Hello all.
I am preparing a longer response to the issues Isis et al mentioned. Most
are interrelated, but this one is not. And I wanted to get clarification
on it.
Isis expressed a concern about making a list of bitcoin addresses from
.onion, citing, "Consent is not the absence of saying 'no' — it is
explicitly saying 'yes'."
For what it's worth, ahmia.fi actually supports regex searching right out
of the box. In fact, a single line of JSON spits out all known bitcoin
addresses ahmia knows about.
For example, here's an anonymized list going .onion -> BTC which I mined
from Ahmia,
* http://virgil.gr/wp-content/uploads/2016/05/btc-on-dot-onion.html [6MB]
And here's the same information going BTC -> .onion
* http://virgil.gr/wp-content/uploads/2016/05/btc2domains.v2.txt [2mb]
If you want to check the results you can ask Juha for the JSON query to do
this.
Lets go out on a limb and assume that regexs are okay. Is the issue then
.onion search-engines? I understand Isis's preference for there to always
be affirmative consent but does that mean that until such a standard exists
all search engines from onion.link, ahmia.fi, MEMEX, NotEvil, and Grams are
violating official Tor community policy?
----
Here's how I currently see this. I put on my amateur legal hat and say,
"Well, the Internet/world-wide-web is considered a public space.
Onion-sites are like the web, but with masked speakers."
*
https://www.hks.harvard.edu/m-rcbg/research/j.camp_acm.computer_internet.as…
* http://aims.muohio.edu/2011/02/01/is-the-internet-a-public-space/
Ergo, I would argue that, by default, content on .onion is public the same
way everything else on the web is. If you don't want to be "indexed", for
physical spaces you go in-doors, or for the web you put up a login. As an
aside, the web-standard is actually *kinder* than physical public spaces
because on the web one can have an unobstrusive /robots.txt saying, "please
don't index me". Which is a great thing.
Whereas some would say Tor users are "anonymous", others would instead say
any and everything Tor is "private". I believe this needs to be
clarified. I once proposed to Roger that he delineate the sub-types of
privacy in the same way Stallman delineated his "Four Freedoms". Roger
replied that he preferred using the broad catch-all term "Privacy". These
confusions may be a caveat of using a broad catch-all term. Interpreting
broadly, Isis is correct. However, this conclusion has a lot of unpleasant
ramifications.
Comments appreciated,
-V
P.S. Mildly related, I saw this today involving DARPA, and Tor.
http://thehackernews.com/2016/05/darpa-trace-hacker.html
"""
The aim of Enhanced Attribution program is to track personas continuously
and create “algorithms for developing predictive behavioral profiles.”
"""
I hope you all are aware this flows directly from MEMEX. Right? This, and
MEMEX, seems a much more appropriate target for outrage. A lot of this
work that numerous community members have worked on gives even me pause.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello everyone,
as the subject says, I suggest that we retire Globe (currently
available at https://globe.torproject.org/).
The main reason is that Globe is serving a similar purpose as Atlas
(available at https://atlas.torproject.org/), which it was forked from
several years ago. Neither Atlas nor Globe are actively developed,
they only receive critical bug fixes whenever necessary. And thanks,
Philipp and Isis, for doing that!
So, when deciding which of the two services we should keep, I looked
at the number of daily requests to both services, which shows that
Globe is used a lot less than Atlas:
https://people.torproject.org/~karsten/volatile/atlas-globe-2016-04-01.png
The hope is that retiring Globe could make it more likely that new
developers start contributing to Atlas. It would also make it easier
for us to add new feature to Atlas, because we wouldn't feel bad for
not adding them to Globe, too. In any case, we're getting rid of yet
one more thing.
Here's a suggested timeline for retiring Globe:
- By April 30, we create Trac tickets for all features we like in
Globe and that are missing in Atlas. These tickets would go in
component "Metrics/Atlas" in Trac. If you want to keep something in
Atlas that you like in Globe, this is your chance to make that happen!
- By May 15, we'll have reviewed those new tickets and decided which
of them we should implement before shutting down Globe. We might send
a call for help to tor-dev@ to write these patches.
- By May 31 (hopefully), we'll have implemented, reviewed, merged,
and deployed the missing features in Atlas, and we'll shut down Globe.
We should probably add a static web page pointing to Atlas. If it
takes longer than this, it takes longer, but let's use this date for
now. Maybe nobody will be missing anything from Globe. We'll see.
Suggestions welcome, not only if you strongly object!
All the best,
Karsten
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJXG5afAAoJEC3ESO/4X7XBj/8H/25hssQXL5QuqVbzngTSJ8AF
BchTx9l9lAclddyeaug74obAW01+ljO4PZhEZGr12FrTKtlot3PWlQTykkeqCuKh
kbVDHgO4U90qSSsVX2aOB9UVlAfvNpk93c5RqdQVwa/1jx6MaMdUM3OFopm9m8ji
ceJqizYBrKfL8sI4ksdz84f9u+fwClI2+2H1RMs5PhFG4gIZ/F/ZzVMbkh2ruITC
gNl3tWwj46I1CicPQQfYEtaKsA2VckRNo+8N1pfpSKsHBAP6hdGbKQvTkTxRSsrO
MFu+kMaF0wkaT58o2IF2FhrQdnq7rns/zAoG+L2ym+7qqEbuaqb/m3wq1jnNp1I=
=NDEg
-----END PGP SIGNATURE-----
Hello gentle people!
I am looking over the machines that tor is paying for, and two of them
are the 1984 machine that we have labelled only as crm and
ubuntu1404lts-persona. I think they may have been created at one point
by Andrew.
Does anybody know who might be using these machines?
If you have an idea, please let us know.
If one of them is your machine, or at one point was, please let us know
if it is still useful and we should keep it around. (And please briefly
describe what it is being used for.)
If I don't hear anything, and nobody objects either, I will stop having
them auto-renewed, i.e., I will decommission them.
Thanks.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
Lynn Tsai and I, with the help of others, have been measuring how long
it takes for Tor Browser's default bridges to be blocked.
https://arxiv.org/abs/1605.08808 (click "PDF")
Abstract:
Censors of the Internet must continually discover and block new
circumvention proxy servers. We seek to understand the pace of
this process, specifically, the length of the delay between when
a proxy becomes potentially discoverable and when the censor
blocks it. We measure this delay by testing the reachability of
previously unseen Tor bridges, before and after their
introduction into Tor Browser, from sites in the U.S., China,
and Iran, over a period of five months. We find that China's
national firewall blocks these new bridges, but only after a
varying delay of between 2 and 18 days, and that blocking occurs
only after a user-ready software release, despite bridges being
available earlier in source code. While the firewall notices new
bridges in Tor Browser, bridges that appear only in Orbot, a
version of Tor for mobile devices, remain unblocked. This work
highlights the fact that censors can behave in unintuitive ways,
which presents difficulties for threat modeling but also
opportunities for evasion.
The best summaries are on pages 4 and 5, which show in graphical/tabular
form the dates of releases and how long the bridges remained reachable
after. We would appreciate any comments or corrections. In particular,
the description of the Tor Browser release process could stand some
fact-checking by a Tor Browser developer.
This seems like a lovely grant opportunity for someone doing BGP or traffic
analysis work. Must have some presence in Asia Pacific.
-V
---------- Forwarded message ----------
From: *APNIC Secretariat* <apnic-no-reply(a)apnic.net>
Date: Tuesday, 31 May 2016
Subject: Applications extended - APNIC Internet Operations Research Grant
________________________________________________________________________
APNIC Internet Operations Research Grant applications extended
________________________________________________________________________
APNIC is pleased to announce that applications for the APNIC
Internet Operations Research Grant have been extended by TWO WEEKS to
15 June 2016 (23:59 UTC).
Applicants can apply for funding between AUD 5,000 to AUD 45,000 for
research projects on topics related to Internet operations,
infrastructure and related protocols, for example:
- Network measurement and analysis
- IPv6 deployment
- BGP routing
- Network security
- Peering and interconnection
Apply now
---------
If you have a project that supports the development of an Internet
research community whose results can improve the availability,
reliability and security of the Internet in the Asia Pacific, then
apply now.
We encourage members of Network Operators Groups, members/partners of
IXPs, operators of root servers, and academics and postgraduate students
to submit their proposals.
The APNIC Internet Operations Research Grant is administered and
managed by ISIF Asia.
For more information, please see:
http://isif.asia/grant
________________________________________________________________________
APNIC Secretariat secretariat(a)apnic.net
<javascript:_e(%7B%7D,'cvml','secretariat(a)apnic.net');>
Asia Pacific Network Information Centre (APNIC) Tel: 61 7 3858 3100
PO Box 3646 South Brisbane, QLD 4101 Australia Fax: 61 7 3858 3199
6 Cordelia Street, South Brisbane, QLD http://www.apnic.net
________________________________________________________________________
Hi,
David Huerta is founder of NYC's hackerspace Resistor and has a very
cool day job helping to envision the future of libraries (first locally
and then nationally), at the Brooklyn Public Library. He wants to host a
Tor hackfest during HOPE.
Cheers,
Kate
Hello,
re: latest blog post:
https://blog.torproject.org/blog/mission-montreal-building-next-generation-….
Would there be any interest in a Tor Hackfest in NYC? I can bounce the
idea off the other NYC Resistor (http://www.nycresistor.com/) kin to see
if we can schedule a day or two for late July; Same week as HOPE? We can
host groups < 25 people, pro bono.
Let me know if there's any interest,
.dh
huertanix(a)nycresistor.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
See this posting for context:
https://lists.torproject.org/pipermail/tor-project/2016-April/000223.html
Notes for May 26 2016 meeting:
Georg:
1) Tor Browser 6.0 is ready for QA. Planned release day is May 30.
2) I worked on our search engine problem. Disconnect switched the
fallback to DuckDuckGo.
3) I reviewed 2 papers
Nick:
1) Tor 0.2.8.3-alpha is almost out. Which TorBrowser will get it?
2) Talked with some folks and Isabela about doing an audit on the Tor
code. (Roger set this up; I think an existing funder would be
paying?) Seems promising so far.
3) Had meeting with Isabela and team. Productive but team feels
stretched. IMO we need:
* A sense that everybody is doing their fair share
* Nearly all people to be contractually 'allowed' to work on nearly
all things.
* To track non-coding tasks as well a coding tasks when planning time
and allocating people
* A better sense of how much volunteers would like to commit, and a
way for us to be able to ask the paid people before the volunteers.
We have planned to:
* Get a working code review system
* Add review-points to trac
* chop 0.2.9 and future releases down to size
* improve our workflow.
* have another meeting in july
Kate:
1) Rule 41 update
—Need to stay with bipartisan talking point: DOJ is trying to get a
major policy change enacted with a rule change in the Federal Rules of
Criminal Procedure--DOJ is trying to circumvent Congress. Rep. Poe's
office is introducing co-sponsors in two's-- one democrat for each
republican. It's going well.
2) CloudFlare update: More allies are joining us; we are planning to
track CloudFlare's promises and hold them accountable, probably via an
email list.
3) A-Clinic Collaboration - probably not a formal collaboration with
this foundation that wants to use onion services to do anonymous
health surveys, etc. A letter describing our involvement is still
being negotiated.
4) Recruited volunteers to help with HTML tagging so we can upload
more things to the Tor website.
5) Press Kit: Volunteer David Stanton is working on user stories
document and I am finishing onion services doc as well as document
that describes myths about Tor and explains the realities.
6) US Mission in Uganda held an Internet freedom and human rights
Twitter event - we participated (5/26)
We received some media coverage about the onion services hackfest,
including a nice SlashDot piece
- BoingBoing:
https://boingboing.net/2016/05/26/tor-project-is-working-on-a-we.html
- The
Register:http://www.theregister.co.uk/2016/05/25/nextgen_tor_to_use_distributed_rng_55character_addresses/
- Softpedia:
http://news.softpedia.com/news/tor-to-use-never-seen-before-distributed-rng…
- IBTimes:
http://www.ibtimes.co.uk/tor-develops-its-own-random-number-generator-make-…
- Hackread:
https://www.hackread.com/tor-developers-next-gen-onion-service/
- Slashdot:
https://yro.slashdot.org/story/16/05/25/2347238/tor-to-use-distributed-rng-…
- Naked Security:
https://nakedsecurity.sophos.com/2016/05/26/tor-takes-on-the-question-what-…
FBI is being pressured by the judge to release Tor 0-day in
Washington State case
Shari:
1) board meeting on Friday; anything you want me to bring up?
2) Monday is a holiday in the U.S. How to handle holidays?
3) Personnel update.
Isabela:
1) Organized retrospective meeting with the network team for the team
to have a sense of how things are going and where are the pain points
we need to improve. Went pretty good for my first irc retrospective :)
2) Working with Alison on updating the SIDA proposal.
3) Working on possible Mozilla grant - at first with TBB and Nathan
because we were thinking of applying for mobile browser - now with
Karsten because we probably will apply for metrics instead per
Mozilla's feedback.
4) focus on making the release 0.2.9 smaller / pick up DRL work (M&E
and F-indicators and extension) are the things for me starting next week
Mike:
1) I'm wrapping up the last thing before I take a vacation: I'm going
to help with the Mozilla proposal(s), and then start my vacation,
ideally on June 1st.
Karsten:
1) Continued writing a funding proposal for metrics work, together
with Isabela and Cass who have been extremely helpful so far.
Deadline is May 31st.
2) Just talked to weasel about the virtual machines at one of our
hosters basically falling apart. We'll need to migrate them ASAP to a
new hoster. Apparently, budget shouldn't be an issue there, because
we're freeing up some money by reducing hosting elsewhere, but just in
case there's overlap we might be paying a few hundred USD extra. --
Asked Shari for ~200 USD/mo, which she approved.
Alison:
1) social contract draft is with Lunar and Matt for one more review
before Vegas leads
2) the community council is writing our guidelines -- still in its
very early stages
3) sent another update of the membership doc to this team for review
- -- next it'll go to tor-internal@
4) reworking SIDA proposal with Isa
5) OTF concept note for building community capacity within Torservers
was invited for a full proposal!
6) Cloudflare meeting (Mike will probably update)
7) support team met yesterday. we hope to integrate this team more
into the community team. phoul has done major updates to the support
docs and we're now working on plans for distribution and translation
and maintenance.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJXTAaJAAoJEC3ESO/4X7XBO5oH/3FH9ZW7O1aJwkIl0vByaPP9
JXDosBBm2FssksZn9z498qQ7o6HkSlfrO0oT3nnjvQlteYGZZQj+gdDuFpiQ8KTD
tKlUk753iWDgPrsK0+WMszhKYpe/zNIOQ7GieY0Xx3Nkxmzvc/buMlxA+qHkF09/
NFv6WqJUTy3nZsf8N8JwD2pUiFafXLzthEmrGgLsHxNsIFN1BbdI4npZIueV0Cpw
1cQk01eZKZtoDi03/ilAsVtUoeBYRmjktUgdFIAh9vXputAfG7pgliJCbxj2j+Dw
k8p7HfjJQsgistQJJrLVus9Tt1rYQULDqw0r2G9cn6dhuO/zBSNJNBJeqgWH+hE=
=FVjF
-----END PGP SIGNATURE-----
Hi Tim, hi Nick. As requested on ticket #18177 [1] we now have a new
DocTor monitor [2] that checks the reachability of our fallback
directories. A notification that looks like the following is sent to
the three of us and #tor-bots if over 25% of the fallbacks are
unreachable...
------------------------------------------------------------
29/100 (29%) fallback directories have become slow or unresponsive...
* 9504CB22EEB25D344DE63CB7A6F2C46F895C3686 => IPv6 ORPort is
unreachable (2a03:b0c0:3:d0::2ed:7001:9050)
* AEA43CB1E47BE5F8051711B2BF01683DB1568E05 => IPv6 ORPort is
unreachable (2001:41d0:a:74a::1:443)
* 8B7F47AE1A5D954A3E58ACDE0865D09DBA5B738D => DirPort is unreachable
(178.217.184.32:9030)
... etc...
------------------------------------------------------------
A fallback is defined as unavailable if...
* We can't connect to its ORPort.
* We can't connect to its DirPort.
* We can't connect to its IPv6 ORPort (if it has one).
* It takes longer than 15 seconds to provide the consensus (download
times are usually ~3s).
The cron runs once per day. Happy to also send these to
tor-consensus-health@ if anybody there wants the notices.
Cheers! -Damian
[1] https://trac.torproject.org/projects/tor/ticket/18177
[2] https://gitweb.torproject.org/doctor.git/tree/fallback_directories.py
Hey all.
Monday is Memorial Day in the United States: https://en.wikipedia.org/wiki/Memorial_Day The Tor office in Seattle will officially be closed on Monday. All other U.S. Tor people are invited to take a holiday. And those of you who live in other countries, please take off an appropriate holiday wherever you are. :)
Our new human resources manager, Erin Wyatt, will be starting on June 6. Coming up with a good holiday policy will be one of the (many) things on her to-do list.
Shari
On Wed, May 4, 2016, at 10:41 AM, Paul Syverson wrote:
> On Wed, May 04, 2016 at 07:36:23AM +0000, Yawning Angel wrote:
> > On Wed, 4 May 2016 01:30:13 +0000
> > Alison Macrina <alison(a)libraryfreedomproject.org> wrote:
> > > So, I want to propose that we choose onion sites or onion services
> > > once and for all (I'm in favor of the former because most users have
> > > no idea what is meant by "services"; it sounds too vague). Then,
> > > whenever we see somewhere on torproject.org or any of our
> > > documentation or whatever that still reads hidden services or onion
> > > services, that we kill it with fire.
> >
> > Disagree, because this further reinforces the idea that the internet is
> > centered around port 80/443, and is nonsensical given some of our
> > prominent use cases ("Ricochet is based around Tor onion services" vs
> > "Ricochet is based around Tor onion sites". One of these statements is
> > correct, and one is not).
>
> To further Yawning's point and provide an example of using both terms:
> Ricochet is an onion service in which each Ricochet client
> creates a local onionsite that others connect to.
Actually, for me, the user of the word "service" is something that is a
machine-readable endpoint, an API or protocol, while "site" is a meant
to have some human-facing aspect that is able to be browsed or read
through a web browser or something of that nature.
I would say that Ricochet is only an onionservice, while something like
SecureDrop or Globaleaks would be an onionsite that offers onionservices
as part of the application.
+n