[or-cvs] r21471: {projects} tighten up part of the next section, and give it the full co (projects/articles)

Roger Dingledine arma at torproject.org
Fri Jan 22 06:20:10 UTC 2010 

Author: arma
Date: 2010-01-22 06:20:10 +0000 (Fri, 22 Jan 2010)
New Revision: 21471

Modified:
   projects/articles/circumvention-features.txt
Log:
tighten up part of the next section, and give it the full conclusion
and bio back if we're going to turn this into a policy paper


Modified: projects/articles/circumvention-features.txt
===================================================================
--- projects/articles/circumvention-features.txt	2010-01-22 01:03:28 UTC (rev 21470)
+++ projects/articles/circumvention-features.txt	2010-01-22 06:20:10 UTC (rev 21471)
@@ -11,9 +11,6 @@
 This article lays out ten features you should consider when evaluating
 a circumvention tool. The goal isn't to advocate for any specific tool,
 but to point out what kind of tools are useful for different situations.
-In fact, having a diversity of circumvention tools in wide use increases
-robustness for all the tools, since censors have to tackle every strategy
-at once.
 
 One caveat to start out: I'm an inventor and developer of a tool
 called Tor (torproject.org) that is used both for privacy and for
@@ -123,25 +120,25 @@
 The first step to transparency and reusability of the tool's software and
 design is to distribute the software (not just the client-side software,
 but also the server-side software) under an open source license. Open
-source licenses make sure you can examine the software to see how it
-really operates, and they also mean that you have the right to modify
-the program. Even if not every user takes advantage of this opportunity
-(many people just want to use the tool as-is after all), the fact that
-some users can makes it much more likely that the tool will remain safe
-and useful. Without this option, you are forced to trust that a small
-number of developers have thought of and addressed every possible problem.
+source licenses mean that you can examine the software to see how it
+really operates, and you have the right to modify the program. Even if
+not every user takes advantage of this opportunity (many people just want
+to use the tool as-is), the fact that some users can makes it much more
+likely that the tool will remain safe and useful. Without this option,
+you are forced to trust that a small number of developers have thought
+of and addressed every possible problem.
 
-Just having an open software license is not enough, though. Trustworthy
-circumvention tools need to provide clear complete documentation for other
-security experts -- not just how it's built but what features and goals
-its developers aimed for. Do they intend for it to provide privacy? What
-kind and against what attackers? In what way does it use encryption? Do
-they intend for it to stand up to attacks from censors? What kind
-of attacks do they expect to resist and why will their tool resist
-them? Without both seeing the source code <i>and</i> knowing what the
-developers meant for it to do, it's harder to decide whether there are
-security problems in the tool, or to evaluate how successful it should
-be at its goals.
+Just having an open software license is not enough. Trustworthy
+circumvention tools need to provide clear, complete documentation for
+other security experts -- not just how it's built but what features
+and goals its developers aimed for. Do they intend for it to provide
+privacy? What kind and against what attackers? In what way does it
+use encryption? Do they intend for it to stand up to attacks from
+censors? What kind of attacks do they expect to resist and why will their
+tool resist them? Without seeing the source code <i>and</i> knowing what
+the developers meant for it to do, it's harder to decide whether there
+are security problems in the tool, or to evaluate whether it will reach
+its goals.
 
 In the field of cryptography, Kerckhoffs' principle explains that you
 should design your system so the amount you need to keep secret is as
@@ -153,10 +150,9 @@
 the only groups examining the tool are its original developers and the
 attackers; the wider user and developer community is left out of the loop.
 
-This question gets at another form of sustainability: whether the ideas
-from that project are reusable beyond that project's lifetime. Too many
-circumvention tools these days keep many parts of their design secret,
-in hopes that government censors are hampered from figuring out how the
+Ideas from one project could be reusable beyond that project's
+lifetime. Too many circumvention tools keep their designs secret, hoping
+that government censors will have a harder time figuring out how the
 system works, but the result is that few projects can learn from other
 projects and the field of circumvention development as a whole moves
 forward too slowly.
@@ -369,6 +365,15 @@
 
 Conclusion
 
+This article explains some of the issues you should consider when
+evaluating the strengths and weaknesses of circumvention tools. I've
+intentionally avoided drawing up a table of different tools and scoring
+them on each category. No doubt somebody will do that eventually and
+sum up how many checkmarks each tool gets, but the point here is not
+to find the "best" tool. Having a diversity of circumvention tools in
+wide use increases robustness for all the tools, since censors have to
+tackle every strategy at once.
+
 Last, we should keep in mind that technology won't solve the whole
 problem. After all, firewalls are <i>socially</i> very successful in these
 countries. As long as many people in censored countries are saying "I'm so
@@ -377,3 +382,13 @@
 all of these countries that want to learn and spread information online,
 and a strong technical solution remains a critical piece of the puzzle.
 
+About Roger:
+
+Roger Dingledine is project leader for The Tor Project, a US non-profit
+working on anonymity research and development for such diverse
+organizations as the US Navy, the Electronic Frontier Foundation, and
+Voice of America. In addition to all the hats he wears for Tor, Roger
+organizes academic conferences on anonymity, speaks at a wide variety
+of industry and hacker conferences, and also does tutorials on anonymity
+for national and foreign law enforcement.
+

More information about the tor-commits mailing list