Author: runa Date: 2011-09-21 08:03:48 +0000 (Wed, 21 Sep 2011) New Revision: 25092

Added: projects/presentations/2011-anonymity-usability-humans-mdx.pdf projects/presentations/2011-anonymity-usability-humans-mdx.tex projects/presentations/images/bridge-users-2010-09-11-300-2011-09-11-ir.png projects/presentations/images/direct-users-off-2010-09-11-off-300-2011-09-11-ir.png projects/presentations/images/direct-users-off-2010-09-19-off-300-2011-09-19-all.png Log: tex, pdf and images from my presentation yesterday

Added: projects/presentations/2011-anonymity-usability-humans-mdx.pdf =================================================================== (Binary files differ)

Property changes on: projects/presentations/2011-anonymity-usability-humans-mdx.pdf ___________________________________________________________________ Added: svn:mime-type + application/octet-stream

Added: projects/presentations/2011-anonymity-usability-humans-mdx.tex =================================================================== --- projects/presentations/2011-anonymity-usability-humans-mdx.tex (rev 0) +++ projects/presentations/2011-anonymity-usability-humans-mdx.tex 2011-09-21 08:03:48 UTC (rev 25092) @@ -0,0 +1,265 @@ +\documentclass{beamer} +\mode<presentation> +\usetheme{Boadilla} +\title{Anonymity, Usability, and Humans. Pick Two.} +\author{Runa A. Sandvik \ runa@torproject.org} +\date{20 September 2011} +\begin{document} + +\begin{frame} +\maketitle +\begin{center} +\includegraphics[height=3cm]{../images/2009-tor-logo} +\end{center} +\end{frame} + +% Introduce myself, just to be nice +\begin{frame} +\frametitle{About Runa} +\begin{itemize} +\item Studied at the Norwegian University of Science and Technology +\item Worked for the Tor Project during Google Summer of Code in 2009 +\item Developer, security researcher, translation coordinator +\end{itemize} +\end{frame} + +% And here's what we'll talk about +\begin{frame} +\frametitle{What are we talking about?} +\begin{itemize} +\item Crash course on anonymous communications +\item Quick overview of Tor +\item Usability, Security, and Humans +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{The Tor Project, Inc.} +501(c)(3) non-profit organization dedicated to the research and development of technologies for online anonymity and privacy +\begin{center} +\includegraphics[height=5cm]{../images/2009-oval_sticker_new} +\end{center} +\end{frame} + +% Crash course on anonymous communications +\begin{frame} +\frametitle{What is anonymity?} +\includegraphics[width=10cm]{../images/2llg3ts} +\end{frame} + +\begin{frame} +\frametitle{Anonymity isn't cryptography} +\begin{itemize} +\item Cryptography protects the contents in transit +\item You still know who is talking to whom, how often, and how much data is sent. +\end{itemize} +\begin{center} +\includegraphics[width=5cm]{../images/encryption-cc-by-sa} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Anonymity isn't steganography} +Attacker can tell Alice is talking to someone, how often, and how much data is sent. +\bigskip + +\begin{center} +\includegraphics[width=5cm]{../images/steganography-cc-by-sa} +\end{center} +\end{frame} + +\begin{frame} +\frametitle{Anonymity isn't just wishful thinking...} +\begin{itemize} +\item "You can't prove it was me!" +\pause \item "Promise you won't look" +\pause \item "Promise you won't remember" +\pause \item "Promise you won't tell" +\pause \item "I didn't write my name on it!" +\pause \item "Isn't the Internet already anonymous?" +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{..since "weak" isn't anonymity.} +\begin{itemize} +\item<1> \textit{"You can't prove it was me!"} Proof is a very \textbf{strong} word. Statistical analysis allows suspicion to become certainty. +\item<2> \textit{"Promise you won't look/remember/tell"} Will other parties have the abilities and incentives to keep these promises? +\item<3> \textit{"I didn't write my name on it!"} Not what we're talking about. +\item<4> \textit{"Isn't the Internet already anonymous?"} Nope! +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Anonymous communication} +\begin{itemize} +\item People have to hide in a crowd of other people ("anonymity loves company") +\item The goal of the system is to make all users look as similar as possible, to give a bigger crowd +\item Hide who is communicating with whom +\item Layered encryption and random delays hide correlation between input traffic and output traffic +\end{itemize} +\end{frame} + +% What is Tor? +\begin{frame} +\frametitle{What is Tor?} +\begin{itemize} +\item Online anonymity software and network +\pause \item Open source, freely available (3-clause BSD license) +\pause \item Active research environment: \ +Rice, UMN, NSF, NRL, Drexel, Waterloo, Cambridge UK, Bamberg Germany, Boston Univ, Harvard, MIT, RPI, Georgia Tech +\pause \item Increasingly diverse toolset: \ +Tor, Torbutton, Tor Browser Bundle, TAILS Anonymous Operating System, +Tor Weather, GetTor, Thandy, Orbot, Tor Check, Arm, Torouter, Tor Cloud +and more +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{What makes Tor different, part 1} +\begin{overlayarea}{9cm}{6cm} +\only<1>{\includegraphics[height=7cm]{../images/single_hop_relay}} +\only<2>{\includegraphics[height=7cm]{../images/evil_single_hop_relay}} +\only<3>{\includegraphics[height=7cm]{../images/data_snooping_single_hop_relay}} +\end{overlayarea} +\end{frame} + +% And what makes Tor different? +\begin{frame} +\frametitle{What makes Tor different, part 2} +\begin{overlayarea}{9cm}{6cm} +\only<1>{\includegraphics[height=7cm]{../../website/images/htw1}} +\only<2>{\includegraphics[height=7cm]{../../website/images/htw2}} +\only<3>{\includegraphics[height=7cm]{../../website/images/htw3}} +\end{overlayarea} +\end{frame} + +\begin{frame} +\frametitle{Bridges versus relays} +\begin{itemize} +\item A step forward in the blocking resistance race +\item Bridge relays (or "bridges" for short) are Tor relays that aren't +listed in the main Tor directory +\item To use a bridge, you will need to locate one first (can be done +using bridges.torproject.org, email, social media etc) +\item A bridge will act as the first hop in the circuit +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Hidden services} +\begin{itemize} +\item Tor makes it possible for users to hide their locations while +offering various kinds of services, such a website or an im server +\item Using Tor "rendezvous points," other Tor users can connect to +these hidden services, each without knowing the other's network identity +\item A hidden service will have an address that ends in .onion, e.g. +http://duskgytldkxiuqc6.onion/ +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Who uses Tor?} +\parbox{8cm}{\sloppy +\setbeamercolor{background}[\includegraphics[scale=0.35]{../images/anonymousman}} +\parbox{3cm}{\sloppy +\begin{flushleft} +\begin{itemize} +\begin{small} +\item Normal people +\item Law Enforcement +\item Human Rights Activists +\item Business Execs +\item Militaries +\item Abuse Victims +\end{small} +\end{itemize} +\end{flushleft} +} +\end{frame} + +\begin{frame} +\frametitle{estimated 300k to 800k daily users} +\setbeamercolor{background}[\includegraphics[scale=0.4]{../images/huge-crowd}] +\end{frame} + +\begin{frame} +\frametitle{How many people use Tor daily?} +\begin{overlayarea}{9cm}{6cm} +\only<1>{\includegraphics[height=7cm]{../images/direct-users-off-2010-09-19-off-300-2011-09-19-all}} +% Should probably add a graph for daily bridge users, but the graph +% seems a bit off +%\only<2>{\includegraphics[height=7cm]{../images/direct-users-off-2010-09-19-off-300-2011-09-19-all}} +\end{overlayarea} +\end{frame} + +\begin{frame} +\frametitle{Tor users in China} +\begin{overlayarea}{9cm}{6cm} +\only<1>{\includegraphics[height=7cm]{../images/direct-users-2010-09-11-off-300-2011-09-11-cn}} +\only<2>{\includegraphics[height=7cm]{../images/bridge-users-2010-09-11-300-2011-09-11-cn}} +\end{overlayarea} +\end{frame} + +\begin{frame} +\frametitle{Tor users in Egypt} +\begin{overlayarea}{9cm}{6cm} +\only<1>{\includegraphics[height=7cm]{../images/direct-users-2010-09-11-off-300-2011-09-11-eg}} +\only<2>{\includegraphics[height=7cm]{../images/bridge-users-2010-09-11-300-2011-09-11-eg}} +\end{overlayarea} +\end{frame} + +\begin{frame} +\frametitle{Tor users in Iran} +\begin{overlayarea}{9cm}{6cm} +\only<1>{\includegraphics[height=7cm]{../images/direct-users-off-2010-09-11-off-300-2011-09-11-ir}} +\only<2>{\includegraphics[height=7cm]{../images/bridge-users-2010-09-11-300-2011-09-11-ir}} +\end{overlayarea} +\end{frame} + +\begin{frame} +\frametitle{Anonymity, Usability, and Humans} +\begin{itemize} +\item Allow the user to fully configure Tor rather than manually searching for and opening text files. +\item Let users learn about the current state of their Tor connection, and configure or find out whether any of their applications are using it. +\item Make alerts and error conditions visible to the user. +\item Run on Windows, Linux, and OS X, on a normal consumer-level machine. +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Time for a demo} +Demonstration of Tor Browser Bundle +\end{frame} + +\begin{frame} +\frametitle{Experience so far} +\begin{itemize} +\item Our web site is confusing to users and not technical enough for researchers. +\pause \item The quality of translations can vary. +\pause \item Concepts of anonymity and its threats escape most users.\"I want my Youtube!" "I use tor to organize on facebook." +\pause \item Cultural differences and their expectations of software, usability, anonymity, privacy, and what tor provides. +\pause \item Software leaks data all over the place. Stopping these leaks leads to unexpected user experiences. +\pause \item Five years since we last dabbled in Usability. +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Next steps and how you can help} +\begin{itemize} +\item Test software. +\item Provide feedback and suggest improvements. +\item Help with development. +\item Visit \url{https://www.torproject.org/%7D for more information, links, and ideas. +\end{itemize} +\end{frame} + +\begin{frame} +\frametitle{Copyright} +\begin{itemize} +\item who uses tor? \url{http://www.flickr.com/photos/mattw/2336507468/siz%7D, Matt Westervelt, CC-­BY-­SA. +\item 500k, \url{http://www.flickr.com/photos/lukaskracic/334850378/sizes/l/%7D, Luka Skracic, used with permission. +\end{itemize} +\end{frame} + +\end{document}

Added: projects/presentations/images/bridge-users-2010-09-11-300-2011-09-11-ir.png =================================================================== (Binary files differ)

Property changes on: projects/presentations/images/bridge-users-2010-09-11-300-2011-09-11-ir.png ___________________________________________________________________ Added: svn:mime-type + application/octet-stream

Added: projects/presentations/images/direct-users-off-2010-09-11-off-300-2011-09-11-ir.png =================================================================== (Binary files differ)

Property changes on: projects/presentations/images/direct-users-off-2010-09-11-off-300-2011-09-11-ir.png ___________________________________________________________________ Added: svn:mime-type + application/octet-stream

Added: projects/presentations/images/direct-users-off-2010-09-19-off-300-2011-09-19-all.png =================================================================== (Binary files differ)

Property changes on: projects/presentations/images/direct-users-off-2010-09-19-off-300-2011-09-19-all.png ___________________________________________________________________ Added: svn:mime-type + application/octet-stream