Re: [tor-talk] Iran cracks down on web dissident technology
On Mon, Mar 21, 2011 at 10:09:43PM -0700, Mike Perry wrote: Thus spake Joe Btfsplk (joebtfs...@gmx.com): On 3/21/2011 2:39 PM, Paul Syverson wrote: On Mon, Mar 21, 2011 at 02:06:04PM -0500, Joe Btfsplk wrote: Last comments for a while. (All I have time for, sorry.) I'm just going to respond to specific issues about system threats and the like. I don't pretend to know the answers, but know when to ask questions. For all I know, the US wants the enemy to use Tor for plotting, thinking they're anonymous, when they're not. No one's answering my specific questions, possibly because if they knew them, they'd be in top level govt positions, sworn to secrecy. For those doubting any of this has any merit, are you still waiting for them to find WMDs in Iraq? Despite Lucky closing the thread in response to your conspiracy theory in favor more productive matters, I didn't get enough sleep last night to be productive, so I feel like trying to inject some reason into this thread. I think you also did a nice job of finding the Tor relevance buried therein. I'll respond to those parts where I think I might have something to contribute. To distill your argument down, you've said so far: [snip] 4. Governments have inconceivable power. [snip] You seem to have somewhat independently argued that #4 means that Tor cannot be trusted against (any) large government(s). This, unfortunately, may be true for some governments. Extremely well funded adversaries that are able to observe large portions of the Internet can probably break aspects of Tor and may be able to deanonymize users. This is why the core tor program currently has a version number of 0.2.x and comes with a warning that it is not to be used for strong anonymity. (Though I personally don't believe any adversary can reliably deanonymize *all* tor users, for similar reasons as detailed here: http://archives.seul.org/or/dev/Sep-2008/msg00016.html but attacks on anonymity are subtle and cumulative in nature). The goal of Tor is to balance the interests of as many different parties as possible to provide distributed trust, and to raise the amount of resources that any one adversary must have before it can compromise the network. Academic research also focuses on ways to improve the network characteristics of tor to defend against wide-scale observation (think dummy traffic and Paul's topology research), but so far none of these approaches has proved either robust or lightweight enough to actually deploy. In fact, the best known way we have right now to improve anonymity is to support more users, and more *types* of users. See: http://www.freehaven.net/doc/wupss04/usability.pdf http://freehaven.net/~arma/slides-weis06.pdf Distributing trust is also not just the number and diversity of users (and relay providers) but how they are related in intentions and other things. When going up against The Man*, you can't just assume a uniform distribution on relays, users, and network links between those wrt likelyhood-of-being-run-by-a-hostile/resilience-to-attack/etc Which means numbers and even diversity isn't the whole picture. I go into more on this in Why I'm not an Entropist. It is also the basis of the trust-based routing we have been working on, which is basically how do you route if you consider the possibility that significant portions of the network might be under the view/control of your adversary even if the network has 1 relays. And since I'm really going to try to resist responding any more to this thread, Thanks Mike for your other message containing the stab at a soundbite-sized and coherent expression of what I was trying to say about how the non-tech-savvy could trust Tor with the best justification to effort ratio. [snip] Of course, it still is concerning that any entity that can fit into argument #4 might be able to break tor, but hey, it's still 0.2.x. We're working on it ;). Right. See above. -Paul *My name for a nation-state/organized-crime/your-favorite-big-scary adversary. Gratis to Nick for enthusiastically liking this name in a partially related discussion on trust based routing models and thus encouraging me to use it. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
On 3/21/2011 6:38 PM, Al MailingList wrote: That's a very good point klaus. Joe - if you think the US Government is one big cohesive entity that funds projects consistently from a single pool of resources and money then I would politely suggest you may not have had much to do with them :P Don't think that at all. Don't believe I said anything that even suggested. I'm speaking in general terms. My comments also regard more than one govt. In any govt project, there could be one or dozens of depts involved. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
On Tue, Mar 22, 2011 at 11:23 AM, Joe Btfsplk joebtfs...@gmx.com wrote: Why would any govt create something their enemies can easily use against them, then continue funding it once they know it helps the enemy, if a govt has absolutely no control over it? It's that simple. It would seem a very bad idea. Stop looking at it from a conspiracy standpoint consider it as a common sense question. Because it helps the government as well. An anonymity network that only the US government uses is fairly useless. One that everyone uses is much more useful, and if your enemies use it as well that's very good, because then they can't cut off access without undoing their own work. Sincerely, Watson Ladd ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
On 3/22/2011 3:57 PM, Michael Reed wrote: BINGO, we have a winner! The original *QUESTION* posed that led to the invention of Onion Routing was, Can we build a system that allows for bi-directional communications over the Internet where the source and destination cannot be determined by a mid-point? The *PURPOSE* was for DoD / Intelligence usage (open source intelligence gathering, covering of forward deployed assets, whatever). ... The short answer to your question of Why would the government do this? is because it is in the best interests of some parts of the government to have this capability... -Michael ___ Very interesting, Michael. You were a part of it (or knew of it) it was because govt intelligence (you are aware many - not me - call that an oxy moron:)) wanted a system they could use for various purposes, where the source destination can't be determined by one of the mid points? That does make sense. BTW, I never said conspiracy - others did. Besides, many use the word or concept incorrectly. A govt developing technology to use in defending the country isn't a conspiracy. Covering up illegal activities, for instance, would be a conspiracy (like Watergate). If some govt has figured out how to decode Tor traffic (or use it to great advantage) to thwart terrorists, that's not conspiracy. I'm going out on a limb to say that US intelligence does not believe Tor gives terrorists a great advantage - for what ever reason(s), or else they'd shut it down, or at least stop funding it. But then, we other countries continue supplying arms to groups in various conflicts, which they often shoot back at us. That said, it may be an earlier poster's comment about lack of foresight may apply. It would seem that enemies *might* benefit from it as much as govts, unless govts are capable of more than many think they are. No one, except people w/ high level clearance (perhaps various countries) knows the full answer to that, and they're not talking. They thought the A-bomb was a good idea no other country would get the technology. Huh. I was on the fence on that one. It *may* be much like other ideas, such as the famous introduction of cats to an island, where they had no natural enemies. It almost destroyed the island's eco system. http://edition.cnn.com/2009/WORLD/asiapcf/01/12/eco.macquarieisland/ For what did you think might happen sorts of things that individuals govts do, I now reference them as Introducing Cats to an Island principles. Ideas that sound good at 1st, except for forgetting to ask (and seriously ponder) the most important question of all, What's the worst that can happen if we... Hey, let's build nuclear reactors on major fault lines all over the world. Yeah, that sounds good. Good night Mrs. Calabash, wherever you are. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
1st, thanks for the refresher, Paul. I'll bet most users didn't know Tor was started by the NRL. Unfortunately, for many, that won't ease their minds much. I don't have the knowledge skills to check Tor's source code bet well 90% of users don't either. I know (knew) my comments on Tor being funded (or started) by any Fed organization would not be well received. Neither were the handful of people w/ inside knowledge after 9-11 attacks, shouting there was no justification in attacking Iraq. They were shouted down quickly labeled as unpatriotic. Even today, surveys show a significant percent of people still believe Iraq was responsible for 9-11 attacks. Don't confuse me w/ facts - I've already made up my mind. Again, WHY would Sam develop or fund technology that would make it possible for * their enemies * to communicate anonymously and privately, possibly allowing them to plot against him, with ABSOLUTELY no way to decipher that communication? It's a serious question. Please save the check the source code yourself comments. Open source code means literally nothing. Did it mean anything when Iraq cracked down on Tor users? Researchers often show that. What makes this project different than other govt funded projects? (This seems like the, It'll never happen here / to us mentality). It * IS * happening to us in pretty much every aspect of citizens' privacy. That's no secret. What makes Tor any different? If one govt can figure out how to identify Tor traffic, so can others. Above ALL else, govts NEVER reveal the full extent of their intelligence capability. That would be foolish. I've never known Sam to get involved in, or fund something - especially like this - * w/o wanting something in return.* Ever. WHETHER or not they make known, to anyone, what they want or intend to do. It's been shown for over 50 - 60 yrs (probably much longer) that even people in charge of entire govt projects (or govt funded ones), often don't know the *full* extent of what's being done w/ the research, technology, info, etc. If you want to ignore history, go ahead. On 3/20/2011 11:46 PM, Paul Syverson wrote: On Sun, Mar 20, 2011 at 10:04:45PM -0500, Edward Langenback wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Joe Btfsplk wrote: On 3/20/2011 5:08 PM, Eugen Leitl wrote: http://www.telegraph.co.uk/news/worldnews/middleeast/iran/8388484/Iran-cracks-down-on-web-dissident-technology.html Iran cracks down on web dissident technology... ... The value of ???internet freedom??? technologies to US foreign policy has not gone unnoticed in Washington: the Tor Project???s arms race with Iranian authorities is_funded in part by grants from both the Department of Defense and the State Department_. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk You've GOT to be kidding. Tell me that's a mistake. Tor Project, dedicated to privacy anonymity, takes $ from DoD Sam? While the US spies on it's citizens, unconstitutionally? That's rich. Honestly, this enlightenment will make me reconsider ever using Tor for anything I don't want sent directly to DC. It's like trusting car magazines' reviews that get their advertising $ from car manufacturers. There is no way the fed is going to give $ to any privacy organization w/o wanting something (cough, back door) in return. Every ISP has been forced into violating users' privacy. Why would Tor project, after taking $ from Sam, be any different? OK users, go ahead stick your head in the sand. EVEN if it's not true, for me, Tor project has lost a good deal of its credibility through its associations. Of course, no government would ever lie neither would a company (ATT, Ford, Google, R.J. Reynolds...). If I'm not mistaken, not only has TOR had at least some government / DOD funding from the start, the original project was started by the military. People seem to need a periodic refresher on this. I will just state the long public and published facts. Interpret them as you like. You can read more details at http://www.onion-router.net/History.html but here's a quick summary: I invented onion routing at NRL with David Goldschlag and Mike Reed in 1995-96 as a US Naval Research Laboratory project with initial funding from ONR. All of us were NRL employees at the time. Our first deployed system was in 1996 and source code for that system was distributed later that year. (Code was entirely US government work by US government employees, so not subject to copyright.) As part of a later NRL project, I created the version of onion routing that became known as Tor along with Roger Dingledine and Nick Mathewson starting in 2002. I have been an NRL employee throughout all this. Roger and Nick were contractors working on my project. NRL projects funded by ONR and DARPA were the only funding they had to work on
Re: [tor-talk] Iran cracks down on web dissident technology
On Mon, Mar 21, 2011 at 11:40 AM, katmagic the.magical@gmail.com wrote: On Mon, 21 Mar 2011 11:07:49 -0400 Paul Syverson syver...@itd.nrl.navy.mil wrote: universities are in on it, and the supposedly independent researchers who found code flaws were also in on it (or sock puppets created by Roger to create credibility). But at some point you have to look at the size, diversity, and entrenchment of the conspiracy you think is Mike Perry is the one who creates the sock puppets. See https://trac.torproject.org/projects/tor/ticket/1967#comment:6 for incontrovertible proof. Please, let's not introduce sarcasm to discussions like this. It only confuses people. (For the uninitiated: Mike Perry and Ioerror are not the same person, even if a guy says so with lots of exclamation points.) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
Joe Btfsplk joebtfs...@gmx.com wrote on 21.03.2011: Again, WHY would Sam develop or fund technology that would make it possible for * their enemies * to communicate anonymously and privately, possibly allowing them to plot against him, with ABSOLUTELY no way to decipher that communication? Do you really think, that there is a one Sam who makes clear decisions regarding TOR? There is a very large organization (the US) consisting of many different people with many different opinions. Some of them don't like TOR, some thought it is an exiting research project and funded it, and others just don't care about it. Regards, Klaus signature.asc Description: This is a digitally signed message part. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
On 3/21/2011 2:39 PM, Paul Syverson wrote: On Mon, Mar 21, 2011 at 02:06:04PM -0500, Joe Btfsplk wrote: Last comments for a while. (All I have time for, sorry.) I'm just going to respond to specific issues about system threats and the like. I appreciate your comments the work of all involved w/ Tor. I read the papers you linked, though I've seen most of the material in various places. I will not join in the speculation about what governments do or why. Perhaps you should, because at least one govt seems to be steering the boat. Therein lies the problem (not you, specifically). My comments MAINLY questions, weren't about typical or even very sophisticated adversaries. They concern WHY any govt would continue funding an anonymous communication project that in today's world, very real enemies can use against said govt, in a very real way, if the govt has no way to monitor it? One should ask, Why would they do that? It doesn't make sense unless there's more to the story. Also, in terms of adversaries against something like Tor, any advanced, well funded govt dwarfs the most sophisticated adversaries. Many govts have unimaginable technology resources as well as legal (or not so legal) authority to demand info (from ISPs, etc.) that no typical adversary would. The threat models, discussion of thwarting various attacks, safety in numbers, etc., are all based on assumptions like, 1) the adversaries don't have unlimited time, resources $. That assumption is out the window if an adversary is a large govt. 2) The adversary doesn't have access to (some) info going IN and OUT of a network like Tor. Not valid for a govt. They can get what they want from ISPs - and have. The info may be encrypted going in, but they can see you're accessing a Tor node. A large govt could ALSO monitor every single exit node ( may). There's NO comparison between people looking at open code, universities or organizations doing small studies on flaws in Tor, etc., and capabilities of a large, advanced govt. So please, I'm not talking about how many people or universities look at Tor. Advanced govts no doubt have incredible technology regarding breaking encryption. Not a typical adversary. Since Tor was developed BY a govt, and since many talk about one of its greatest values is to allow people in repressed societies to communicate freely, the adversary those users need to be most concerned about, is probably the one MOST likely to breach Tor's anonymity. I doubt most people think Tor's main purpose is to hide communication between two cheating spouses. A govt helped develop Tor for SPECIFIC reasons (we probably don't know all of them) still funds it. Then for users around the world counting on Tor for protection from their govts, the govts would have to be considered as one of the main adversaries to Tor. Either the US is really dumb for developing a system, perfect for enemies to use against them (kinda doubt that) or there's more to the story. I don't pretend to know the answers, but know when to ask questions. For all I know, the US wants the enemy to use Tor for plotting, thinking they're anonymous, when they're not. No one's answering my specific questions, possibly because if they knew them, they'd be in top level govt positions, sworn to secrecy. For those doubting any of this has any merit, are you still waiting for them to find WMDs in Iraq? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
On 2011-03-21 16:17, Joe Btfsplk wrote: [...] I don't pretend to know the answers, but know when to ask questions. For all I know, the US wants the enemy to use Tor for plotting, thinking they're anonymous, when they're not. No one's answering my specific questions, possibly because if they knew them, they'd be in top level govt positions, sworn to secrecy. This thread has crossed into the unreasonable realm of conspiracy theories akin to fears that jet aircraft dispense mind-controlling drugs via their con trails. Let's call and end to this thread and move on to more productive discussion about how to improve Tor for its users. --Lucky ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
That's a very good point klaus. Joe - if you think the US Government is one big cohesive entity that funds projects consistently from a single pool of resources and money then I would politely suggest you may not have had much to do with them :P Alfred On 21 Mar 2011 16:27, Klaus Layer klaus.la...@gmx.de wrote: Joe Btfsplk joebtfs...@gmx.com wrote on 21.03.2011: Again, WHY would Sam develop or fund technology that would make it possible for * their enemies * to communicate anonymously and privately, possibly allowing them to plot against him, with ABSOLUTELY no way to decipher that communication? Do you really think, that there is a one Sam who makes clear decisions regarding TOR? There is a very large organization (the US) consisting of many different people with many different opinions. Some of them don't like TOR, some thought it is an exiting research project and funded it, and others just don't care about it. Regards, Klaus ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
On Tue, Mar 22, 2011 at 3:16 AM, Mike Perry mikepe...@fscked.org wrote: For example: Trust the community. So many different people have worked on, volunteered for, attacked, reviewed, and researched tor-related topics from so many different institutions and backgrounds that it is *the* most extensively studied and independently reviewed anonymous communications system ever designed, let alone built. This makes it secure. Alright, I can understand your argument and you and Roger are speaking from experience. And I like this version of a FOSSH response. Thanks for the education, -Ali ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
Thus spake Joe Btfsplk (joebtfs...@gmx.com): On 3/21/2011 2:39 PM, Paul Syverson wrote: On Mon, Mar 21, 2011 at 02:06:04PM -0500, Joe Btfsplk wrote: Last comments for a while. (All I have time for, sorry.) I'm just going to respond to specific issues about system threats and the like. I don't pretend to know the answers, but know when to ask questions. For all I know, the US wants the enemy to use Tor for plotting, thinking they're anonymous, when they're not. No one's answering my specific questions, possibly because if they knew them, they'd be in top level govt positions, sworn to secrecy. For those doubting any of this has any merit, are you still waiting for them to find WMDs in Iraq? Despite Lucky closing the thread in response to your conspiracy theory in favor more productive matters, I didn't get enough sleep last night to be productive, so I feel like trying to inject some reason into this thread. To distill your argument down, you've said so far: 1. Tor was/is funded by a government. 2. Governments only act out of self-interest. 3. Governments often have ulterior movies. 4. Governments have inconceivable power. You've argued that #1, #2, and #3 together means that Tor cannot be trusted. It appears we may have dissuaded you from this, because of the fact that so many other individuals and entities have also had a hand in Tor research and development. You seem to have somewhat independently argued that #4 means that Tor cannot be trusted against (any) large government(s). This, unfortunately, may be true for some governments. Extremely well funded adversaries that are able to observe large portions of the Internet can probably break aspects of Tor and may be able to deanonymize users. This is why the core tor program currently has a version number of 0.2.x and comes with a warning that it is not to be used for strong anonymity. (Though I personally don't believe any adversary can reliably deanonymize *all* tor users, for similar reasons as detailed here: http://archives.seul.org/or/dev/Sep-2008/msg00016.html but attacks on anonymity are subtle and cumulative in nature). The goal of Tor is to balance the interests of as many different parties as possible to provide distributed trust, and to raise the amount of resources that any one adversary must have before it can compromise the network. Academic research also focuses on ways to improve the network characteristics of tor to defend against wide-scale observation (think dummy traffic and Paul's topology research), but so far none of these approaches has proved either robust or lightweight enough to actually deploy. In fact, the best known way we have right now to improve anonymity is to support more users, and more *types* of users. See: http://www.freehaven.net/doc/wupss04/usability.pdf http://freehaven.net/~arma/slides-weis06.pdf This is also why it is not the case that point 2 means that Tor is necessarily broken just because The Tor Project has done the legwork to show these and other groups how a robust Tor is useful for them. The Tor Project has done this because every new entity that believes Tor is useful makes Tor stronger and more anonymous for every other entity. Most of the governmental entities that like Tor either like it because they use it (think FBI stings, investigative research, and soldiers deployed overseas), or because they understand that a liberation technology like Tor is both great PR for them, and a great tool in diplomacy and statecraft, to deploy in countries where it is clear that better information flows will weaken or even topple unfriendly rulers. These are good enough first-order benefits to discount some ulterior bait-and-switch conspiratorial motives, I believe. Couple this with the fact that the real serious cybersecurity threats come not from tor, but from sophisticated, well funded adversaries that have their own botnets that can leverage the same properties of the Internet that tor leverages, regardless of tor's existence. Once this is understood, there isn't really a whole lot of downside to government entities encouraging a stronger Tor that these entities don't already have to deal with in other ways (such as better information security). Of course, it still is concerning that any entity that can fit into argument #4 might be able to break tor, but hey, it's still 0.2.x. We're working on it ;). -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpUQ7bBC7GPC.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
On Sun, Mar 20, 2011 at 10:04:45PM -0500, Edward Langenback wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Joe Btfsplk wrote: On 3/20/2011 5:08 PM, Eugen Leitl wrote: http://www.telegraph.co.uk/news/worldnews/middleeast/iran/8388484/Iran-cracks-down-on-web-dissident-technology.html Iran cracks down on web dissident technology... ... The value of ???internet freedom??? technologies to US foreign policy has not gone unnoticed in Washington: the Tor Project???s arms race with Iranian authorities is_funded in part by grants from both the Department of Defense and the State Department_. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk You've GOT to be kidding. Tell me that's a mistake. Tor Project, dedicated to privacy anonymity, takes $ from DoD Sam? While the US spies on it's citizens, unconstitutionally? That's rich. Honestly, this enlightenment will make me reconsider ever using Tor for anything I don't want sent directly to DC. It's like trusting car magazines' reviews that get their advertising $ from car manufacturers. There is no way the fed is going to give $ to any privacy organization w/o wanting something (cough, back door) in return. Every ISP has been forced into violating users' privacy. Why would Tor project, after taking $ from Sam, be any different? OK users, go ahead stick your head in the sand. EVEN if it's not true, for me, Tor project has lost a good deal of its credibility through its associations. Of course, no government would ever lie neither would a company (ATT, Ford, Google, R.J. Reynolds...). If I'm not mistaken, not only has TOR had at least some government / DOD funding from the start, the original project was started by the military. People seem to need a periodic refresher on this. I will just state the long public and published facts. Interpret them as you like. You can read more details at http://www.onion-router.net/History.html but here's a quick summary: I invented onion routing at NRL with David Goldschlag and Mike Reed in 1995-96 as a US Naval Research Laboratory project with initial funding from ONR. All of us were NRL employees at the time. Our first deployed system was in 1996 and source code for that system was distributed later that year. (Code was entirely US government work by US government employees, so not subject to copyright.) As part of a later NRL project, I created the version of onion routing that became known as Tor along with Roger Dingledine and Nick Mathewson starting in 2002. I have been an NRL employee throughout all this. Roger and Nick were contractors working on my project. NRL projects funded by ONR and DARPA were the only funding they had to work on Tor until 2004. The first publicly deployed Tor network was in 2003, which was also when the source code was made available and publicly licensed under the MIT license. The first funding Roger and Nick got to work on Tor that was other than as part of an NRL project was from the EFF starting in 2004. Tor got funding from a variety of sources after that, including several U.S. government projects, both before and since becoming a US 501 (c)(3) nonprofit. You can find a summary at https://torproject.org/about/sponsors.html.en HTH, Paul ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk