- tor-project - lists.torproject.org

Exit probability
by David Goulet 29 Jun '16

29 Jun '16

Hello everyone! A bit of context. Since November 2015, I've setup a Munin server that graphs some Tor network monitoring. You can have a look here: http://ygzf7uqcusp4ayjs.onion/tor-health/tor-health/index.html This email is about one of those graphs which is the Exit probability in the world. The graph has it per-continent. Here is a link to a graph with the full data since the start of my monitoring: http://ygzf7uqcusp4ayjs.onion/static/dynazoom.html?cgiurl_graph=/munin-cgi/… (Fun fact, the "Unknown" one is the IPpredator relay in "Liberia" ;) https://atlas.torproject.org/#details/BC630CBBB518BE7E9F4E09712AB0269E9DC7D… As you can see, Europe has been very dominant but lately it has grown from ~80% to 85% in the last month. While North America is going down from ~15% to 10%. I could do the exercise of graphing the top 10 countries in Europe that we exit but I _bet_ we'll end up with mostly 3 countries, Germany, France and Netherlands. (I might do this experiment actually.) To be honest, this is something that concerns me because this trend is going up for running Exits in Europe. Maybe it's because of attack on Exit relays in US? Maybe Snowden effect of USA == bad? Maybe hosting providers are too expensive in the North America? Maybe tor-servers/nos-oignons are too effective :)? I honestly don't know but that's not healthy in the long run. Of course having more in Africa and South America for starters would be amazing but that's another fight I feel like. Could we think of some outreach we could do maybe a blog post about the importance of location diversity in Exits? That running relays in the US is actually OK? or maybe just the fact that people have to stop using OVH (well OVH has a data center now in Montreal so NA!) or Hetzner or Linode? Or since Europe as a lot of countries thus multiple jurisdictions it's fine to have 85%? (is it really true with EU laws?) There. Thoughts? Cheers! David

3 2

Plan to retire Globe
by Karsten Loesing 29 Jun '16

29 Jun '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello everyone, as the subject says, I suggest that we retire Globe (currently available at https://globe.torproject.org/) The main reason is that Globe is serving a similar purpose as Atlas (available at https://atlas.torproject.org/) which it was forked from several years ago. Neither Atlas nor Globe are actively developed, they only receive critical bug fixes whenever necessary. And thanks, Philipp and Isis, for doing that! So, when deciding which of the two services we should keep, I looked at the number of daily requests to both services, which shows that Globe is used a lot less than Atlas: https://people.torproject.org/~karsten/volatile/atlas-globe-2016-04-01.png The hope is that retiring Globe could make it more likely that new developers start contributing to Atlas. It would also make it easier for us to add new feature to Atlas, because we wouldn't feel bad for not adding them to Globe, too. In any case, we're getting rid of yet one more thing. Here's a suggested timeline for retiring Globe: - By April 30, we create Trac tickets for all features we like in Globe and that are missing in Atlas. These tickets would go in component "Metrics/Atlas" in Trac. If you want to keep something in Atlas that you like in Globe, this is your chance to make that happen! - By May 15, we'll have reviewed those new tickets and decided which of them we should implement before shutting down Globe. We might send a call for help to tor-dev@ to write these patches. - By May 31 (hopefully), we'll have implemented, reviewed, merged, and deployed the missing features in Atlas, and we'll shut down Globe. We should probably add a static web page pointing to Atlas. If it takes longer than this, it takes longer, but let's use this date for now. Maybe nobody will be missing anything from Globe. We'll see. Suggestions welcome, not only if you strongly object! All the best, Karsten -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJXG5afAAoJEC3ESO/4X7XBj/8H/25hssQXL5QuqVbzngTSJ8AF BchTx9l9lAclddyeaug74obAW01+ljO4PZhEZGr12FrTKtlot3PWlQTykkeqCuKh kbVDHgO4U90qSSsVX2aOB9UVlAfvNpk93c5RqdQVwa/1jx6MaMdUM3OFopm9m8ji ceJqizYBrKfL8sI4ksdz84f9u+fwClI2+2H1RMs5PhFG4gIZ/F/ZzVMbkh2ruITC gNl3tWwj46I1CicPQQfYEtaKsA2VckRNo+8N1pfpSKsHBAP6hdGbKQvTkTxRSsrO MFu+kMaF0wkaT58o2IF2FhrQdnq7rns/zAoG+L2ym+7qqEbuaqb/m3wq1jnNp1I= =NDEg -----END PGP SIGNATURE-----

8 17

List moderation or subscriber trimming on tor-talk@
by Griffin Boyce 28 Jun '16

28 Jun '16

tor-talk@ has always been fairly off-topic and subject to overflow from the cypherpunks list, but lately it seems like an endless barrage of filter-evading nonsense. I'm filtering my inbox, but it doesn't seem to help much. I filtered for subject & body content, then people omitted specific names. I filtered out specific senders, then people made new accounts. There seem to be less than ten people who never seem to be on-topic or moving any conversation forward. And indeed, many of these people are behaving the same way on other lists as well. Long-term, these people have been causing exponentially more distraction than any benefit their (rare) good points have made. While it's relatively easy for me to ignore, nearly 300 emails in two weeks would be hard to ignore for anyone who's just now subscribing to the list. And those 288 messages are filled to the brim with the most base tinfoil-hattery. So with all that said, I would like to broach the subject of moderating tor-talk, or perhaps removing those few subscribers who always seem to be off-topic. Understandably, this is a controversial topic, but I think it's critical to bring the list back to its normal functions. best, Griffin -- There are 10 kinds of people in the world: those who understand binary, those who don't, and people who didn't expect a base 3 joke.

6 23

Notes from June 23 2016 Vegas team meeting
by Karsten Loesing 27 Jun '16

27 Jun '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 See this posting for context: https://lists.torproject.org/pipermail/tor-project/2016-April/000223.html Notes for June 23 2016 meeting: Georg: 1) GSoC workload is starting to increase for the Panopticlick project 2) Helped with press related things around the Selfrando paper Karsten: 1) Met with metrics team members in Berlin to talk about the new Mozilla award and to start making some plans. Roger: 0) My next several weeks are going to continue to be messes, logistics-wise. So if there is something concrete that you need from me, please let me know early and often. Sorry in advance. :( 1) We got permission to have spent the rest of our SponsorR Year2 money. That means soon I will need to sit down and map out the Year3 milestones that we will want to use. 2) We wrote a "rebuttal" for the reviews on our NSF-Eindhoven proposal. Things are looking promising but who knows. 3) I helped Shari with a first round of Seattle invite brainstorming. It's with her now, to make some decisions how much travel to fund. Also we should be sure to send the draft invite list to some sufficiently large set of people (tor-internal?) so we can learn about potential problems early. 4) Shari asked me to help move forward the donations platform thing. I need a person who can lead it, because I'm going to flake if it's just me. 5) I'm considering doing a panel the Monday before PETS in exchange for them paying for my flight (yay making money by saving money). Nick: 1) No updates, actually. Mainly doing software, trying to be helpful to Isa and my team, trying to stay focused. 2) Could use some triage help from Isabela, but it's less urgent than all the other stuff Isa is doing. 3) Hoping to discuss many of the things Roger raised above. 4) Never enough hours in the day or days in the month. Kate: 0) My request for good news about Tor work is going well. Had planned to just do blog posts (as media bombs were exploding all around) but will now to try to pitch some of this to journalists. Will also resume newsletter going forward. It was a little difficult to elicit good news from the group. People, don’t be shy! We’re doing so much interesting work! Also, if you are doing a software release, let me know if there are particular features that users (or info sec folks) will think it’s important or useful. I may not be able to figure this out without you :) Good news blog posts: Tone: Fun, interesting, friendly (which is true to these projects!) Karsten —Karsten’s Mozilla award blog post is published - yay! https://blog.torproject.org/blog/tors-innovative-metrics-program-receives-a… GeKo—I interviewed him on Selfrando; https://blog.torproject.org/blog/selfrando-q-and-georg-koppen Serene -Q and A about Snowflake is drafted and I am editing it Nick—Writing a blog post on history of Tor’s cryptography! 1) EFF/Tor Day of Action on Rule 41 (First Tor advocacy campaign ever?) Funny and pointed tweets by flexlibris and Isis to support it :) (loved them both so much) 300,000 Twitter impressions 1,000 retweets We tweeted, participated in EFF's mainstream media (a judicious amount); helped provide quotable quotes, blogged, Facebooked. Helped signal boost the proposed bill “Stop Mass Hacking Act” that would undo changes to Rule 41 Despite intentionally keeping a low profile on mainstream media (as we are a hot potato at the moment), we were quoted in BoingBoing and SC Magazine Listed as a supporter of the campaign in very good Hill article, Christian Science Monitor (also The Register TechTarget, and TechWorm Media was overwhelmingly positive; Twitter response was very positive (so--no backlash against Tor or campaign) The Hill: http://thehill.com/policy/cybersecurity/284278-google-paypal-push-back-on-c… (barely there but in a useful context in a useful article) CSM: http://www.csmonitor.com/World/Passcode/2016/0622/Google-privacy-groups-urg… SC Magazine: http://www.scmagazine.com/justices-caldwell-lauds-rule-41-changes-eff-other… Great working relationship with Rainey; we communicated in real time for two days straight; tried to set this up for tech people but no dice Planning a twitter survey to see if people learned more about Rule 41 during Day of Action (interested in any advice from Isabela) Banner for our website was super tricky—I think EFF expected us to be able to just paste it onto our website, but in the future—we should have a Tor-EFF policy and tech meeting ahead of time to discuss any issues—and especially—be able to communicate in real time with EFF tech people to ask questions. Thanks to Roger and Sebastian, who worked on it. 2) Fenton Communications: Shari, Sue, and I met with them; had a useful discussion with them about crisis communications, realized that we are already on the right track and decided not to use them. Will reserve the right to re-engage with them if all heck breaks loose or looks like it’s going to. :) 3) Funders need to help us resist FBI exploits! That is all. I hope they do. Smart people are working on it. :) Relevant: “As quietly as possible, the government is renewing its assault on your privacy” https://www.theguardian.com/commentisfree/2016/jun/22/government-privacy-fb… Alison: 1) Social contract progress 2) Getting a professional facilitator to help us talk about consent, abuse, etc at Tor-dev 3) OTF proposal for Torservers got another extension Isabela: 1) DRL - visit moved to first week of August (yay) - we (me, shari and sue) are actually going to DC for this audit thing (that is a lot of work on this front for me this month and in July) 2) DRL - next round of proposals August 26! We need to coordinate what we will do, Mobile is definite one but we should try two proposals 3) SIDA - Marcin reached out with a list of things for us to do in the process of submitting a final proposal for them by August 1st 4) Internews - so painful :( trying to get Nima to sign his contract and to invoice us. I need to start gathering the deliverables because it ends next week.. very painful but I think I will survive this project 5) Network team - catch up on 029 state of things and start working on follow ups from our last retrospective and prep our next one (we said mid July) -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJXcOCrAAoJEC3ESO/4X7XB4TsH+gIMjowp+d9jjGUjjwzxhj1m DE3paDnJDSubRCD8iNB7TGc/bSrmcqmV/1VitRFkmoGBVXRNIrzJiXFGFMfmltal DPWx5CGVbqM+pUAARhUAte+kgLC2sKysWJIv+Jywbqlk638pmCAZkah5+qOQCFTj WBvkq7wVBWIWb1vxkSjzfe3cRJI0rmg/NEf6otDC/j25zf58jr/8oh/woyOwmi+z QLSHNXRXy2Wk7IUjo4Htg08DWGwyEh8CWZ4bbsa0+pYS27Ch0bImjVINcBbaQKv/ xa3r8v/8rYTlCrmjOk7d7omfGpEJV6CfK8OgPyFRzPjMHQ8xp8lVhsKnSM9U+DI= =qRhK -----END PGP SIGNATURE-----

1 0

Translation process meeting
by Colin Childs 22 Jun '16

22 Jun '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi everyone, I'd like to try something that we haven't (to the best of my knowledge) done before: I'd like to hold a general "translation process" meeting, and invite members from any of the projects currently hosted on our Transifex to attend. I'd like to learn from you how to make the translation process work better for your individual projects. I'd also like to hear if there are any issues you are encountering that may be solvable either by myself, or by working with the Transifex developers. Below is a Doodle to plan the meeting, all times are UTC: http://doodle.com/poll/9mmzsppm8cdvaeir I hope you all have a nice weekend! - -- Colin Childs Tor Project https://www.torproject.org Twitter: @Phoul -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXW5K3AAoJEJWQHABkmqq5bxgP/R+Iuqq+V5+ZfmJBPeR8NhXi qcX9Mj3i+4c1uDzWmVqh/oj0H0H4FKD6PrFKkavxHw5To7imocvJmdZzbnQqWg9c VQBe3TMDKYNz6OtLGMGulE/LL+CYGWW2WlvM8kUy/+iGxpBk5UjTMo4Co8mZiyXr Ih407VeLL9s3FIJjIunbiZwjBf0JNjXcCSOfB4iSBE5qOltonq1gIj3uYuCbNn0c nKh4uoeTzo05EsL6WgK0Rbh6KK4KdGAJg9A0O0RudcrJKE/wfZfULaQ3v54YOr4L jnLt8iEBrFbaJj8eCaVWqHuIzDRWbEtOvw7swxMdGfOQmJaD1iK4574GzmeBnCJt 8z63Q/6UDxsBaxaceXjReypIg4GdDZZmXNVWFNhbU4tSBqg0hlq10aYYFZGJn5Op m3V1SlLONnktCkzPFOLtctws51uVQPQ8mzMSPxKfIxzWstHC4ppQmi91xDOEYtWQ G+4hX16yvHto0cjbzrcSnGL8JN61bnF4I4yi24p3jwX2cquvd849qJiGG7DAlxQQ 8WK0QOSA73Kv28cNaV24oDipq7UChA79eacZTU1q4gsqp+ukWxrOAlwXowO0XThB 7UmrxAJNEHRZVq98R29vczisSeEwW5AGi7OBIDlF6ZhzO5EzdKX1IebqznQuG1my 84Y+S+rmN4WQbQa8pDYC =/mZx -----END PGP SIGNATURE-----

1 1

Create tor-users and bringt it to live
by Jens Kubieziel 22 Jun '16

22 Jun '16

Hi, following up our discussion about tor-talk and tor-users I created the ticket <URL:https://trac.torproject.org/projects/tor/ticket/19477> as well as the list itself <URL:https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-users>. As a next step I suggest we make an announcement about the existence and purpose of tor-users as well as the planned fading out of tor-talk. IMHO this should then be sent to tor-talk and tor-dev. Could someone of you phrase a nice announcement? Thanks, -- Jens Kubieziel http://www.kubieziel.de There's no point in being grown up if you can't be childish sometimes. -- Dr. Who

1 0

Fwd: Russian bill requires encryption backdoors in all messenger apps
by Kate 22 Jun '16

22 Jun '16

FYI-- -------- Forwarded Message -------- Subject: Russian bill requires encryption backdoors in all messenger apps Date: Tue, 21 Jun 2016 15:59:16 -0400 From: Nathan White <nathan(a)accessnow.org> Russian bill requires encryption backdoors in all messenger apps By Patrick Howell O'Neill <http://www.dailydot.com/authors/patrick-howell-oneill/> Backdoors into encrypted communications may soon be mandatory in Russia <http://dailydot.com/tags/russia>. A new bill in the Russian Duma, the country's lower legislative house, proposes to make cryptographic backdoors mandatory in all messaging apps in the country so the Federal Security Service—the successor to the KGB—can obtain special access to all communications within the country. Apps like WhatsApp <http://www.dailydot.com/tags/whatsapp>, Viber <http://www.dailydot.com/tags/viber>, and Telegram <http://www.dailydot.com/tags/telegram>, all of which offer varying levels of encrypted security for messages, are specifically targeted in the "anti-terrorism" bill, according to Russian-language media <http://www.currenttime.tv/a/27809255.html>. Fines for offending companies could reach 1 million rubles or about $15,000. The new Russian legislation, which has already been approved by the Committee on Security, is just the latest such flare up in a global debate over encryption <http://dailydot.com/tags/encryption/> that earned a bright spotlight in the U.S. earlier this year, particularly after the San Bernardino terrorist attack <http://www.dailydot.com/tags/san-bernardino-shooting/> led the FBI <http://dailydot.com/tags/fbi>to pl <http://www.dailydot.com/politics/fbi-san-bernardino-iphone-exploit-no-vulne…>ead for access to one of the shooter's encrypted iPhones <http://www.dailydot.com/politics/fbi-san-bernardino-iphone-exploit-no-vulne…> . Russian Senator Yelena Mizulina argued that the new bill ought to become law because, she said, teens are brainwashed in closed groups on the internet to murder police officers, a practice protected by encryption. Mizulina then went further. "Maybe we should revisit the idea of pre-filtering [messages]," she said. "We cannot look silently on this." Encryption uses advanced mathematics to protect data so that even the world's most powerful computers cannot unlock data they are not meant to have access to. The technology is used in various ways to protect everything from credit card transactions on the internet to your emails and internet traffic. Government focus on encryption intensified in recent months after Apple <http://www.dailydot.com/tags/apple> andGoogle <http://www.dailydot.com/tags/google> offered encryption options on their smartphones. WhatsApp, with over 1 billion users around the world, offers encryption on messaging. The technology is seen as a fundamental cornerstone of cybersecurity <http://dailydot.com/tags/cybersecurity/>, such that if a business is not using encryption to protect sensitive data, it's often deemed irresponsible by experts. But just as encryption keeps out crooks, it keeps out governments, law enforcement, and intelligence agency spying. That's led to high-level debates around the globe about the rising popularity of encryption. While government authorities around the world argue in favor of special access backdoors, a vast consensus of technologists argue such backdoors will undermine cybersecurity and create an internet more dangerous and volatile than ever before. --

1 0

Tomorrow: EFF/Tor Worldwide Day of Action to stop changes to Rule 41
by Kate 21 Jun '16

21 Jun '16

Hi, The EFF/Tor Worldwide Day of Action to stop the Rule 41 changes is happening tomorrow; already many people can view the banner on the Tor website and click through. Basically, these changes (which EFF calls "catastrophic") will let judges allow the Department of Justice (and FBI) to legally hack computers using Tor all over the world by obtaining a search warrant--starting December 1, 2016. The search warrants allowable under these rule changes are very broad and could affect thousands of innocent Tor users. The purpose of this Day of Action is to educate people and mobilize them to act--either by signing a petition or contacting Congress (you can do one of these from the banner on the Tor website). Then, members of US Congress will use that public pressure to try to pass the #SMHAct, which would undo these rule changes. It is an uphill battle. Please tweet and retweet about this situation--all day if you can. Email your lists. Alison got us started: https://twitter.com/flexlibris/status/744301855614787584 And I quote: HI IF YOU USE TOR OR A VPN RULE 41 WOULD GIVE THE DOJ EXPANSIVE POWERS TO HACK YOUR SHIT NO MATTER WHERE YOU LIVE That is the gist. Please spread the word. Cheers, Katie ps: The US Department of Justice has jurisdiction over immigrants, native americans, and many different groups and projects: https://www.justice.gov/agencies --I am trying to find out whether these Rule 41 changes might impact any of these groups. pps: For more policy information about this bill, see https://cdt.org/insight/issue-brief-proposed-changes-to-rule-41/ (but remember the changes are no longer proposed and will happen automatically unless Congress passes SMHAct) or https://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-propos…

3 2

Notes from June 16 2016 Vegas team meeting
by Karsten Loesing 21 Jun '16

21 Jun '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 See this posting for context: https://lists.torproject.org/pipermail/tor-project/2016-April/000223.html Notes for June 16 2016 meeting: Georg: 1) Slowly working on SponsorU items (https://trac.torproject.org/projects/tor/query?status=!closed&sponsor=Spons…) 2) Tor Browser 6.x issues kept us busy (above all: https://bugs.torproject.org/19400 and related items) Alison: 1) I've done pretty much nothing this week except deal with the Jake situation, which I move to stop calling the Jake situation and call the "community truth and reconciliation" or something like that. 2) I've started collecting a lot of resources on transformative justice and talking to people who understand how to work through things like this. I suggest that we hire a professional to help us work through these things at Tor dev. 3) This week I'll get back to work on all the things that this situation has caused me to neglect: community docs, SIDA and OTF proposals, community team work, support team stuff, and so on. 4) Library Freedom Project is going great though! Kate: 1) Rule 41: Campaign: We are partnering with EFF to launch a campaign to support a law that would 2) Kate: Lots of time spent strategizing around the media regarding the Jake Situation. 3) Working to promote good news about Tor: Working on blog posts with Serene and others. Really interesting! Shari: 1) Lots of time spent talking with our lawyer, helping the investigator, checking in with people with stories, explaining things to our funders, talking with others. Will be looking next week to ways to move things forward and start rebuilding trust and safety in the organization. 2) Met all week with Roger, Isa, Sue Abt and Cass to map our grants and figure out how to keep better track of them where lots of us know all of the things, as opposed to the current situation where many of us know some of the things. 3) Getting ready for DRL site visit on June 27-28. 4) In San Francisco for three days next week: meeting face-to-face with lawyer, hopefully meeting with Alison, ED Club meeting, and some EFF stuff, including an EFF board meeting. Nick: 1) Working on triage 2) Sponsor allocation email that Roger sent. Isabela: 1) Worked in Seattle with Shari, Sue and Roger 2) Now in Detroit - plan to work with Nick on triage today and tomorrow 3) Plan on be between this conference and work till Monday when I fly back to SF -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJXaOfgAAoJEC3ESO/4X7XBUkIH/0cC2Eu1vMx8lesbCCvsjQGy rtnulJW3tFLtmIAcfW7zvInHSAJ3xAEBcWmQ/kKmIWZFO1JoJpTMf2A7/lz4eXHw zQsNC9ODW3qwxqOgdPX9OvPqwXrhZtzANE+zvoCG0f9dcKOctX4d04xTDiFIDisF wg1Sjwi2cn0aPODkn8djvr0WCNUOdWoHXfFxwfsbE02ZANA4vJDYCDnDkewW6JjB oOBJxH0e7R5e+7uJhWfCa5NJE48EH76YDPBVns4dF7G/Ck/U/mIBQ+fKkwwP/ZYa VeLnu4cC7xmc1JRLvfJvx3czmX6b/BHj+MQUWlcdz+wUfvp9/UMC40UoyV5G68w= =VBwO -----END PGP SIGNATURE-----

1 0

regarding tor relay shirts
by Jon Selon 13 Jun '16

13 Jun '16

Hey all! Shari forwarded me the string of emails concerning the tor relay shirts. I would love to take this project on. We do have a small surplus of the relay shirts here at the Seattle office, so if someone could just point me in the right direction I will knock all this out. Where is this list of requests? Is this something I need to subscribe to? Let me know and I'll get this done. Any information you could provide would be greatly appreciated. Thanks, Jon Selon Admin Assist

1 0