[tor-reports] Roger's status report, November 2013

Wed Dec 4 00:45:30 UTC 2013

Six things I did in November 2013:

1) Wrote a 2014 budget. Several of our current contracts ended in 2013,
so unless we can replace them we're going to be shifting back into the
more familiar "some funded people and many volunteers" model from a few
years back.

I updated the sponsors page to be more accurate into the future:
https://www.torproject.org/about/sponsors

We've also been pondering lately how to do a fundraising or donations
drive, to help move us off our reliance on government funders. What
we're missing most actually is support for maintenance and development
of the program called "tor", since it's the core of so many components
but funders always prefer to support shiny new things.

2) Attended WPES / CCS:
http://wpes2013.di.unimi.it/program
http://www.sigsac.org/ccs/CCS2013/program/agenda/index.html
which provided 11 new Tor-related papers on anonbib, starting at
http://freehaven.net/anonbib/#wpes13-hide
I had a lot of good conversations about website fingerprinting,
correlation attacks, performance improvements, traffic transformations
for DPI-resistance, and other research topics that people are working on.

3) Attended the PI meeting for SponsorF. Here are the slides I used to
update them on the past six months of our work there:
http://freehaven.net/~arma/slides-nov13.pdf

4) Released 0.2.4.18-rc:
https://lists.torproject.org/pipermail/tor-talk/2013-November/031110.html

5) Helped more journalists understand Tor, e.g.
http://www.tomsguide.com/us/what-is-tor-faq,news-17754.html
http://www.technologyreview.com/news/520141/anonymity-network-tor-needs-a-tune-up-to-protect-users-from-surveillance/
Also encouraged folks to start gathering press articles:
https://trac.torproject.org/projects/tor/ticket/10182
https://trac.torproject.org/projects/tor/wiki/TorArticles
I'd love some help sorting through the new articles, and moving the best
ones onto the Tor press page:
https://www.torproject.org/press/press

6) Attended an FBI meeting, as part of my work to try to keep Tor on
good relations with US law enforcement. See
https://blog.torproject.org/blog/trip-report-october-fbi-conference
for an earlier example and
https://blog.torproject.org/category/tags/law-enforcement
for the broader topic.

I talked to a DEA person who repeated the "we busted the silk road guy
using good old-fashioned police work" line. I guess that doesn't resolve
any conspiracy theories if you already believe the conspiracy theories.

I also talked to a lawyer from the Department of Justice who had been
involved in the Freedom Hosting case. It's increasingly clear that I
should go do another talk for DoJ to help reinforce what Tor is and why
its existence benefits the world.

I brought up the phrase "parallel construction" over and over in my
discussions with FBI people. They were adamant that they don't get
tips from NSA's illegal surveillance program (which led to statements
from me like "Ok, so how much am I oversimplifying by concluding that
either you're lying to me, or they're lying to you?") I need to get
a better understanding of how their cases work, since there seems to
be an extremely subtle distinction in their minds between "we got an
anonymous tip, so we set about getting evidence that is admissible in
court" (apparently standard practice) and "we got a tip from a source
that some people say uses methods that violate the constitution, so
we set about getting evidence that is admissible in court" (which many
Americans are rightly upset about).

-------------------------------------------------------------------------

Two smaller things I did in November 2013:

7) Participated in a libtech thread about how Lantern and uProxy would
benefit from positioning themselves as Tor pluggable transports:
https://mailman.stanford.edu/pipermail/liberationtech/2013-October/011942.html
https://mailman.stanford.edu/pipermail/liberationtech/2013-October/011971.html

8) Declined my invite to the Annual Privacy Forum program committee,
since it's not open access. Declined to be an external reviewer for CHI
2014 since it's not open access. I am now pondering accepting my invite
to the 2014 Usenix Security PC -- they're open access (yay) but it'll
be a lot of work (boo).

-------------------------------------------------------------------------

Upcoming plans:

1) Dec 4, teach a class at Princeton / meet with professors there.

2) Dec 9, finish my reviews for FC:
http://fc14.ifca.ai/

3) Dec 10-13, meet with RFA, DRL, and other funders in DC to teach them
about everything Tor does. (There's been enough turnover since my last
trip that I think a lot of them have lost track of the big picture.)

4) Write up our list of proposed deliverables for SponsorF Year4.

5) Finish our release blurb for 0.2.4.19 and call it stable.
https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.4:/ReleaseNotes

6) Finish 0.2.5.2-alpha.

7) Dec 28, do a 30c3 talk in the big room with Jake to summarize and
explain all the surveillance-related and conspiracy-related Tor issues
from 2013:
https://events.ccc.de/congress/2013/Fahrplan/events/5423.html

8) Jan 14, do a talk for the NSF WATCH program to teach NSF directors
about the state of Tor research:
http://www.nsf.gov/cise/cns/watch/

9) Jan 16-17, meet with Georgia Tech and M-Lab to move our NSF grant
(both censorship measurement and censorship-resistance) forward.

10) Feb 3-5, go to Cambridge MA to meet with other groups that DRL
is funding.

--Roger