[tor-reports] Roger's status report, Sept 2012
Roger Dingledine
arma at mit.edu
Sun Dec 2 09:19:05 UTC 2012
I've let my status reports lapse while focusing on getting "real" work
done. Here's a start at getting back on track.
- Karen and I attended a conference at the German Foreign Office to help
them decide what role Germany and the EU should have at regulating the
sale of censorship and surveillance tools to dictators:
http://internethumanrights.org/ihrberlin2012/
Highlights:
- I liked Eric King (from Privacy International)'s suggestion that
when companies are submitting their tools for export evaluation,
they should be required to submit their brochures too. Some of these
companies are just shameless in terms of how they pitch their tool
in terms of number of bloggers you can round up per unit time. I'm
convinced that controlling "the worst of the worst" in terms of how
they can present their product will influence how these products
spread.
- That said, these were all (foreign) policy experts, not technologists.
They all seemed to take it for granted that you could draw a line
between "bad" products and acceptable / dual-use products. I tried
to hold back from saying "every time you people try to come up with
legal phrasings about what technologies are ok, you end up putting
tools like mine on the wrong side of the line." In retrospect,
I should have said it more loudly.
- They were really proud to have Tor representatives there. Having us
there let them show the world that they had "real technologists"
at their meeting. There were several cases where the whole breakout
session turned to me and wanted to know what Tor thought about the
given question.
- I met a nice man who worked for a telco/DPI company that deploys
its products in the Middle East. He raised a compelling argument:
"Look, you folks are the ones that mandated backdoors in the telco
equipment we produce, using the term 'lawful intercept'. And
now you're surprised and upset when bad people use these same
backdoors? You made us build it that way!" It certainly is easier for
officials in countries like Germany to think of the world as divided
between "good" places and "bad" places, but it sure isn't that simple.
- I went to Dagstuhl after that:
http://www.dagstuhl.de/no_cache/en/program/calendar/semhp/?semnr=12381
I did a talk on the last day about the state of attacks on anonymous
communications systems. I found myself in the curious position of
preparing a talk for serious crypto people, to try to give them
some research topics they can grapple with, and then having a few of
them derail the conversation by arguing that deployment and incentive
questions are the most pressing problems Tor sees, not anonymity research
questions. I think that's probably true, but it doesn't mean that crypto
people are the right ones to tackle those questions. I'm increasingly
pessimistic that the 'serious crypto people' have much to offer real-world
security research.
I had some good chats with other anonymity researchers at Dagstuhl,
including a start on a more scaleable design to hide presence information
for hidden-service chat; and helping George Danezis work through the
tradeoffs in how Tor chooses its paths, and how Tor chooses what circuit
to put a stream on, so he can better analyze Tor's anonymity.
- After that I did a Tor talk for Srdjan Capkun's group at ETH Zurich.
It went very well -- we had a full crowd, and afterwards everybody was
fired up to talk about Tor. The security people at ETH are really sharp
and focused -- I was impressed (and having done a lot of talks at a lot
of universities lately, I don't say that lightly).
- While in Zurich I met with Bernd Fix, board member for the Wau Holland
Foundation. I'd like to sign them up to be our partner in Europe for
disbursing Tor exit relay funding. Progress continues. I also hope we'll
find some partners in the US who can do the same.
- Released Tor 0.2.3.21-rc:
https://lists.torproject.org/pipermail/tor-talk/2012-September/025434.html
- Released Tor 0.2.4.1-alpha:
https://lists.torproject.org/pipermail/tor-talk/2012-September/025436.html
- Released Tor 0.2.4.2-alpha:
https://lists.torproject.org/pipermail/tor-talk/2012-September/025476.html
- Released Tor 0.2.3.22-rc:
https://lists.torproject.org/pipermail/tor-talk/2012-September/025501.html
- Released Tor 0.2.2.29:
https://lists.torproject.org/pipermail/tor-announce/2012-September/000087.html
- Released Tor 0.2.4.3-alpha:
https://lists.torproject.org/pipermail/tor-talk/2012-September/025637.html
- Talked to Collin Anderson about his tech report about Iran's "national
internet" plans. Check out his resulting document:
http://arxiv.org/abs/1209.6398
- Met with SponsorF plus a bunch of other researchers funded under the
same program, to discuss the impact of increased Tor network capacity
on our torperf graphs. I think the meeting happened because the program
manager saw this graph:
https://metrics.torproject.org/performance.html?graph=torperf&start=2012-08-15&end=2012-09-03&source=all&filesize=50kb#torperf
along with
the green lines on
https://metrics.torproject.org/network.html?graph=bandwidth-flags&start=2012-08-15&end=2012-09-03#bandwidth-flags
and concluded that more capacity was hurting rather than helping. The bigger
picture looks like this though:
https://metrics.torproject.org/performance.html?graph=torperf&start=2012-08-15&end=2012-09-15&source=all&filesize=50kb#torperf
showing that the brief spike was just a temporary thing. In fact, the
torperf spike happened at that point because the Tor network was having
overload issues due to some load balancing hiccups. I turned the meeting
around to discuss the various Tor performance improvements I've been
looking at:
https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/Performance
More information about the tor-reports
mailing list