[tor-talk] Just some updates on "Use Privacy Software, Use Tor" advocation

m.ajiao at tuta.io m.ajiao at tuta.io
Mon Feb 20 09:38:35 UTC 2017

Hello, Tor Talk and Privacy Enthusiasts!

Here are some small updates about my hobbyist project "Teach and encourage people to use Tor."

1. I emailed Damian Johnson, the Stem developer, about the wide character handling bug, which makes Stem fail to authenticate when Tor executable's path contains Chinese or Japanese characters. This bug has been fixed now.

2. The content in my GitHub repo [1] is written in a style that young people in China, Japan and possibly other countries can easily accept. It might appear strange to a different group of audience.

[1] https://github.com/m-ajiao/Dr.-Tanaka-Says

3. My GitHub repo got views from Reddit, Facebook and komica.org image board. Though no stars, it gains a little bit of popularity.

4. News: [2] On Feb. 16th, Chinese man arrested in Japan for illegally uploading cartoon episodes (I guess via peer-to-peer software). Police typically won't take action if the amount of uploaded data does not exceed a certain threshold. Up to now, at least 4 Chinese people have been arrested for torrenting without any protection, over a monitored network. Lesson learned: when doing something controversial or semi-illegal, know your threats. When you have a basic understanding of the threat model, you don't unconsciously put yourself in danger. For example, though not necessarily enough, that guy should at least use some basic protection such as VPN.

[2] https://www.reddit.com/r/Piracy/comments/5uvouh/the_3rd_time_chinese_fansubber_arrested_in_japan

5. Got spikes on traffic graph on Feb. 18th and 19th. Most of them are not unique viewers. (People were reviewing what they read?)

6. Got questions from Reddit: "Why is it exclusively in Chinese? Readers may need translation."  "Why is it addressed specifically to fansubbers? You may want to expand it to larger audience."  "Since this is the theme, you can write about the specific threats and defenses for fansubbers."
I am trying to add more content, both general to all and specific to fansubs, and English translations are coming very soon.

7. I quickly searched the web and read through the comments general Chinese netizens left under the discussions of the Feb. 16th news. I saw people mention public key encryption and "multi-hop VPN":

> "The person who uploads video should use the public key from the group members in China."

> "Look at American fansubs. They use multi-hop VPNs."
> > "Wow that really looks like spies."

Generally, I saw better comments, in contrast with last year's comments, which I mentioned in my previous email. Comment writers demonstrated a basic grasp of encryption concept and its importance. The most interesting comment is:

> "What exactly is the Onion software?"

Well, it is Tor, The Onion Router, or TBB, the Tor Browser Bundle. Both its name and its traffic are heavily censored in China, but I believe people in Japan have easier access to Tor software and Tor network.

8. I am writing about why the proprietary and inactive Perfect Dark [3] is not OK. It is obvious to us, but the audience is the general Chinese young people. I am trying to encourage readers to switch to free libre open source privacy software and well-studied, more reliable anonymity networks. I have listed the reasons, both generally and specifically why Perfect Dark is not safe.

[3] https://en.wikipedia.org/wiki/Perfect_Dark_%28P2P%29

- It has not been updated for a year.
- It is closed source, proprietary software. You can hardly check if the software behaves correctly. Note that even security experts can get a headache auditing things by reverse engineering.
- "You are too weak." It is using weak crypto -- RSA-1024. Now HTTPS certificates using RSA-1024 are being revoked!
- Japanese cyber agency claims to have software used to decipher the traffic of Perfect Dark. They claimed they were able to get the metadata of the files being shared. But limited research effort had been made to figure out how the cyber agency did it. The links to the sources are dead.

I could only think of these 4 reasons. Any other suggestions on the reasons?

More information about the tor-talk mailing list