[tor-teachers] Questions and notes from BBC interview

isis agora lovecruft isis at torproject.org
Mon Jul 10 22:55:26 UTC 2017


Hi all,

Attached are the questions for the BBC radio interview I did last Friday,
and my notes on answering them, in the event that this could somehow prove
useful to someone else in the future.

Best regards,
-- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
# -*- mode: org; -*-

Question Areas:

* Can you give us a brief description of what Tor does? When was it first set up and why?

The Tor Project is a nonprofit organisation founded in the US with dozens of
internationally-based employees, contractors, and volunteers. As an
organisation, we strive to advance human rights and freedoms by creating and
deploying free and open anonymity and privacy technologies, to support their
unrestricted availability and use, and to further their scientific and popular
understanding.

The Tor Project maintains software used to run the Tor Network, a global
computer system made up of volunteer-run "relays".  Although the design was
somewhat different then, this same network has been running continuously since
my colleagues Roger Dingledine and Nick Mathewson wrote it, back in 2002.

* Is the main benefit to Tor that a user's internet activity and location is concealed from anyone else?

Yes, you're entirely correct that a primary benefit to using Tor, at least for
many people, is concealing who and where they are from the websites they visit,
and concealing which websites they visit from anyone who is trying to watch
them, such as an intelligence agency, an agressive advertisement company, or
their Internet Service Provider.

However, the Tor Project has expanded since its original creation to include
development of its own browser, called Tor Browser.  This was originally a fork
of Mozilla's Firefox, which was configured and patched to route all traffic
through the Tor Network.  Tor Browser goes well beyond the original protections
to include defenses against modern web technologies, and often some of these
newer web technologies can be misused to harm people in various ways.  For
example, some websites now run Javascript code inside your normal browser which
analyses your typing cadence to tell you apart from other people — similar to
how your gait may be slightly different, or your voice, or the way you pedal a
bicycle — we all do things just slightly differently to one another, and these
differences are "fingerprintable" as we say in cryptologic and privacy-enhancing
technologies research.  Fingerprinting typing cadence is used with good
intentions by some banks to ensure that, not only did you type the correct
password, but that *you* typed it, that is, with the same speed and rhythm as
they are used to seeing.  Unfortunately, this same fingerprint can also be used
by any other party, including malicious ad networks, corporations, and anyone
else who might stand to gain from learning what you're doing online, to
fingerprint you anytime you type something in.

Other protections which Tor Browser offers are:

 - defenses against discovering the size of your screen
 - defenses against differences in font renderings

* Why do we want to protect the anonymity of users on the internet and their activity?

Everyone deserves the right to express themselves, and people behave
differently when they are being watched.

XXX slide from radboud

* Can you explain how the encryption in Tor works?  (metaphor of onion layers)

When you use Tor, for each destination or resource on the internet that you wish
to go to (say, a website) your client software will select a path, comprised of
(usually) three relays from the Tor Network.  At first, you get the list of all
relays from the network from a special set of relays, called Directory
Authorities, which vote on their view of what's in the network and how fast it
is, and other information.

So, you've go this list of all the relays and you've picked a path of three
through the network, and let's say you want to go to bbc.co.uk.  First you take
the data that you wanted to send to the site, let's say it's "hey BBC, please
give me the front page of your site", and you take that data and encrypt it to
the last relay (called the "exit") in your path, which is know as the exit node.
So now you've got your data wrapped up in a layer of encryption.  Next, you
encrypt again to the middle relay, and then encrypt that again to the first
relay, in layers. Now you've got this cute little onion of crypto, all you need
to do is pass it along to the first relay, who should be the only relay capable
of decrypting the outermost layer of the onion.  This unwrapped portion gets
passed to the middle and exit relays, and each decrypts their own layer before
passing along the inner part.

What's most important to realise about this design is that the first relay can
see who and where you are, but when they decrypt, there's still more layers of
crypto, so all the first node sees after that is which middle relay you've
picked.  The middle relay, in turn, can only see which first relay something
came from, and which exit relay it must go to.  The exit can see that it has
received something from the middle relay, and it knows it has a request for
bbc.co.uk, but it doesn't know anything about who or where this request may
have originated.

* Some websites increase their own protection and limit access to users from Tor — like Wikipedia for example — can you elaborate on why they do this?

So, as much as I love Wikipedia and have contributed, particularly to both
creating and translating pages for notable women and people of colour, Wikipedia
is a particularly egregious example.  For instance, I've asked Wikimedia for an
anonymous account twice, both times without using Tor and I've been denied even
though I followed their stated process.  I totally understand that no volunteer
has time to review my application, let alone in the Wikimedia Foundation, so I
have a lot of sympathy for them trying to balance accountability and privacy.
But sometimes I go through the Wikipedia portals for places like Iran and
Kazakhstan and China and wonder if I could read more about the Asiatic cheetah
or the Persian leopard, both critically endangered species found only in Iran,
if it were easier for the people there to contribute their knowledge.

It might be advantageous to reach out to the Wikimedia Foundation for comment,
as I'm sure the problem on their end is more nuanced than my simple
frustrations.

* What other benefits are there to Tor in comparison to the internet networks that are most widely used?

As mentioned before, Tor Browser

* Tor has received funding from notable bodies like the US government, EFF and Human Rights Watch — do you think this is because we fundamentally need a service like Tor to protect users rights?

Definitely.  We've been extremely fortunate to receive a lot of grants, funding,
and support from several different sources, including the several organisations
within the US government, human rights organisations of the Swedish government,
research institutions both public and private, private philanthropic
foundations, and other nonprofits which promote equality and digital rights for
all.

* How user-friendly is the current version of Tor?

On desktop, whether that is OSX, Windows, or various flavours of Linux and BSD,
the experience is pretty good.  There's a lot to be improved though, which is
why we've recently secured funding to expand our development efforts towards
mobile devices (something which in the past has only been a third-party or
volunteer effort) and we've very recently just put together a User Experience
Team led by Linda Lee, an amazing designer who spent much of her time as a
graduate student conducting studies on sample groups to analyse user's pain
points for various flows throughout our software.  She's now putting quite a lot
of time into, and working with several other awesome contributors, to design and
test out new interfaces which will we hope will make our software even more
friendly going forward.

* There is a lot of speculation around Tor's vulnerabilities — that is it susceptible to hacking and attacks — how vulnerable is Tor?

When people talk about vulnerabilities in software, often what they are refering
to are memory safety violations.  That is, in some lower-level computer
languages, such as C which Tor is written in, the programmer is allowed to
directly and nearly arbitrarily manipulate regions of the computer's memory.
Abusing or misusing this power can result in all kinds of memory safety
problems: the programmer can take a thing called a pointer which is basically a
short number, sort of like the address for a house, which points to a specific,
unambiguous location in memory.  There's all sort of trouble with pointers, you
can get them to point to a different location, read more data than you were
supposed to (sort of like walking through someone's front door, through the
house, the backyard, over the fence, and into the neighbour's yard), and all
sort of other terrible things.  In addition, the programmer often needs to
manage things like "this integer can only store numbers up to 2^^64" and if you
go over 2^^64, suddenly you're unexpectly back around 0 again because that type
of integer can't hold anything bigger.  On top of all that, programmers in many
languages also need to manage the computer's memory manually, meaning that if
you ask the computer to remember some data, you need to remember to ask it to
forget that data later (this is referred to as "freeing memory").  However, if
you ask it to forget the same thing twice, that's also another type of
vulnerability.

Considering that Tor has maintained a relatively low vulnerability count for
what is now a 400,000 lines of code C program, we're doing startlingly well.  A
lot more of our safety, however, comes from the fact that all kinds of people
rely on Tor, including many experts in security, privacy, anonymity, and
cryptography, so there's a whole lot of people trying to find bugs in our code,
which we're really grateful for and always happy to have more researchers and
bug hunters to work with.

In the future, in order to further improve our safety moving forward, we've
recently started an experiment which I'm particularly excited about: using a
brand-new, blazingly-fast, memory-safe programming language called Rust to
slowly rewrite parts of Tor.  Mozilla originally founded and fostered the
development of Rust, and they're currently using Rust to rewrite some of the
core parts of their Firefox browser.  What is particularly interesting is that,
not only does Rust pretty much do away with all the types of memory-safety bugs
which lead to vulnerabilities that I just described, but it can often be faster
than C, even comparable to hand-written assembly.  (Writing assembly is even
lower-level than C, literally directly telling a specific CPU how you expect it
to behave and think.)  This is a complete breakthrough in terms of safety, and
although we're only just started with the experiment, we have strong hopes it
will succeed.

* Tor allows users to circumvent censorship - can you explain how that works?

Of course!  This is the part of Tor which my efforts have been primarily
focused on.

At first it was accidental: It turns out that if you encrypt things, people
don't know what they are!  Quelle surprise!  But the actual surprise here was
that, around 2006, people started using Tor for censorship circumvention, to get
around government, corporate, and even university restrictions on what
information is generally accessible.  It turned out that if they don't know what
information someone is sending or receiving because it's encrypted, then it's
pretty difficult for them to determine if this is information they would want
to censor.


XXX bridge relays

* It's said that Tor provides opportunities for hactivism and criminal enterprises — what would you say about that?

We're unhappy to hear that Tor is sometimes used for bad purposes. It was
developed to be a force for good, and that's what most people use it for. Over
two million people use Tor every day, including journalists, human-rights
advocates, lawyers, researchers, and marginalised and at-risk groups.  It's
easy to pick out the bad actors and turn them into a story, but it's the silent
majority of others working for good which are actually inspiring.

* Do you think press around Tor has been unfairly negative at times?

The negative press does tend to ignore that over 2 million people use Tor
everyday for valid reasons: like just reading the news or shopping without being
tracked by ads, conducting research without competitors learning anything,
circumventing oppressive surveillance and censorship system, staying safe from
abusive ex-partners and stalkers, refusing to give up data to international
megacorporations which don't have your interests in mind, and a whole slew of
other reasons.  It's easy and sensational to pick out the bad actors and build a
story around it, especially with respect to technologies which are still
currently stigmatised.

* What's the ultimate future goal/aim of Tor?

In the short- to medium- term, we're focused on improving our software, making
it safer and easier to use, while hopefully exponentially growing our userbase.
In the long term, we're currently embarking on another strategic planning
process and I can't say for certain what we'll come up with.

* What's your vision for what the internet will be in the future? Will most people be using Tor?

It's possible that one day, Tor will lie at the heart of the internet, and it'll
be just another way of carrying data over the internet, like a new builtin
transport protocol such as the TCP and UDP we currently use today, but in a
safer and more private manner.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-teachers/attachments/20170710/858f1482/attachment.sig>


More information about the tor-teachers mailing list