Re: [tor-talk] Tor in the media
i think roger dingledine presented some short timeline evidence awhile back in a video i saw but this is from memory. a US university and the DoJ usa tallied tor traffic on their relay and only found something like 3% "unwanted" traffic. that could have included things like copyrighted music sharing. the study wasn't continued for some reason. maybe someone who can correctly recall the event or study can fill in some blanks and verify but ... only 3% "unwanted" traffic. that's easy to take IMO. On Oct 2, 2014, at 7:43 PM, Mirimir wrote: > On 10/02/2014 04:35 PM, z9wahqvh wrote: >> On Thu, Oct 2, 2014 at 4:24 PM, Mirimir wrote: >> >>> On 10/02/2014 01:24 PM, z9wahqvh wrote: >>> >>> >>> Even if (for argument's sake) 99% of Tor users/uses were unqualifiedly >>> evil, that would say nothing about Tor. At most, it would speak to its >>> relatively slow uptake overall, and perhaps to the prevalence of evil in >>> the world. An anonymity system with a backdoor for outing evil (however >>> defined) would be unworkable, and would soon die. >>> >>> >> I don't know how to parse "say" in this paragraph. It certainly seems to >> "say" something about the role of unsurveillable absolute anonymous >> communications systems and who is going to be attracted to them and why. > > If everyone used "unsurveillable absolute anonymous communications > systems", the prevalence of evil on them would be the same as the > overall prevalence of evil. Right? Those who play on the supposed > association of Tor with evil are not friends of freedom. > >> It also would seem to raise serious questions about whether such efforts >> should be supported > > If you choose to support Tor, then do. If you don't, then don't. Others > can make their own choices, based on their principles and values. > >> --and, to raise questions raised in other threads here, whether ISPs and >> other service providers and websites should let Tor relays through. > > There are more-effective solutions that don't hurt the innocent. > >> Note that if you are correct, you are painting an extremely dark picture >> of our political future, in which constitutional governance and rule of >> law become, strictly speaking, impossible. You may think that this will >> decrease the amount of evil in the world. My reading of world history >> suggests otherwise. > > It should be obvious that I'm no statist. But discussions of politics > are off-topic on this list. So I'll not address the rest of your post. > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
On 10/02/2014 04:35 PM, z9wahqvh wrote: > On Thu, Oct 2, 2014 at 4:24 PM, Mirimir wrote: > >> On 10/02/2014 01:24 PM, z9wahqvh wrote: >> >> >> Even if (for argument's sake) 99% of Tor users/uses were unqualifiedly >> evil, that would say nothing about Tor. At most, it would speak to its >> relatively slow uptake overall, and perhaps to the prevalence of evil in >> the world. An anonymity system with a backdoor for outing evil (however >> defined) would be unworkable, and would soon die. >> >> > I don't know how to parse "say" in this paragraph. It certainly seems to > "say" something about the role of unsurveillable absolute anonymous > communications systems and who is going to be attracted to them and why. If everyone used "unsurveillable absolute anonymous communications systems", the prevalence of evil on them would be the same as the overall prevalence of evil. Right? Those who play on the supposed association of Tor with evil are not friends of freedom. > It also would seem to raise serious questions about whether such efforts > should be supported If you choose to support Tor, then do. If you don't, then don't. Others can make their own choices, based on their principles and values. > --and, to raise questions raised in other threads here, whether ISPs and > other service providers and websites should let Tor relays through. There are more-effective solutions that don't hurt the innocent. > Note that if you are correct, you are painting an extremely dark picture > of our political future, in which constitutional governance and rule of > law become, strictly speaking, impossible. You may think that this will > decrease the amount of evil in the world. My reading of world history > suggests otherwise. It should be obvious that I'm no statist. But discussions of politics are off-topic on this list. So I'll not address the rest of your post. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
Torizens, this is a concern troll: https://en.wikipedia.org/wiki/Troll_% 28Internet%29#Concern_troll They have repeatedly said they "support Tor" and "want to be wrong, but..." and then spread poison. List administrators, you have dedicated significant resources towards stopping censorship, and I understand that you don't want to use the banhammer lightly, but any unkempt garden inevitably becomes a bed of weeds, and this is something you need to kill NOW. Even if you hold the view that this person is not intending to disrupt this list (which I don't think you have -- you're all intelligent people and I think you can see where this is going), it should be obvious that this line of conversation (i.e., "is anonymity only for criminals/the wantonly evil") is not appropriate for this list. List members, please don't respond to concern trolls. They're easy to spot: if someone says "I would LIKE to believe the positive case for Tor... But Tor is totally evil in practice," or in general, says "I agree with you, BUT I disagree with you and you are enabling evil," they are a concern troll. Just look for the abrupt about-face. Ignore the veneer of congeniality. It's a lie. On Thu, 2014-10-02 at 18:35 -0400, z9wahqvh wrote: > On Thu, Oct 2, 2014 at 4:24 PM, Mirimir wrote: > > > On 10/02/2014 01:24 PM, z9wahqvh wrote: > > > > > > Even if (for argument's sake) 99% of Tor users/uses were unqualifiedly > > evil, that would say nothing about Tor. At most, it would speak to its > > relatively slow uptake overall, and perhaps to the prevalence of evil in > > the world. An anonymity system with a backdoor for outing evil (however > > defined) would be unworkable, and would soon die. > > > > > I don't know how to parse "say" in this paragraph. It certainly seems to > "say" something about the role of unsurveillable absolute anonymous > communications systems and who is going to be attracted to them and why. It > also would seem to raise serious questions about whether such efforts > should be supported--and, to raise questions raised in other threads here, > whether ISPs and other service providers and websites should let Tor relays > through. > > Note that if you are correct, you are painting an extremely dark picture of > our political future, in which constitutional governance and rule of law > become, strictly speaking, impossible. You may think that this will > decrease the amount of evil in the world. My reading of world history > suggests otherwise. > > I'm not at all clear why anyone would want to trying to help such an effort > along, unless one has a very apocalyptic view of the future. > > Much more apocalyptic than the one in which our extremely flawed political > system continues to be able to operate, and possibly be revised in favor of > better ones. In a world of unsurveillable communications, rule of law and > constitutional governance are over. -- Sent from Ubuntu signature.asc Description: This is a digitally signed message part -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
On Thu, Oct 2, 2014 at 4:24 PM, Mirimir wrote: > On 10/02/2014 01:24 PM, z9wahqvh wrote: > > > Even if (for argument's sake) 99% of Tor users/uses were unqualifiedly > evil, that would say nothing about Tor. At most, it would speak to its > relatively slow uptake overall, and perhaps to the prevalence of evil in > the world. An anonymity system with a backdoor for outing evil (however > defined) would be unworkable, and would soon die. > > I don't know how to parse "say" in this paragraph. It certainly seems to "say" something about the role of unsurveillable absolute anonymous communications systems and who is going to be attracted to them and why. It also would seem to raise serious questions about whether such efforts should be supported--and, to raise questions raised in other threads here, whether ISPs and other service providers and websites should let Tor relays through. Note that if you are correct, you are painting an extremely dark picture of our political future, in which constitutional governance and rule of law become, strictly speaking, impossible. You may think that this will decrease the amount of evil in the world. My reading of world history suggests otherwise. I'm not at all clear why anyone would want to trying to help such an effort along, unless one has a very apocalyptic view of the future. Much more apocalyptic than the one in which our extremely flawed political system continues to be able to operate, and possibly be revised in favor of better ones. In a world of unsurveillable communications, rule of law and constitutional governance are over. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Edward Snowden (was: Tor in the media)
Derric thanks.. mr s loses out again i guess Greg Curcio On Thu, Oct 2, 2014 at 11:33 AM, Derric Atzrott < datzr...@alizeepathology.com> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > hey guys how can i communicate with mr S on here to discuss a possible > > movie deal in the coming years > > Greg, > > Sorry for not returning your email last night. I am doubtful anyone > on this list knows how to get in touch with Mr. Snowden. We all use > Tor, but not everyone who uses Tor knows everyone else who does. > > Thank you, > Derric Atzrott > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2 (MingW32) > > iD8DBQFULZpaRHoDdZBwKDgRAmZXAKCcBH3YfAHSn7VsqRXAED+aIFzz2QCeJS1I > ekosdf9so2o1SZiJbS6znFQ= > =Vd0D > -END PGP SIGNATURE- > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wikimedia and Tor
On Thu, Oct 02, 2014 at 01:15:32PM -0600, Mirimir wrote: > What's needed, I think, is challenge-based (as opposed to > reputation-based) proof-of-work that's very difficult to cheat. That > sounds like Bitcoin, doesn't it? Yes, but a bit more like Hashcash given the usecase: http://www.hashcash.org/ signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wikimedia and Tor
On 10/02/2014 01:15 PM, Mirimir wrote: > On 10/02/2014 06:52 AM, Derric Atzrott wrote: > > > >> I liked the GPG idea, and brought it back to Wikitech-l. I'll let >> you guys know if anyone there finds a way to completely break it. > > I've asked about this on gnupg-users, and have been disabused of the > notion. I get that it's too hard to distinguish between weak keys that > are easy to generate, and strong keys that are hard to generate. > > What's needed, I think, is challenge-based (as opposed to > reputation-based) proof-of-work that's very difficult to cheat. That > sounds like Bitcoin, doesn't it? Actually, it's more like this SE question.[0] Except that the puzzle should be at least 10^6 fold more difficult. Given my ignorance, I'll leave it at that. [0] http://crypto.stackexchange.com/questions/2226/what-challenge-should-i-use-in-a-challenge-response-proof-of-work -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
On 10/02/2014 01:24 PM, z9wahqvh wrote: > that's a funny dismissive response, but I think it is a very serious > question, and that it is taken seriously is reflected in no place more > strongly than when people on this list suggest that they know Tor is mostly > used for "good" purposes and that that is (implicitly or explicitly) why > they use or promote it. It is also suggested by the dismissive accounts on > the Tor websites about bad users, many of which I find offensive. > > Look at the documents in the Ulbricht case. They are some of the clearest > evidence we have (I mean about what was going on on SR, not what Ulbricht > himself was doing). They paint a disturbing picture. Even if (for argument's sake) 99% of Tor users/uses were unqualifiedly evil, that would say nothing about Tor. At most, it would speak to its relatively slow uptake overall, and perhaps to the prevalence of evil in the world. An anonymity system with a backdoor for outing evil (however defined) would be unworkable, and would soon die. > On Thu, Oct 2, 2014 at 2:23 PM, Andrew Lewman wrote: > >> On 2014-10-02 14:15, z9wahqvh wrote: >> >>> as I've asked before, I would appreciate any metrics, stats, or other data >>> that can back up claims of this sort, as well as means by which reporters >>> and researchers can assess them. >>> >> >> Luckily, we have DARPA working to find out these metrics and stats, see >> http://www.darpa.mil/Our_Work/I2O/Programs/Memex.aspx >> >> -- >> Andrew >> https://www.torproject.org/ >> +1-781-948-1982 >> pgp 0x6B4D6475 >> -- >> tor-talk mailing list - tor-talk@lists.torproject.org >> To unsubscribe or change other settings go to >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How does Tor help abuse victims?
On Thu, Oct 2, 2014 at 10:56 AM, Andrew Lewman wrote: > On 2014-10-01 13:20, Sebastian G. wrote: > >> I appear to lack imagination on how Tor helps abuse victims. Since some >> of you are involved with some organizations working in that field, I >> hope you give some insight. >> >> Personally I see no benefit in using Tor from the point of view of an >> abuse victim. Beside the properties why anyone could use Tor. >> > > Tor is a tool in a toolbox full of options. It alone isn't going to solve > all the problems experienced by a victim. Tor Browser, Tails, and Whonix do > provide relief from the constant surveillance experienced by victims. this would seem to apply only to abusers who themselves are fairly technically adept. > They are tools which give back to a victim a small slice of control over > their lives. It helps them feel safe for a period of time, when otherwise > there are only risks, dangers, and threats. > > When working with victims of abuse, the understanding and demystifying of > technology is a big help. Helping someone understand how they are being > controlled through technology is a huge confidence builder. Helping the > person understand how their abuser is using technology makes the other seem > far less omnipotent and powerful. > none of this is Tor- or even "deep web"-specific. > > Abuse is about power and control. Anything which can return some power and > control to the victim does help in immeasurable ways. > > After the victim feels safe, then we can talk about ways to safely > communicate with others, not Tor-specific. such through OTR-enabled chat, Tor Browser to visit survivor forums safely, > and other means of safely using the Internet. > this presumes, as in #1, that their abuser is technically sophisticated. I don't doubt for a second that there are such abusers. But I also suspect they are few in number. Almost all resources for domestic abuse, and many resources for issues like transgender people and others, recommend and/or offer anonymity. My understanding is that Tor is primarily designed to make surveillance by third parties, especially institutions and states, difficult or even impossible. That is different from ordinary anonymity that most users do not have the expertise or willingness to pierce. I accept that Tor has a very positive use-case in "oppressive" regimes that block or track certain kinds of internet traffic--though I put "oppressive' in quotation marks because I think that is a highly subjective judgment that is much more difficult than the word makes it sound. I find the argument that there is a significant positive use-case for Tor in circumstances of domestic abuse--as opposed to much of what you offer here, education about technology and anonymity in general--much less clear than I'd like, and the answers so far haven't helped a lot. As someone pointed out above, the "bad" use case for abusers to avoid law enforcement--which is much closer to Tor's functional "purpose"--is quite concerning. Believe it or not, I have nothing to do with law enforcement or the government (or any contractor, etc.; a third-party non-profit non-think tank research project) and I would LIKE To believe the positive case for Tor--that's why I keep asking about it. But in my own research I keep finding lots of both data and arguments that support the "Bad" case, and the "good" cases keep seeming anecdotal, theoretical, or incidental to Tor's core functionality. The people I work with are writing about Tor, and so far, the negatives keep far outweighing the positives, meaning that the ultimate analysis is likely to draw negative conclusions. . > > > -- > Andrew > https://www.torproject.org/ > +1-781-948-1982 > pgp 0x6B4D6475 > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
that's a funny dismissive response, but I think it is a very serious question, and that it is taken seriously is reflected in no place more strongly than when people on this list suggest that they know Tor is mostly used for "good" purposes and that that is (implicitly or explicitly) why they use or promote it. It is also suggested by the dismissive accounts on the Tor websites about bad users, many of which I find offensive. Look at the documents in the Ulbricht case. They are some of the clearest evidence we have (I mean about what was going on on SR, not what Ulbricht himself was doing). They paint a disturbing picture. On Thu, Oct 2, 2014 at 2:23 PM, Andrew Lewman wrote: > On 2014-10-02 14:15, z9wahqvh wrote: > >> as I've asked before, I would appreciate any metrics, stats, or other data >> that can back up claims of this sort, as well as means by which reporters >> and researchers can assess them. >> > > Luckily, we have DARPA working to find out these metrics and stats, see > http://www.darpa.mil/Our_Work/I2O/Programs/Memex.aspx > > -- > Andrew > https://www.torproject.org/ > +1-781-948-1982 > pgp 0x6B4D6475 > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wikimedia and Tor
On 10/02/2014 06:52 AM, Derric Atzrott wrote: > I liked the GPG idea, and brought it back to Wikitech-l. I'll let > you guys know if anyone there finds a way to completely break it. I've asked about this on gnupg-users, and have been disabused of the notion. I get that it's too hard to distinguish between weak keys that are easy to generate, and strong keys that are hard to generate. What's needed, I think, is challenge-based (as opposed to reputation-based) proof-of-work that's very difficult to cheat. That sounds like Bitcoin, doesn't it? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Edward Snowden (was: Tor in the media)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > hey guys how can i communicate with mr S on here to discuss a possible > movie deal in the coming years Greg, Sorry for not returning your email last night. I am doubtful anyone on this list knows how to get in touch with Mr. Snowden. We all use Tor, but not everyone who uses Tor knows everyone else who does. Thank you, Derric Atzrott -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iD8DBQFULZpaRHoDdZBwKDgRAmZXAKCcBH3YfAHSn7VsqRXAED+aIFzz2QCeJS1I ekosdf9so2o1SZiJbS6znFQ= =Vd0D -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
hey guys how can i communicate with mr S on here to discuss a possible movie deal in the coming years Greg Curcio On Thu, Oct 2, 2014 at 11:23 AM, Andrew Lewman wrote: > On 2014-10-02 14:15, z9wahqvh wrote: > >> as I've asked before, I would appreciate any metrics, stats, or other data >> that can back up claims of this sort, as well as means by which reporters >> and researchers can assess them. >> > > Luckily, we have DARPA working to find out these metrics and stats, see > http://www.darpa.mil/Our_Work/I2O/Programs/Memex.aspx > > -- > Andrew > https://www.torproject.org/ > +1-781-948-1982 > pgp 0x6B4D6475 > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
On 2014-10-02 14:15, z9wahqvh wrote: as I've asked before, I would appreciate any metrics, stats, or other data that can back up claims of this sort, as well as means by which reporters and researchers can assess them. Luckily, we have DARPA working to find out these metrics and stats, see http://www.darpa.mil/Our_Work/I2O/Programs/Memex.aspx -- Andrew https://www.torproject.org/ +1-781-948-1982 pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
On 2014-10-01 17:40, Patrick wrote: Hi everyone, Over the past few weeks, I've talked with a number of Tor people about how the project is portrayed in the media. As a reporter on this beat, the many legitimate criticisms the community have had strike pretty close to home for me. I don't think I need to tell this list why Tor's portrayal in the media is important, now more than ever. So, with the blessing and encouragement of a couple of official Tor people, I've got a question to ask of tor-talk (secure contact info follows at the bottom of the message): -- What untold but important stories about Tor are you willing to share? Hello Patrick, Thanks for joining the list and starting a conversation. And thanks for caring how Tor is portrayed in the media, and trying to do something about it. The first four places I send reporters asking about hidden services are: 1. DuckDuckGo 2. PubLeaks and StrongBox 3. Wildleaks, https://wildleaks.org/ 4. The Hermes Center for Transparency and Digital Human Rights, http://logioshermes.org/ There are others out there, but the organizations don't want any publicity at all. -- Andrew https://www.torproject.org/ +1-781-948-1982 pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
as I've asked before, I would appreciate any metrics, stats, or other data that can back up claims of this sort, as well as means by which reporters and researchers can assess them. I am thinking traffic in volume, not number of applications (not numbers of newspapers, number of drug-based sites, etc, but how many people are doing it and how much money and how many transactions flow through them). Based on what I've seen on the Silk Road and other sites, documents in the Ross Ulbricht prosecution, and my own research into the size and reach of the global drug trade, I think that Tor is now a primary conduit for world drug cartels, who practice murder, violence, and even human trafficking at an almost unfathomable level. I understand that the Tor community (and Tor's own websites) dismisses this as incidental or inevitable, but I see many reasons to question this, in part due to mistaken perceptions of the drug trade as "victimless crime" and lack of awareness of how drug cartels and organized crime operate. On Thu, Oct 2, 2014 at 9:32 AM, Griffin Boyce wrote: > People buy drugs online (which is incredibly stupid for several reasons), > but that is in no way the largest use case for hidden services. Not even > close. > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
Thanks for the suggestions Griffin (and everyone else who has emailed me), I really appreciate it! I'll be taking your advice and reaching out to the people you've mentioned. As to the complaints, since they take up a good chunk of your email: I don't take me or my employer to be exempt from any problems covering Tor. I wouldn't have sent the email if I didn't think I had a lot of room for improvement. Obviously I think it is legitimate to cover people buying drugs and other "salacious" activities. And it's important to report on for more reasons than simply because "it's exciting" but I think we agree that there is a wider scope of activity that has to be talked about. Again, that's why I sent the email. Just to briefly address the Firefox article criticism, since that seems to have been prevalent among Tor people, here's one reason why it wasn't just blind speculation: https://twitter.com/chobopeon/status/516959760244281345. As to needing confirmation of facts: I spoke to Tor, I spoke to Firefox, and neither confirmed nor denied what I asked about. I'm not going to spike a piece based on no-comments, especially when I make it clear that the article is not 100% stone cold fact. There's nothing wrong with informed speculation as long as it's clearly labeled. As far as the many minor errors my articles have, I'm happy to keep having discussions about factual issues in my articles. My work is far, far from perfect but I'm happy to strive to get better. That's another conversation but I'm happy to have it here if you want to keep chatting. Suffice to say, I think my work is more than defensible. And finally to address the surveillance article: I didn't personally credit Jacob's Wikileaks work for surveillance of Tor people, I quoted someone who did. I also really take issue with the characterization that anyone was actively blaming Jacob or Wikileaks for the surveillance. I certainly wasn't and I really don't think Andrew, who I quoted, was doing that either. It's related, and that's why it's included and expanded upon, but no one is sitting here wagging their finger at anyone else. It wasn't my intention to "fight" you or "blame" Jacob and it's almost a little surprising that it was interpreted that way. Almost. But then being misinterpreted is part of the paycheck and it's my job to do better next time and make sure people understand what I mean to say. On Thu, Oct 2, 2014 at 9:32 AM, Griffin Boyce wrote: > Hey Patrick, > > Most newspapers have a taste for the salacious, and the DailyDot is not > exempt from that criticism. People buy drugs online (which is incredibly > stupid for several reasons), but that is in no way the largest use case for > hidden services. Not even close. It sells papers (and their digital > equivalent) because it's exciting, but as you point out there are plenty of > exciting and mundane parts of this community worth writing about. The trick > is finding them. > > The people behind PubLeaks have set up 42+ hidden services for newspapers > and journalism organizations in the Netherlands. Start there. > > Then talk to SecureDrop. Talk to TorServers. Go through the public list of > core Tor contributors and read about what they're working on. Reach out to > domestic violence organizations and see how they are helping people stay > safe. Find out the conferences that we present at, then see what related > topics are presented. Read papers from this year's USENIX & FOCI. Go to > 31c3 in December and the Circumvention Tech Festival in March. High five > some people. > > Approaching the community as a whole is a good idea, but you've got to > approach existing organizations that either do outreach or have run > successful projects in circumvention. It's not always obvious who those > people are, but small steps will get you there. > > And now for some complaints: I've seen some steep assumptions in your > articles. Your Firefox piece in particular needed, you know, confirmation > of facts. It seemed entirely speculative. There have been other, more minor > errors that should have been caught. Judicious fact-checking absolves many > sins. > > I also don't think it was fair to imply that one specific person was the > cause of (eg) targeted surveillance. In my case, it's *definitely* not the > cause. While Jake and I have a habit of disagreeing*, at the end if the > day, the fault must rest with the oppressor not the oppressed. The fact > that we are colleagues and have both had issues at various times *is* > related -- but only because we work in a space that is being unfairly > targeted! > > We all spend too much time fighting each other when we should be fighting > for our freedom. Ugh, humans. > > ~Griffin > > > * about effective activism, about the relative fluffiness of cats, about > whether orange looks good on anyone, about the sky, about whether we've > eclipsed Foucault's vision of the control society and moved into an > undefined panoptic society, about browser-based cry
Re: [tor-talk] Tor in the media
Hey Patrick, Most newspapers have a taste for the salacious, and the DailyDot is not exempt from that criticism. People buy drugs online (which is incredibly stupid for several reasons), but that is in no way the largest use case for hidden services. Not even close. It sells papers (and their digital equivalent) because it's exciting, but as you point out there are plenty of exciting and mundane parts of this community worth writing about. The trick is finding them. The people behind PubLeaks have set up 42+ hidden services for newspapers and journalism organizations in the Netherlands. Start there. Then talk to SecureDrop. Talk to TorServers. Go through the public list of core Tor contributors and read about what they're working on. Reach out to domestic violence organizations and see how they are helping people stay safe. Find out the conferences that we present at, then see what related topics are presented. Read papers from this year's USENIX & FOCI. Go to 31c3 in December and the Circumvention Tech Festival in March. High five some people. Approaching the community as a whole is a good idea, but you've got to approach existing organizations that either do outreach or have run successful projects in circumvention. It's not always obvious who those people are, but small steps will get you there. And now for some complaints: I've seen some steep assumptions in your articles. Your Firefox piece in particular needed, you know, confirmation of facts. It seemed entirely speculative. There have been other, more minor errors that should have been caught. Judicious fact-checking absolves many sins. I also don't think it was fair to imply that one specific person was the cause of (eg) targeted surveillance. In my case, it's *definitely* not the cause. While Jake and I have a habit of disagreeing*, at the end if the day, the fault must rest with the oppressor not the oppressed. The fact that we are colleagues and have both had issues at various times *is* related -- but only because we work in a space that is being unfairly targeted! We all spend too much time fighting each other when we should be fighting for our freedom. Ugh, humans. ~Griffin * about effective activism, about the relative fluffiness of cats, about whether orange looks good on anyone, about the sky, about whether we've eclipsed Foucault's vision of the control society and moved into an undefined panoptic society, about browser-based cryptography (it's fine, dammit), about closed-source cryptophone vs open-source diy setups. Frankly, we can fight about insufficiently toasted bread if the timing's right and we're both in a bad mood, let's be honest. On October 1, 2014 5:40:17 PM EDT, Patrick wrote: >Hi everyone, > >Over the past few weeks, I've talked with a number of Tor people about >how >the project is portrayed in the media. As a reporter on this beat, the >many >legitimate criticisms the community have had strike pretty close to >home >for me. I don't think I need to tell this list why Tor's portrayal in >the >media is important, now more than ever. So, with the blessing and >encouragement of a couple of official Tor people, I've got a question >to >ask of tor-talk (secure contact info follows at the bottom of the >message): > >-- What untold but important stories about Tor are you willing to >share? > >When writing about Tor, it's relatively easy to write about, for >instance, >popular hidden services (and I've admittedly done it plenty). The drug >markets that advertise themselves and run a business are often more >than >willing to talk to reporters. They're even proactive about it. > >It's much tougher for a reporter to nail down important Tor stories >about, >as another example, domestic abuse victims using the software or >political >activists protecting their lives with it. That makes perfect sense, >those >people rely on anonymity in a much different way than enterprising drug >dealers, but this reality makes it trickier for reporters to tell the >full >story when it comes to Tor. The trick, then, is to be proactive as >well. > >I recently took a swing at writing precisely the kind of article I'm >talking about--an untold but important story about how Tor is used in >the >wild--here: >http://kernelmag.dailydot.com/issue-sections/features-issue-sections/10393/tor-transgender-military-service/ >... I was inspired in large part by articles like this: >http://betaboston.com/news/2014/05/07/as-domestic-abuse-goes-digital-shelters-turn-to-counter-surveillance-with-tor/. >The BetaBoston article is very good, obviously, but it's a too-rare >breed. > >I'd like to hear from anyone who might be willing to talk about (on the >record or off) untold but important Tor stories that can shed light on >the >way the software serves its users. By design, I'll never get the full >picture, but we can surely do more than surface scratching. > >If you have a story to tell, if you know someone who might, if you can
Re: [tor-talk] Wikimedia and Tor
On 10/02/2014 08:07 AM, Derric Atzrott wrote: >>> I liked the GPG idea, and brought it back to Wikitech-l. I'll let >>> you guys know if anyone there finds a way to completely break it. > >> There's another possibility that's probably easier to implement and >> test, but isn't so broadly useful as a hard-to-generate GnuPG key. In >> creating a hidden service, the Tor client generates an RSA private_key >> and uses the first 80 bytes of the key's SHA1 hash as the hostname. >> Vanity hostnames being popular, there are published methods.[0] > > I'm not entirely sure what you are suggesting? Are you suggesting > we leverage specify some portion of a SHA1 hash and require that > the Tor clients trying to edit Wikipedia create a hidden service key > that ends up matching that? I'm suggesting that you require new accounts to generate a functional GnuPG key (with normal key length etc) with a fingerprint (hash) that begins with a random string supplied by Wikimedia. Although there are shortcuts for creating keys with arbitrary fingerprints, they produce keys with atypical key lengths etc. In order to produce a "normal" key with the specified fingerprint substring, it would be necessary to randomly generate numerous keys and select for the desired fingerprint. Having accomplished that, the new user could edit the metadata to match their account name and email address. It just so happens, given the popularity of vanity Tor hidden-service names, that there are apps that generate and select private keys in that way. It's merely an example of the approach, which demonstrates its feasibility. I suspect that creating a version for GnuPG keys would require trivial modifications. I'll ask about this on gnupg-users and report. > Or are you suggesting that we do something involving requiring editors > using Tor to create a hidden service with a certain hostname (are those > hostnames called descriptors, I think they are, but I'm not 100% sure)? No, I'm not suggesting anything about hidden services per se. > Or something else entirely. > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How does Tor help abuse victims?
On Thu, 2014-10-02 at 10:56 -0400, Andrew Lewman wrote: > On 2014-10-01 13:20, Sebastian G. wrote: > > I appear to lack imagination on how Tor helps abuse victims. Since some > > of you are involved with some organizations working in that field, I > > hope you give some insight. > > > > Personally I see no benefit in using Tor from the point of view of an > > abuse victim. Beside the properties why anyone could use Tor. > > Tor is a tool in a toolbox full of options. It alone isn't going to > solve all the problems experienced by a victim. Tor Browser, Tails, and > Whonix do provide relief from the constant surveillance experienced by > victims. They are tools which give back to a victim a small slice of > control over their lives. It helps them feel safe for a period of time, > when otherwise there are only risks, dangers, and threats. > > When working with victims of abuse, the understanding and demystifying > of technology is a big help. Helping someone understand how they are > being controlled through technology is a huge confidence builder. > Helping the person understand how their abuser is using technology makes > the other seem far less omnipotent and powerful. Could you elaborate more on this specifically? What are some ways that abusers use technology to commit abuse? I notice that this is a pretty unique threat model, and I wonder if there are ways that it can be targeted more specifically, by a tool in the tor toolbox or anything else, social or technical. Feel free to reply off-list, since obviously this discussion is a little off-topic and will almost certainly be triggering. -- Sent from Ubuntu signature.asc Description: This is a digitally signed message part -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How does Tor help abuse victims?
On 2014-10-01 13:20, Sebastian G. wrote: I appear to lack imagination on how Tor helps abuse victims. Since some of you are involved with some organizations working in that field, I hope you give some insight. Personally I see no benefit in using Tor from the point of view of an abuse victim. Beside the properties why anyone could use Tor. Tor is a tool in a toolbox full of options. It alone isn't going to solve all the problems experienced by a victim. Tor Browser, Tails, and Whonix do provide relief from the constant surveillance experienced by victims. They are tools which give back to a victim a small slice of control over their lives. It helps them feel safe for a period of time, when otherwise there are only risks, dangers, and threats. When working with victims of abuse, the understanding and demystifying of technology is a big help. Helping someone understand how they are being controlled through technology is a huge confidence builder. Helping the person understand how their abuser is using technology makes the other seem far less omnipotent and powerful. Abuse is about power and control. Anything which can return some power and control to the victim does help in immeasurable ways. After the victim feels safe, then we can talk about ways to safely communicate with others, such through OTR-enabled chat, Tor Browser to visit survivor forums safely, and other means of safely using the Internet. -- Andrew https://www.torproject.org/ +1-781-948-1982 pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wikimedia and Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> I liked the GPG idea, and brought it back to Wikitech-l. I'll let >> you guys know if anyone there finds a way to completely break it. > > There's another possibility that's probably easier to implement and > test, but isn't so broadly useful as a hard-to-generate GnuPG key. In > creating a hidden service, the Tor client generates an RSA private_key > and uses the first 80 bytes of the key's SHA1 hash as the hostname. > Vanity hostnames being popular, there are published methods.[0] I'm not entirely sure what you are suggesting? Are you suggesting we leverage specify some portion of a SHA1 hash and require that the Tor clients trying to edit Wikipedia create a hidden service key that ends up matching that? Or are you suggesting that we do something involving requiring editors using Tor to create a hidden service with a certain hostname (are those hostnames called descriptors, I think they are, but I'm not 100% sure)? Or something else entirely. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iD8DBQFULVwtRHoDdZBwKDgRAgq9AJ9Nn18aeRxWkGe9m91AOmB86FAkJQCfZauN d93BMkJBRc4tTijQFsgXdi8= =5XZP -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wikimedia and Tor
On 10/02/2014 06:52 AM, Derric Atzrott wrote: > I liked the GPG idea, and brought it back to Wikitech-l. I'll let > you guys know if anyone there finds a way to completely break it. There's another possibility that's probably easier to implement and test, but isn't so broadly useful as a hard-to-generate GnuPG key. In creating a hidden service, the Tor client generates an RSA private_key and uses the first 80 bytes of the key's SHA1 hash as the hostname. Vanity hostnames being popular, there are published methods.[0] [0] http://security.stackexchange.com/questions/29772/how-do-you-get-a-specific-onion-address-for-your-hidden-service -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wikimedia and Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Thanks for joining the list and starting the conversation. Are there > data sets or statistics which quantify tor usage at wikimedia? It might > help to frame the discussion if we know the scale of the tor usage or > the problem we're trying to address. Sure, its a problem I care a lot about. As far as a I know there are not usage statistics about Tor usage at Wikimedia. I really wish there were. I've brought up the idea of a limited trial period where Tor is unblocked for a short time (say a few weeks to a month) in order to collect such data. I brought up the idea in the technical mailing list, which is the wrong venue, just to gather some feedback on it. Once I have my proposal better formulated I may send it to the community at large. Sadly these trial period proposals have a rocky history at Wikimedia, and even if I can make a strong argument and lots of assurances that it will go away at the end of the trial, I may still not get approval. > How does wikimedia handle other proxy and VPN users for logins and > edits? Would these solutions work for tor users as well? I imagine the > vast majority of tor users are just simply trying to get around Internet > censorship of some kind; like that at a national level, public schools, > restrictive businesses, or free cafe wifi, etc. Currently they are all hard-blocked as well. They are handled the exact same way that Tor is currently. I'm hoping that any solution that can be applied to Tor can be applied to them as well. In very limitted circumstances IP Block Exemptions may be given to highly trusted editors who have no choice but to edit where they are censored. For example an IP Block Exemption might be given to an editor of two years who begins attending a new University where Wikipedia is blocked for some reason. IP Block Exemptions are also automatically granted to any administrator. The reason I've been told, why IPBEs are so difficult to acquire, is past problems with abuse of them. Two things not quite related to your question, but related to the thread as a whole. I've reached out to Lane Rasberry to see if he'd be willing to help out with this again, and I'll be spending some time to read over the text that Lane had found and posted back in February. It looks like this has also been discussed on Meta (Wikimedia's wiki for discussing Wikimedia wikis) several times. Thank you, Derric Atzrott -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iD8DBQFULVBLRHoDdZBwKDgRAmKSAJ9Ng/mYep6d2f0+k/bGPXW45qb8igCfTH0q rvBc9YPhUCgU5ZrTryDXMqc= =zfCA -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wikimedia and Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > With Tor soft-blocked, this problem goes away. What am I missing? I'm not sure if you are saying "Tor is soft-blocked, so what is the problem?" or "If we soft-blocked Tor there would be no problem." So I'm going to attempt to address both. ==Tor is soft-blocked== Tor is not currently soft-blocked. It is hard-blocked along with all other anonymising services that we have been able to find. This means that if you want to edit any Wikimedia project and you want to use Tor to do it you need: * An already existing account at Wikimedia * Be either an Admin or have been given an IP Block Exemption Getting a Wikimedia account isn't hard, even through Tor. The second item though is prohibitively hard. Becoming an admin takes multiple years for many people, and getting an IPBE has the unofficial requirements of having been around a long time (think months to years), having made significant contributions, and having a demonstrated need. During the time that you are trying to fulfill those requirements you are editing without the use of Tor. This exposes the identity attached to the account and makes it non-anonymous even when you do use Tor, though using Tor would still likely provide some benefit if you needed to hide your location but not your real life identity. The current situation with Tor hard-blocked makes it near impossible to realistically edit Wikimedia projects using Tor without exposing your identity. ==Tor could be soft-blocked== Imagine the following scenario: You get blocked on Wikipedia for being abusive in a discussion. You open up Tor, create a new email address somewhere, email in requesting an account so you can edit via Tor, get the account, go back to making someone's life miserable. You can repeat this as many times as needed until they finally quit the project and you are victorious. Or this scenario: There is a discussion going on about whether or not to include a particular piece of embarassing information in an article about a particular person. There are pretty much good arguments on both sides of the discussion so its going to come down to how many folk support those arguments. The opinion you have is in the minority, but not to worry, you just, over the next two or three days, request a number of account be made and use those accounts to pitch your support for your preferred idea. Both of these would be fairly easy to detect, but they still waste valuable time and energy of folks, and both are easily expanded upon to be more effective. For scenario one: Make some of those accounts ahead of time, make a few good edits with them just to confuse folks later, and then just let them lie dormant until you need them. For scenario two: Make a few accounts slowly and keep them active. Then use them to sway discussions in one way or another. This would be really hard to detect, or at least prove, with Tor. Both of those enhancements already happen, but with Tor they would be signficantly harder to detect and block because of the lack of useful IP address information and the inability to hard-block Tor without hard-blocking all of Tor, which in the end is what was decided to be done to fix the problem. If we can find a way to make it expensive for those sorts of folks to create new accounts, expensive enough to deter all but the most crazy of the puppeteers, while still cheap enough to not deter that guy in Super-Evil-Regime, then I think that there may be some hope of changing the culture that says "Tor leads to nothing but trouble." By soft-blocking Tor instead of hard-blocking Tor, without any additional measures in place, we may be opening the flood gates to all manner of easily conceived abuse. I liked the GPG idea, and brought it back to Wikitech-l. I'll let you guys know if anyone there finds a way to completely break it. Thank you, Derric Atzrott -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) iD8DBQFULUpqRHoDdZBwKDgRAvocAKCtpwPsOyibphrfawcPW2sn1BlItgCaA0mL iXqzJetpG4hIfVuWpcIrWo8= =1uyC -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wikimedia and Tor
On 2014-10-01 09:57, Derric Atzrott wrote: About once a year the topic of Tor comes up on Wikimedia's technical mailing list. I recently raised the topic again. For those who aren't aware of the situation, currently Wikimedia blocks all edits from Tor users. We are trying to find a way that it might be possible for us to lift that block, while not exposing ourselves to the abuse that seems to inevitably come from Tor and other proxy services. Hello Derric, Thanks for joining the list and starting the conversation. Are there data sets or statistics which quantify tor usage at wikimedia? It might help to frame the discussion if we know the scale of the tor usage or the problem we're trying to address. How does wikimedia handle other proxy and VPN users for logins and edits? Would these solutions work for tor users as well? I imagine the vast majority of tor users are just simply trying to get around Internet censorship of some kind; like that at a national level, public schools, restrictive businesses, or free cafe wifi, etc. Thanks. -- Andrew https://www.torproject.org/ +1-781-948-1982 pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
