>>Hi everybody, Iâm Roger
Dingledine from TOR. Got some
really bright lights up here. Weâre still filing in, in the
back but I think Iâm gonna get
started cause we got a lot of stuff to talk about. So hi, Iâm
Roger from TOR, uh and let me
get the clicker working. There we go. So Iâm going to start of
telling people a little bit
about how TOR works.. How many people know quite a bit about
how TOR works already? Raise
your hand if⌠Great I see a lot of hands, awesome. So Iâm going
to blow through the beginning
introduction stuff and then weâre going to talk more about
the censorship side of things.
So what is TOR? uh, TOR is a free software project. TOR is a
non-profit. TOR is a protocol.
TOR is a network of volunteers running relays around the world.
TOR is a bunch of researchers
trying to figure out how to provide better privacy, and
better uh, anonymity and better
safety to people around the world. And weâve got some number
of users, itâs a bit hard to
tell cause itâs an anonymity or privacy system, but one estimate
puts us at about two million
users a day and another more recent estimate puts us at about
8 million users a day, which is
a HUGE network of people. At this point the average TOR user
is the average internet user,
which is pretty cool. Ok, so what are we trying to do here?
The easy, so the, the threat
model, the question is weâve got this user Alice, sheâs trying to
go to some website Bob, or some
service Bob, and someone it trying to learn who is going to
which place. So maybe somebody
is watching Aliceâs local network connection, maybe that
somebody is spying on the
Starbucks. Maybe the somebody being Comcast or the local
Telco. Or maybe theyâre watching
on the Bob side, maybe theyâre watching Wikileaks, and they
want to know whoâs connecting to
it. Or maybe theyâre somewhere in between- maybe theyâre NSA or
AT&T or something like that. So
the, this is the scenario weâre trying to think about, an
important thing to consider-
anonymity is NOT encryption. You should use encryption.
Encryption is good, but even
when you are using encryption, somebody watching your traffic
gets to learn who youâre talking
to, when youâre talking to them, ho much youâre talking to them,
and I keep talking to companies
who say âno I use a VPN, itâs totally fine, Iâve got, Iâve got
encryption, Iâm good. uhâŚ
Whenever the intelligence agencies are thinking about
figuring out whoâs talking to
who, they draw their social network graph, they figure out
who is in the middle, they
figure out whose house to break into. So itâs not even about
breaking the encryption anymore.
Itâs about drawing the social graph and figuring out who is
interesting. So, another way of
looking at that, everybody here knows Creepy NSA Dude? I hope, I
uh, so wâe kill people based on
Metadataâ is his quote from a few years ago. So that Metadata
is EXACTLY the name of the game
on the TOR side. We try to protect who is talking to who,
what websites youâre going to,
where you are in the world when youâre using the internet,
things like that. So, I actually
only use the word âanonymityâ when iâm talking to uh other
researchers, when iâm talking
with my parents I tell them Iâm working on a âPrivacy Systemâ,
because privacy is a good
American value, but when Iâm talking to companies, I tell
them Iâm working on
communication security, or network security. âCause I hear
privacy is dead, I hear
anonymity is scary, but youâre right communication Security,
thatâs a really important thing
to do. And when Iâm talking to Governments, I work on, Traffic
Analysis-Resistant Communication
Networks. And again itâs the same system, the same security
system, the same users, but
theyâre using it for different reasons. and part of the goal of
this, is theyâre trying to
figure out how to frame this for different people, so they can
all blend together. You canât
have a cancer survivors anonymity system, where all the
users are cancer survivors,
because then everyone swill know why youâre installing it, and
why youâre a user, so you need
this wide variety of people. And then the fourth category of
people weâre gonna talk about
today is the reachability side of things, uh people tryin to
uh, access websites like BBC and
GitHub from different parts around the world. So the goal of
TOR is to blend all of these
different groups into the same network. so they can provide
security for each other. So
howâs it work in a nutshell? Youâve got a, weâve got a
network of relays around the
world, and people build circuits, people build paths
though three of the relays, and
the goal is that no single relay gets to learn which user is
talking to which destination. So
that was actually only half of it, that that was the network
level privacy half. Thereâs also
the browser level privacy half, where uh, cookies and flash and
uh browser resolution and all
sorts of other things can give you away, can make you
identifiable while youâre
browsing the web. So the second half of TOR is TOR Browser which
is a version of Firefox that try
to fix all of these application level issues. And there are
other ways of using TOR, thereâs
an operating system called Tails, which is Debian based,
which has everything you want,
preconfigured and nothing you shouldnât want and itâs a live
CD so when youâre done you pull
it back out and everything disappears from your system. We
now have a TOR Browser Android,
which is awesome. So now that Firefox actually works well on
Android we can have a TOR
Browser on Android, so there is an actual first class TOR
Browser that does everything
that the normal TOR Browser does, on Android, which is
great. So, another piece of, of
knowing about the TOR background is how fast the networkâs gotten
over time and weâve got ah, so
the, the capaci.. the uh actual load on the network is up to
like, 200 gigabits a second and
the capacity is something like twice that. So weâre uh, on the
level of Wikipedia or something
like that so thereâs a lot of different traffic going through
the network from our millions of
our users. Ok, so, one of the questions we think about in
terms of how to assess you know
whether TOR is doing itâs job is the how do you measure safety,
how do you measure diversity,
how do you figure out whether whether TOR is, is keeping
somebody safe and how do we
think about that? The diversity of where the relays are. The
more relays we have around the
world, the safer it can be, the less likely it is that a given
attacker is going to be able to
watch all the traffic going in to the network, and also your
traffic going out of it. So for
example, French intelligence probably isnât in a good
position to be able to see
enough of the traffic on the Internet to start correlating
people. So where the relays are,
is a, is an important first piece. The second piece is
diversity in the types of users.
This goes back to the privacy, anonymity, traffic analysis
resistant side where itâs not
just about how many people we have, itâs about what kind of
people. So, for example, the
average TOR user in Iran is not a political dissident trying to
take down their government, the
average TOR user in Iran is a Facebook user trying to reach
Facebook. And thatâs critical
for the safety and security of the rest of em, because that
means you canât, I mean if Iran
wanted to round up all of their twenty year olds and kill them,
I guess they could do that, but
it wouldnât actually work, it wouldnât actually get rid of the
political dissidents, it would
create more, we all know how that works. So that the
normalness of using TOR is a key
piece of its security. And then the last thing to think about
transparency is an really
important piece of how we build TOR so we've got its open source
we give you specifications we
describe everything an and try to work with the research
community to understand what
security properties we get and we identify ourselves and go on
stage Hi Iâm Roger I'm from TOR
and the key thing to remember here a lot of people look at
this and they're like oh ha ha
the privacy people are talking about transparency ha ha that's
so stupid. No privacy is about
choice privacy is about control and we choose to be transparent
because it helps us build a
better community a better tool a better software a better
protocol a better network of
relay volunteers around the world. Okay so what am I going
to talk about today? Uh, we've
got I guess three different pieces the first one is the
background of the censorship
side of things the second one is what happened in the past couple
of years in terms of new attacks
from governments that are trying to censor TOR and then the third
one is a bunch of new tools that
were working on that will hopefully move us forward in the
arms race. Ok, so Iâm going to
start with the background side of things. How many people here
know about tor bridges and
pliable transports and phrases like that? I see far fewer hands
than before. okay awesome .So
when you're trying to think about a censorship resistance
tool there really two pieces to
the first piece is the relaying component the encryption how you
build the paths stuff like that
and the second piece is the discovery component where do you
learn the addresses or the
proxies or or whatever first contact you have where do you
how do you learn how to connect
into the network in a way that that you can get an address that
somebody else hasn't blocked
already? So the simple version from the TOR side of the
discovery approach is we have a
centralized set of directory authorities and they build a
list of all the relays and then
all the clients fetch that list and it's great it's simple it's
easy to understand we can think
about the security of it but it's not good from a censorship
side, because you the adversary
get the list of of all the public relays and you block them
and that's the end of it. So
that's actually not how the story started the first blocking
that we had was actually
blocking of TORâs website back in 2006 and then in two thousand
seven smart filter and web sense
started blocking the TOR HTTP directory fetches because we
were using unencrypted HTTP back
then, so yeah, so that it it started off not from a more
complicated thing it started off
from the blocking the website and blocking the initial TOR
protocol and blocking the
website actually works really well like, here are some
screenshots from back then of
the TOR website from various countries around the world and
we got you know some fun ones
it's uh, here we are, uh this website found, uh cannot be
accessed in the UAE. Here's
another one this site has been blocked due to content that is
contrary to the laws of the
Sultanate and theyâre you know they're trying to make it fun we
got another one down here oops!
you know oops! we we blocked this thing oops! were fascists
sorry this is this is fun at and
and there's this recurring theme where people are trying to make
it fun they're not were not you
know totalitarian regimes were just trying to help you out on
the internet there there this
friendly goofy people who are who are the reason why this
website doesn't load it's all
fun what why are you all so angry? So blocking the TOR
website actually worked pretty
well back then because at the time everybody thought that
anonymizers or proxy tools were
websites that you go to, so people would try going to the
TOR website it wouldnât work and
they would say oh I guess TOR doesn't work anymore and TOR
worked if you had a copy of it
there people in Iran who are giving it out over usb keys or
something like that but blocking
website actually worked pretty well. So fast forward a few
years the next interesting event
was uh, so does everybody remember I guess ten years ago
there was an election in Iran
and this guy name Mousavi won but then suddenly he wasn't in
charge and then there were a lot
of people are angry in the streets at that point the
government did a lot of trying
to censor things and trying to block things one of the key
steps that they took was
throttling SSL. So they bought this fancy new Nokia Siemens
device and got somebody from
Russia to come in and then configure it for them and they
detected SSL on the wire and
then turn down the bandwidth you get for SSL and because TOR was
trying to look like SSL because
who would block SSL, they ended up throttling TOR at the same
time without even uh taking any
extra steps to do that. So that's actually one of the ways
lets, lets think about this more
thoroughly, there are four basic ways of blocking TOR. The first
one those directory authorities
I talked about before? Theyâre centralized, there are nine of
them, if you block them nobody
can bootstrap. The second one is you get the list of the 7000
relays around the world and you
block all those by IP address. The third one is you look at
TORâs network fingerprints and
you do deep packet inspection to try to figure out if this flow
that you're seeing is related to
TOR, Uh, the fourth one is you block the website or prevent
people from getting the
software. So one of the fixes we had at the time for this sort of
thing was we call TOR bridges
and the idea is let's get all of the users who are in less
blocked areas to offer to be
secret relays, private relays for censored users so the idea
is rather than here are 7000 IP
addresses and I want to keep China from learning them,
instead here are thousands of
bridge addresses and there is no public complete list of them and
now we want to give out bridge
addresses one at a time to the good guys so the bad guys canât
learn all of them and it turned
out to be a crappy arms race but that was the first step that we
were thinking and how do you get
a bridge at the time? And this is still basically the same
answer, you go to bridges dot
TOR dot org, solve the captcha and it looks at what slash 16 of
the internet you're coming from
and gives you a different answer based on where you are and what
day it is. And the goal of that
is every user is going to get a few bridges but if you want to
learn all of them then you need
to come from a lot of different places of the internet and be
consistent and persistent about
it. Another approach is you can email us from your gmail account
and weâll answer the same gmail
account the same way so you need to build a lot of gmail accounts
in order to learn all of the
bridges that are given out through that strategy, another
answer is I knew a great guy in
Shanghai and I sent him some bridges and he sent them to his
people and and that was the
social network approach or you can also just run your own
private bridge and just tell
your friends about it and we don't even have to know about
it. So there's actually much
better interface inside TOR browser for this at this point,
so I don't know how many people
can see the tiny font from back there but basically there's a
interface for you to say my
government blocks TOR, and I need to use a bridge and it says
either paste the bridge address
you know here or there's this other cool approach which we
added recently, that uses domain
fronting, Iâll talk about what that is later, but basically it
routes the traffic through Azure
Cloud into bridges dot TOR project dot org, so that you can
automatically get a bridge from
inside TOR browser without having to learn how, how the
bridge database works or even
how.., you know what you're supposed to do you just go
inside TOR browser and you click
on it and you solve the captcha and it magically gives you a
couple of bridges. So that was
cool back then, and the first interesting attack from China
happened right about the time it
was like the 60th anniversary of some dude becoming in charge in
China, they grabbed all the
public relays and blocked them and they grabbed the HTTPS
version of the bridge
distribution mechanism so they blocked a bunch of bridges but
it turns out they didn't block
the other distribution mechanisms so weâd, I mean itâs
easy to block TOR from a public
perspective so we knew this was coming so we designed a bridge
thing we rolled it out we'd
translated a bunch of stuff ito chinese and the result was, so
here's a graph of the number of
people using one of the TOR relays at the time and it sort
of plummeted write about the
60th anniversary, but at the same time tens of thousands of
people switched over using
bridges from inside China. So this is a pretty awesome example
of preparing for the arms race
and rolling out something and then having it go the way that
you expected it to go that
that's the good news the bad news is a little while later
China got the uh, the second one
the gmail one and at that point we were down to social dis..
social network distribution or
run your own private one and that's that's still kind of
where we are, Iâll talk more
later on in the talk about some of the better approaches but one
of the big research questions
that still exists in the world is how do we come up with really
good bridge distribution
mechanisms? Let's say you've got thousands of private bridges and
you got a bunch of users around
the world who want to get some and you got adversaries who are
well-funded and they want to
learn all of them, how do you give out these bridges in a way
that the good guys are going to
get some and the bad guys arenât going to get all of them? Okay
so the next interesting attack
was Iran a few months after that. They did not at all do
what we were expecting. You
think that they would get the list of public relays and block
them? No they use their fancy
new Nokia Siemens device to DPI for SSL and look for the
particular diffie-hellman
parameter prime that we were using. So this was the very
first step that Iran used to
block TOR they DPIâd for our SSL handshake and they looked for a
particular number in the
handshake and said you're using a different prime then Firefox
and Apache use, so weâre going
to cut those connections. So we started off making a list of
like 15 ways somebody can block
TOR and what we would do for each one of them, boy was this
not on our list of 15 ways
people can block TOR. So the feature of this that the good
feature was on since the
diffie-hellman parameter is a server-side parameter it's in
the like the TLS certificate
that the server-side, that the server supplies we could change
just the relay side, just the
bridge side and users didn't have to update at all. So it was
just we change a couple relays
and suddenly things work again so here's a graph of people who
were using TOR from Iran at the
time you can see when the blocking happens and it was
actually a great guy from team
comeray who was messing around in the TOR code and is like I
donât know what this constant
is, but when I change this constant it starts working again
so that was wonderful for him to
to find that and be able to fix it in a week or two. So fast
forward a little bit more to
Egypt. There was a bunch of interesting stuff happening
around the Arab Spring. You can
see in the graph where they block facebook and you can see
in the graph where they unplug
the internet, and my favorite part of this is there a lot more
people afterwards using TOR than
before, cause there were a lot of people saying yeah yeah we
had a coup yeah .. a revolution
okay but the military still watching everything they were
watching before, the
surveillance infrastructure is still in place you're darn right
i'm to be trying to use him some
safety security tools. Okay so fast forward a little bit more
uh, then they end up, Iran ended
up blocking toward using DPI looking at a different TLS
parameter so.. that was, you can
see little red dot on the right-hand side so there's a
much shorter event because I
happen to be at home at the time looking at things somebody found
it, I figured out what it was,
we rolled out a patch like 12 hours later and it basically
didn't interrupt them much at
all.. and maybe that caused them to not do that further arms race
but that's a crappy arms race in
general where we try to look like SSL and we try to figure
out a way where we don't really
look like Firefox talking to Apache, so weâll come up with
with some better approaches but
in the meantime how many people here know the horrible story of
Bluecoat in Syria? I see one
hand every time I ask thereâs one hand the matter the size of
the oh, oh three hands great so
a larger audience has three people who know what it is. So
this is a story that everybody
should know about. Long ago in 2011 or something like that,
there were some folks from
Anonymous from tele comics who found a misconfigured FTP server
in Syria with gigabytes of
Bluecoat logs on it and each line in the log was this IP
address tried to access this
website and I allowed it or I disallowed it. So it's just line
after line of line of IP address
and URL and whether it worked and that's actually kind of
fucked up in general, that they
you know they have the surveillance and censorship
infrastructure and that they
screwed up and put their logs out but another piece of that is
serious actually, in the list of
places that American companies arenât supposed to sell their
stuff to. So these folks are
like hey, what you doing running the surveillance censorship in
infrastructure in Syria and
Bluecoats like, oh no that's not us and theyâre like but the top
of the log lines says Bluecoat
version 1.5 point something and they're like oh well yeah okay
we sold it to Dubai and how are
we supposed to know that the Dubai resold it to Syria, and
said theyâre like we we totally
shut off the auto update and there's no way that that the
that these things are going to
continue getting their updates so the folks from telecomics got
the serial number from the
Bluecoat device and connected to the update server and they were
offered an update. So basically
Bluecoat lied every step of the way and the the end of the story
is and then the state department
gave Bluecoat an award for their cooperation in the
investigation. So it's kind of
sad story actually it continues Bluecoat was sold to Symantec so
now Symantec runs the
surveillance and censorship infrastructure and they probably
don't even know it. So this is a
recurring theme of these little arms dealers in Sunnyvale
California who build these tools
and then their salespeople go out and they try to sell it to
Burma and Syria and and and all
the other countries that they can and it's even worse than
that so I was in a meeting a few
years ago with the German foreign ministry and they were
trying to figure out what should
Europe do in terms of laws about, like should we allow
Italian companies like a hacking
team to to deploy their stuff in Saudi Arabia. What are the, what
are the constraints that we as
Europe should have? And one of the meeting one of the
discussions I had was with the
telco engineer from UAE who was like look you folks mandated the
back doors on all the routers,
you put all the lawful intercept stuff in, and now you're angry
when my Prince plugs a port into
the lawful intercept port on the router that you made.. you put
the back doors in there and now
you're upset when we use them so there's a there's a big
discussion right now about how
about encryption and backdoors and so on and one of the really
fucked up things is that nobody
arguing about encryption from the FBI side, realizes there are
other countries in the world. So
once you build a tool and you put your back door in it and
then other people use it and
they don't have the same judicial process that we have,
even if ours were good, then
then you end up with a bunch of different problems all around
the world. So part of the
challenge here is how do we build tools that are safe no
matter which government is using
them and that don't enable governments to start hurting
people even more. Okay so
speaking of that I had a really interesting meeting with the
fellow in charge of the Tunisia
internet right after their revolution so before revolution
he was like a mid-level engineer
and suddenly he was in charge of the whole thing afterwards which
is awesome and he was the first
one, he gave a speech while I was there, in french as that was
the language he was comfortable
with saying yes we use smart filter and yes we pay them a
million dollars a year and
imagine how much food we could buy for our country if we
weren't spending a million
dollars a year on the stupid censorship stuff. So that was
awesome as the very first
country to admit to be censoring and another interesting part of
that they donât actually operate
smart filter themselves they outsource the smart filter
operation to some foreign
company he wouldn't tell me which one but I assume they're
in France or something so
there's some French company the gets to see and decide what the
Tunisian military can do on the
internet? That's not just a privacy thing, that's not just a
censorship thing, that's a
that's a national security thing that the national sovereignty
thing where you outsource what
your internet looks like to some foreign company and that happens
over and over around the world.
In the last interesting part of the Tunisia story, apparently
they only pay a million dollars
cause then smart filter went to Saudi Arabia and said it works
in Tunisia, you pay full price.
So there's a a lot of interesting discussion to be had
about those companies. Okay so
moving on from the that that particular Arab Spring world the
arms race with TLS is a crappy
one we can't just keep on pretending to look like SSL
because it's theyâre going to go
back and forth finding little thing we fixed little thing the
real answer is what we call
pluggable transports the real answer is you leave the privacy
anonymity side for TOR and then
separately you have modules that you can pop in the transform the
TOR traffic into something that
people are are less likely to be willing to block people
something that the people expect
or that they can't afford to block or something like that,
and there are two successful
pluggable transports right now they're deployed in the world
the first one is called
obfsproxy, obfuscating proxy and the basic idea is you add
another layer of encryption on
top and the goal is that somebody doing DPI to figure out
what protocol you're talking the
answer is I donât recognize this and had theyâre forced to choose
do I block everything that I
can't classify in which case this can be a huge false
positive, uh side or do I allow
things that I can classify and then obfsproxy goes in, and the
other piece of it is called meek
or domain fronting and the idea is that you row your traffic to
Google Cloud or Amazon Cloud or
Azure or something like that, and from there you reach through
the TOR network using the cloud
services and that way there forced either block Google or
not block Google. Ok, so that
was the background side of things and i'm going to speed up
a little bit to cover some more
things. Okay so the next step uh China again did a thing we were
not expecting it's called active
probing so we were thinking you know the blocks are more bridges
theyâll DPI for other stuff, no
they looked at all the connections that looked like
they might've been TOR like SSL
of some sort and then they make a follow-up TOR connection of
their own to that destination
and talk the TOR protocol to it and if the other side says yes
i'm a TOR bridge by talking the
TOR protocol then they cut that connection and blacklist that ip
address so they canât, they
basically have infrastructure running at the nation level in a
backbone level in, in China
being able to make all these outgoing connections ah, within
a second or so of when they see
something and so the fix is another iteration of obfsproxy
where the client needs to prove
knowledge of some secret some password so when you give out
the bridge line it comes with a
bunch more parameters including a secret and if the client
connecting to the obfsproxy
doesn't know the secret then the job of the obfsproxy bridge is
to act natural whatever that
means and act natural is kind of like what do I do, what do I do
so that there's no fingerprint
and the best answer we have right now is we wait for a
random number of seconds and we
hang up, because if we ever provided an error that would be
a fingerprint, so we need to
come up with something that that blends in with a lot of
background traffic in a way
that, that isnât going to be recognizable later. Okay so
their bunch of other interesting
stories that Iâm happy to tell you about later, Ethiopia for a
while DPIâd again on the SSL
handshake and they stopped, uh Russia has an interesting story
so here's a graph of people
connecting into the TOR network from Russia during a couple of
years ago and the fun part of
this graph is people inside Facebook apparently have the
exact inverse of this graph of
Russia people connecting to Facebook, so this was when
Russia blocked Facebook twice,
three times and then a bunch of people in Russia decided to use
the TOR network in order to
reach Facebook safely. And then Turkeyâs been doing some weird
stuff that we still don't fully
understand there's definitely DPI involved I don't think
there's IP address blocking,
they do it and then they stop and then they started and they
do something else so they been
they been experimenting with a lot of things recently and then
Venezuela is another fun example
they have an ISP called cantv which is sort of their like
Comcast equivalent and it
blocked the public TOR relays and a small set of public TOR
bridges but it didn't do any DPI
so it was just blocking by IP address. Okay so another
challenge that we've got in
China right now there are a couple of other circumvention
tool projects is one called
lantern that actually reuses the obfsproxy design and the idea
it's supposed to be modular it
doesn't have to be just TOR it could be anything at so they
they give out these bridges to
their people after while the bridges stop working as well are
they being throttled is somebody
learning about them, how are they learning about them, so
there's a bunch of mysteries and
design questions to solve there but the important lesson is this
feedback loop is really bad so
you you do a thing and it's not really clear whether they
blocked a thing or not so you
don't know whether you need to change so that the tighter
feedback loop we can have and
the more certainty we can have about what's going on the better
everything works, and recently..
so used to be that China looked for a particular TLS pattern,
something in the certificate,
something in the cipher suites of the clients are offering and
if both of those match then it
trigger the active probing we've changed the cipher suites to try
to look like the more recent
Firefox and the more recent Apache and some combination of
patterns doesn't trigger the act
of probing right now, so are they not following up as closely
as they could? There's a lot to
be researched in there. And then another piece let's not forget
the like the political side of
things, so couple of years ago apparently there were these
folks from the CIA who had their
own anonymity system and Iran learned about it and then
watched who was using it, and
then killed everybody and also they told China about it so then
China did the same thing to the
spies there, so there's one of the lessons there is don't have
your own anonymity system
because then everybody who uses it is going to be you and if
they find some users and they
start learning how works so you need a lot of different groups
to blend in with but the more
important lesson from the the censorship side of things.
Australia censors their internet
England has this thing called the internet watch foundation
which is part of their
government which censors the internet, Denmark censors the
internet, Sweden censors the
internet so when governments go to China and say hey you're
being a bad government by by
preventing people from reaching BBC, China quite reasonably says
look were just keeping our
citizens safe just like everybody else. Why why are you
picking on us were were
protecting our users from the internet and so one lesson there
is maybe we should work on
cleaning up what we consider, you know western countries and
the fact that they are excited
to be censoring their internet and if we can't solve the fact
that Australia was a sensor how
on earth arena solve the fact that Saudi Arabia wants to
censor. And speaking of the
political side these are the actual honest to god cyber
police in China these are the
official cyber police in China and this goes back to the yo
know making it fun side of
things weâre not a regime out to stop things weâre just you know
keepin the internet safe cause
this is fun and if you see one of these people on some of the
websites you go to then it helps
remind you about what websites you should go to and what
websites you shouldn't go to so
it's not just about censorship it's about creating an awareness
among the users that they are
being watched and then they can control themselves. And I should
also mention so there's a
province of China called East Turkestan, they actually call it
New Province in Chinese and
right now the people in China are basically wiping out the
folks who live there it's at the
point where the, the folks who live there have a live in Han
Chinese person who lives in
their house and watches them and reports on them and they take
the kids away and they put them
in reeducation camps and you get to see your kid for one hour a
week on the other side of the
chain-link fence but your kid spends the whole hour yelling at
you about how youâre bad Chinese
person so they are genocide-ing the people who live there and I
was talking to some folks there
and i'm like so here's PGP and here's TOR in there like you I
can't go a block without showing
papers that I don't have, they take away my devices and install
things on them, theyâre living
in my house so here's an important example where a tool
for internet privacy is not
going to solve some of the really bad things that are
happening around the world. Okay
so what are some of the newer things were they were deploying
in terms of of tools that can be
helpful for later one of the really interesting ones is
called snowflake the idea, so in
the past for obfsproxy you.. you find a nice person who knows
what Linux is and they apt-get
install obfs for proxy apt-get install TOR, they added a text
file, maybe opened a port and if
you knew all those words you're in good shape but most people in
the world don't do that, so the
cooler way to do that, 10 minutes awesome, the cooler way
to do that is a tool called
snowflake which is Javascript that runs in your browser, so
i'm a helpful person in an
non-censored area I wanna help out the TOR world so I installed
the snowflake extension or I go
to a website which gives me some javascript and suddenly i'm a
TOR bridge without installing
any new software, it's all running inside my browser and
uses webrtc so it does NAT
piercing correctly and the goal there is to have a blizzard of
snowflakes all around the world
where blocking them by IP address isn't going to make
sense because you can end up
blocking every browser on the internet and blocking them by
DPI doesn't make sense because
webrtc is what google hangouts uses its what a bunch of video
chat things use so if we can
actually use the real webrtc the normal browsers use when they're
talking to each other and doing
video chat and if we can get an army of millions of snowflakes
then then hopefully this will be
a cool new move forward in the arms race. So you can install
the Firefox extension,
snowflake, right now and it will turn you into one of these
volunteers so used to be a few
years ago that we didn't need the extension side there's just
a website you serve some
javascript and you could put it on your Facebook page you could
put it in an ad if you're evil
which were not, So you basically all sorts of different ways of
giving people the javascript
except the browser world is moving to not running things in
the background if there's a tab
and itâs not the primary tab thatâs open, then it doesn't run
the javascript there so we need
to shift to a world where you install an extension and then
you're opting in it's all above
board and you're volunteering to be one of these relays, so
please install the snowflake
extension and were working on coming up with a better GUI and
better visualization and
feedback about how many snowflakes there are in the
world. And if you're a chrome
person rather than Firefox person there's another one
called Cupcake that's been
around for longer and now has snowflake built-in as well and
it's got this cool ah, uh icons
that tell you how your cupcake is doing are you helping or is
it sad is it happy stuff like
that, so we love some help on the development side of
snowflake and cupcake. At the
same time we need more obsfor bridges so here's a URL
community.org
project.org/relay/set up/bridge and please go there and follow
the instructions, If you're a
Debian person it's all pretty easy the most complicated thing
is opening a, a port on your
firewall or maybe you have a computer on the real internet
and you don't even have to do
that step so it be wonderful to have some more obfs bridges so
that we can have more
flexibility about giving out more addresses in more ways
without getting blocked as
quickly, and the future were experimenting with a apt-install
TOR servers that like gives you
a decision tree sort of thing where it says you want to be a
bridge and you say yes and it
says do you want to open this and you say yes and then you
donât have to know what a text
file is in order to be helping out and running and obsfor
bridge. Okay so i'm gonna skip a
couple more, i'll briefly talk about some of these things and
then we'll get to the end, so
one of the important pieces.. we need some sort of feedback cycle
for how, so weâre trying to give
out bridges and we want to give them out in a way that works
what does works mean? One of the
answers is imagine you have a bunch of different bridge
distribution channels and each
channel it's maybe you give it out over gmail maybe you give it
to a nice guy in shanghai there
bunch of different possible approaches to a distribution
channel and letâs see, great. So
let's think about for each channel how much use do the
bridges get that we give out
over that channel? Did they end up being used a lot before it
gets blocked? Does it never get
blocked? Does it get blocked quickly? Does it never get used
much but also it never gets
blocked? And then let's figure out how quickly the blocking
actually happens and then let's
reward the channels that end up giving out bridges well so if
they're a bunch of channels that
get bridges blocked quickly they don't get more bridges if their
bunch of channels that work
really well and they end up having a lot of users and
theyâre working well then we
shift more bridges to being allocated through that. So in
theory there could be like a
dynamic feedback process where we automatically learn which
distribution channels are
working well and automatically give the bridges out to those..
turns out that measuring bridge
reachability is really hard, do we install a computer in China
and scan all the bridges and
hope that China never notices that were doing that? Do we give
out a few addresses to each
volunteer or let them scan then hope that the volunteers are the
bad guys trying to learn them so
there is a project called ooni the open observatory for network
interference that is basically
of a mobile app that lets you test a bunch of things from your
local network, its main goal is
to figure out how am I being censored but maybe we can also
use this as an infrastructure
for learning about which bridges are blocked where and in what
how reachability works. So there
couple other interesting upcoming things, there's a tool
called format transforming
encryption or marionette and the idea is that it transforms the
traffic into whatever regular
expression you describe, so if you can describe HTTP as a regex
then it will transform toward
traffic into what looks like legitimate unencrypted HTTP
traffic on the wire and if you
got a DPI engine that has a classifier for HTTP and it says
yes this is HTTP then the
classifier thinks it should let it through, let normal
unencrypted web browsing
through, another approach the people working on is called
decoy routing and the idea is
that the user does an SSL connection somewhere and
something in the middle of the
network running it like an ISP like verizon or something, looks
at a stenographic tag inside the
SSL handshake and says aaah this is decoy routing traffic i'm
going to reroute it internally
to the TOR network or to some circumvention tool in a way that
the local uh ISP for the user
thinks that they're talking to the decoy destination but
actually the traffic is being
routed redirected to somewhere else. Okay so arms races, the
censorship arms race sucks
because China has billions of dollars and there a lot of
companies like Cisco and
Bluecoat and so on who are building tools like this the
surveillance arms race is worth
at least in the censorship case you try a thing, it doesn't work
you change it it works! great
we, the cycle is pretty simple. From the surveillance side you
try a thing, you don't know if
they saw you, so you don't know if you need to change it and
then there's no feedback loop so
maybe we need a new Ed Snowden coming out every week with a new
set of documents, I don't know
how to end up with that feedback loop in a way that you can tell
whether the surveillance is
working. Okay so how can you help on this side of things? So
run an obfs for bridge, we
mentioned that, be a snowflake, we mentioned that. Please teach
your friends all about TOR there
a lot of mainstream journalism places that want to scare people
about the internet with pictures
of icebergs and discussions of you know 99 other internets out
there and dark webs and so on so
please help us teach the world what TOR actually is how TOR
actually works why privacy is
important on the internet and there's a research community pet
symposium.org the rights a bunch
of interesting research papers, if you want to do grad school on
TOR or you're in grad school and
you want to work on TOR love to chat with you more and speaking
of the donation side we are
running a bug smash fund this August all of the month of
August and the goal is, a lot of
our normal funders only want to fund some shiny new feature and
we actually want to go through
and fix all the bugs and make things stable and actually make
it reliable and work the way
that everybody expected it to and funders don't really want to
fund that sort of thing so we
love to have your help getting the word out about us about the
bug smash fund, And then we have
an awesome new onion badge that a great volunteer made we also
have a booth for the first time
ever in the vendor area so if you want to see the onion badges
I believe that $40 I think is
what they said for getting one of these cool and i'll turn on
the the blinky lights as it's
going, happy to show you this more later and then, again we
mention the booth for the first
time ever were in the vendor area I hear there's a mob right
there right now and i'm going to
answer a few questions in the back with my bright green shirt
and then i'm gonna lead the mob
over the vendor area and i'm in a be hanging out there for the
rest of the day in my bright
green shirt answering your TOR questions Thank you!
After watching this video I wanted to donate and they actually accept Bitcoin through btcpayserver, but only BTC onchain or LN. I've already reached out to them... https://twitter.com/janowitz/status/1204594044837466112
In general their ideals match up with Monero's very much in my opinion. Like Monero's intention is every single transaction to look the same like any other one, they have the same problem on the traffic side to look like any other connection and leave no fingerprints.