As part of my upcoming Defcon talk on onion services:
https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Dingledine
I'm thinking of including a section on Tor mythbusting. That is, there
are all sorts of Tor misunderstandings and misconceptions floating around,
and it seems smart to try to get them organized into one place as a start
to resolving them. (Later steps for resolving them should include better
and more consistent communication, and actually changing things so Tor
is safer/stronger/better. One step at a time.)
Below is an initial list to get us started, along with overly brief
summaries of the reality underlying the myth. Please contribute more
entries!
To contribute best, please frame your entry from the perspective of a
helpful and concerned Tor user or advocate, rather than as a crackpot
conspiracy theorist. (Fun as it might be, I have little interest
in socket-puppet trolling myself on stage, so phrasing myths in a
constructive manner is the best way to move forward.)
And also, don't get too hung up on the quick rebuttal text I've written:
the goal here is to brainstorm the myths, not to write the perfect answer
to each of them. That can come later.
- "I heard the Navy wrote Tor originally (so how can we trust it)."
(They didn't. I wrote it.)
- "I heard the NSA runs half the exit relays."
(Hard to disprove, but it doesn't make any sense for them to run
exits. But that shouldn't make you relax, since they already surveil
a lot of the internet, including some of the existing exit relays,
so they don't *need* to run their own. Also, the Snowden documents
give us some good hints that say no. Btw, use SSL.)
- "I heard Tor is slow."
(You're right, it's not blazing fast. But it's a lot faster than it
was in earlier years. Tor's speed has most to do with how much load
there is on the network, not on latency between the relays as many
people believe. We need more relays.)
- "I heard Tor gets most of its money from the US government."
(Alas, this one is true. We have three categories of funding: basic
research like from NSF, R&D like from the Open Technology Fund, and
deployment and training like from the State Dept. See the financial
documents that we publish for details. Alternatives would sure
be swell.)
- "I heard 80% of Tor is bad people."
(There have been a bunch of confusing studies about Tor users and
usage, and the numbers vary wildly based on what you're measuring and
how you classify bad. But for the above stat, you probably heard it
from a US DoJ attorney who misunderstood a journalist's article about
one of these studies. Or who knows, maybe she maliciously twisted
the results. See also the ongoing research work on measuring the
"dark web".)
- "I heard Tor is broken."
(Man, this phrase represents a fundamental misunderstanding of
computer security. All the academics go after Tor -- and it's great
that they do -- because we're the best thing out there, plus we provide
good documentation and help them in analyzing the attacks. You don't
hear about breaks in centralized proxy companies because there's
nothing interesting about showing flaws in them. Also, security
designs adapt and improve, and that's how the field works. I'll try
to keep my rant on this one short so it doesn't take over.)
Thanks!
--Roger
Hi everyone,
This is the bi-weekly status report for Ahmia - Hidden Service Search
## Upgrade Elastic 2.4 to 5.4
Elastic support is upgraded from version 2.4 to 5.4. [1]
## Data Visualization and statistics page
I am working on visualization of statistics. Some examples include linking
structures between sites and popularity graph of domains. [2] I will fix
the broken stats page once I am done with the graphs.
Thanks,
Pushkar Pathak
[1] : https://github.com/ahmia/ahmia-site/pull/9
[2] :
https://github.com/mdhash/ahmia-site/commit/36fdfd0da528b673b347232c26edb19…
Notes for July 6 2017 meeting:
Nick:
1) From last week: Should I approve timesheets? How?
Roger:
1) Who do I tell about operations task ideas, like "we should make a
standardized slide template based on the style guide stuff from Elio"
[Steph: I'm working on templates]
2) In talking with Alison last week I proposed that the community team
re-focus on: "Helping the rest of the world help Tor". So helping relay
operators is in, and helping activists and advocates is in, and helping
volunteers get oriented is in. But support should shift to whichever
team makes the thing being supported, and in general we should be
watchful for the community team accumulating "all the stuff that
involves interacting with users", because that's a poor way to draw the
line. We're still early in the refocusing plan, but you heard it here first.
3) Membership policy is slowly proceeding (and I think that's ok).
4) Isa and I worked out new time allocation recommendations for the
network team
5) geko: did you know about
https://launchpad.net/~webupd8team/+archive/ubuntu/tor-browser -- that
some random person is packaging tor browser for ubuntu, and not keeping
up? Which team should be interacting with these people so they either do
it right or stop? [GeKo: No, I did not; regarding the team question: it
seems to me it could be a good start if someone from the community team
would reach out to those people. Depending on how that goes it seems to
be fine to involve folks from the Tor Browser team]
6) Alison and I picked up the "speakers bureau" idea again. Her next
step is to get the notes from when we talked to Biella.
7) Privacy sensitivity training as an onboarding topic. We should make
sure all our new people understand about Facebook "like" tracking, about
web cookies in our html mass mails, and in general about the
expectations from our community.
8) Status of the comms support person funding proposal?
Alison:
1) More on Roger's point 2: I am going to organize a meeting with all of
the people who currently work on support so that we can better
coordinate channels, documentation, feedback to devs, and the like.
2) Tor Meeting: I sent the most recent invite list to vegas-leads. Are
these ready to go out now? Can we move on to creating the meeting schedule?
3) Today I'm doing a webinar about Tor for Drexel University's Libraries
and Archives Student Association
4) Finishing up a short grant to support graphic design work and
printing costs for some posters and handouts for LFP.
5) Follow up on Roger's point 6: I am waiting for Biella to get back
from vacation to give me those notes.
6) Need to connect with Steph and Tommy about publicizing the support wiki.
7) Are we still interested in having an unconscious bias training? Those
trainers got back in touch with me.
8) Working on onboarding docs for "FOSS/Tor culture" which will
complement what Isa is doing with privacy onboarding (see Roger's point 7).
Arturo:
1) Ran out of disk space on one of our pipeline related machines, but
appear to not have lost any data during that date contrary to previous
belief. See: https://github.com/TheTorProject/ooni-sysadmin/issues/116
2) Following Leonids lead we have started documenting various sys-admin
related incidents to learn from them and mitigate them in the future:
https://github.com/TheTorProject/ooni-sysadmin/issues?q=is%3Aopen+is%3Aissu…
3) ooni-probe mobile app with notification support is coming together
nicely. We are testing an alpha build for iOS and working on getting an
alpha build for Android.
4) Next generation ooni-pipeline is moving forward. We are
optimistically aiming to have an MVP deployment (with the new
measurements interface running) deployed by CLSI:
https://github.com/TheTorProject/ooni-pipeline/pull/62#issuecomment-3126377….
If you are a user (or would like to be a user) of ooni-measurements API
you should check out:
https://github.com/TheTorProject/ooni-measurements/blob/8a3bc04779514170168….
Georg:
1) We got out (or are about to get out) new Tor Browser releases picking
up new tor versions; I am happy how this worked out while I was away
from the keyboard
2) We tried to move the browser developer job application process
forward; hopefully concrete next steps will happen next week
3) Can we move forward with the bug bounty program? I owe the hackerone
folks an email outlining our plan [GeKo: the plan is to get back to
HackerOne coordinating the public launch]
Steph:
1) I'm creating brand aligned templates for documents and presentations,
will eventually make their way to media.torproject.org
2) Working on first newsletter template, message about delivery change,
content. Giant Rabbit still working on creating unsubscribe capability
5) Upcoming campaigns: sha2017, bug bounty, support wiki.
6) Will participate in net neutrality day of action next week
https://www.battleforthenet.com/july12/
7) Have been working back through press inquiries, responding to all new
requests with feedback from Shari
8) Worked with asn to polish wilmington blog post, published and share
Shari:
1) working on final report on donation database grant and edits for
other proposals
2) had initial talk with Giant Rabbit folks about this year's
crowdfunding campaign
Karsten:
1) Cleaned up a little after the end-of-month sprint by updating to new
metrics-lib, updating Metrics website, updating to new Debian stretch
libraries.
2) Started making plans for current month; current plan is to focus on
CollecTor development this month and do some maintenance tasks that
piled up over the last six months.
Mike:
1) Can we get an official TBB build machine? (
https://trac.torproject.org/projects/tor/ticket/22764#ticket, elsewhere)
[GeKo: Yes, please]
2) Talking with researchers, getting padding code ready for PETS meeting.
Brad:
1) Working on the year-end close process and preparation of financial
reports
2) Sue and I both have a long backlog at the moment, so apologies for
any delays in responding to questions sent to the accounting@ alias
3) Please approve time/expenses in Harvest for assigned employees no
later than Tues July 11
4) It's important that we get all expense reports covering JAN-JUN by
the end of this month
Hi,
we've just published the Tails report for June, 2017:
https://tails.boum.org/news/report_2017_06/
I'm attaching a simplified HTML version for your offline reading
pleasure :)
Cheers,
--
intrigeri
Hi,
In June, I worked on the following:
* Tor Messenger
- Released Tor Messenger 0.4.0b3:
https://blog.torproject.org/blog/tor-messenger-040b3-released
- Started working on the transition to ESR52. We are trying to reuse the
components from Tor Browser itself by using rbm (which is what we have
been using for the Tor Messenger builds.) This is going to form the
major part of the work this month.
* TorBirdy
Worked on the following tickets:
#20978 #21880 #22318 #22566 #22567 #22568 #22569
* Community
- Continued working on planning Tor outreach in India with an NGO; more
details later once it is finalized.
- Giving two Tor talks in Toronto in August:
https://lists.torproject.org/pipermail/tor-community-team/2017-June/000048.…
--
Sukhbir
Hello, Tor!
For those of you who don't know me, I'm the new grant writer -- I work
closely with the communications and community teams.
Here's what I got up to in my first full month on the job.
## June 2017
- Onboarded @ Tor, put a face and a name to folks I've been
following/interacting with for years.
- Met folks at the network team meeting in Wilmington [1]. Started
thinking about how to make it easier & faster to onboard people into the
Tor community.
- Familiarized myself with Tor's current grants and sponsors.
- Submitted a grant to improve & expand Tor Metrics.
- Familiarized myself with Foundation Center, a resource for
grant-writers to find funders in their fields [2].
- Started a bunch of grants due this month.
TC
--
[1] https://blog.torproject.org/blog/network-team-hackfest-wilmington-watch
[2] http://foundationcenter.org
Hi all:
June felt like a productive month, mostly due to the organizational
processes in place! This was the first month of weekly ticket triages *and*
team meetings, which gave us a better sense of what is going on in the
organization and how to prioritize our work.
This month, we spent a majority of our efforts redesigning the new blog. We
made design changes to update the look and feel of the website, as well as
making some changes to make it easier to read blog posts and comments. The
corresponding tickets are:
https://trac.torproject.org/projects/tor/ticket/22510,
https://trac.torproject.org/projects/tor/ticket/22392,
https://trac.torproject.org/projects/tor/ticket/22395
We also iterated the first design of tor launcher according to Linda's
previous research, and started to schedule content discussions for
torproject.org. We were working on torproject.org stuff pretty centrally
the last couple of months, but we're shifting to prioritize the tor
launcher work since that has funding and a deadline while the torproject.org
effort does not.
Linda also attended Mozilla all-hands and talked with firefox about
uplifting features, and had great discussions with Arthur, Nathan, and
Amogh about what UX work to collaborate on! Exciting.
Cheers,
Linda N. Lee
Current Key: https://pgp.mit.edu/pks/lookup?search=lindanaeunlee
GPG Fingerprint: FA0A C9BE 2881 B347 9F4F C0D7 BE70 F826 5ED2 8FA2