[tor-reports] Roger's March 2014

Roger Dingledine arma at mit.edu
Thu Apr 10 08:28:00 UTC 2014 

In addition to the items listed in:
https://lists.torproject.org/pipermail/tor-reports/2014-April/000506.html

- Attended Financial Crypto along with Nick Hopper, and talked to many
professors and grad students about Tor. One research topic that stuck out
was doing a broad survey of how websites treat Tor exit relay IP addresses
differently -- and the best place for performing such a study would be
to scan the Internet from a network that runs a fast exit already. This
would be a great project for e.g. Michigan to do.

- Helped write an NSF preliminary funding proposal, in collaboration
with Drexel, Stanford, Rice, and UW. We will learn over the summer
whether they have approved us to write a real proposal, which will be
due in Decemberish.

- Wrote a pitch to EFF to try to convince them to fund a
technologist/activist to a) make a list of all the websites in the world
that block Tor users or otherwise give them special treatment, then b)
make a list of all the techniques that researchers have come up with for
handling abuse without resorting to blocking by network address, then c)
start working with each website from part 'a' to make them solve their
problems without resorting to blanket blocking. I ran out of time to
keep moving it forward, but it's very important to me so hopefully I'll
keep at that and publish it more widely soon.

- Agreed to be on the FOCI 2014 program committee:
https://www.usenix.org/conference/foci14/call-for-papers

- Helped work on a Darpa proposal to instrument relays to collect
aggregate hidden service statistics, so we can add another section to the
Tor Metrics Portal and begin to understand how many hidden services are
running, what fraction of overall Tor traffic relates to hidden services,
etc. More details in April.

- Helped Karen, Jake, George, and others make progress on a storyboard
and draft ideas for a video explaining pluggable transports. We'll use
this video at an open house for one of our funders, but if we're smart
we'll make it with a broader audience in mind.

- Had a phone call with our Darpa program manager to discuss how to help
transition other projects they're funding into being useful and used by
Tor. It's tough to turn research code into production software, but I'm
optimistic that some of the ideas, like decoy routing, might one day be
a useful tool in the toolbox.

- Doubled the size of the core people page, to reflect the growth of
our community over the past year:
https://www.torproject.org/about/corepeople
I still need to clean it up a lot but no time yet.

- Helped push the fake tor browser out of the apple store:
https://trac.torproject.org/projects/tor/ticket/10549

- Sent mail to a bunch of Tor 0.2.2.x relay operators letting them know
that we have dropped Tor 0.2.2.x relays from the network.
https://trac.torproject.org/projects/tor/ticket/11149

- Arturo and I participated in a planning meeting for the RFA-funded audit
that Least Authority will do of OONI soon. One of the main focuses of the
audit is to assure M-Lab that it's ok to deploy our most trivial test
("fetch a known website and then upload the http headers that you see,
in case any got modified/added"), and get that to actually happen. LA has
two contracts with RFA -- one for an audit and one to help with "release
engineering". I've encouraged them during the audit phase to keep an
eye out for things they think they could be most useful on, whether
it's architecture changes or packaging or refactoring or etc. Then we
can have a better idea on how best to use them for the second contract.

----------------------------------------------------------------------

Some items to expect in April:

- Visit Berkeley the first week of April, do two talks and other meetings
for researchers working on pluggable transports.

- Deal with the OpenSSL vulnerability and fall-out:
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

- Do a Tor talk at George Mason:
http://today.gmu.edu/64330/

- Attend an FBI conference to make sure we keep up relationships
there and also to see if we can use them for anything further.

- Review another dozen Usenix Security papers:
https://www.usenix.org/conference/usenixsecurity14

- Be on a panel at an NSF "the future of science" workshop in DC, which
in particular wants me to be there to talk to people about surveillance,
how the NSA leaks impact Tor, and why it would be useful for them to
fund continued research on this topic.

--Roger

More information about the tor-reports mailing list