[tor-reports] Trip report from Libre Software Meeting 2014 in Montpellier, France
Lunar
lunar at torproject.org
Wed Jul 16 18:20:28 UTC 2014
Hi!
Right at the close of the 2014 summer dev. meeting [1], I jumped in a
train in direction of Montpellier to attend the 15th Libre Software
Meeting [2]. Libre Software Meeting is the biggest free software event
for the French community.
[1]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting
[2]: https://2014.rmll.info/?lang=en
The Tor / Nos Oignons booth
---------------------------
Like last year [3], it started with two days of tents and booths [4]
really close to the central Place de la Comédie. More than 60 different
projects or organizations were represented [5].
Most of the tents [6] stayed up for the two days, despite the strong
wind. No rain until Sunday evening, where we quickly packed. Saturday
was well attended [7] and there was hardly two minutes without someone
asking questions [8]. Sunday got a little less visitors [9] but it was
still very successful.
[3]: https://lists.torproject.org/pipermail/tor-reports/2013-July/000292.html
[4]: https://2014.rmll.info/Lieux?lang=en
[5]: https://2014.rmll.info/Participants?lang=en
[6]: https://twitter.com/Bookynette/status/485667519655849984/photo/1
[7]: https://twitter.com/rmll2014/status/485440941021745152/photo/1
[8]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J1/SDC10140
There’s 5 people in front of the booth in that picture.
[9]: https://twitter.com/ackrst/status/485719865148571648/photo/1
We had a joint booth [10] for Tor and Nos Oignons [11]. I had printed a
A1 green on black poster with the “root design” logo that was hung on
the outside of the tent. We also had a smaller sign with the Nos Oignons
logo hanging on the other side.
On the table, we had flyers about Nos Oignons [12] (but we quickly ran
out of French ones), stickers (but not enough Tor ones), and A2
posters [13].
There was also a A1 version of the poster on the table [14]. Together
with the flyer, they offered great visual support to explain what Tor was
and what it did. Most often I would start my explanations with what Tor
protected and move on to relays and onion crypto only if the person was
curious for more details. But in any case, even if it was quite
overwhelming for people passing by, the EFF visual helped clear out what
was protected and what was not [15].
[10]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J2/SDC10171
[11]: https://nos-oignons.net/%C3%80_propos/index.en.html
[12]: https://nos-oignons.net/Diffusez/nos-oignons-flyer-grand-public-201306-en.pdf
[13]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J2/SDC10169
[14]: https://nos-oignons.net/Actualit%C3%A9s/20140623_rapports_affiches_et_conferences/600x-affiches-tor-et-https-03.jpg
[15]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J2/SDC10170
From Monday to Friday, talks were happening at one of the city
university, and booths were inside a big tent [16] in front of it. We
quickly put up the posters up again [17] and went answering
questions [18]. There was far fewer visitors who didn’t knew about free
software or Tor. Discussions were often more technical.
[16]: https://twitter.com/guerdal82/status/486763651442180096/photo/1
[17]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J5/SDC10266
[18]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J6/SDC10353-951885625
It was great to be with other Nos Oignons’ volunteers: nicoo, aeris, Lu,
opi, mathieui, syl. There was always someone to hold the booth and it
didn’t feel like a burden to be there. nicoo cooked us great vegan onion
pies [19] every other day.
Around 170 posters were given out in a single week. Nos Oignons made
around 600€ in donations.
[19]: http://www.fdn.fr/~fsirjean/nos-oignons/DSCN6916.JPG
Many long time free software users have experience with Tor that is 3-4
years old. They still have in mind that Tor is slow and that it’s
complicated to setup. Thankfully, by the end of the week, several of
them took another look and had positive feedback (except for the website
not being translated).
One French operator explained that he had been raided and summoned by
the police several times (but without follow-ups). They now reject every
IP addresses known to be in France on their exit.
What we might have missed on the booth: more hardware to demonstrate the
Tor Browser and Tails (but then the network was not always available).
Interviews and talk
-------------------
In June, I was asked a couple questions by the security track organizers
who had invited me to give a talk about Tor. The interview [20] was
relayed a little bit on Twitter and other forums.
[20]: https://2014.rmll.info/+Interview-de-Lunar-Defis-passes-et+?lang=en
People from Radio Campus Montpellier had set up a radio for the
event [21]. We did a 25 minutes interview [22]. Thanks to Marie-Odile,
there’s even a transcript (in French) [23].
[21]: http://www.radiocampus.be/wp-content/uploads/2014/07/20140709_160956-1024x576.jpg
[22]: http://radio2014.rmll.info/e/2014/ep/reseau-tor
[23]: https://wiki.april.org/w/R%C3%A9seau_Tor_-_Interview_de_Lunar_-_Radio_RMLL_2014
With the dev. meeting right behind, and all that happening, I did not
had enough time to prepare a formal talk for Tuesday [24]. So instead
of doing slides, I collected many references on various past and present
Tor challenges, sticked them in an Etherpad [25], did a quick 5 minutes
introduction and opened for Q&A. The talk was in French, as there is
already a good amount of material in English, and nothing I would say is
not already written elsewhere. This was a good opportunity to have a
conversation [26] within the French free software community.
It lasted 40 minutes. Questions were: does Tor needs organizations like
Nos Oignons? Do you advise against running a relay at home? What about
this upcoming BlackHat talk which claims that you can deanonymize users
for cheap? Can you explain how people have been able to make a list of
hidden services? What do you think of distributions like Tails or
Liberté Linux? How about Tor on Android? What should I do to use another
browser than the Tor Browser [27]? Mozilla does security releases of
Firefox very often, how long do I stay vulnerable with the Tor Browser?
Would it be possible to detect on entry nodes that the browser used is
too bad? Why did you told me that using Tor and a VPN was a bad idea?
What do I need to run exit nodes? In the Tor project, if someone wants
to contribute, who decides, who reviews? Is there a formal process to
become a member of the Tor Project? What kind I do with my existing
server to help you without getting harmed in the process? Is it
interesting to create other organizations like Nos Oignons?
The talk has been recorded on video [28]. The room was full [29]
(90 attendees for 80 seats) being held concurrently with Richard
Stallman’s [30]. I had good feedback both from the audience and from
the security track organizers.
[24]: https://2014.rmll.info/conference311?lang=en
[25]: https://pad.riseup.net/p/lsm2014-tor/50/export/txt
[26]: http://blog.rootshell.be/wp-content/uploads/2014/07/IMG_4014.jpg
[27]: https://twitter.com/xme/status/486507392944066560
[28]: http://videos-cdn.rmll.info/videos2014/ubicast/31-sc002-defis-passes-et-futurs-pour-tor_e7bf/
[29]: https://twitter.com/phil_alex/status/486500898500521984/photo/1
[30]: https://twitter.com/xme/status/486500822801719297
I had an extra question from a system administrator right after the talk
who asked me about how they should handle traffic from Tor from a
network point of view. They looked worried mostly about DoS attacks, so
I suggested looking at adaptive rate limiting of all Tor exit nodes.
Virginie Galindo [31] and Xavier Mertens [32] blogged about the talk
and others from the security track.
[31]: http://poulpita.com/2014/07/16/rmll2014-free-software-all-in-one-place/
[32]: http://blog.rootshell.be/2014/07/09/rmll-2014-security-track-wrap-up/
Contacts
--------
A supporter of Emmabuntüs [33] wanted me to discuss how to include the
Tor Browser directly in the distribution. I did not pursue this as I was
already tired and I believe this would again be blocked by #3994 [34]
which I have mostly given up for now.
[33]: http://www.emmabuntus.org/
[34]: https://bugs.torproject.org/3994
I went to the Fedora booth [35] to ask if they know about any progress
on getting reproducible builds since last year blog post [36] but they
were not aware of anyone working on this in the project.
[35]: http://fedora-fr.org/
[36]: http://securityblog.redhat.com/2013/09/18/reproducible-builds-for-fedora/
Liberté 0 [37] is an awesome group of people working on accessibility
in free software. I believe we could ask them to have a try at the Tor
Browser and the future Tor Messenger to get feedback on how usable our
tools are for people using screen readers, for example.
[37]: http://wiki.liberte0.org/
We discussed support for XMPP servers behind Tor hidden services with
developers of Salut à Toi [38] — a versatile XMPP client that does chat,
microblogging, file sharing and many other things. We agreed that Tor
hidden services were a nice way to simplify self-hosting. But they were
cautious and wanted to review what kind of sensitive data they could
leak before hooking the software with Tor. Great!
[38]: http://www.salut-a-toi.org/
“YunoHost [39] is a server operating system aiming to make self-hosting
accessible to everyone.” We discussed integrating the configuration of
Tor hidden services into their interface. Maybe they will need
#1922 [40] before that can be done nicely. Once again, I stressed that
Tor can make the “how to configure my router” step optional. We also
discussed how feasible it would be to enable YunoHost to securily host
hidden services (remove as much fingerprinting as possible through
network isolation, filesystem isolation, clock on UTC, etc.). It looked
doable but non-trivial. One developper is also involved in Nos Oignons,
so in any cases, it helps communication. :)
[39]: https://yunohost.org/
[40]: https://bugs.torproject.org/1922
I had interesting discussions with the people from the “Serveur Libre”
project [41] which is a local hosting provider, self-managed in a
horizontal manner, with strong focus on protecting users’ privacy as
much as possible. Unencrypted emails are rejected at the SMTP
level [42], using Tor is mandatory to access some services [43], and
root access is only available through a collective process [44] — using
PAM for meetings changes and a submission/validation system for
day-to-day operations. The crazy part is that they have a running
TorBEL instance [45]. I was surprised that the code was working for
them. They are chasing a bad memory leak, though.
[41]: https://wiki.serveurlibre.net/
[42]: https://hg.serveurlibre.net/sldev/file/71011e5b086b/cryptomailfilter/README
[43]: https://wiki.serveurlibre.net/D%c3%a9veloppement/DropNoTor
[44]: https://wiki.serveurlibre.net/D%c3%a9veloppement/CollectiveSysadmin
[45]: https://hg.serveurlibre.net/sldev/file/71011e5b086b/torbel/install.sh
I also had quick discussions with several free software and Linux user
groups on organizing talks about Tor. We’ll see about follow-ups in the
next months. In my mind, this would less be about presenting Tor to
people than giving material on how to talk about Tor to the rest of the
world.
Misc.
-----
The main conference organizers did quite wrong in letting some people
set up hidden video cameras [46] in several places to create
“timelapse” movies. After being called out on this, they agreed it was a
bad idea. The video material has been erased. Hopefully before someone
else got hold of it.
[46]: https://ldn-fai.net/rmll-2014-surveillance-video-de-la-foule-a-linsu-des-visiteurs/
I need to thank volunteers from APRIL [47] who have been awesome booth
neighbors sharing tips, pens, tape, smiles, and sheltering our stuff in
their car when it needed to be moved.
[47]: http://www.april.org/
(Many thanks to Sebastian and weasel for proof-reading this long
report.)
--
Lunar <lunar at torproject.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20140716/e4dfd8d0/attachment.sig>
More information about the tor-reports
mailing list