Giving Tuesday: Support Tech for Freedom and Human Rights

by nickm | December 3, 2019

First of all, thank you for supporting and using Tor over the years. I wrote my first Tor patch back in 2002, and I still believe that the software we're writing can help lay the groundwork for a better, more private internet in the future.

The internet is a long way from where it should be. Over my lifetime, for good reasons and bad, commercial interests have re-centralized the internet. When the average person goes online, dozens of parties have the opportunity to surveil or censor their traffic.

Right now, we're in the middle of our annual fundraising drive, and today is Giving Tuesday, a day when people all over the world focus on how we can give back and make the world a better place. I'd like to tell you about some of our work your contributions can help over the coming year. I'll be focusing on things that my team works on in the "tor" program itself.

You can help improve the security of the Tor network. We've made a bunch of improvements this year to minimize the collateral damage Denial-of-Service attacks cause the network, and we've developed a bunch of technology for traffic padding to reduce traffic analysis. We've also been looking at new designs from the research world for better padding schemes and improved cryptography. I've been longing to revisit our sandboxing code, and the whole team is eager for more time and resources to port more of our codebase to Rust.

You can help us scale the Tor network to support the whole world. We're proud of the number of people we can support today, but that's a far cry from achieving our mission of bringing privacy to everybody who wants it. As more people choose to protect their privacy, we need to make sure that Tor can handle the load -- but we'll have to make changes in the software's architecture to do so, so that we can grow the number of users by a factor of 10 or 100 without getting bogged down with directory load or exhausting relays' sockets.

You can help us develop Tor right. Software development isn't just about writing new features: it's about writing code that is clean, correct, maintainable, and sustainable. I believe that an important part of being a privacy developer today is to make sure that there is still privacy software tomorrow. We can do that by working for the long term: building software that other developers can adapt to the future and maintain over time, even when those developers are not us. We've gotten better over the past years, with greatly improved testing, documentation, development practices, and code organization, but we still have a long way to go.

Most of all, you can help us respond flexibly to unexpected events and issues over the coming year. Despite all our plans and preparations, we don't truly know what technological privacy challenges we will face in 2020. Your contributions can give us the ability to focus on breaking events without stalling progress on other development work.

And your donation doesn’t just help my team develop Tor itself; your contribution helps fund all of the Tor Project’s work to protect privacy and freedom online and impacts millions of people worldwide. A future post will go into more detail about aspects of our work you’ll help support in the next year.

Technology doesn't need to come at the expense of privacy. Connectivity doesn't need to cost us our self-determination. With your help, we can keep Tor growing and improving to be what the world needs: a way to help take back the internet for freedom and human rights.

Tor donate button

 

Comments

Please note that the comment area below has been archived.

December 03, 2019

Permalink

Why don't you try reaching more people on social media eg privacy focused subreddits like r/privacy etc ? try reaching more people who care about privacy but never heard of TOR or are afraid of using it which you can fix by telling them about bridges .

I agree (and I think the leadership does too) that Tor Project needs to grow the pool of Tor users, and I also agree that this won't happen if TP confines "outreach" to the blog. To recruit new users, TP has to overcome precisely the problem you mentioned, which I also have frequently encountered--- people have heard such awful things from FBI's "Going Dark" FUD and from other governments's "information ops" that they are too frightened to even consider giving Tor a try.

@ Tor Project:

I believe that "positive press" in the US mainstream "print" media would help, such as the article which appeared in wired.com a few months ago. The link to that article should be easy to find on the landing page www.torproject.org.

So far whenever Tor is mentioned anywhere in any US based blog or news site, it is almost always in an outrageously negative context, with not even a mention of the fact that Tor Project is a human rights organization and that Tor is a citizen's best hope for freedom of speech, association, and access to truthful information. I believe it might also help if TP were given a subscription to an electronic "clipping service" and actively tried to counter negative mentions by writing letters to the editor whenever this happens.

Further, I believe that TP should actively reach out to the most active US/EU/soon-to-be-disunited-kingdom-based "tech reporters". For example, editors might feel that their readers may be curious to learn how Tor originated inside the Naval Research Laboratory, given the very bad press coming from FBI (and soon, at the strident demand of FBI, Interpol), Candidate Biden, AG Barr, former Director Comey, Former AG Holder, and many other veteran politicians, Trumpeteers, and Deep Statists. How better to tell that story than an interview with Nick M?

Further, some editors might decide their readers would like to learn about how Tor devs were affected by paid trolls and Gamergate, and how we well knew, years before "the mainstream", all about Internet Research Agency, even noting their physical address (courtesy of a whistleblower interview which appeared in The Guardian several years before the first mention of IRA in the mainstream US media).

And some editors might decide their readers would like to learn more about how Tor devs work to counter the world's most advanced censorship regimes, e.g. the ongoing "arms race" between ever changing Bridges camouflage and GFC, RU and IR national firewalls, etc.

Some editors might be intrigued by Tor trainings of highly endangered people outside the US, or by the geographically dispersed nature of Tor Project, or by the fact that two cities whose citizens are offering resistance to far-right extremist Presidents, Seattle and Rio, play key roles. How better to tell those stories than interviews with Isa or some of the trainers?

I wrote my comment out of passion but this one is very helpful. May I suggest also writing op-eds for big newspapers and sites or even small ones ? Also the project should look into the huge increase in bridge users from Iran, see what worked or helped and try to replicate it in other countries like Egypt that has an incompetent government when it comes to censorship .

Here is a major developing story which Tor Project should draw attention to, because our community needs some good press!

People in Iran need to read the following series (in progress) of unprecedented revelations about oppression in Iran, based upon the Iran equivalent of the Snowden leaks: 700 pages of internal MOIS documents which a very brave whistleblower gave to The Intercept (via SecureDrop, so Tor played a critical role in enabling the leak):

https://theintercept.com/2019/11/18/iran-cables/

If FBI gets its way, using Tor would be illegal under US law as well as under IR law, and stories like these would never even get a chance to reach a reporter, much less to be published by a major news organization.

This is pathetic: I answered the CAPTCHA incorrectly.

Which reminds me of a joke: at his annual phone-in, someone asks Putin "What is 2+2?" and he answers "1 for you and 3 for me".

"The wired article": here is that link again:

wired.com
Tor Is Easier Than Ever. Time to Give It a Try
Been curious about Tor but worried it's too complicated to use? Good news: The anonymity service is more accessible than ever.
Lily Hay Newman
1 Jan 2019

And as a bonus, if you wonder what on earth NSA does with all the data it collects, the answer is real-life precrime. The methods are described in this story, which does not mention the broader precrime programs being done by the same LANL scientists who are discussing (in this story) a very specfic kind of behavioral prediction:

wired.com
Scientists Know How You’ll Respond to Nuclear War—and They Have a Plan
Using data from smartphones, satellites, remote sensors, and census surveys, modelers can create synthetic populations—and watch what they do in a disaster.
Megan Molteni
13 Feb 2018

And as a second bonus for reading this blog, here is the best explainer I've yet seen on the methods and goals of corporate collections of everyone's "data exhaust":

https://www.eff.org/wp/behind-the-one-way-mirror
Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance
Bennett Cyphers
2 Dec 2019

1x1 gifs, link-shimming, device-inventory and real time geolocation tracking using networks of WiFi hotsots and Bluetooth beacons, real-time auctions of your personal information--- this white paper covers all the corporate-sponsored exploitations you've been hearing about.

December 03, 2019

Permalink

> improvements this year to minimize the collateral damage Denial-of-Service attacks cause the network

Are you saying some DoS is desired? "Collateral damage" is a side effect from performing and authorizing damage in the first place.

December 03, 2019

Permalink

> You can help us develop Tor right. Software development... is about writing code that is clean, correct, maintainable, and sustainable. We can do that by... building software that other developers can adapt to the future and maintain over time, even when those developers are not us.

Why isn't there a tutorial on the wiki or community site to teach us how to configure Git and web repository services and how to use and interact with them through the Tor network all from simultaneously sigint, netsec, opsec, privacy, etc. perspectives? You want Tor's cautious and guarded users to help code? Teach us how to set up a development environment and workflow based on privacy and the Tor network. Your preparations for DocsHackathon took a few small steps in that direction but achingly late in Tor's long history.

https://blog.torproject.org/join-tors-docshackathon-next-week -- comments, too
https://trac.torproject.org/projects/tor/wiki
https://community.torproject.org/

December 03, 2019

Permalink

> the article which appeared in wired.com a few months ago. The link to that article should be easy to find on the landing page www.torproject.org.

Yes! On the front page in an "As seen in" or "Press coverage" list of publisher logos or however other attractive-looking sites present theirs. Journalistic coverage is listed, but one has to go out of the way to find it. https://www.torproject.org/press/

December 03, 2019

Permalink

I want to thank Nick for his concise and clear exposition of major technical challenges and responses, everything from sandboxing to responding to unpleasant surprises!

The wish list is not short, but I would like to urge TP to add a few more items anyway, just in case that trillion dollar deficit USG is running somehow gets converted from a negative into a positive (a trillion dollar no strings grant to TP).

o cybersecurity awareness of issues such as those discussed in the EFF whitepaper, plus practical cybersecurity training including Tor, Tails, and OnionShare should be offered in every high school (this would be a heck of a lot more effective than the horror "solution" being pushed by FBI, which is to cripple all strong civilian encryption, leaving America's children utterly defenseless),

o OnionShare for communication with/between law offices, medical clinics, local governments, reporters, bloggers, and ordinary citizens,

o Tor for Raspberry Pi (armhf so apparently not quite Debian compatible),

o expand the roster of software repositories with onion mirrors to include R Project, Raspberry Pi, maybe even Github (plus of course proper code signing for R Project),

o I had high hopes for Tor Messenger, understand that the devs gave it the old college try but wrote themselves into a corner--- maybe second time will be charm time?

o encourage the growth of a privacy industry: I want to see these items for sale, cheaply, in every drugstore and hardware store and bigbox electronics store in America:

* Faraday bags for smart phones,

* TEMPEST technology for all (new buildings should be constructed like SCIFs),

* Haven and similar physical intrusion detectors,

* broad-spectrum WiFi and Bluetooth signal scanners, including well-designed aerials and software which can use machine learning to make better and better guesses about what each signal represents (such devices would probably have to be limited to say 2-6 GHz and some lower and higher frequency ranges, so perhaps low, mid, and high frequency scanning devices)

* Stingray detectors,

* radio-controlled-quadcopter-microdrone detectors,

* radio-controlled-military-robot detectors,

* spyplane detectors which can decode, geolocate, and map in real time flight paths using ADS-B packets,

* a legally mandated bug in every FBI Field Office with live feeds to the Internet, so anyone can listen in to their local feds, until they get bored of listening to agents chanting T A F Y ("terror-anarchists fuck you"),

* facial identification apps which dox cops and feds to ordinary citizens, rather than apps which dox ordinary citizens to cops and feds.

These devices should be designed with minimal "bells and whistles" (those tend to open security vulns), for consumers not for the "big uglies" (Amazon/Facebook/Google/Microsoft/etc), using the philosophy "do one thing, but do it very well".

Let the punishment fit the crime:

Former Cardinal Pell should have been sentenced to teach an ethics course, over and over, to one carefully selected pupil, former FBI Director Comey.

Soon-to-be-former AG Barr should be demoted to serve out his days as the harried chief of the DOJ FOIA Office, where he should be required to spend at least five hours every day assisting Muckrock to get all the information We the People have requested and to which we are entitled.

HRC should be sentenced to one million hours of community service, working the phone banks for the Drump campaign.

Obama and G.W. Bush should be cellmates in Spandau, with hourly tours so the public can gawk.

Drump... Drump... Drump... what punishment could possibly fit?

Just kidding, of course. Those unspeakably harsh punishments would all be highly unconstitutional. Not that anyone but the ACLU still cares about that document, to be sure.

December 03, 2019

Permalink

Russia's present is America's future (if we do not join the resistance while there is still time, if there is still time):

theguardian.com
Putin approves law targeting journalists as 'foreign agents'
Move described by rights activists as scare tactic to stifle criticism of Russian government
Andrew Roth in Moscow
3 Dec 2019

themoscowtimes.com
Russia’s New ‘Foreign Agent’ Law, Explained
The law to label any individual as a "foreign agent" has been met with controversy over how it will be enforced. Pixabay
2 Dec 2019

> Russia has passed legislation that will allow individual journalists and bloggers to be labeled “foreign agents,” a move that critics say will tighten curbs on the media and free speech.
> ...
> — The law applies to any individual who distributes information on the internet and receives money from foreign sources.
> ...
> The State Duma has confirmed that both foreigners and Russians may be labeled “foreign agents” under the new law.

Wait, what now? You mean to say that every non-Russian who receives money from non-Russians and confesses in some online text that Мой дядя держит попугаев is a "foreign agent", according to Mad Vlad? Nuts! Someone please feed that man some birdseed, too much Sochi sun has gone to his head!

We all need Tor, now more than ever.

(Trivia question: who drinks more alcohol per capita, Germans or Russians? The surprising answer: Germans. According to WHO.)

On the bright side, it seems Yandex won a reprieve from even more search-result censorship. This is good to know if you ever use the Yandex button in Tor Browser.

December 04, 2019

Permalink

Too much Putin for such a post at one place even for himself! Cannot say better than it's given above: want to improve TP - teach us how you do it. Oppenes serves all!

December 05, 2019

Permalink

Maybe Tor can reach even more people in places like Iran if the project had a Telegram channel or something

December 06, 2019

Permalink

I've noticed a big change recently, not with this TOR release, but in say, the last month, that the stupid Google captchas are failing out almost 50% of the time with the stupid, "received too many automated queries" message. This has gotten to the point now that I have to make 10 connections to find an IP on which the captcha will work. I've used TOR for years, and previously, this error was rare. Let's say perhaps 10% or less of the time.

First of all, why are so many websites using Google garbage. Google hates TOR. when you try to use Google with TOR you hit a captcha (not the familiar captcha I just mentioned, but another one), and sometimes it's an endless loop, where you solve it correctly and are bought right back to the same page. UploadBank seems to have a good non-Google captcha. Why isn't that being embraced? And why the Hell would a captcha system report an error for "too many automated queries" in the first place - it's designed to check whether you're human so it should be immune to noise packets.

Is this change something Google has done to make TOR users suffer, or is someone else to blame. Perhaps a State actor like China, attacking the captcha system to shut down or de-anonymize TOR users?

Is this comment going to be CENSORED like when I attempted to post it under the TOR release 9.0.2 comments? How ironic. Censoring people for no good reason while claiming to support freedom of expression. If this isn't the appropriate place, then WHERE???