A Statement from The Tor Project on Software Integrity and Apple

by mikeperry | March 21, 2016

The Tor Project exists to provide privacy and anonymity for millions of people, including human rights defenders across the globe whose lives depend on it. The strong encryption built into our software is essential for their safety.

In an age when people have so little control over the information recorded about their lives, we believe that privacy is worth fighting for.

We therefore stand with Apple to defend strong encryption and to oppose government pressure to weaken it. We will never backdoor our software.

Our users face very serious threats. These users include bloggers reporting on drug violence in Latin America; dissidents in China, Russia, and the Middle East; police and military officers who use our software to keep themselves safe on the job; and LGBTI individuals who face persecution nearly everywhere. Even in Western societies, studies demonstrate that intelligence agencies such as the NSA are chilling dissent and silencing political discourse merely through the threat of pervasive surveillance.

For all of our users, their privacy is their security. And for all of them, that privacy depends upon the integrity of our software, and on strong cryptography. Any weakness introduced to help a particular government would inevitably be discovered and could be used against all of our users.

The Tor Project employs several mechanisms to ensure the security and integrity of our software. Our primary product, the Tor Browser, is fully open source. Moreover, anyone can obtain our source code and produce bit-for-bit identical copies of the programs we distribute using Reproducible Builds, eliminating the possibility of single points of compromise or coercion in our software build process. The Tor Browser downloads its software updates anonymously using the Tor network, and update requests contain no identifying information that could be used to deliver targeted malicious updates to specific users. These requests also use HTTPS encryption and pinned HTTPS certificates (a security mechanism that allows HTTPS websites to resist being impersonated by an attacker by specifying exact cryptographic keys for sites). Finally, the updates themselves are also protected by strong cryptography, in the form of package-level cryptographic signatures (the Tor Project signs the update files themselves). This use of multiple independent cryptographic mechanisms and independent keys reduces the risk of single points of failure.

The Tor Project has never received a legal demand to place a backdoor in its programs or source code, nor have we received any requests to hand over cryptographic signing material. This isn't surprising: we've been public about our "no backdoors, ever" stance, we've had clear public support from our friends at EFF and ACLU, and it's well-known that our open source engineering processes and distributed architecture make it hard to add a backdoor quietly.

From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered. We are also currently accelerating the development of a vulnerability-reporting reward program to encourage external software developers to look for and report any vulnerabilities that affect our primary software products.

The threats that Apple faces to hand over its cryptographic signing keys to the US government (or to sign alternate versions of its software for the US government) are no different than threats of force or compromise that any of our developers or our volunteer network operators may face from any actor, governmental or not. For this reason, regardless of the outcome of the Apple decision, we are exploring further ways to eliminate single points of failure, so that even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue.

Like those at Apple, several of our developers have already stated that they would rather resign than honor any request to introduce a backdoor or vulnerability into our software that could be used to harm our users. We look forward to making an official public statement on this commitment as the situation unfolds. However, since requests for backdoors or cryptographic key material so closely resemble many other forms of security failure, we remain committed to researching and developing engineering solutions to further mitigate these risks, regardless of their origin.

We congratulate Apple on their commitment to the privacy and security of their users, and we admire their efforts to advance the debate over the right to privacy and security for all.

Comments

Please note that the comment area below has been archived.

March 21, 2016

Permalink

> Reproducible Builds, eliminating the possibility of single points of compromise or coercion in our software build process

Many thanks to Mike and other Tor Browser devs for the fantastic pioneering work here. But, of course, repro builds by themselves don't eliminate SPOFs in the distribution/authenticity-checking process.

> This use of multiple independent cryptographic mechanisms and independent keys reduces the risk of single points of failure.

So, would it currently require just two keys (a TLS key and a single update-signing key) to make a malicious Tor Browser update pass the built-in updater's authenticity checks? If so, are those keys at least hopefully not accessible to the same persons?

It seems like most of the pieces are in place to finally begin requiring K of N independent builders' signatures. If Tor Browser isn't doing that already (perhaps I've misunderstood) I hope it will soon!

> So, would it currently require just two keys (a TLS key and a single update-signing key) to make a malicious Tor Browser update pass the built-in updater's authenticity checks? If so, are those keys at least hopefully not accessible to the same persons?

Yes, that is correct. Right now, two keys are required, and those keys are not accessible by the same people. They are also secured in different ways.

Again, because we additionally use our anonymity network, even that does not give you the ability to give malware to anyone in specific. You would have to scatter-shot feed the update to random people, or everyone.

If you choose to target everyone (perhaps by compromising our webserver in addition to the update key), then you run the risk of being detected by someone who reproduces our builds independently. In that case, you would also have to compromise the build engineers GPG keys, or else the build signatures would not match, either.

> It seems like most of the pieces are in place to finally begin requiring K of N independent builders' signatures. If Tor Browser isn't doing that already (perhaps I've misunderstood) I hope it will soon!

What the industry seems to be heading towards instead is adopting Certificate Transparency to create audit logs for programs in addition to HTTPS certificates, so that everybody can verify that they have the one true canonical copy of a specific release of a program with external auditors and verifiers. This project is called Binary Transparency.

However, being pedantic as we are, we are instead likely to list Tor Browser hashes in the Tor network consensus document, which is already signed via a K of N key mechanism. We will then audit the consensus itself with a Certificate Transparency-style log, since doing so would both provide further security for the Tor Browser binaries, and also alert us to the theft of a majority of the directory authority keys (as I alluded to in the post). In this way, we will get quite a great deal of defense-in-depth, both for the network, and for our software.

mikeperry

March 21, 2016

In reply to mikeperry

Permalink

As an aside, it turns out that the Session Resumption protocol in TLS 1.3 also allows the creation of "perspectives" systems that can audit for theft of HTTPS certificates themselves.

If someone steals or obtains the HTTPS private key for a site that is using TLS 1.3 and tries to use that to intercept HTTPS connections for some subset of users, those users can use TLS 1.3 session resumption to verify their ephemeral HTTPS forward-secrecy keys via another cryptographic channel (such as via Tor, a VPN, an SSH tunnel, or one or more "notary" systems). If that interception is targeting all users, then sites can simply connect back to themselves via Tor or a VPN, and use session resumption to verify their own ephemeral key material for that connect-back.

In this way, it is actually possible to build distributed systems that verify against server key theft. This mechanism can work to protect both HTTPS websites, as well as Tor relays (since Tor relays could authenticate eachother, through circuits using other relays).

Hmm, it seems the evil of the Return of Timesharing, er Clouds, has finally hit - Most folks (now that most computer owners are "average (your nation here) do not and cannot be bothered to have any understanding of their machines and the software that runs on them - otherwise SaaS would have been met with massive moves to bar the practice in any country where one can do so, same for Windows, ere Internet Explorer Grande-10.
Justice is hinting that foolish suspect saved data on MAC or other "cloud" without a thought.

Now assuming the guy in question did as charged, a) nail 'im for murder and b) build a case the way you would have pre-cellphone.

All I know is that in the 1970s, when DEC was virtually giving PDP-10 systems to high schools and colleges in order to both advertise (as Apple would do a few years later) AND to find the holes when some slovenly programmer declared himself (no "gurls" allowed then) the Masterful Jack Hack, and would find notes added to his code, non-destructively, reading things like "why don't you start by looking at ________ or learning some math, I could do that to run in halfthe time and half the space.

Account breaker would be reprimanded until he produced a patch blocking his method of cracking the system, which, if accepted by DEC, would gain him all sorts of privileges

But now, esp. with some Apple products, you must use your their code on their equipment, even if item, like the phony TOR "Onion" is a well-known break-in.

What we really need most is a PR campaign, telling people to BUY equipment powerful enough to accomplish their tasks with 100% of their code running in a box that doesn't need a net connection, that there's no such thing as free storage, free search engines (with a few minor exceptions) or freedom at all left when one turns to electronic devices, and here's why.

Simultaneously, those of us not up to coding in Madison Avenue or K Street should be writing an alternate tablet/phone system to run on Apple, demanding corporate help since it seems to have *stolen* GPL software without proper "copyleft" license release.

I praise them for their PR, but want to see Apple, MS, Adobe and others called to task for their denial of freedom, Alphabet/Google for committing blatant infotheft (when you cannot get to a company's "privacy statement" page without giving up a whole bunch of data about Your Computer, and You the Owner, something is very, very wrong)

Manufacturers of encryption devices and the phones that use them MUST be included, as "common carriers" for the phone is just as important as the cable - if not moreso in allowing a communication.

This disabled (by falling tv camera-man) newspaper reporter (I knew they were out to get us, but I didn't think they were THAT intent!) can no longer write clearly and quickly enough to do the PR job - but there must be somebody out there who can - and I am excluding the "quality journalists" at 2600, who, unfortunately, cannot write their way out of paper bags.

Let us look beyond coding and look for making the world safe to talk dirty to your SO again (A possible image line)

These days are so dangerous I'm designing my brown t-shirt w/swastika armband emblazoned "Nazis for Trump" and possibly for whoever the GOP nominates - at least Hillary knows how and why to run a backchannel!

March 21, 2016

Permalink

Mike, you are a hero in this field and inspire me and others to keep fighting. I congratulate you for leading by example, and hope Apple engineers and managers will live up to your life and your work's example.

Thank you. I hope so too.

To be honest, it is kinda fun to work for a company where I regularly get to ask "Why oh why won't [entity] just copy our technology already?" and nobody really disagrees with the question :).

@ Mike Perry:

Erm... could you clarify one point here?:

> it is kinda fun to work for a company where I regularly get to ask "Why oh why won't [entity] just copy our technology already?" and nobody really disagrees with the question :).

You work for Tor Project (a non-profit NGO), not Apple or some other company?

It is not a bad thing that the user base is parsing TP statements very carefully, if only because this is a valuable skill to help us figure out what deceptions underlie USG statements.

>You work for Tor Project (a non-profit NGO), not Apple or some other company?

Tor profit may be a non-profit NGO, but it is still a company. He still works for it, officially.

> Tor profit may be a non-profit NGO, but it is still a company. He still works for it, officially.

"Tor profit"? What on Earth are you talking about?

Mike?

Mike, your work brings tangible gravitas to slogans like 'free software for freedom' and the integrity and grace with which you've endured all sorts of nonsense is even more admirable. You, Roger, Nick, Erinn, Isis, and Andrea are all heroes of mine!

March 21, 2016

Permalink

Thanks to Mike Perry and Tor Project for publishing this statement!

This event demonstrates a new level of political maturity and commitment to our shared ideals.

Tor Project, like Planned Parenthood, currently functions as a US-based nonprofit, and like Planned Parenthood, finds itself smack in the middle of one of the most divisive (and most lethally politicized) issues in US society, much to the dismay of those technologists and medical providers who would naturally prefer to serve the public without suffering the all too credible threat of targeted political violence. Nevertheless, this is the situation in which such nonprofits find themselves, and in order to continue to serve the public, they must take legal, personal, and technological defensive measures. In particular, both Planned Parenthood and Tor Project must acknowledge that, sad to say, the various governments (municipal, county, state, federal) of their host nation are not their friends in this ongoing political struggle. That is not much different from the fact that the authoritarian national government of China is no friend to Chinese-based human rights organizations; the same could be said of Russia and a hundred other countries. In fact, it would be difficult to name a nation whose government truly protects its own human rights organizations.

@ Tor developers:

I acknowledge that the user base is demanding much of you, when we ask that you vow to

o quit your job,

o go into voluntary exile,

o go to jail,

o go underground,

o suffer execution by lethal injection, targeted drone strike, or assassination by SEAL

rather than cooperate with some government (in particular, USG) in authoring or cryptographically signing malicious modifications of any Tor Project software products (such as TB or TM) served to some or all Tor users.

I know all too well that when a citizen refuses to perform unethical and dangerous work for an evil government, that government is likely to destroy your life as you knew it. So I understand very well how much we are asking of you. But I also know from personal experience that should our worst fears be realized, if you are confronted with unpleasant choices presented by your government, you will never regret doing the right thing by refusing to cooperate by performing evil deeds.

There are billions of humans on our little blue marble; in the big picture, the personal fate of any individual matters little. Nevertheless, at the dawn of the 21st Century, software developers belong to a rare breed which makes the magic happen-- unfortunately, all too often, that magic has manifested as some evil sleight of hand performed for an oppressive, even genocidal, organization such as NSA or the US National Laboratories. But by the same token, if the community of software developers (and more generally, STEM technologists) refuses to do evil work for governments, the global Surveillance State created by NSA and USG must collapse. That would be good for the entire world, including (and perhaps especially) US persons.

We the People are in a terrible fix. STEM practitioners have the knowledge required to understand, better and earlier than our fellow inhabitants of planet Earth, just how desperate our situation really is. The little blue marble on which we live is currently experiencing the early stages of a massive extinction event, and-- despite what one might naively think from the enormous size of the present human population-- ecological modeling suggests that Homo Sapiens is on the short list of likely victims. In the short term, ecological stress (perhaps leading to extinction) is likely to manifest itself as economic and geopolitical stress, with the various nations reacting by using nuclear weapons and cyberwarfare to fight viciously for control of increasingly scarce material, energy, and human resources. And the most valuable human resources include software coders and STEM practitioners. So we have a special responsibility to use our knowledge and skills only for good purposes, to try to help the good citizens of the world to cooperatively find some way out of our fix, or failing that, to at least do what we can to minimize the ugliness of how our governments react to dire ecological/economic stress.

I happen to be an agnostic, but the phrase which best captures the sentiment with which I would like to convey is "God help us all".

March 21, 2016

Permalink

> The Tor Project has never received a legal demand to place a backdoor in its programs or source code, nor have we received any requests to hand over cryptographic signing material.

The language in this sentence is sufficiently ambiguous, at least to me, that my mind instantly ran to the information it omits: has the Tor Project received requests or non-legal demands to place a backdoor? and has it received demands to hand over cryptographic signing material?

Should not special care be taken before publishing these kinds of statements so that it is absolutely clear what information is and isn't being conveyed?

Yes, we were careful. The statement says what it says for exactly the reasons you suspect. We receive all kinds of requests for all kinds of things on a fairly regular basis. I don't believe that a direct request for a signing key was ever made, but I guess if some random person at a hacker conference ever jokingly asked someone at Tor for their GPG key, I would have to say "yes" there too, wouldn't I? Hence again the wording..

However I do know what our policy is when handling any such non-legal demand.

First we explain Tor to these people. We are as helpful as we can be during this process, using it as an opportunity to explain both our technology and technology in general to the requester, and make suggestions for how they may solve their problem in without the need to compromise Tor or attack the network (see the Abuse Templates for Tor relay operators for some examples). After this, the person usually comes to understand that there's no way we can provide what they want, and that settles the matter.

On rare occasion, however, members of our community and even some employees have been threatened with force or physical violence for not fulfilling an extra-legal demand. Hence the reason that it is even more important that we have enough redundancy and protection against single points of failure so that we cannot honor such extra-legal demands.

In some instances, Tor relays have been seized by police or even unknown actors, usually because they expect to find something that is not actually there. In that case, standard operating procedure is that we blacklist that relay's keys from the network, and the operator generates new ones on new hardware. Forward secrecy protects the old communications, and the new keys protect the new communications. For this reason, these seizures are usually even more rare than idle threats, since police in each jurisdiction quickly learn that their actions accomplished nothing.

March 22, 2016

In reply to mikeperry

Permalink

> On rare occasion, however, members of our community and even some employees have been threatened with force or physical violence for not fulfilling an extra-legal demand.

Glenn Greenwald writes that he learned an important lesson when Laura Poitras agreed to tell her story (of repeated harassment by TSA in airports) for publication: when you call out the bullies in public, they typically stop duck under cover and are never heard from again.

I urge Tor Project to consider coming forward with some details on this kind of event, and to promptly report them in future. I believe that it would be very helpful in the political struggle to put forward specific examples of how authoritarian actions by USG can encourage other governments (and political candidates, and pressure groups, and stalker-trolls) to imitate the threatening misbehavior of USG.

March 22, 2016

In reply to mikeperry

Permalink

> The statement says what it says for exactly the reasons you suspect. We receive all kinds of requests for all kinds of things on a fairly regular basis. I don't believe that a direct request for a signing key was ever made

How about a request from party G (DOJ, perhaps) that, without handing over your signing keys to G, you use them to sign (improperly "authenticate") a version of a Tor Project product (such as TB or TM) furnished by G?

Also, what we most need to hear is a completely unambiguous statement that Tor Project has never done anything like that, ideally coupled with a vow to do shut down the project rather than comply, if TP is placed by USG in a situation where USG is threatening to put a dev in jail if he/she does not comply with such a demand.

March 22, 2016

In reply to mikeperry

Permalink

I have heard that the US-based authors of some privacy/security enhancing Open Source software projects report that IRS threatened to revoke their 501c nonprofit status unless they put in backdoors, or abused their users in some other way as demanded by USG.

Has Tor Project ever been threatened this way?

This sort of bullying has never happened to us, probably again because of public support we have from the EFF and ACLU.

I think I know the organization you're referring to here, and when I heard second-hand about their situation I became very angry, as such demands aren't even legal from the police in the US, let alone from a tax collector effectively trying to blackmail you. I encouraged the person who told me to have them speak with our allies at the EFF and ACLU as soon as possible. I really hope it was resolved in their favor.

I am also surprised that they chose not to make such a threat public knowledge. As some other commenter here said: The best way to get bullying to stop is for everyone to publicly denounce the bully. Moreover, by keeping it quiet, you just let the rumor mill take over, and people start to whisper and wonder what really happened in order for them to successfully resolve that situation and keep their non-profit status...

Actually, no, but good guess--- I am also very concerned about Riseup, a key partner with Tor Project.

It is known that at least one person with an apparent connection with a police agency (Czech) bought a zero-day exploit from the notorious Italian zero-day-exploit malware-as-a-service company Hacking Team, which specifically targeted the Riseup mail server. Additionally, some years ago FBI seized a server operated by another partner of Riseup, which was used for listservs on groups which seek to oppose the drug cartels in Mexico (a very very dangerous activity, hence the need for anonymity-enhancing services).

Mike?

Long ago, our FAQ (https://www.torproject.org/docs/faq#Backdoor) said that nobody has asked us to put in a backdoor, probably for the reasons described in the above post. I changed that FAQ entry a year or two back, because it was no longer the case that we could say nobody had asked.

Here are two interactions that capture the sort of requests we've had:

* Many years ago, after an introduction by some EFF lawyers, I went to DC to do a Tor talk to the US Department of Justice, CCIPS division:
https://www.justice.gov/criminal-ccips
The main part of the talk was just explaining what Tor is, and why they shouldn't regard a privacy tool as their enemy. But also I talked about how our distributed architecture makes it hard to put in a backdoor, and how we wouldn't, and how besides, nobody has asked us to. One of the lawyers there "jokingly" raised his hand and said "Can I have a backdoor?" Everybody laughed, and we moved on. (He didn't get his backdoor.)

(I recently learned from some other law enforcement people that my talk to CCIPS happened right around the time they were successfully strong-arming anonymizer.com into adding a mechanism for deanonymizing customers upon DoJ request. Yuck. All the more reason that a distributed architecture is important.)

* In late 2014, somebody I'd met from the FBI called me and said he was relaying a request from the New York office, that it sure would be nice if we would add a way to censor certain onion services if a judge asks us to. I explained that the only real way to do it (since we don't run the network) would be to ship the list of "they've asked you to censor these" addresses to all the relays, and then each relay operator would decide whether to go along with the censorship. And also, which judges should you listen to? What about Saudi judges? The FBI person responded that yes, he knew this was the right answer, but he'd promised them he'd call and ask, and now he had.

In neither of these cases were there any legal demands, so technically there was nothing to respond to or refuse. Rather, they were both teaching opportunities, as Mike pointed out above.

It would be really great for us to do some sort of yearly "this is a summary of what we've been asked for" transparency report. So far we haven't, because there simply aren't enough of us, and I think we should (rightly) be focusing on actually making secure software. In the glorious future where we have more funding, and there are more of us, I think that would be a great habit to add.

March 21, 2016

In reply to arma

Permalink

It would be really great for us to do some sort of yearly "this is a summary of what we've been asked for" transparency report. So far we haven't, because there simply aren't enough of us,

Not enough manpower to write an annual summary of "what we've been asked for" in a transparency is your reason. It should never be an excuse.

I volunteer to do it for free if you can pass me all the requests, be they legal, non-legal, frivolous or extra-territorial.

In late 2014, somebody I'd met from the FBI called me and said he was relaying a request from the New York office,

What is your definition of "legal demand"? FBI is a legitimate law enforcement organ of the USA, isn't it? When it "requests" you to do something, isn't that a legal demand? An example: Agents Fox Mulder and Diana Scully have reasons to suspect you are the serial killer. The FBI requests your help in their investigations. Can you refuse to do it without getting into trouble with the law?

Moreover I don't know what the US law is concerning rejecting requests made by law enforcement agencies such as FBI. In Asia, if you reject such requests, you will certainly be hauled up by law enforcers and charged in a court of law for obstruction of justice.

> Not enough manpower to write an annual summary of "what we've been asked for" in a transparency is your reason. It should never be an excuse.

@ arma:

I have to agree with that comment.

@ Shari & all:

Please find a way to promptly issue bulletins regarding legal threats and threats of violence against Tor staffers/volunteers. Shining the light of publicity on such ugly incidents seems to result (so far) in the bad guys backing down.

I'm no lawyer, but I think "legal demand" refers to a court order, much like the one the FBI recently served Apple. As I understand, these are written by law enforcement and have to be signed-off by a judge in order to be valid and impose legal consequences (e.g. contempt of court).

But this is very different from "we don't have a judge's approval for this request, but if you refuse it, we'll bring conspiracy charges for that private anonymous service you're running and it'll cost you a lot in lawyer fees to fight it. And we might see to it that you're harassed by the TSA and make you miss your flight to that important meeting you have coming up. And prosecute your family member hard for that small-time operation he or she has going on the side, which we didn't previously care about." Just to name a few examples.

March 22, 2016

In reply to arma

Permalink

> Many years ago, after an introduction by some EFF lawyers, I went to DC to do a Tor talk to the US Department of Justice, CCIPS division:
> https://www.justice.gov/criminal-ccips
> The main part of the talk was just explaining what Tor is, and why they shouldn't regard a privacy tool as their enemy. But also I talked about how our distributed architecture makes it hard to put in a backdoor, and how we wouldn't, and how besides, nobody has asked us to. One of the lawyers there "jokingly" raised his hand and said "Can I have a backdoor?" Everybody laughed, and we moved on. (He didn't get his backdoor.)
>
> (I recently learned from some other law enforcement people that my talk to CCIPS happened right around the time they were successfully strong-arming anonymizer.com into adding a mechanism for deanonymizing customers upon DoJ request. Yuck. All the more reason that a distributed architecture is important.)

Right, and I think this anecdote shows that Tor Project must always assume that "jokes" from USG people are not really jokes after all.

To repeat: I suspect that FBI's real target in Apple-v-FBI is Tor Project. That is, I suspect that FBI is trying to leverage the conjunction of a presidential election whose frontrunner is described (with much justification IMO) as something closely resembling a fascist with continuing IS attacks in EU to bludgeon the courts into establishing a very dangerous precedent, which they intend to quickly apply to Tor Project. As circumstantial evidence that this suggestion is not unlikely to be true: there is reason to think FBI doesn't really expect to find anything significant in the disputed iPhone, and according to experts such as Snowden, has likely known methods which will defeat Apple's security measures all along. If so, the Riverside case is simply a smokescreen which FBI hopes to use to exploit in order to establish a legal precedent for compelling companies/NGOs to abuse their cryptographic signing keys by signing maliciously modified versions of their products, thus certifying malware disguised as a legitimate software update.

I am glad to read some details from Mike Perry which show that Tor Project is taking steps to cautiously improve its resistance to "rubber hose" breakage of the invaluable things which strong cryptography provides to Tor users, including authentication of the latest TB or TM bundles. Please make this a top priority going forward, because the danger of USG employing such attacks against TP is all too credible. Please make sure that you try to defend against two types of attacks: those which target all or most Tor users indiscriminately, and those which target a small subset or even a single individual (such as yours truly).

Any more on the possible traffic shaping attack on the Tor network being discussed in tor-talk?

great feedback thankyou
re: fbi vs apple
while it has been noted by commentators the fbi have chosen this case against apple extremely carefully (San Bernando) to obtain their precedent,
it should be realised that it (San Bernando incident) was almost certainly a state sponsored false flag. Thus, this entire matter was fabricated to force a particular end. Thus, the end is not even visible so far - Apple may be the first of many smoke and mirrors - for which USG access to Tor is, indeed as you so astutely point out - the final solution

March 21, 2016

Permalink

To: mikeperry, arma, erinn et al.

Could you please confirm to us if any US government agency or US quasi-government agency is a sponsor of the Tor Project? If yes, who are they?

Thanks in advance for being transparent.

March 21, 2016

Permalink

I read all the above posts and original statement and I am filled with awe and respect for your work and the human beings that do it
Wow. What special people

The world is a better place because of you. And this will always be a fact. Nothing can change this. You have contributed to history. To a better history and a better future also

I wish I could be like you!

March 22, 2016

Permalink

DOJ suddenly requested Judge Pym to cancel todays' hearing in Riverside in the Apple-v-FBI case, and to stay (delay) the unlocking order, saying FBI has been given a demonstration of an alleged unlocking technique. (By McAffee? NSA? FBI won't say anything.)

http://arstechnica.com/tech-policy/2016/03/apple-gets-short-term-win-bu…
Apple gets short-term win, but new mysterious FBI unlocking method looms
Law professor: "The issue probably has been deferred, not resolved."
Cyrus Farivar
22 Mar 2016

> RIVERSIDE, Calif.—Less than 24 hours before a highly anticipated Tuesday court session where prosecutors and Apple lawyers would have squared off here in federal court, government attorneys suddenly got a judge to vacate that hearing and stay an unprecedented court order that would have forced Apple to aid investigators' efforts to unlock and decrypt an iPhone linked to a 2015 terrorist attack. In a court filing Monday, federal authorities cited a newly discovered "unlocking method" that it hopes won't require Apple's help.
>
> The sudden and unexpected postponement essentially means an immediate victory for Apple—the company doesn’t have to comply with the government’s demands to create a customized version of iOS. But the new government filing also raises more questions than it answers, such as the reach of the government's decryption capabilities.

http://arstechnica.com/tech-policy/2016/03/fbi-says-it-might-be-able-to…
FBI says it might be able to break into seized iPhone, judge cancels order to aid decryption [Updated]
David Kravets
21 Mar 21 2016

https://theintercept.com/2016/03/21/government-showdown-with-apple-dela…
Government Showdown With Apple Delayed
Jenna McLaughlin
22 Mar 2016

The timing certainly suggests that FBI is trying to find a face-saving way to back down from its outrageous and unconstitutional demands upon Apple. However, the consensus among technical experts (including Snowden) is that USG had ways of breaking into the phone all along, and the consensus among lawyers seems to be that FBI certainly isn't giving up, is merely delaying the big legal showdown until another "terror attack" or mass shooting in the US replenishes its FUD tanks.

So CWII continues...

Some well-informed technical speculations about how Cellebrite

http://arstechnica.com/tech-policy/2016/03/israeli-mobile-forensics-fir…
Israeli mobile forensics firm helping FBI unlock seized iPhone, report says
News comes after FBI withdrew demands for Apple to help unlock seized iPhone.
David Kravets
23 Mar 2016

may try to crack the iPhone in question:

http://arstechnica.com/security/2016/03/ios-forensics-experts-theory-fb…
iOS forensics expert’s theory: FBI will hack shooter’s phone by mirroring storage
Zdziarski believes NAND mirroring will give FBI the retries to crack PIN it needs.
Sean Gallagher
23 Mar 2016

Marcy Wheeler offers an incisive political analysis of FBI's latest attempts to lie to Judge Pym:

https://www.salon.com/2016/03/2
velations_raise_troubling_new_questions/
The Justice Department’s Apple crusade gets even sketchier: Why the latest revelations raise troubling new questions
For months, the DOJ has been trying to get Apple to crack a terrorist's iPhone. But what if they didn't need Apple?
Marcy Wheeler
25 Mar 2016

> ...
> Not until it submitted its request to delay the hearing did anyone from DOJ admit it always knew someone besides Apple and the FBI might be able to crack the phone. “We have been working tirelessly during this entire time to see if there’s another way to do this,” prosecutor Tracy Wilkinson revealed in the phone hearing that day after a month of sworn briefs insisting there was no other way to get inside the phone.
>
> And while FBI Director Jim Comey claimed in a congressional hearing on March 1 that, “We’ve talked to anybody who will talk to us about it, and I welcome additional suggestions,” researchers who called FBI with potential solutions report being blown off by the FBI.
>
> Which leaves the impression that DOJ — and the FBI and DEA, law enforcement agencies that are part of DOJ — have been picking and choosing when they claim they need Apple’s help and when they can ask a regular forensic contractor to do the work. It leaves the impression they wanted to force Apple to weaken iPhone security features, even while there were other ways of getting in the phone.
>
> It’s a question the Feds are still trying to dodge. In an editorial earlier this week, the Wall Street Journal expressed, with shock, “Now we learn the FBI, far from exhausting all other practical options, had been pursuing such non-Apple leads all along.” In a letter to the editor in response, FBI Director Comey denied a different claim. “You are simply wrong to assert that the FBI and the Justice Department lied about our ability to access the San Bernardino killer’s phone,” Comey wrote, which says nothing about whether DOJ knew, but did not reveal, that a trusted contractor like Cellebrite might be able to crack the phone.

"Parallel construction", forensic pseudoscience,

https://theintercept.com/2016/03/25/in-las-vegas-embattled-forensics-ex…
Liliana Segura, Jordan Smith
25 Mar 2016

... FBI/DEA/LEO access to NSA data trawls of the communications, travel records, financial transactions, and personal medical records of US persons, and of the contents of electronic devices used by US persons,

http://thehill.com/policy/national-security/274128-lawmakers-warn-about…
Lawmakers warn of 'radical' move by NSA to share information
Julian Hattem
23 Mar 2016

http://arstechnica.com/tech-policy/2016/03/representatives-say-nsa-must…
Representatives say NSA must end plans to expand domestic spying
Americans "deserve a public debate” on 4th amendment encroachments, reps say.
Megan Geuss
24 Mar 2016

... school-to-prison/mental-ward pipeline, NCTC forcing teachers to assign "threat scores" to their students and report back to FBI, state-sponsored-discrimination based upon "threat scores" and "citizenship scores" with potentially lethal consequences... what next?

March 22, 2016

Permalink

Tor also helps Christian individuals who face persecution nearly everywhere, from LGBT hate squads in the West and Islamic terrorism in the Middle East and Africa

March 22, 2016

Permalink

I realize the team is crazy busy all day every day, but I could think of some pretty impactful ways you could provide services/ideas/code to Apple:

-TBB on iOS by default
-Safari adoption of more of TBB's tracking countermeasures (though I realize it's a massive refactoring job)
-Safari 'TBB mode' or other integration of TBB-like product into Safari
-user-friendly transparent proxy (addressing some of the many issues that would arise) for iOS/OSX
-iMessage --> Axolotl over Tor, backed by Apple-run relays

Your team is the vanguard of what you do, and Apple has significant resources, so I'd love to see friends' iThings ship with your products built-in to save me the trouble of installing TBB on their machines!

I think it would be easier to port Orweb and Orfox to iOS than modify Safari to emulate TBB behavior. Tor has never been the default on anything (other than Tails and Liberté, as far as I know), and I don't foresee Apple becoming the pioneer of Tor-as-the-default-on-a-mainstream-product anytime soon.

March 22, 2016

Permalink

Thank you Mike, I have followed some of your technical work and they are impacting thousands possibly millions of people positively, it is so appreciated!

Keep up the amazing work to you and all Tor / Tor Browser developers!!!

March 23, 2016

Permalink

Do you know Google? Even if you use a Tor Browser, the system still knows who you are. Is there something wrong with the Tor Browser still?

March 23, 2016

Permalink

OT: @tor-team Topic css, webcontent, style
please, could you change the text-background-color when it is selected with the mouse to something else than 'white'. I can not read your blogs because the font is small and it got a lot of lines. so i usual select the text when i read to mark it where i've been but since your css colored it with no different of unselected text i loss the lines always. It' hardly to read!
Thanks!

March 24, 2016

Permalink

>We will never backdoor our software.
Even if every employee was threatened to be put into jail? LOL.

If Apple didn't subordinate, they would be proclaimed as illegal org and every employee would be put into jail. Because no org is allowed to violate the law, if the org violates the law, it is treated as an enemy and destroyed, if it is not powerful enough. The US cannot destroy China even if it wanted, because China has nuclear weapons, regular weapons an people and can defend itself. US cannot even destroy Russia. The US could destroy Iraq because it wasn't able to defend itself.

Even if leading IT companies supported you,
(Tor Project + Apple + Microsoft + Google + Intel + AMD + Oracle) << Iraq << Russia << China

Which means you will have to subordinate.

March 24, 2016

Permalink

>he Tor Browser downloads its software updates anonymously using the Tor network, and update requests contain no identifying information that could be used to deliver targeted malicious updates to specific users.

Addon updates are still enabled by default. What if Mozilla and EFF were forced to provide malicious addon updates (torbutton, torlauncher, httpseverywhere, NoScript) to all the users of Tor Browser? This, can be detected, but it will be too late: a lot of users will get persistent uncleanable firmware-infecting BadBIOS-like rootkit (they are already used in the wild).

March 24, 2016

Permalink

I think that Tor is good overall to US security, in terms of both foreign influence and uses by agencies. Yes, Tor is of course appreciated by anti-three-letter-agency individuals. But that doesn't mean we can ignore law enforcement or security agencies.

March 25, 2016

Permalink

Crypto is vulnerable.

https://www.cs.tau.ac.il/~tromer/mobilesc/
ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels

money quote:
"OpenSSL 1.0.x is vulnerable:...OpenSSL's developers notified us that "hardware side-channel attacks are not in OpenSSL's threat model", so NO UPDATES ARE PLANNED to OpenSSL 1.0.x to mitigate our attacks."

"OpenSSL 1.1.x is vulnerable, since it uses the vulnerable wNAF implementation as OpenSSL 1.0.x."
"OpenSSL's ECDSA running on Android phones is also vulnerable to our attacks."

March 28, 2016

Permalink

The Register has published a short story on the above statement by Mike Perry (Tor Project):

http://www.theregister.co.uk/2016/03/22/tor_project_fbi_apple/
Tor Project works on anti-FBI defenses amid iOS row with Apple
Vows never to add backdoors, improve tamper detection, remove single points of failure
Iain Thomson
22 Mar 2016

> In a blog post timed for the start of Apple's now-delayed FBI showdown, Mike Perry, lead developer of Tor Browser, said the project is stepping up efforts to keep its anonymizing network free of government interference.
> ...
>"For all of our users, their privacy is their security," he said.
>
> "And for all of them, that privacy depends upon the integrity of our software, and on strong cryptography. Any weakness introduced to help a particular government would inevitably be discovered and could be used against all of our users."

Makes a nice change to see a news outlet quote someone fighting CWII on the side of the People!

March 29, 2016

Permalink

FBI now claims it has used "new" method sold by undisclosed third-party (but not Cellebrite?) to recover the data it wanted from the disputed iPhone.

But CWII continues, and Tor Project and Tor users all over the world need to remain alert:

http://www.slate.com/articles/news_and_politics/war_stories/2016/03/the…
Nobody Won the Apple-FBI Standoff
The feds finally cracked the San Bernardino shooter’s iPhone. Now Apple looks vulnerable—and the legal fight the FBI wants will have to wait.
Fred Kaplan
Mar 2016

> The FBI dropped its case against Apple on Monday, saying that it had “successfully accessed the data” stored on the San Bernardino, California, killer’s iPhone and, therefore, no longer needed the company’s assistance—which the bureau had been demanding in court and which Apple had been resisting.
>
> This may seem like a happy ending all around, but in fact it’s a bad outcome for both parties—a bit more so for the bureau, at least in the short term.
>
> Contrary to appearances, the fight was never about the specific phone used by Syed Farook. If it were—if FBI Director James Comey believed the phone contained data that was urgently needed for an investigation into terrorism—he could have sent a “Request for Technical Assistance” to the National Security Agency, as the FBI has done in such cases many times. The NSA could easily have hacked into the phone and turned over whatever it extracted to the bureau, officials say.

http://www.theguardian.com/commentisfree/2016/mar/27/apple-v-fbi-san-be…
There’s always an excuse to hack into our lives
The FBI’s attempt to force Apple to unlock a phone is only the latest example of the state challenging fundamental freedoms
John Naughton
27 Mar 2016

http://www.networkworld.com/article/3047168/security/fbi-apple-battle-m…
FBI, Apple battle may leave lasting legacy
Maria Korolov
23 Mar 2016

> The FBI may have backed off from its demand that Apple build a backdoor to an iPhone security mechanism, for now at least, but experts say that a lasting legacy will remain in terms of the educational impact of the battle.

http://www.nytimes.com/2016/03/24/technology/fbi-clash-with-apple-loose…
F.B.I. Clash With Apple Loosed a Torrent of Possible Ways to Hack an iPhone
KATIE BENNER
23 MAR 2016

> ...
>Mr. Crocker of the Electronic Frontier Foundation said having to run through additional viable options had slowed government efforts to compel Apple to weaken its security functions. “In having to consider these third-party solutions, I think the D.O.J. has been given a small taste of its own medicine,” Mr. Crocker said.

http://www.truth-out.org/news/item/35405-fbi-faces-criticism-for-plan-t…
FBI Faces Criticism for Plan to Turn Muslim Community Leaders Into Snitches
Sam Sacks
29 Mar 2016

> The FBI will soon implement a new program to pressure teachers and religious leaders into serving as informants.

April 07, 2016

Permalink

If and when the DOJ attempts to force Tor Project or individual developers to cough up signing keys--- assuming this hasn't happened already- the USG lawyers are likely to invoke the All Writs Act of 1789:

https://www.techdirt.com
Using The All Writs Act To Route Around The Fifth Amendment
Tim Cushing
6 Apr 2016

> USA Today's Brad Heath has dug up another use for the FBI's now-infamous All Writs Act orders: skirting the Fifth Amendment. In a 2015 case currently headed to the Appeals Court, the government is attempting to use All Writs to force a defendant to unlock his devices. The order finding Francis Rawls guilty of contempt contains a footnote pointing to the government's use of an All Writs order to force Rawls to unlock his devices -- and, one would think -- allow the government to dodge a Fifth Amendment rights violation.

Further, the DOJ is likely to try to prevent any Tor Project staffers or volunteers from telling anyone what has happened.

I again urge TP to publish (and regularly update) a cryptographically signed warrant canary.

The recent case of Reddit shows that warrant canaries *do* serve a useful purpose.

April 10, 2016

Permalink

The Burr-Feinstein draft bill which would mandate backdoors in all encrypted software/hardware has landed in the Senate. The draft is available at cryptome.org, and is only 9 pages long, so I hope everyone will take the time to study it.

Some highlights:

p. 1: the bill makes a point of insulting privacy advocates by implying that "iPhone fetishists" believe themselves "above the law" [sic], when in fact is the FBI which has spent its entire existence systematically assaulting the Bill of Rights of attacking the foundations of the Rule of Law,

p. 2: "notwithstanding other provisions of law": means that this bill will override any other law dealing with data, such as CALEA, Privacy Act, HIPAA...

The gist:

* when served with "any order or warrant" issued by a "court officer" (can include FBI agent--- or even a private lawyer in some cases, such as lawsuits over private debt in some US states) in "any US jurisdiction", recipients must divulge either plain text or decrypted text of any communication (email, text message, VOIP call, voice call), stored data (disk drive, iPhone at rest) whether stored on a personal device or in the cloud.

* applies to all data, whether encrypted (enciphered, encoded), modulated, obfuscated (so unbackdoored steganography tools would be outlawed in US jurisdictions).

* applies to all data, whether the "order or warrant" seeks real time comms data or decryption of data at rest (e.g. from seized device or seized Tor node).

* appears to require sufficient logging (by anyone/anything transmitting data) of all data to identify communicants, so would appear to outlaw current Tor exit server default no-logging configuration.