50:34.880
You know
we’re like, what, at about 4..5000
00:50:34.880 --> 00:50:38.440
at any given point in time, that are
stable, of which are 1/3 are exit relays.
00:50:38.440 --> 00:50:39.440
Right.
00:50:39.440 --> 00:50:43.280
So it turns out when the NSA did
run some, they ran half a dozen.. a dozen?
00:50:43.280 --> 00:50:44.740
Roger: They ran about 10.
00:50:44.740 --> 00:50:45.740
And they
were small.
00:50:45.740 --> 00:50:46.740
And short-lived.
00:50:46.740 --> 00:50:48.920
On EC2.
00:50:48.920 --> 00:50:51.400
But that should not
make you happy.
00:50:51.400 --> 00:50:52.450
It doesn’t matter
00:50:52.450 --> 00:50:54.880
whether the NSA runs Tor relays.
00:50:54.880 --> 00:50:57.610
They can watch your Tor relays.
00:50:57.610 --> 00:51:01.490
If you run a Tor relay at a
great place anywhere in the US
00:51:01.490 --> 00:51:05.600
or Germany or wherever they’re good
at spying on they watch the upstream
00:51:05.600 --> 00:51:08.660
of your relay and they get almost
what they would get from running
00:51:08.660 --> 00:51:09.910
their own relay.
00:51:09.910 --> 00:51:12.140
So what we should be
worried about – we should not be worried
00:51:12.140 --> 00:51:13.750
that they’re running relays.
00:51:13.750 --> 00:51:16.830
It’s a concern, but the
bigger concern is
00:51:16.830 --> 00:51:18.360
that they’re watching the whole internet.
00:51:18.360 --> 00:51:20.730
And the internet is much more centralized
00:51:20.730 --> 00:51:22.010
than we think it is.
00:51:22.010 --> 00:51:24.320
There are a lot more
bottle-necks where if you watch them
00:51:24.320 --> 00:51:26.850
you get to see a lot of
different Tor traffic.
00:51:26.850 --> 00:51:29.510
So the problem is not so much
00:51:29.510 --> 00:51:33.400
“Are they running relays?” as “How
many normal relays can they watch?”
00:51:33.400 --> 00:51:37.400
And if you’re thinking about a large
adversary like NSA: the answer could be:
00:51:37.400 --> 00:51:39.840
“A third?”, “Half?”.
00:51:39.840 --> 00:51:42.020
We don’t know
how many deals they have.
00:51:42.020 --> 00:51:46.740
Jacob: So, an interesting point here is
that one-hop-proxies are… or VPN
00:51:46.740 --> 00:51:49.970
– who here uses a VPN to some
kind of commercial VPN service?
00:51:49.970 --> 00:51:51.770
about 1/4 raised hands
Right.
00:51:51.770 --> 00:51:54.620
So this is a pretty big problem,
00:51:54.620 --> 00:51:55.620
I think.
00:51:55.620 --> 00:51:57.920
Which is that you end up with the
hide-my-ass problem.
00:51:57.920 --> 00:51:58.920
Which is that –
00:51:58.920 --> 00:52:00.550
first of all that company, it’s a problem.
00:52:00.550 --> 00:52:01.990
Second of all, what they do to their users
00:52:01.990 --> 00:52:03.090
is also a problem.
00:52:03.090 --> 00:52:05.480
Which is that they
basically promote their service
00:52:05.480 --> 00:52:09.130
for revolution in Egypt, e.g. but when
someone used it because they disagreed
00:52:09.130 --> 00:52:13.370
with the policies of the UK then
they turned them over.
00:52:13.370 --> 00:52:14.370
Interesting point.
00:52:14.370 --> 00:52:17.810
We need to build decentralized systems
where they can’t make that choice.
00:52:17.810 --> 00:52:20.520
We need to make sure that that
isn’t actually happening.
00:52:20.520 --> 00:52:21.520
And one of the things
00:52:21.520 --> 00:52:25.900
that we’re trying to drive home is
that – and I really think it’s important
00:52:25.900 --> 00:52:29.920
to take this to heart –
one-hop-proxies or VPNs,
00:52:29.920 --> 00:52:33.700
as we have said for more that a
decade, are not safe. Especially
00:52:33.700 --> 00:52:37.740
if you think about when they from the
QuickANT and from the Flying Pig software,
00:52:37.740 --> 00:52:40.800
they’re recording traffic
information about connections.
00:52:40.800 --> 00:52:41.800
And in some cases
00:52:41.800 --> 00:52:44.850
we know – thanks to Laura Poitras
and James Risen – that they have
00:52:44.850 --> 00:52:48.490
Data Retention which is something
like – what is it, 10..15 years,
00:52:48.490 --> 00:52:51.350
5 years online, 10 years
offline, is that right?
00:52:51.350 --> 00:52:54.230
Right. Okay.
That’s bad news.
00:52:54.230 --> 00:52:58.710
We know that the math
for VPNs is not in your favor.
00:52:58.710 --> 00:53:03.340
So that said: What
happens with this stuff?
00:53:03.340 --> 00:53:04.340
Right?
00:53:04.340 --> 00:53:08.020
What happens is what happened
e.g. with the Silk Road fellow.
00:53:08.020 --> 00:53:10.240
Or maybe not.
It’s not clear.
00:53:10.240 --> 00:53:11.930
It could be that the guy used a VPN.
00:53:11.930 --> 00:53:15.380
Which is braindead.
But it could also be that
00:53:15.380 --> 00:53:19.430
the NSA has this data and tried
to pull off a retractive attack
00:53:19.430 --> 00:53:23.630
once they already had him from
other things like auguring fake IDs.
00:53:23.630 --> 00:53:26.300
We don’t know which in the case
of Silk Road.
00:53:26.300 --> 00:53:27.410
But we can tell you
00:53:27.410 --> 00:53:30.970
that it’s pretty clearly a bad
idea to do it if you’re going to
00:53:30.970 --> 00:53:31.970
do something interesting.
00:53:31.970 --> 00:53:34.720
It’s probably also a bad
idea to do it just generally
00:53:34.720 --> 00:53:39.030
because you don’t even know what
’interesting’ is in 5 or 10 years. So
00:53:39.030 --> 00:53:43.470
parallel construction is a really
serious problem, and we think,
00:53:43.470 --> 00:53:46.270
probably, if we could expand the
Tor Network, we would make it
00:53:46.270 --> 00:53:47.700
significantly harder to do this.
00:53:47.700 --> 00:53:49.200
It would
make it significantly harder for them
00:53:49.200 --> 00:53:51.660
to do it, especially if you replace your
VPN with Tor.
00:53:51.660 --> 00:53:52.660
There are some trade-offs
00:53:52.660 --> 00:53:53.970
with that, though.
00:53:53.970 --> 00:53:55.760
So the real question is
what your threat model is.
00:53:55.760 --> 00:53:57.240
And you really
have to think about it.
00:53:57.240 --> 00:53:58.760
And then also understand
that we live in a world now
00:53:58.760 --> 00:54:02.800
where Law Enforcement and
Intelligence Services, they seem to be
00:54:02.800 --> 00:54:04.680
blending together.
00:54:04.680 --> 00:54:07.390
And they seem to be blending
together across the whole planet
00:54:07.390 --> 00:54:08.390
in secret.
00:54:08.390 --> 00:54:10.420
Which is a serious problem
for the threat model of Tor.
00:54:10.420 --> 00:54:13.130
Roger: So I actually talked to
some FBI people and I said:
00:54:13.130 --> 00:54:15.050
So which one of these is it?
00:54:15.050 --> 00:54:17.610
And they said: Well, we
never get tips from the NSA.
00:54:17.610 --> 00:54:21.060
We’re good, honest Law enforcement,
they’re doing something bad,
00:54:21.060 --> 00:54:22.760
but why should that affect us?
00:54:22.760 --> 00:54:25.790
And my response was: “Well,
NSA says they told you!
00:54:25.790 --> 00:54:29.520
So, are you lying
to me or are they lying to you?
00:54:29.520 --> 00:54:31.450
Or what’s going on here?”
00:54:31.450 --> 00:54:34.260
And I don’t actually
know the right solution here.
00:54:34.260 --> 00:54:38.540
So scenario 1: The NSA
anonymously tips the FBI
00:54:38.540 --> 00:54:40.850
and they go check something out and
they say: “Well I need to build a case
00:54:40.850 --> 00:54:41.850
that they do”.
00:54:41.850 --> 00:54:44.730
Scenario 2: Some anonymous
whistleblower tips off the FBI
00:54:44.730 --> 00:54:46.060
and they go build a case.
00:54:46.060 --> 00:54:47.720
From the FBI’s perspective
these are the same:
00:54:47.720 --> 00:54:50.050
“I got a tip, I build a case.
00:54:50.050 --> 00:54:52.260
Why should I care where
it came from?” And
00:54:52.260 --> 00:54:56.060
so should we build a Know-your-customer
Law so that the FBI has to know
00:54:56.060 --> 00:54:58.790
their informers or whistleblowers?
00:54:58.790 --> 00:55:00.770
Should we rely on the NSA
00:55:00.770 --> 00:55:01.770
to regulate itself?
00:55:01.770 --> 00:55:05.220
Should we rely
on the Congress to regulate NSA?
00:55:05.220 --> 00:55:07.460
None of these are good answers.
00:55:07.460 --> 00:55:09.250
Jacob: So, we have a very
limited amount of time.
00:55:09.250 --> 00:55:10.250
And in order to be able
00:55:10.250 --> 00:55:14.390
to address some questions we
will probably skip a few things
00:55:14.390 --> 00:55:15.690
and we’ll put these slides
online.
00:55:15.690 --> 00:55:18.150
But short/quick
00:55:18.150 --> 00:55:20.930
summaries for a few of these slides, then
we’re gonna address some questions.
00:55:20.930 --> 00:55:22.970
One of them is that we want to improve
Hidden Services.
00:55:22.970 --> 00:55:23.970
Even though they
00:55:23.970 --> 00:55:26.040
haven’t been broken as far as we
understand from any of the documents
00:55:26.040 --> 00:55:27.590
that have been released.
00:55:27.590 --> 00:55:29.230
We still
want to make them stronger,
00:55:29.230 --> 00:55:30.760
because we wanna be ahead of the game.
00:55:30.760 --> 00:55:31.760
We don’t want to play Catch-Up.
00:55:31.760 --> 00:55:35.440
Roger: We especially need to improve
the usability and performance of them.
00:55:35.440 --> 00:55:38.990
Because right now they’re a toy
that only really dedicated people
00:55:38.990 --> 00:55:40.160
get working.
00:55:40.160 --> 00:55:42.510
And the more
mainstream we could make them
00:55:42.510 --> 00:55:44.550
the more broad uses we are going to see.
00:55:44.550 --> 00:55:46.040
The reason why people keep hearing
00:55:46.040 --> 00:55:50.180
about high-profile bad Hidden Services
is that we don’t have enough
00:55:50.180 --> 00:55:54.500
good use cases in action yet that
lots of people are experiencing.
00:55:54.500 --> 00:55:58.740
Jacob: The most important thing for all of
the – let’s say – Cypherpunks movement
00:55:58.740 --> 00:56:02.400
to understand is that when
you have usable crypto
00:56:02.400 --> 00:56:04.420
you are doing the right thing.
00:56:04.420 --> 00:56:06.330
When
you have strong peer-reviewed
00:56:06.330 --> 00:56:10.150
Free Software to implement that, and
it’s built on a platform where you can
00:56:10.150 --> 00:56:13.650
look at the whole stack you’re
really ahead of the game.
00:56:13.650 --> 00:56:15.370
There’s a lot to be done in that.
00:56:15.370 --> 00:56:17.670
And if we do that
for Hidden Services
00:56:17.670 --> 00:56:22.490
I think we’ll have similar returns that
you’ll see with other crypto projects.
00:56:22.490 --> 00:56:25.950
Roger: So one of the other great things in
the Tor world is the number of researchers
00:56:25.950 --> 00:56:30.820
who are doing great work at evaluating
and improving Tor’s anonymity.
00:56:30.820 --> 00:56:34.740
So there are a couple of papers that were
out over the past year talking about
00:56:34.740 --> 00:56:39.380
how we didn’t actually choose the
right guard rotation parameters.
00:56:39.380 --> 00:56:42.810
I’m not going to get into that in detail
in our last couple of minutes.
00:56:42.810 --> 00:56:46.490
But the very brief version is:
00:56:46.490 --> 00:56:51.109
if you can attack both sides of the
network and they run 10% of the network
00:56:51.109 --> 00:56:54.930
– they, the adversary run 10% of the
network – the chance over time,
00:56:54.930 --> 00:56:59.280
the blue line is the current situation,
where you choose 3 first hops,
00:56:59.280 --> 00:57:02.310
3 entry guards and you rotate every
couple of months – over time
00:57:02.310 --> 00:57:05.930
the chance that you get screwed by an
adversary who runs 10% of the network
00:57:05.930 --> 00:57:07.120
is pretty high.
00:57:07.120 --> 00:57:10.160
But if we change it
to 1 guard and you don’t rotate
00:57:10.160 --> 00:57:13.770
then we’re at the green line which
is a lot better against an adversary
00:57:13.770 --> 00:57:15.300
who’s really quite large.
00:57:15.300 --> 00:57:17.750
This is an adversary
larger than torservers.net
00:57:17.750 --> 00:57:19.750
e.g. So A...
00:57:19.750 --> 00:57:21.440
Jacob: Arts (?) is no adversary, right?
00:57:21.440 --> 00:57:26.510
Roger: So a pretty large attacker we
need to move it from the blue line
00:57:26.510 --> 00:57:27.760
down to the green line.
00:57:27.760 --> 00:57:30.510
And that’s
an example of the anonymity work
00:57:30.510 --> 00:57:31.510
that we need to do.
00:57:31.510 --> 00:57:33.130
-- So, what’s next?
00:57:33.130 --> 00:57:35.420
Tor, endorsed by Egyptian activists,
00:57:35.420 --> 00:57:40.070
Wikileaks, NSA, GCHQ, Chelsea
Manning, Edward Snowden…
00:57:40.070 --> 00:57:42.870
Different communities like
Tor for different reasons.
00:57:42.870 --> 00:57:46.060
Some of our funders we go to them with
that sentence – basically everybody
00:57:46.060 --> 00:57:47.120
we go to with that sentence.
00:57:47.120 --> 00:57:50.050
It’s like:
“I like those 3 examples but I don’t like
00:57:50.050 --> 00:57:51.670
those 2 examples”.
00:57:51.670 --> 00:57:55.650
So part of what we
need to do is help them to understand
00:57:55.650 --> 00:58:02.030
why all of these different
examples matter.
00:58:02.030 --> 00:58:04.940
Jacob: That said, I tend to believe
that we need to be engaged
00:58:04.940 --> 00:58:09.090
in a pretty big way and thanks
to the people of Ecuador,
00:58:09.090 --> 00:58:12.800
especially the people running the Minga-tec
community events, they have actually
00:58:12.800 --> 00:58:17.120
put together a real model which
should be emulated probably
00:58:17.120 --> 00:58:20.960
by the rest of the world where they really
engage with civil society, and they’re
00:58:20.960 --> 00:58:24.450
actually able to arrange for meetings
with e.g. the Foreign Minister
00:58:24.450 --> 00:58:27.530
or with various other people involved in
the National Assembly.
00:58:27.530 --> 00:58:28.530
And as a result
00:58:28.530 --> 00:58:31.570
they had Article 474, which they
proposed, which was basically
00:58:31.570 --> 00:58:33.500
the worst Data Retention
Law you can imagine.
00:58:33.500 --> 00:58:35.050
It included video taping
00:58:35.050 --> 00:58:39.810
in Internet Cafés, 6 months dragnet
surveillance, all sorts of awful stuff.
00:58:39.810 --> 00:58:43.320
And they were able to, in the
course of, I would say 3..6 months,
00:58:43.320 --> 00:58:46.210
this is mostly the FLOK Society,
actually.
00:58:46.210 --> 00:58:47.210
They were able to organize
00:58:47.210 --> 00:58:49.190
a real discussion about this.
00:58:49.190 --> 00:58:50.880
And we
were able to get this proposed part
00:58:50.880 --> 00:58:53.010
of the penal code completely removed.
00:58:53.010 --> 00:58:54.540
At the end of November of last year…
00:58:54.540 --> 00:58:56.580
early December… of this year.
00:58:56.580 --> 00:58:58.290
So just about a month ago.
00:58:58.290 --> 00:59:01.620
So if we really work together
across the spectrum,
00:59:01.620 --> 00:59:06.030
we see, right now, in Ecuador
e.g. changing (?) away
00:59:06.030 --> 00:59:09.250
by showing them that fundamentally:
the game is rigged.
00:59:09.250 --> 00:59:10.250
If you choose
00:59:10.250 --> 00:59:12.660
to spy on your citizens then the NSA
always wins.
00:59:12.660 --> 00:59:13.790
And the NSA wants people
00:59:13.790 --> 00:59:16.390
to believe that everybody is doing
the spying.
00:59:16.390 --> 00:59:17.390
So one of the things
00:59:17.390 --> 00:59:20.750
I explained to people in the Ecuadorian
Government and in Ecuadorian civil society
00:59:20.750 --> 00:59:23.140
is that you can choose a different game.
00:59:23.140 --> 00:59:24.490
You can choose not to play that game.
00:59:24.490 --> 00:59:28.890
The only people that win when you
choose that game are the NSA,
00:59:28.890 --> 00:59:30.900
and potentially you
– a few times.
00:59:30.900 --> 00:59:31.900
But the NSA will get
00:59:31.900 --> 00:59:34.620
whatever data you
have stored away.
00:59:34.620 --> 00:59:35.620
If you want to be secure
00:59:35.620 --> 00:59:38.360
against the dragnet surveillance, if
you want to be secure against people
00:59:38.360 --> 00:59:41.720
who will break into that system you
must not have that system in existence.
00:59:41.720 --> 00:59:43.640
You must choose a different paradigm.
00:59:43.640 --> 00:59:45.350
And when I told this to people in Ecuador
00:59:45.350 --> 00:59:47.770
and they understood the trade-offs,
and they understood that they are
00:59:47.770 --> 00:59:50.670
not the best at surveilling
the whole planet.
00:59:50.670 --> 00:59:51.670
They understood that they’re
00:59:51.670 --> 00:59:53.350
not the best in internet security yet.
00:59:53.350 --> 00:59:55.570
They realized that the game is rigged.
00:59:55.570 --> 00:59:58.290
And they got rid of Article
474 from the penal code.
00:59:58.290 --> 01:00:02.030
And there is no Data Retention
there in that penal code now.
01:00:02.030 --> 01:00:10.310
applause
01:00:10.310 --> 01:00:14.550
But I have to stress this not
because of 1 or 2 or 10 people,
01:00:14.550 --> 01:00:17.260
it’s because of a broad
civil society movement.
01:00:17.260 --> 01:00:18.450
Which is what we’ve also seen
01:00:18.450 --> 01:00:20.840
in Germany, and in other places.
01:00:20.840 --> 01:00:23.130
So this is something which you
should have a lot of hope about.
01:00:23.130 --> 01:00:25.590
It’s not actually
dark everywhere.
01:00:25.590 --> 01:00:28.540
We are actually making
positive steps forward.
01:00:28.540 --> 01:00:31.670
Roger: So there are other tools
that we would like help with.
01:00:31.670 --> 01:00:35.670
E.g. tails is a live CD, WiNoN and
other approaches are trying
01:00:35.670 --> 01:00:40.260
to add VM to it, so that even if
you can break out of the browser,
01:00:40.260 --> 01:00:43.410
there’s something else you have
to break out, other sandboxes.
01:00:43.410 --> 01:00:44.410
And there are
01:00:44.410 --> 01:00:47.090
a lot of other crypto improvements that
we’re happy to talk about afterwards.
01:00:47.090 --> 01:00:50.860
The Tor Browser Bundle, the new one, has
a bunch of really interesting features.
01:00:50.860 --> 01:00:53.480
Deterministic Builds is
one of the coolest parts of it.
01:00:53.480 --> 01:00:54.480
Where everybody here can
01:00:54.480 --> 01:00:57.940
build the Tor Browser Bundle and end up
with an identical binary.
01:00:57.940 --> 01:00:58.940
So that you can
01:00:58.940 --> 01:01:01.440
check to see that it
really is the same one.
01:01:01.440 --> 01:01:02.550
And here’s a screenshot
01:01:02.550 --> 01:01:03.550
of the new one.
01:01:03.550 --> 01:01:06.880
It no longer has
Vidalia in it, it’s all just a browser
01:01:06.880 --> 01:01:11.050
with a Firefox extension that
has a Tor binary and starts it.
01:01:11.050 --> 01:01:14.510
So we’re trying to stream-line it
and make it a lot simpler and safer.
01:01:14.510 --> 01:01:18.890
I’d love to chat with you afterwards about
the core Tor things that we’re up to
01:01:18.890 --> 01:01:22.310
in terms of building the actual program
called Tor but also the Browser Bundle,
01:01:22.310 --> 01:01:25.590
and metrics, and censorship
resistance etc.
01:01:25.590 --> 01:01:30.020
And then, as a final note:
We accept Bitcoin now.
01:01:30.020 --> 01:01:34.840
Which is great.
applause
01:01:34.840 --> 01:01:37.360
Jacob: So all of the Bitcoin
millionaires in this community:
01:01:37.360 --> 01:01:41.760
we would really encourage you to help us
get off of the US Government funding.
01:01:41.760 --> 01:01:43.080
Don’t just complain, help us!
01:01:43.080 --> 01:01:45.930
Mutual Aid
and Solidarity means exactly that:
01:01:45.930 --> 01:01:47.960
to put some money where
your mouth is!
01:01:47.960 --> 01:01:49.760
We’d really like to do that.
01:01:49.760 --> 01:01:53.510
And it’s really important to show people
that we have alternative methods
01:01:53.510 --> 01:01:55.330
of funding community-based
projects.
01:01:55.330 --> 01:01:56.690
So think about it
01:01:56.690 --> 01:01:59.790
and you can, if you’d like, use Bitcoin.
01:01:59.790 --> 01:02:04.030
Roger: A last, right now, BitPay is
limiting you to 1000 Dollars of Bitcoin
01:02:04.030 --> 01:02:05.180
per donation.
01:02:05.180 --> 01:02:07.550
We’re hoping to lift
that in the next couple of days.
01:02:07.550 --> 01:02:12.620
But if you would like to give us lots of
Bitcoins, please don’t get discouraged.
01:02:12.620 --> 01:02:16.400
And then, as a final note: starting
right now in Noisy Square
01:02:16.400 --> 01:02:20.720
is an event on how to help Tor and there
will be a lot of Tor people there,
01:02:20.720 --> 01:02:24.240
and we’d love to help teach you
and answer your questions
01:02:24.240 --> 01:02:26.330
and help you become part of the community.
01:02:26.330 --> 01:02:28.730
We need you to teach other people
01:02:28.730 --> 01:02:30.920
why Tor is important.
01:02:30.920 --> 01:02:32.230
Jacob: Thank you!
01:02:32.230 --> 01:02:38.540
applause
01:02:38.540 --> 01:02:40.810
no time for Q&A left
01:02:40.810 --> 01:02:44.290
*Subtitles created by c3subtitles.de
in the year 2016.
01:02:44.290 --> 01:02:47.733
Join and help us!*