Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[benjamin barber]

http://webcache.googleusercontent.com/search?q=cache:FV6xe-Qhf_MJ:www.parliament.uk/briefing-papers/post-pn-488.pdf+&cd=2&hl=en&ct=clnk&gl=us


"Collaboration with Tor Project Inc. Tor Project Inc. has supported a large
number of LEAs in the US and Europe by explaining how to use Tor for LEA
operations and how criminals may use it, as well as by developing tools and
documentation that can assist LEA operations. However, they would not be
willing to specifically advise LEAs on ways to exploit limitations in the
Tor software. The Executive Director of Tor Project Inc., Andrew Lewman,
says he would like to intensify collaborations with LEAs and policy makers
in the UK."

On Fri, Apr 17, 2015 at 9:38 AM, Thomas White 
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> So I was reading through the following article:
>
> http://www.forbes.com/sites/thomasbrewster/2015/04/17/darpa-nasa-and-par
> tners-show-off-memex/
>
> And there is some references to DARPA collaborating with some
> developers from Tor Project. I'd like to ask the developers of Tor to
> clarify what this involvement entails and why effort is being put
> towards a LE tool instead of working on hiding Tor users through
> improving anonymity or developing more circumvention based-tech.
>
> Hope I don't come off as a Pando-type, but there is always going to be
> a concern where Tor is involved with LE and it isn't out in the open
> (to my knowledge) already.
>
> T
>
> - --
> Activist, anarchist and a bit of a dreamer.
> Keybase: https://keybase.io/thomaswhite
>
> PGP Keys: https://www.thecthulhu.com/pgp-keys/
> Current Fingerprint: BA81 407C BD61 CD15 E5D9 ADA9 5FA2 426F F34E 0FD4
> Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0
>
> Twitter: @CthulhuSec
> XMPP: thecthulhu at jabber.ccc.de
> XMPP-OTR: 77E6C8C6 95FDE863 1172A1E1 8C114C01 691398AC
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQIcBAEBAgAGBQJVMTcMAAoJEF+iQm/zTg/UTZ0QAKgrvCoIipU9vrziHS8js5xr
> ZC1MlZDNzKtOtgNYNYmUV4eqynJbL8R7cmSrLlb1x9QVQyMa33xAp2FkDHtzjD/+
> wQlMvmNnQqXdpjLIas3J+pXcQTQPKNct07kaDEJZHjEVW2Xkf4PFjezW4MCjtb0R
> 39Sk8JgU4N9QKM4sg4yztxRxhvmfSYrUclDE104dmuHstV64MSvDPrBLbqMYqNrd
> YeCI7vKsw646D9v+pgEHeOvuyNNV53MGwY0J7sv/F7TYzblhnqf/6MN8YmA8PJwZ
> +zd7Z0JqZ8KjiQAAZ2PVSV16VyhsCnl2Qpd7hu5bTmAf6GS8J1RcOv7ez1Q51e51
> ERzURWLFHTNZPKv9sRAPdiiHbCNU+MdnM/y0h0iPnVR8zHKukrrrnFgEYx6iv3rn
> ZzkSp0enuiC5XewpW5NlkWMoZyH57KaZH2RuIaLniq4FUsMX9x91o/2CawoEQLbd
> j+Vh2sYX0LqRu5sPpjCq6duA5rWc2ik1V7meVcJ+2hNTeal6o/39gx3S3AbPi6dZ
> 18h39RAbity56DpHQq7LxcAX8CQS9SZOOzz2ASSJWpatKiXhWH6eoX/SkiuBUMek
> JBnjhc2SObb5SRg9C0CKvp5ugv8DWiYBMsHPsWae80eYgN6yjR4gOVZKAgOTZHmj
> FxSM94xC9RFBzPWTNwIg
> =MDym
> -END PGP SIGNATURE-
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Lara]

Thomas White:
> And there is some references to DARPA collaborating with some
> developers from Tor Project. I'd like to ask the developers of Tor to
> clarify what this involvement entails and why effort is being put
> towards a LE tool instead of working on hiding Tor users through
> improving anonymity or developing more circumvention based-tech.

Riseup seems to be the new catalyst for this kind of user. Sometimes I
feel so sorry for the people who do need Tor / GnuPG / RiseUp for their
safety.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Thomas White]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm in the UK and I can assure you, teaming up with good intentions
here with them will end with some of the devs in prison once their
favour for you turns. I speak from experience in this. Afaik my
position over the years has been the one of the things which made Tor
Project reach out to the UK government more since I am certainly not
an isolated case, myself and Mr Lewman did discuss this privately
earlier this year.

"However, they would not be willing to specifically advise LEAs on
ways to exploit limitations in the Tor software"

Exploiting does not include creating some private search engine or
methods of harvesting HS addresses. Perhaps because I do not hold good
relations with LE I might be beating a dead horse on this, but I don't
trust them with anything.

T


On 17/04/2015 19:15, benjamin barber wrote:
> http://webcache.googleusercontent.com/search?q=cache:FV6xe-Qhf_MJ:www.
parliament.uk/briefing-papers/post-pn-488.pdf+&cd=2&hl=en&ct=clnk&gl=us
>
> 
> 
> "Collaboration with Tor Project Inc. Tor Project Inc. has supported
> a large number of LEAs in the US and Europe by explaining how to
> use Tor for LEA operations and how criminals may use it, as well as
> by developing tools and documentation that can assist LEA
> operations. However, they would not be willing to specifically
> advise LEAs on ways to exploit limitations in the Tor software. The
> Executive Director of Tor Project Inc., Andrew Lewman, says he
> would like to intensify collaborations with LEAs and policy makers 
> in the UK."
> 
> On Fri, Apr 17, 2015 at 9:38 AM, Thomas White
>  wrote:
> 
> So I was reading through the following article:
> 
> http://www.forbes.com/sites/thomasbrewster/2015/04/17/darpa-nasa-and-p
ar
>
> 
tners-show-off-memex/
> 
> And there is some references to DARPA collaborating with some 
> developers from Tor Project. I'd like to ask the developers of Tor
> to clarify what this involvement entails and why effort is being
> put towards a LE tool instead of working on hiding Tor users
> through improving anonymity or developing more circumvention
> based-tech.
> 
> Hope I don't come off as a Pando-type, but there is always going to
> be a concern where Tor is involved with LE and it isn't out in the
> open (to my knowledge) already.
> 
> T
> 
>> -- tor-talk mailing list - tor-talk@lists.torproject.org To
>> unsubscribe or change other settings go to 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> 

- -- 
Activist, anarchist and a bit of a dreamer.
Keybase: https://keybase.io/thomaswhite

PGP Keys: https://www.thecthulhu.com/pgp-keys/
Current Fingerprint: BA81 407C BD61 CD15 E5D9 ADA9 5FA2 426F F34E 0FD4
Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0

Twitter: @CthulhuSec
XMPP: thecthulhu at jabber.ccc.de
XMPP-OTR: 77E6C8C6 95FDE863 1172A1E1 8C114C01 691398AC
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBAgAGBQJVMWWfAAoJEF+iQm/zTg/UWsIP/29hkNrd+aNdSonJGxyw2YbV
9wqTlBHKwB9AMjvryiQLJjjgg7J4ls7rl4R36ANyRkYIin56T32lO/9koqEYmG+i
4Vb3VvqtK9Pn8SdVJNzQsep2zMgjFRYYhSUis0aaZuLTkqcE4SpzdCjxnF7Pqs4K
AS7xtNooyBn1VzXbEqggNvtMpGydhw8fEUKdzkOBsn7WDj+KTDcb9oJdpsAxCpJy
k1BkmUFCrBw2keBUBgasRMA2gUR6yRKEDBJAMsLTgW9F4BLGdy1thH3A7JAZtJcd
oabp3JA13jLW++EHI8r+dYU7Hbwwu5Mohrgsai8pt4wI9HrYK5hcax1mIWmcSLUi
ckyhiOU8HrbGKJQJZ/1E6ckuiv6wa1D1qC9BWa/MxTABYYLj+tvl/uRjKijgRuU7
KLt4FiV+l79HDFsyDM9QA6N39ncehCioqlXe0015pCA+1rlIBQBRv/Uc1nuueKdm
S6hYjIEZcarDsOTD0Dl5ZI3PMgaJI65TcxdT3xs4S0T8gL79ru6mdiYDTr/5V/55
3jEpRA6y44soWeVX1yi5CMdl5a4BL/0KsBZ+39NfBjDtBRnP4zvMixYMOsS9sDCI
hlDAerOfIXnnfM3iLPSZLQK0V09+0qq1sL0S7OXUvwwxZrzMhzR6OaGM+AB3b3PB
zkxXuLOl1B0FuSkFrkmP
=i9IS
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Juan]

On Fri, 17 Apr 2015 17:38:37 +0100
Thomas White  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> So I was reading through the following article:
> 
> http://www.forbes.com/sites/thomasbrewster/2015/04/17/darpa-nasa-and-par
> tners-show-off-memex/
> 
> And there is some references to DARPA collaborating with some
> developers from Tor Project. I'd like to ask the developers of Tor to
> clarify what this involvement entails and why effort is being put
> towards a LE tool instead of working on hiding Tor users through
> improving anonymity or developing more circumvention based-tech.


tor IS a tool of the 'LE' pieces of shit. 





> 
> Hope I don't come off as a Pando-type, but there is always going to be
> a concern where Tor is involved with LE and it isn't out in the open
> (to my knowledge) already.
> 
> T
> 
> - -- 
> Activist, anarchist and a bit of a dreamer.
> Keybase: https://keybase.io/thomaswhite
> 
> PGP Keys: https://www.thecthulhu.com/pgp-keys/
> Current Fingerprint: BA81 407C BD61 CD15 E5D9 ADA9 5FA2 426F F34E 0FD4
> Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0
> 
> Twitter: @CthulhuSec
> XMPP: thecthulhu at jabber.ccc.de
> XMPP-OTR: 77E6C8C6 95FDE863 1172A1E1 8C114C01 691398AC
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQIcBAEBAgAGBQJVMTcMAAoJEF+iQm/zTg/UTZ0QAKgrvCoIipU9vrziHS8js5xr
> ZC1MlZDNzKtOtgNYNYmUV4eqynJbL8R7cmSrLlb1x9QVQyMa33xAp2FkDHtzjD/+
> wQlMvmNnQqXdpjLIas3J+pXcQTQPKNct07kaDEJZHjEVW2Xkf4PFjezW4MCjtb0R
> 39Sk8JgU4N9QKM4sg4yztxRxhvmfSYrUclDE104dmuHstV64MSvDPrBLbqMYqNrd
> YeCI7vKsw646D9v+pgEHeOvuyNNV53MGwY0J7sv/F7TYzblhnqf/6MN8YmA8PJwZ
> +zd7Z0JqZ8KjiQAAZ2PVSV16VyhsCnl2Qpd7hu5bTmAf6GS8J1RcOv7ez1Q51e51
> ERzURWLFHTNZPKv9sRAPdiiHbCNU+MdnM/y0h0iPnVR8zHKukrrrnFgEYx6iv3rn
> ZzkSp0enuiC5XewpW5NlkWMoZyH57KaZH2RuIaLniq4FUsMX9x91o/2CawoEQLbd
> j+Vh2sYX0LqRu5sPpjCq6duA5rWc2ik1V7meVcJ+2hNTeal6o/39gx3S3AbPi6dZ
> 18h39RAbity56DpHQq7LxcAX8CQS9SZOOzz2ASSJWpatKiXhWH6eoX/SkiuBUMek
> JBnjhc2SObb5SRg9C0CKvp5ugv8DWiYBMsHPsWae80eYgN6yjR4gOVZKAgOTZHmj
> FxSM94xC9RFBzPWTNwIg
> =MDym
> -END PGP SIGNATURE-

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Roger Dingledine]

On Fri, Apr 17, 2015 at 05:38:37PM +0100, Thomas White wrote:
> there is some references to DARPA collaborating with some
> developers from Tor Project. I'd like to ask the developers of Tor to
> clarify what this involvement entails and why effort is being put
> towards a LE tool instead of working on hiding Tor users through
> improving anonymity or developing more circumvention based-tech.

Hi Thomas,

Thanks for asking. I apologize for not explaining these answers
earlier. I'm still trying to find the right balance for my time between
mentoring people in the Tor community vs better broader communication too.

Let me give you some background, and then I'll answer your question.

First of all, yes indeed we've been getting some funding from the
Memex project. This is what has allowed us to pay attention to and move
forward on some of the really cool things we've been working on lately
for hidden services:

* Fixing many performance and consistency problems with hidden services,
e.g.:
https://trac.torproject.org/projects/tor/ticket/11447
https://trac.torproject.org/projects/tor/ticket/13211
https://trac.torproject.org/projects/tor/ticket/13447
https://trac.torproject.org/projects/tor/ticket/13700
https://trac.torproject.org/projects/tor/ticket/14219
https://trac.torproject.org/projects/tor/ticket/14224

* Fleshing out the design and analysis for the "direct onion service"
option that folks like Facebook want:
https://lists.torproject.org/pipermail/tor-dev/2015-April/008625.html
plus discussing other tradeoffs between upcoming design choices:
https://lists.torproject.org/pipermail/tor-dev/2015-April/008597.html

* The work to let Tor controllers configure a hidden service directly
without using the torrc file, which the Globaleaks folks (among others)
are really excited to start using:
https://trac.torproject.org/projects/tor/ticket/6411

* The privacy-preserving statistics that let us conclude numbers like
"3-4% of Tor traffic is hidden service related" and "there are around
3 hidden services today":
https://blog.torproject.org/blog/some-statistics-about-onions

* Assessing, triaging, and putting out new Tor releases to fix
hidden service security (stability) bugs recently:
https://blog.torproject.org/blog/tor-02512-and-0267-are-released

* I hear that Rob Jansen and others have been working on a more realistic
replacement for TorPerf (https://gitweb.torproject.org/torperf.git)
which will let us measure performance to a hidden service over time and
better understand where the bottlenecks are.

* I've also been talking to EFF about kicking off a Tor Onion Challenge
(to follow on from their Tor Relay Challenges), to a) get many people
to make their website or other service accessible as an onion site,
and b) come up with and/or build a novel use of onion services, to go
with the quite cool list that we have already but have done a poor job
of publicizing: Pond, Globaleaks, SecureDrop, Ricochet, OnionShare,
facebook's https onion, etc. You see, I used to be on the "making your
normal website reachable as an onion service is stupid" side of the fence,
but I have since come to realize that I was wrong. You know how, ten
years ago, website operators would say "I don't need to offer https for
my site, because my users " and they'd have some plausible-sounding
excuse? And now they sound selfish and short-sighted if they say that,
because everybody knows it should be the choice of the *user* what
security properties she gets when reaching a service? I now think onion
services are exactly in that boat: today we have plenty of people saying
"I don't need to offer a .onion for my site, because my users _". We
need to turn it around so sites let their *users* decide what security
(encryption, authentication, trust) properties they want to achieve
while interacting with each site.

Our "3-4%" stat has actually been used by some of the other people (at
other groups) who are funded by Memex. They're talking to (among others)
the child porn division of the Department of Justice, and I've taught them
enough about Tor that they've basically turned into Tor advocates on our
behalf. They've found actual numbers to be really useful at countering the
FUD that some government people start out with. One of these people
explained to me last week that they listen to her more than she thinks
they'd listen to me, since she shows up as a neutral party. In any case
I am happy to have more people working on the "teach law enforcement
how Tor actually works" topic, which you can read more about here:
https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-belgian-police
https://blog.torproject.org/blog/trip-report-october-fbi-conference

We do indeed need to be very careful and very thoughtful about what
things in the Tor network are safe to measure. The general heuristic we've
been using so far is: "Is that measurement taking advantage of something
that you could instead fix? If so, it's not ok to measure it." A

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[aka]

"We will help collecting metadata to punish opsec failures of Tor users,
since the data is public anyway. Also if we don't do it, someone else will."

Judging by comments on technews sites, it's highly paradox that
Torproject wants to develop a data retention and indexing service for a
domain which aims to be hidden by the very name.
It's like you would advise against regulating NSA, instead all we should
just encrypt everything. Weren't you Tor guys full SJW and against
victim blaming?

I for one wouldn't trust an anonymization tool, which couldn't protect
child porn users, more than the common $5 hidemycrime VPN service.
Is Tor reasonably safe for a crime not only ostracised by LE but the
entire general public? If so, why even bother licking the LE boot and
trying to stop it?
If not, why should Tor ever be used by whistleblowers?

Will the Torproject sign a NDA while working on Memex? Will this stop
you from publishing problems arising from mass data aggregation, not
directly related to Tor itself? "We noticed LE can use content creation
time, if availbable over a prolonged period, to correlate Tor-Guard
metadata from internet mass surveilance to narrow down suspects for
reasonable search, but we can't talk about it because they really need
to catch those evil predators!", for example.

Roger Dingledine wrote:
> On Fri, Apr 17, 2015 at 05:38:37PM +0100, Thomas White wrote:
>> there is some references to DARPA collaborating with some
>> developers from Tor Project. I'd like to ask the developers of Tor to
>> clarify what this involvement entails and why effort is being put
>> towards a LE tool instead of working on hiding Tor users through
>> improving anonymity or developing more circumvention based-tech.
> 
> Hi Thomas,
> 
> Thanks for asking. I apologize for not explaining these answers
> earlier. I'm still trying to find the right balance for my time between
> mentoring people in the Tor community vs better broader communication too.
> 
> Let me give you some background, and then I'll answer your question.
> 
> First of all, yes indeed we've been getting some funding from the
> Memex project. This is what has allowed us to pay attention to and move
> forward on some of the really cool things we've been working on lately
> for hidden services:
> 
> * Fixing many performance and consistency problems with hidden services,
> e.g.:
> https://trac.torproject.org/projects/tor/ticket/11447
> https://trac.torproject.org/projects/tor/ticket/13211
> https://trac.torproject.org/projects/tor/ticket/13447
> https://trac.torproject.org/projects/tor/ticket/13700
> https://trac.torproject.org/projects/tor/ticket/14219
> https://trac.torproject.org/projects/tor/ticket/14224
> 
> * Fleshing out the design and analysis for the "direct onion service"
> option that folks like Facebook want:
> https://lists.torproject.org/pipermail/tor-dev/2015-April/008625.html
> plus discussing other tradeoffs between upcoming design choices:
> https://lists.torproject.org/pipermail/tor-dev/2015-April/008597.html
> 
> * The work to let Tor controllers configure a hidden service directly
> without using the torrc file, which the Globaleaks folks (among others)
> are really excited to start using:
> https://trac.torproject.org/projects/tor/ticket/6411
> 
> * The privacy-preserving statistics that let us conclude numbers like
> "3-4% of Tor traffic is hidden service related" and "there are around
> 3 hidden services today":
> https://blog.torproject.org/blog/some-statistics-about-onions
> 
> * Assessing, triaging, and putting out new Tor releases to fix
> hidden service security (stability) bugs recently:
> https://blog.torproject.org/blog/tor-02512-and-0267-are-released
> 
> * I hear that Rob Jansen and others have been working on a more realistic
> replacement for TorPerf (https://gitweb.torproject.org/torperf.git)
> which will let us measure performance to a hidden service over time and
> better understand where the bottlenecks are.
> 
> * I've also been talking to EFF about kicking off a Tor Onion Challenge
> (to follow on from their Tor Relay Challenges), to a) get many people
> to make their website or other service accessible as an onion site,
> and b) come up with and/or build a novel use of onion services, to go
> with the quite cool list that we have already but have done a poor job
> of publicizing: Pond, Globaleaks, SecureDrop, Ricochet, OnionShare,
> facebook's https onion, etc. You see, I used to be on the "making your
> normal website reachable as an onion service is stupid" side of the fence,
> but I have since come to realize that I was wrong. You know how, ten
> years ago, website operators would say "I don't need to offer https for
> my site, because my users " and they'd have some plausible-sounding
> excuse? And now they sound selfish and short-sighted if they say that,
> because everybody knows it should be the choice of the *user* what
> security properties she gets when reaching a service? I now think onion
> 

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[benjamin barber]

It has been said time and time again, that tor is not robust enough to
protect you from state actors, who ultimately control the underlying
network. The tor project has answered criticisms of collaboration and
security, with the doxxing and harassment campaign against journalists
while claiming that they are indeed victims of misogynistic harassment.
Then Tor takes a stand against such "harassment" as the vanguards of
feminism, and then starts inferring that a right not to be offended, and so
itself filtering / censoring rational and critical comments.

Things like this pushed away developers like myself, even though I've been
worked a little bit with developing hidden services and tor, because I
don't feel assured that its a viable platform, and I literally abhor jacob,
kelly, griffin, jillian, and andrea. I mean they literally say shit like
this Karen Reilly "My white privilege included hanging out in a park
after dark with LARPers without getting shot." https://archive.is/v1hY9
"@markwunsch I wouldn't work for Tor if it was a shield for misogynists. We
work with victims of abuse." https://archive.is/E6atb .

Then of course there is the matter of the operation onymous and
lizardsquad, which really goes to show how vulnerable the network is, and
how such issues are just swept under the rug. Then Andrew Lewman
coordinating more with LE, and leaving TOR to go work for an ISP
(presumably Verizon), which seems alot like a conflict of interest. It all
leaves me thinking that Tor is a double edged sword just like any other
tool, but the ones with the most financial interest and as a 'stakeholder'
in the tor network, is the US "cyber defense" / surveillance establishment.
Which is why I am more interested in developing alternatives, and actively
steering people away from tor, if they are looking for real anonymity or
security.

On Thu, Apr 23, 2015 at 1:50 AM, aka  wrote:

> "We will help collecting metadata to punish opsec failures of Tor users,
> since the data is public anyway. Also if we don't do it, someone else
> will."
>
> Judging by comments on technews sites, it's highly paradox that
> Torproject wants to develop a data retention and indexing service for a
> domain which aims to be hidden by the very name.
> It's like you would advise against regulating NSA, instead all we should
> just encrypt everything. Weren't you Tor guys full SJW and against
> victim blaming?
>
> I for one wouldn't trust an anonymization tool, which couldn't protect
> child porn users, more than the common $5 hidemycrime VPN service.
> Is Tor reasonably safe for a crime not only ostracised by LE but the
> entire general public? If so, why even bother licking the LE boot and
> trying to stop it?
> If not, why should Tor ever be used by whistleblowers?
>
> Will the Torproject sign a NDA while working on Memex? Will this stop
> you from publishing problems arising from mass data aggregation, not
> directly related to Tor itself? "We noticed LE can use content creation
> time, if availbable over a prolonged period, to correlate Tor-Guard
> metadata from internet mass surveilance to narrow down suspects for
> reasonable search, but we can't talk about it because they really need
> to catch those evil predators!", for example.
>
> Roger Dingledine wrote:
> > On Fri, Apr 17, 2015 at 05:38:37PM +0100, Thomas White wrote:
> >> there is some references to DARPA collaborating with some
> >> developers from Tor Project. I'd like to ask the developers of Tor to
> >> clarify what this involvement entails and why effort is being put
> >> towards a LE tool instead of working on hiding Tor users through
> >> improving anonymity or developing more circumvention based-tech.
> >
> > Hi Thomas,
> >
> > Thanks for asking. I apologize for not explaining these answers
> > earlier. I'm still trying to find the right balance for my time between
> > mentoring people in the Tor community vs better broader communication
> too.
> >
> > Let me give you some background, and then I'll answer your question.
> >
> > First of all, yes indeed we've been getting some funding from the
> > Memex project. This is what has allowed us to pay attention to and move
> > forward on some of the really cool things we've been working on lately
> > for hidden services:
> >
> > * Fixing many performance and consistency problems with hidden services,
> > e.g.:
> > https://trac.torproject.org/projects/tor/ticket/11447
> > https://trac.torproject.org/projects/tor/ticket/13211
> > https://trac.torproject.org/projects/tor/ticket/13447
> > https://trac.torproject.org/projects/tor/ticket/13700
> > https://trac.torproject.org/projects/tor/ticket/14219
> > https://trac.torproject.org/projects/tor/ticket/14224
> >
> > * Fleshing out the design and analysis for the "direct onion service"
> > option that folks like Facebook want:
> > https://lists.torproject.org/pipermail/tor-dev/2015-April/008625.html
> > plus discussing other tradeoffs between upcoming design choices:
> > https://lists.torpr

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Andreas Krey]

On Thu, 23 Apr 2015 11:31:18 +, benjamin barber wrote:
...
> ... , and actively
> steering people away from tor, if they are looking for real anonymity or
> security.

Where do you steer them *to*?

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds 
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Zenaan Harkness]

On 4/24/15, Andreas Krey  wrote:
> On Thu, 23 Apr 2015 11:31:18 +, benjamin barber wrote:
> ...
>> ... , and actively
>> steering people away from tor, if they are looking for real anonymity or
>> security.
>
> Where do you steer them *to*?

At this point in time, there's no I2PBrowser for example, so TOR is
the only ready option for members of the Crackatinny tribe (from
outbak ya c).

For those with a little willingness to learn, I2P and GNUnet are
IMSEHO (in my so extremely high opinion) worthy of investigation.
GNUnet even has an apt-get installable gui - but I do not yet
understand it's design (haven't gone reading), so cannot speak at all
to it's potential, let alone it's usefulness today.

I2P appears to have a design with some benefits over TOR, although
TOR's current size has (I think) some real benefits too.

Nothing is yet ideal. More love is needed everywhere.

Ideally, start building physical (wireless would be most practical)
'run and control your own personal node and talk to others
individually' independent network, and run I2P or etc on top of that;
see:
https://projectmeshnet.org/

Happy creating :)
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Zenaan Harkness]

On 4/24/15, Zenaan Harkness  wrote:
> On 4/24/15, Andreas Krey  wrote:
>> On Thu, 23 Apr 2015 11:31:18 +, benjamin barber wrote:
>> ...
>>> ... , and actively
>>> steering people away from tor, if they are looking for real anonymity or
>>> security.
>>
>> Where do you steer them *to*?
>
> At this point in time, there's no I2PBrowser for example, so TOR is

Correction, Azureus Vuze has both TOR and I2P modules built in, and by
some definitions, Vuze is relatively end user friendly, and an older
but functional version can be installed in Debian using your package
installer of choice.

Vuze provides a SOCKS proxy option with it's I2P module, and a wiki
page on how to configure firefox to send all its DNS queries through
the proxy, see:

https://wiki.vuze.com/w/I2PHelper_HowTo

But I still recommend running your privacy browser in a VM, perhaps
using Whonix.

Happy surfing,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Mirimir]

On 04/23/2015 01:23 PM, Andreas Krey wrote:
> On Thu, 23 Apr 2015 11:31:18 +, benjamin barber wrote:
> ...
>> ... , and actively
>> steering people away from tor, if they are looking for real anonymity or
>> security.
> 
> Where do you steer them *to*?
> 
> Andreas

Nothing implemented at useful scale provides better anonymity than Tor.
I2P and JonDonym are interesting, but (other issues aside) are too
small. I believe that combining Tor with other systems, using nested
chains and remote workspaces, is the best approach available.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Tempest]

Mirimir:
> Nothing implemented at useful scale provides better anonymity than Tor.
> I2P and JonDonym are interesting, but (other issues aside) are too
> small. I believe that combining Tor with other systems, using nested
> chains and remote workspaces, is the best approach available.

agreed. also, in how many different ways does it need to be repeated
that, if you believe the nsa is your threat model, relying on tor alone,
rather than a proper isolating disciplined opsec plan that doesn't
merely put faith on technology, is a recipe for potential disaster? this
nonsense has become beyond tedious. the fact that it is now personality
driven speaks multitudes.

-- 
gpg key - 0x2A49578A7291BB34
fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[aka]

The common user does not apply to all threat models. If you are a high
volume recreational drug salesman, you must expect 0days and snitches.
If you however are merely a recreational drug consumer, Tor can cover
all of your security risks, because only low cost automated
investigation will be used against you. Traffic correlation and mass
surveilance are part of the NSA and will be applied to all kinds of
investigations once the fruit of the poisonous tree can be eaten.
Anonymization networks will be a substantial part of escaping
govermental terrorism if we won't be able to politicaly supress mass
surveilance and atm it very much appears we won't.

There are many ways to implement better anoynmity than Tor at a useful
scale, if low latency is sacrificed. Decentralized non-realtime network
protocols (maelstrom, bitmessage) are already beeing developed and might
work great for buying recreational drugs and watching censored adult
porn (which honestly is 90% of Tor's current userbase anyway)

Tempest wrote:
> Mirimir:
>> Nothing implemented at useful scale provides better anonymity than Tor.
>> I2P and JonDonym are interesting, but (other issues aside) are too
>> small. I believe that combining Tor with other systems, using nested
>> chains and remote workspaces, is the best approach available.
> 
> agreed. also, in how many different ways does it need to be repeated
> that, if you believe the nsa is your threat model, relying on tor alone,
> rather than a proper isolating disciplined opsec plan that doesn't
> merely put faith on technology, is a recipe for potential disaster? this
> nonsense has become beyond tedious. the fact that it is now personality
> driven speaks multitudes.
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Speak Freely]

Désolé, mais je pense que vous êtes un chapeau de cul.


aka:
<... long string of bullshit...>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[aka]

Sorry, I forgot to add a trigger warning for you sensitive social
justice warriors.
Please keep discussion in English and desist from using personal insults
or other ad-hominem arguments on tor-talk.

Speak Freely wrote:
> Désolé, mais je pense que vous êtes un chapeau de cul.
> 
> 
> aka:
> <... long string of bullshit...>
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[tor]

On 04/24/2015 06:46 PM, aka wrote:

> buying recreational drugs and watching censored adult
> porn (which honestly is 90% of Tor's current userbase anyway)

Speak for yourself.

(Because, right. Clearly it has proven technically feasible for you to 
survey Tor's users (and/or traffic) to

determine everybody else's uses for Tor).



--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[aka]

[TRIGGER WARNING]

Outgoing traffic stats from Tor exit nodes. Almost all traffic of
Chinese speaking Tor users is average adult porn, which is banned in
China. You can tell it's from China because the sites are aimed to Hong
Kong residents. The "Chinese people use Tor because they are supressed
in their free speech and really want to post on the internet how bad
China is" is a lie, almost all of them just want to wank.
Tell me one hidden service which needs anonymity, has more than 100
users and is not a drug market place or furry porn community for
computer science PhDs.
Don't get me wrong, Tor is a beautiful and necessary tool for people to
ignore their goverments regulation on what to put in their bodies and
what to watch, but it really isn't what the liberal hivemind wants to
believe. The idea of Tor is in no way compatible with govermental
regulation, every cooperation with LE will be a nail in Tor's coffin.

t...@t-3.net wrote:
> 
> On 04/24/2015 06:46 PM, aka wrote:
> 
>> buying recreational drugs and watching censored adult
>> porn (which honestly is 90% of Tor's current userbase anyway)
> 
> Speak for yourself.
> 
> (Because, right. Clearly it has proven technically feasible for you to
> survey Tor's users (and/or traffic) to
> determine everybody else's uses for Tor).
> 
> 
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Speak Freely]

In a word, "No."

I think it's cute you get to post unsubstantiated claims against an
entire group of people, while expecting to be treated individually
special, while talking explicitly and directly to the people you are
making the claims against.

The next time you try to dictate to me how to talk, I'll tell you where
to shove your foot. Okay? You don't get to claim 90% of us are
drug-using, censored porn watchers without at least a little bit of push
back.

You call me a censored porn watching drug user, I call you an ass hat.
Tit for tat.



Matt
Speak Freely


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Allen]

More wanking = fewer wars, so that is a need, IMO, along with food, water,
shelter and medical care.

Beyond that, define "need".  Privacy and freedom from government and
corporate surveillance are fundamental rights, IMO.  Keeping your internet
activity private from your ISP and the world-at-large is a perfectly valid
use of Tor.  You can't expect someone else to keep private what you are not
willing to keep private yourself.


-Original Message-
From: tor-talk [mailto:tor-talk-boun...@lists.torproject.org] On Behalf Of
aka
Sent: Friday, April 24, 2015 1:08 PM
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Clarification of Tor's involvement with DARPA's
Memex

[TRIGGER WARNING]

Outgoing traffic stats from Tor exit nodes. Almost all traffic of Chinese
speaking Tor users is average adult porn, which is banned in China. You can
tell it's from China because the sites are aimed to Hong Kong residents. The
"Chinese people use Tor because they are supressed in their free speech and
really want to post on the internet how bad China is" is a lie, almost all
of them just want to wank.
Tell me one hidden service which needs anonymity, has more than 100 users
and is not a drug market place or furry porn community for computer science
PhDs.
Don't get me wrong, Tor is a beautiful and necessary tool for people to
ignore their goverments regulation on what to put in their bodies and what
to watch, but it really isn't what the liberal hivemind wants to believe.
The idea of Tor is in no way compatible with govermental regulation, every
cooperation with LE will be a nail in Tor's coffin.


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[benjamin barber]

I think the correlation between wanking and war is only a confounding
variable to the amount of easily obtainable sexual gratification and
reproductive success.

That being said,

I have been working on solar powered tor servers that run project
maelstrom, with public tor2web instances in azure.

But I dislike the current management sooo much, that I really dont feel
like even releasing it, and waiting to build on project maelstrom mixed
with maidsafe instead.


https://archive.is/Kj8Sx
https://archive.is/FgnZ5
https://archive.is/ctN0v
https://archive.is/YMBqA
https://archive.is/LRebw
my sides

https://archive.is/nl4OA
https://archive.is/rh9hq
https://archive.is/WmyXa
https://archive.is/8boZD
https://archive.is/cqElZ
https://archive.is/LeHFq
https://archive.is/rYMb9
https://archive.is/LCIQV
"muh hurasssment"


On Fri, Apr 24, 2015 at 10:24 AM, Allen  wrote:

> More wanking = fewer wars, so that is a need, IMO, along with food, water,
> shelter and medical care.
>
> Beyond that, define "need".  Privacy and freedom from government and
> corporate surveillance are fundamental rights, IMO.  Keeping your internet
> activity private from your ISP and the world-at-large is a perfectly valid
> use of Tor.  You can't expect someone else to keep private what you are not
> willing to keep private yourself.
>
>
> -Original Message-
> From: tor-talk [mailto:tor-talk-boun...@lists.torproject.org] On Behalf Of
> aka
> Sent: Friday, April 24, 2015 1:08 PM
> To: tor-talk@lists.torproject.org
> Subject: Re: [tor-talk] Clarification of Tor's involvement with DARPA's
> Memex
>
> [TRIGGER WARNING]
>
> Outgoing traffic stats from Tor exit nodes. Almost all traffic of Chinese
> speaking Tor users is average adult porn, which is banned in China. You can
> tell it's from China because the sites are aimed to Hong Kong residents.
> The
> "Chinese people use Tor because they are supressed in their free speech and
> really want to post on the internet how bad China is" is a lie, almost all
> of them just want to wank.
> Tell me one hidden service which needs anonymity, has more than 100 users
> and is not a drug market place or furry porn community for computer science
> PhDs.
> Don't get me wrong, Tor is a beautiful and necessary tool for people to
> ignore their goverments regulation on what to put in their bodies and what
> to watch, but it really isn't what the liberal hivemind wants to believe.
> The idea of Tor is in no way compatible with govermental regulation, every
> cooperation with LE will be a nail in Tor's coffin.
>
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Yasha Levine]

Thanks for this explanation, Roger. I have a couple of follow-up questions: 

1) How much is this DARPA contract/grant worth?
2) Did Tor developers sign NDAs or any other kind of contract that bars you 
from discussing certain parts of the project publicly?

Thanks!
YL



Yasha Levine
Pando.com



> Roger Dingledine arma at mit.edu  
> 
> Sun Apr 19 23:26:37 UTC 2015
> 
> Previous message: [tor-talk] Clarification of Tor's involvement with DARPA's 
> Memex 
> Next message: [tor-talk] Clarification of Tor's involvement with DARPA's 
> Memex 
> Messages sorted by: [ date ] 
>  
> [ thread ] 
> 
>  [ subject ] 
> 
>  [ author ] 
> 
> On Fri, Apr 17, 2015 at 05:38:37PM +0100, Thomas White wrote:
> > there is some references to DARPA collaborating with some
> > developers from Tor Project. I'd like to ask the developers of Tor to
> > clarify what this involvement entails and why effort is being put
> > towards a LE tool instead of working on hiding Tor users through
> > improving anonymity or developing more circumvention based-tech.
> 
> Hi Thomas,
> 
> Thanks for asking. I apologize for not explaining these answers
> earlier. I'm still trying to find the right balance for my time between
> mentoring people in the Tor community vs better broader communication too.
> 
> Let me give you some background, and then I'll answer your question.
> 
> First of all, yes indeed we've been getting some funding from the
> Memex project. This is what has allowed us to pay attention to and move
> forward on some of the really cool things we've been working on lately
> for hidden services:
> 
> * Fixing many performance and consistency problems with hidden services,
> e.g.:
> https://trac.torproject.org/projects/tor/ticket/11447 
> 
> https://trac.torproject.org/projects/tor/ticket/13211 
> 
> https://trac.torproject.org/projects/tor/ticket/13447 
> 
> https://trac.torproject.org/projects/tor/ticket/13700 
> 
> https://trac.torproject.org/projects/tor/ticket/14219 
> 
> https://trac.torproject.org/projects/tor/ticket/14224 
> 
> 
> * Fleshing out the design and analysis for the "direct onion service"
> option that folks like Facebook want:
> https://lists.torproject.org/pipermail/tor-dev/2015-April/008625.html 
> 
> plus discussing other tradeoffs between upcoming design choices:
> https://lists.torproject.org/pipermail/tor-dev/2015-April/008597.html 
> 
> 
> * The work to let Tor controllers configure a hidden service directly
> without using the torrc file, which the Globaleaks folks (among others)
> are really excited to start using:
> https://trac.torproject.org/projects/tor/ticket/6411 
> 
> 
> * The privacy-preserving statistics that let us conclude numbers like
> "3-4% of Tor traffic is hidden service related" and "there are around
> 3 hidden services today":
> https://blog.torproject.org/blog/some-statistics-about-onions 
> 
> 
> * Assessing, triaging, and putting out new Tor releases to fix
> hidden service security (stability) bugs recently:
> https://blog.torproject.org/blog/tor-02512-and-0267-are-released 
> 
> 
> * I hear that Rob Jansen and others have been working on a more realistic
> replacement for TorPerf (https://gitweb.torproject.org/torperf.git 
> )
> which will let us measure performance to a hidden service over time and
> better understand where the bottlenecks are.
> 
> * I've also been talking to EFF about kicking off a Tor Onion Challenge
> (to follow on from their Tor Relay Challenges), to a) get many people
> to make their website or other service accessible as an onion site,
> and b) come up with and/or build a novel use of onion services, to go
> with the quite 

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Juan]

On Fri, 24 Apr 2015 11:57:42 -0700
Yasha Levine  wrote:

> Thanks for this explanation, Roger. I have a couple of follow-up
> questions: 
> 
> 1) How much is this DARPA contract/grant worth?
> 2) Did Tor developers sign NDAs or any other kind of contract that
> bars you from discussing certain parts of the project publicly?


Would a so called NDA also include the obligation of not
discussing the agreement or even to pretend it doesn't exist? 





> 
> Thanks!
> YL
> 
>

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[goofyzrnssm]

Quoting aka :

if we won't be able to politicaly supress mass
surveilance and atm it very much appears we won't.


A little optimism, please.

gz


-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  
--

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[goofyzrnssm]

Roger Dingledine:

And to be clear, I think this is a great trend: we need to make onion
services easier to understand and more accessible (and faster and more
robust) for ordinary people, or we'll remain stuck with all the metaphors
that include the word 'dark'.


Realizing that there are many different considerations of which I'm  
not aware, (also that this is a feature request of sorts, so please do  
point me in the right direction here) I for one would really like to  
see TBB automatically translate (for example) "3g2upl4pq6kufc4m.onion"  
into the human readable "DuckDuckGo," perhaps in a similar manner as  
with EV SSL cert's, though perhaps only for location-known and  
the-content-is-legal-everywhere onion services.


Perhaps some sort of opt-in procedure would be reasonable for those  
high-security-yet-not-location-anonymous onion services who really  
would rather be more easily identified?  That would save the users'  
time of verifying their .onion URL's at least (plus, it could possibly  
decrease any phishing / link-jacking opportunities as well).


It just seems like all the information is already there, in the Tor  
world, that if .onion site operators are okay with being found  
geographically... then why keep their business names hidden from the  
browser?  Vote cast.


cheers,
gz


-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  
--

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Zenaan Harkness]

On 4/25/15, goofyzrn...@vfemail.net  wrote:
> Roger Dingledine:
>> And to be clear, I think this is a great trend: we need to make onion
>> services easier to understand and more accessible (and faster and more
>> robust) for ordinary people, or we'll remain stuck with all the metaphors
>> that include the word 'dark'.
>
> Realizing that there are many different considerations of which I'm
> not aware, (also that this is a feature request of sorts, so please do
> point me in the right direction here) I for one would really like to
> see TBB automatically translate (for example) "3g2upl4pq6kufc4m.onion"
> into the human readable "DuckDuckGo," perhaps in a similar manner as
> with EV SSL cert's, though perhaps only for location-known and
> the-content-is-legal-everywhere onion services.
>
> Perhaps some sort of opt-in procedure would be reasonable for those
> high-security-yet-not-location-anonymous onion services who really
> would rather be more easily identified?  That would save the users'
> time of verifying their .onion URL's at least (plus, it could possibly
> decrease any phishing / link-jacking opportunities as well).

Something like
https://gnunet.org/taxonomy/term/34
?

You can run that now.
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Lodewijk andré de la porte]

And finding information which for some reason is blocked in KR. I've had
some very normal websites block out because they trip the automatic
blocking for no apparent reason! Perhaps a word that's forbidden in some
language's slang appears by accident in my language's pages.

And just trying not to be dragnetted at all times. It's important to
sometimes use Tor, just so that when you actually do (one day, for whatever
reason!) it doesn't seem suspicious :)




2015-04-25 1:26 GMT+09:00 :

>
> On 04/24/2015 06:46 PM, aka wrote:
>
> > buying recreational drugs and watching censored adult
> > porn (which honestly is 90% of Tor's current userbase anyway)
>
> Speak for yourself.
>
> (Because, right. Clearly it has proven technically feasible for you to
> survey Tor's users (and/or traffic) to
> determine everybody else's uses for Tor).
>
>
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[l.m]

Hi,

"Lodewijk andré de la porte" wrote:
>And just trying not to be dragnetted at all times. It's important
>to sometimes use Tor, just so that when you actually do (one
>day, for whatever reason!) it doesn't seem suspicious :)

If you're trying to avoid suspicion you should use Tor for
*everything*. If you only use Tor when you have something to hide, or
to avoid censoring, or to avoid dragnetting, you'll definitely stand
out when you do use tor.

--leeroy
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Mirimir]

On 04/25/2015 12:26 PM, l.m wrote:
> Hi,
> 
> "Lodewijk andré de la porte" wrote:
>> And just trying not to be dragnetted at all times. It's important
>> to sometimes use Tor, just so that when you actually do (one
>> day, for whatever reason!) it doesn't seem suspicious :)
> 
> If you're trying to avoid suspicion you should use Tor for
> *everything*. If you only use Tor when you have something to hide, or
> to avoid censoring, or to avoid dragnetting, you'll definitely stand
> out when you do use tor.
> 
> --leeroy

I prefer that local observers see me using popular commercial VPN
services, rather than Tor. Where I live, VPN users are much more common
than Tor users.

Also I prefer to have a VPN speedbump, albeit arguably small, between my
entry guards and ISP uplink. Just in case shit happens.

And so I always use Tor through nested chains of at least two VPN
services, or from remote servers that I've leased anonymously. I access
my remote servers through nested chains of at least three VPN services.
I pay using multiply mixed Bitcoins, where at least two mixes have no
detectable taint. They're FDE (LUKS with dropbear) and I abandon them if
they ever reboot unexpectedly.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[goofyzrnssm]

Zenaan Harkness:

Something like
https://gnunet.org/taxonomy/term/34
?
You can run that now.


Hm...  These from GNUnet's FAQ [0]:


Q. Is it possible to surf the WWW anonymously with GNUnet?
A. It is not possible use GNUnet for anonymous browsing at this
point. We recommend that you use Tor for anonymous surfing.

Q. How does GNUnet compare to Tor?
A. Tor focuses on anonymous communication and censorship-resistance
for TCP connections and, with the Tor Browser Bundle, for the Web in
particular. GNUnet does not really have one focus; our theme is
secure decentralized networking, but that is too broad to be called a
focus.


Possible red flag there.


Q. How does GNS protect against layer-3 censorship?
A. GNS does not directly help with layer-3 censorship, but it does
help indirectly in three ways:
 1) Many websites today
 2) Existing layer-3 circumvention solutions (such as Tor) would
benefit from a censorship resistant naming system. Accessing Tor's
".onion" namespace currently requires users to use unmemorable
cryptographic identifiers. With nicer names, Tor and tor2web-like
services would be even easier to use.



Concerning this goal of finding ways to make onion services easier for  
average users to navigate, after a cursory Startpage search of  
GNUnet.org  I think I'll pass.  Thanks for that rather thoughtful  
suggestion.


goofyzrnssm

[0] https://gnunet.org/faq-page#t10n2269


-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  
--

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Zenaan Harkness]

The GNS/ alternate distributed DNS thing is the bit I was specifically
referring to.
I do share your assessment that Gnunet does not provide anything like
adequate anonymity.

GnuNet's GNS could be (I assume) run across TOR or I2P - this is what
might be interesting to explore (for someone who wants to get their
configuration and thinking hats on).

Cheers
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Tempest]

aka:
> The common user does not apply to all threat models. If you are a high
> volume recreational drug salesman, you must expect 0days and snitches.

if you're a drug salesman, you're a different type of criminal that has
high value to multiple law enforcement agencies. personally, i don't
care about helping such players learn the game better.

> If you however are merely a recreational drug consumer, Tor can cover
> all of your security risks, because only low cost automated
> investigation will be used against you. 

and it's utterly worthless when you give a black market salesman a
mailing address. something the nsa likely couldn't care less about.

> There are many ways to implement better anoynmity than Tor at a useful
> scale, if low latency is sacrificed. 

low latency does not need to be sacrificed. a different opsec game needs
to be played if you have information that a global adversary would care
to prosecute you for. i personally don't care for two-bit criminals. but
people who have evidence of crimes by global adversaries? they need to
be able to learn how to share evidence without fear of prosecution. tor
alone won't do that, and the tor project has never claimed otherwise,
which makes a lot of the recent hysteria i've seen about tor
particuliarly annoying.

-- 
gpg key - 0x2A49578A7291BB34
fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[benjamin barber]

There is the implication that the tor network can be used for exactly that
with some of the side projects that are using tor. Or that using a Tails
USB stick is a little like a holy talisman against the evil NSA, when in
reality its only really suitable for accessing censored content.

On Sat, Apr 25, 2015 at 7:14 PM, Tempest  wrote:

> aka:
> > The common user does not apply to all threat models. If you are a high
> > volume recreational drug salesman, you must expect 0days and snitches.
>
> if you're a drug salesman, you're a different type of criminal that has
> high value to multiple law enforcement agencies. personally, i don't
> care about helping such players learn the game better.
>
> > If you however are merely a recreational drug consumer, Tor can cover
> > all of your security risks, because only low cost automated
> > investigation will be used against you.
>
> and it's utterly worthless when you give a black market salesman a
> mailing address. something the nsa likely couldn't care less about.
>
> > There are many ways to implement better anoynmity than Tor at a useful
> > scale, if low latency is sacrificed.
>
> low latency does not need to be sacrificed. a different opsec game needs
> to be played if you have information that a global adversary would care
> to prosecute you for. i personally don't care for two-bit criminals. but
> people who have evidence of crimes by global adversaries? they need to
> be able to learn how to share evidence without fear of prosecution. tor
> alone won't do that, and the tor project has never claimed otherwise,
> which makes a lot of the recent hysteria i've seen about tor
> particuliarly annoying.
>
> --
> gpg key - 0x2A49578A7291BB34
> fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Lodewijk andré de la porte]

So... nobody thinks using Tor might actually just make you stand out? I
mean, Tor might be quite broken and in that case you're just forwarding the
relevant stuff to the agencies.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Mirimir]

On 04/26/2015 05:31 AM, Lodewijk andré de la porte wrote:
> So... nobody thinks using Tor might actually just make you stand out?

It quite obviously does, I believe. Given the current uptake status, I
mean. Of course, if everyone used it for everything, as the Tor Project
would like, using Tor would not stand out. And the Tor network would be
much larger, and would provide much stronger anonymity.

That's why I access the Tor network via VPNs.

> I mean, Tor might be quite broken and in that case you're just
> forwarding the relevant stuff to the agencies.

tl;dr: Tor's many capable and resourceful adversaries stymie each other.

Well, everything encrypted (beyond HTTPS) gets forwarded to the NSA and
counterparts, and is retained indefinitely, pending key discovery or
advances in decryption capabilities. Also for testing and play :) And
that obviously includes all Tor traffic, I believe.

It's also highly likely that the NSA and counterparts operate Tor nodes,
obviously including entry guards and exits. However, as capable and
resourceful as the NSA and Five Eyes are, there are other major TLAs
(e.g., China, Israel and Russia) and non-state actors (e.g., the Yakuza
and the Triads, and their associates). And then there are the
cypherpunks and other "good guys" :) And small-time criminals :(

To the extent that such non-cooperating groups are competing to operate
nodes, it's arguable that no one group can control enough of the Tor
network to pwn it. That's the plan, anyway :)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[goofyzrnssm]

Neighbors exist under some rules.  Concerning the protection of  
minors, when the proverbial 10 year old fell off the neighbor's roof,  
the neighbor was found liable for negligence because the 10 year old  
couldn't have been expected to know the roof was slippery and because  
the property owner didn't have a fence.  Previous feature request  
rescinded.


Megan's Law.
	Dear pedophiles who use Tor: please identify yourselves as pedophiles  
when you post to forums such as tor-talk, for the sake of community  
safety.



-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  
--

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[benjamin barber]

I was not aware that the community was at risk of predation by pedophiles.

On Tue, Apr 28, 2015 at 3:47 PM,  wrote:

> Neighbors exist under some rules.  Concerning the protection of minors,
> when the proverbial 10 year old fell off the neighbor's roof, the neighbor
> was found liable for negligence because the 10 year old couldn't have been
> expected to know the roof was slippery and because the property owner
> didn't have a fence.  Previous feature request rescinded.
>
> Megan's Law.
> Dear pedophiles who use Tor: please identify yourselves as
> pedophiles when you post to forums such as tor-talk, for the sake of
> community safety.
>
>
> -
>
> ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of
> the NSA's hands!
> $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No
> bandwidth quotas!
> Commercial and Bulk Mail Options!
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk