[tor-project] The Tor Project Social Contract

Alison macrina at riseup.net
Tue Aug 2 00:47:00 UTC 2016

Hi David,

I think this is a compelling idea and I love that you've given so many
examples of research on human rights-focused design considerations. That
said, one of the trickiest parts of the social contract was not
overpromising or contradicting ourselves when it comes to design since
sometimes we need to use or build tools that do not meet the
requirements you outlined below -- tools for detecting bad relays came
up in that previous conversation a bunch, just as one example. I think
there could be a lot of value in a "design standards" document, but I
think there should definitely be clarification in "things we use" vs
"things we build" and also "things we need internally" vs "binaries we
release to the public".


>> Hi David, thanks for this message. I think the points you've raised
>> above are *exactly* the kinds of things that social contract should make
>> us discuss together. If the SC is who we are/what we want to be, what
>> are the ways in which we are currently failing to meet those
>> commitments? This is one of the ways I see this document being used.
>> Alison
> Hi Alison, Yes and I wonder if Tor project would want to publish a different kind of social
> contract specifiying software design principals and distributed system design considerations
> which are supportive of human rights and privacy. Surely the many years of experience gained from
> developing tor has resulted in these types of considerations for distributed systems.
> here's an IRTF charter for an interesting research group, "Human Rights Protocol Considerations":
> https://datatracker.ietf.org/group/hrpc/charter/
> In particular their charter states that:
> """
> The research group takes as its starting point the problem statement that
> human-rights-enabling characteristics of the Internet might be degraded if they
> are not properly defined, described and sufficiently taken into account in
> protocol development.
> """
> and
> """
> As evinced by RFC 1958, the Internet aims to be the global network of networks
> that provides unfettered connectivity to all users at all times and for any
> content. Open, secure and reliable connectivity is essential for rights such as
> freedom of expression and freedom of association. Since the Internet’s objective
> of connectivity makes it an enabler of human rights, its architectural design
> converges with the human rights framework.
> """
> so far they've publish this document:
> https://www.ietf.org/id/draft-doria-hrpc-report-01.txt
> Among many other things they mention the end to end principal, however i'm also inspired by
> the principal of least authority as described in Mark Miller's "The Structure of Authority":
> ( To me this paper reads like beautiful anarchist literature for software developers.. however
> I suspect some non-technologists will also appreciate it )
> http://www.erights.org/talks/no-sep/
> http://www.erights.org/talks/no-sep/secnotsep.pdf
> Inspired by Tahoe-LAFS and the principal of least authority Dominic Tarr wrote a short paper about
> cryptographic handshakes which likens identity keys to cryptographic capabilities and
> discusses how not to leak them to passive network observers:
> https://github.com/dominictarr/secret-handshake-paper
> And further I find "User Interaction Design for Secure Systems" by Ka-Ping Yee
> https://www2.eecs.berkeley.edu/Pubs/TechRpts/2002/CSD-02-1184.pdf
> is also inspiring and relevant since Tor project is also involved and advocating for various
> tor friendly user facing applications such as Tor browser, ricochet etc. one of the principals
> it mentions is revocation:
> """
> Revocability. The interface should allow the user to
> easily revoke authorities that the user has granted
> wherever revocation is possible.
> """
> For instance someone inspired by ricochet might design and implement a similar chat system
> with an identity onion revocation mechanism: perhaps Alice would be able to tell all her
> contacts except Bob of her new onion service thereby revoking Bob's access to her current
> onion.
> No SPOFs
> No admins
> sincerely,
> David
> _______________________________________________
> tor-project mailing list
> tor-project at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

More information about the tor-project mailing list