[tor-project] The Tor Project Social Contract

[dawuud]

> Hi David, thanks for this message. I think the points you've raised
> above are *exactly* the kinds of things that social contract should make
> us discuss together. If the SC is who we are/what we want to be, what
> are the ways in which we are currently failing to meet those
> commitments? This is one of the ways I see this document being used.
> 
> Alison

Hi Alison, Yes and I wonder if Tor project would want to publish a different kind of social
contract specifiying software design principals and distributed system design considerations
which are supportive of human rights and privacy. Surely the many years of experience gained from
developing tor has resulted in these types of considerations for distributed systems.

here's an IRTF charter for an interesting research group, "Human Rights Protocol Considerations":
https://datatracker.ietf.org/group/hrpc/charter/

In particular their charter states that:
"""
The research group takes as its starting point the problem statement that
human-rights-enabling characteristics of the Internet might be degraded if they
are not properly defined, described and sufficiently taken into account in
protocol development.
"""

and

"""
As evinced by RFC 1958, the Internet aims to be the global network of networks
that provides unfettered connectivity to all users at all times and for any
content. Open, secure and reliable connectivity is essential for rights such as
freedom of expression and freedom of association. Since the Internet’s objective
of connectivity makes it an enabler of human rights, its architectural design
converges with the human rights framework.
"""

so far they've publish this document:
https://www.ietf.org/id/draft-doria-hrpc-report-01.txt

Among many other things they mention the end to end principal, however i'm also inspired by
the principal of least authority as described in Mark Miller's "The Structure of Authority":
( To me this paper reads like beautiful anarchist literature for software developers.. however
I suspect some non-technologists will also appreciate it )
http://www.erights.org/talks/no-sep/
http://www.erights.org/talks/no-sep/secnotsep.pdf

Inspired by Tahoe-LAFS and the principal of least authority Dominic Tarr wrote a short paper about
cryptographic handshakes which likens identity keys to cryptographic capabilities and
discusses how not to leak them to passive network observers:
https://github.com/dominictarr/secret-handshake-paper

And further I find "User Interaction Design for Secure Systems" by Ka-Ping Yee
https://www2.eecs.berkeley.edu/Pubs/TechRpts/2002/CSD-02-1184.pdf

is also inspiring and relevant since Tor project is also involved and advocating for various
tor friendly user facing applications such as Tor browser, ricochet etc. one of the principals
it mentions is revocation:

"""
Revocability. The interface should allow the user to
easily revoke authorities that the user has granted
wherever revocation is possible.
"""

For instance someone inspired by ricochet might design and implement a similar chat system
with an identity onion revocation mechanism: perhaps Alice would be able to tell all her
contacts except Bob of her new onion service thereby revoking Bob's access to her current
onion.


No SPOFs
No admins

sincerely,

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160731/55a5ec6a/attachment.sig>