Announcing Shari Steele as our new executive director

At long last, I am thrilled to announce that our executive director search is now successful! And what a success it is: we have our good friend Shari Steele, who led EFF for 15 years, coming on board to lead us.

We've known Shari for a long time. She led EFF's choice to fund Tor back in 2004-2005. She is also the one who helped create EFF's technology department, which has brought us HTTPS Everywhere and their various guides and tool assessments.

Tor's technical side is world-class, and I am excited that Shari will help Tor's organizational side become great too. She shares our core values, she brings leadership in managing and coordinating people, she has huge experience in growing a key non-profit in our space, and her work pioneering EFF's community-based funding model will be especially valuable as we continue our campaign to diversify our funding sources.

Tor is part of a larger family of civil liberties organizations, and this move makes it clear that Tor is a main figure in that family. Nick and I will focus short-term on shepherding a smooth transition out of our "interim" roles, and after that we are excited to get back to our old roles actually doing technical work. I'll let Shari pick up the conversation from here, in her upcoming blog post.

Please everybody join me in welcoming Shari!

test

December 11, 2015

Permalink

Welcome on board, Shari! Hope your leadership makes us grow and expand, as much as we deserve. (a Tor user)

test

December 11, 2015

Permalink

Much Welcome and Congratulations to Tor and Shari both!   :)

test

December 11, 2015

Permalink

DO you even DATAGRAM bro?!

More serious, Tor is lucky to have Shari! Welcome, can't wait to see more awesomeness come from the project.

test

December 11, 2015

Permalink

Exit node 195.154.169.183 .195-154-169-183.rev.poneytelecom.eu
seems to tamper with certificates of sites
where can people do report this

test

December 11, 2015

Permalink

Welcome aboard Shari,

Excellent choice arma!!!

Namaste,
imu.

test

December 12, 2015

Permalink

Great!

test

December 12, 2015

Permalink

Excellent news! On the basis of EFF/executive background, can't imagine a better choice at this critical juncture for Tor Project.

@ arma: Happy Holidays! I suppose you are looking forward to doing more coding/research next year?

Yes indeed! There is going to be a transition period, where I try to teach her everything she needs to know about Tor, and I haven't really done one of those before so I don't know how long it will last. And in any case, I'm not going anywhere so it's not like I have some deadline for getting all the teaching done.

Speaking of immediate upcoming events, there are six (holy cow, six) Tor or Tor-community events at 32C3. We'll post a more detailed list soon I hope.

> There is going to be a transition period, where I try to teach her everything she needs to know about Tor

Excellent!

> And in any case, I'm not going anywhere

Excellent! That was my next question.

As you know, Tor needs strong encryption to work. Cryptowars II has gone very "hot" again and needs urgent attention and I think that in her new role Shari should promptly respond to statements like this:

http://www.theregister.co.uk/2015/12/10/us_government_pushing_encryptio…
US government pushing again on encryption bypass
FBI chief and deputy CTO bring issue back to the table
Kieren McCarthy
10 Dec 2015

> "It's not a technical issue," Comey told the Senate Judiciary Committee this week. "There are plenty of companies today that provide secure services to their customers and still comply with court orders. There are plenty of folks who make good phones and are able to unlock them in response to a court order. In fact, the makers of phones that today can't be unlocked, a year ago they could be unlocked."

In particular, I think Shari would be ideal spokesperson to request thehill.com to write an editorial countering this one from an "intelligence professional" (Wither's credentials not otherwise explained):

http://thehill.com/blogs/congress-blog/homeland-security/261237-stand-w…
Stand with our watchers
Tom Wither
25 Nov 2015

Shari already knows enough about the cryptowars, I think, to write a strong response, and I think there's a fair chance The Hill might offer her an editorial slot.

FBI is said to spending a huge amount on PR firms in order to dress up its intense anti-encryption fear-mongering media campaign. It would be interesting to try to find the 2015 figure for FBI from the research described here:

http://thehill.com/business-a-lobbying/business-a-lobbying/262387-feds-…
Feds shelling out billions to public relations firms
Megan R. Wilson
8 Dec 2015

> The federal government has spent almost $4 billion on public relations services since 2007, according to a watchdog group, with more than half of the money going to the world’s largest firms.

One feature of the current media blitz from FBI's PR machine is that the agency is talking up senior FBI officials who happen to be women, as if that somehow makes their illegal malware attacks, surveillance of dissidents, etc. more palatable. Here is a rather simpering profile of Amy Hess which just appeared in WaPo:

https://www.washingtonpost.com
Meet the woman in charge of the FBI’s most controversial high-tech tools
Ellen Nakashima
8 Dec 2015

After excising the gushing over a powerful woman spook, the most salient sentences in the story may be these:

> despite the wizardry of its technologists, who also excel at traditional physical and electronic surveillance, the bureau is at a loss to solve what FBI Director James B. Comey has called one of the most worrisome problems facing law enforcement today: the advent of strong commercial encryption on cellphones where only the user can unlock the data.
> ...
> The advent of strong encryption, however, is presenting Hess with a huge, perhaps insurmountable, challenge. In the past few years, tech firms and app developers have increasingly built platforms that employ a form of encryption that only the user, not the company, can unlock.
>
> The bureau’s encryption dilemma is exacerbated by a chill that settled over the relationship between the FBI and Silicon Valley in the wake of leaks in 2013 about government surveillance by former National Security Agency contractor Edward Snowden.
> ...
> In recent months, the FBI’s conversations with companies have become more productive, she said, “but it’s not to the level we were pre-Snowden.”
> ...
> some agents have created their own tools or bought them commercially.

[e.g. for wardriving or infecting someone with spyware]

> ...
> Privacy advocates also worry that to carry out its hacks, the FBI is using “zero-day” exploits that take advantage of software flaws that have not been disclosed to the software maker. That practice makes consumers who use the software vulnerable, they argue.
>
> Hess acknowledged that the bureau uses zero-days — the first time an official has done so. She said the trade-off is one the bureau wrestles with. “What is the greater good — to be able to identify a person who is threatening public safety?” Or to alert software makers to bugs that, if unpatched, could leave consumers vulnerable?

(Pardon me while I wipe the tears from my eyes.)

The tactic of trying to present FBI as full of motherly love (or something) is rather absurd, considering what happened when NSA tried the same thing a decade ago, playing up the fact that Teresa H. Shea, who was then chief of the SIGINT division and directly in line to become the next DIRNSA, was demoted in disgrace after The Intercept and Buzzfeed reporters followed the money and discovered irrefutable evidence of cozy nepotism, sufficiently odious that Republican senators who are normally lovey-lovey with NSA demanded and got her demotion:

https://theintercept.com/2014/09/19/powerful-nsa-official-involved-pote…
Powerful NSA Official Potentially Self-Dealing With Defense Contractor
Murtaza Hussain
19 Sep 2014

http://www.buzzfeed.com/aramroston/exclusive-nsa-official-is-a-multi-mi…
Exclusive: Top NSA Surveillance Official Is A Multi-Millionaire
Aram Roston and Jacob Fischler

> NSA bureaucrat Teresa Shea and her intelligence-contractor husband are worth at least $3 million, records show. She ran controversial surveillance programs for years, and recused herself last year from decisions about her husband’s employer.

http://www.buzzfeed.com/aramroston/exclusive-family-business-at-the-nat…
Wife: NSA Official. Husband: Exec At Firm Seeming To Do Or Seek Business With NSA
NSA: It’s secret.
Aram Roston

> A large government contracting firm that appears to be doing or seeking business with the National Security Agency employs the spouse of one of the most powerful officials at the agency, according to corporate records, press releases, and company websites. But the NSA has declined to address whether there is a potential conflict of interest or to disclose any information about contracts or the official’s financial holdings.
>
> The spouse, for years, has also had an intelligence technology company incorporated at the couple’s suburban residence in Maryland.
>
> The NSA official, Teresa H. Shea, is director of the Signals Intelligence Directorate, which means she oversees electronic eavesdropping for intelligence purposes. She’s held that crucial position since 2010. SIGINT, as it is called, is the bread and butter of NSA espionage operations, and it includes intercepting and decoding phone calls, whether cellular or landline; radio communications; and internet traffic. Shea’s directorate was involved in the controversial domestic surveillance program, much of which was revealed by Edward Snowden.
>
> As for Shea’s husband, James, he is currently a vice president at DRS Signal Solutions, part of DRS Technologies, a major American defense contracting company owned by the Italian defense giant Finmeccanica. On his LinkedIn page, he boasts of his “core focus” in “SIGINT systems,” and cites his employer, DRS, for its work in “signals intelligence, cyber, and commercial test and measurement applications.”
>
> According to Maryland state records, James Shea is also the current resident agent of a company called Telic Networks, which he founded in 2007. The firm is registered at the couple’s home in Ellicott City, Maryland. On his LinkedIn page, Shea states that he was president of Telic until 2010. Telic’s rudimentary website describes its expertise in SIGINT, maintaining that the firm’s personnel have a history of developing innovative hardware and software solutions for difficult SIGINT and ELINT [electronic intelligence] problems.” Telic’s incorporation records say it is a “government and commercial contracting and consulting” company.

You might remember from our discussion last September of the Intercept story on the Sheas that DRS is one of several closely related companies, including DRT, the company which is best known for producing NSA's drone-borne "IMSI catcher", the so-called "DRTBOX" which has allegedly been used extensively to attack every WiFi device in entire countries. James Shea was also listed as an officer of that firm. As far as I know, none of these companies have gone out of business, no changes have been made to their no-bid contracts with NSA, James Shea is still involved with DRS, and Teresa Shea is not losing her pension.

https://www.truthdig.com/report/item/top_10_signs_the_us_is_the_most_co…
Top 10 Signs the U.S. Is the Most Corrupt Country in the World (Video)
Juan Cole
13 Dec 2015

> considering what happened when ... was demoted in disgrace after

Weird garble there. Was trying to say: years ago NSA tried to "spin" SIGINIT by playing up the fact that then Director of SIGINT (the largest division in NSA) was a woman, Teresa Shea. ("No glass ceiling at NSA, God we're awesome!" [sic]. While promoting women and blood drives are good things, this doesn't excuse the fact that NSA has declared war on every person everywhere.) Then, after Buzzfeed and The Intercept revealed the no-contract bids with several companies where her husband is a top executive, even Republican senators who are normally unquestioning supporters of NSA were appalled, and NSA had to demote Teresa Shea.

> Speaking of immediate upcoming events, there are six (holy cow, six) Tor or Tor-community events at 32C3. We'll post a more detailed list soon I hope.

Is Shari going? Would be an excellent opportunity to quietly discuss in person with key colleagues the thorny issue of contingency plans in case (against current optimistic expectations) US, FR, or another important country outlaws Tor or Tails or non-backdoored-encryption outright. Also a great opportunity to make personal connections and build community, which is one of the most important things Tor and friends must do right now.

If Julia Angwin is going, she would be a terrific reporter to talk to, especially about the suggestion that HS could be ideal for protecting sensitive medical information. Also about HIEs (Health Information Exchanges), aka "watering hole sites", CVE (Countering Violent Extremism) and secret "citizenship scores", aka state-sponsored discrimination. Americans need to know that as their nation transitions to a one-party government (as GOP seems likely to self-destruct), Clinton is really no better than Trump, just more cryptic about things like targeting American children aged 3-7 for CVE and prospective citizenship scores.

If Shari has never read Julia's book Dragnet Nation I hope she can put it in on her holiday reading list!

test

December 13, 2015

Permalink

> Tor is part of a larger family of civil liberties organizations, and this move makes it clear that Tor is a main figure in that family.

Exactly!

Among other reasons why this is so important: it will now be harder, politically speaking, for the USG to block financial contributions to the Tor Project or to outlaw Tor outright. It also means that FBI, NSA/TAO, GCHQ/JTRIG and other FVEY bad guys may feel a need to be more cautious about targeting Tor people with tailored malware.

test

December 14, 2015

Permalink

Hi, welcome and good luck.

I believe that TOR is becoming unusable.

I have TOR Browser set to open 10 tabs on start-up. These days most of the tabs are titled 'Attention Required'. I believe this is because the Exit Node has been corrupted for malicious purposes. My response = New Identity. Sometimes I have to do this over 20 times to find a clean Exit Node.

If an option was offered to automate the identification of corrupt exit nodes (by detecting "Attention Required" or page content contains "One More Step" and automatically start a New Identity) it could be left in the background and returned to once stable at a clean Exit Node.

If the above was implemented well enough to make corrupted Exit Nodes rarely used then the people corrupting them may give up resulting in a better experience all round.

No, these aren't misbehaving exit relays. They are misbehaving *websites* that you're going to -- they are hosted at Cloudflare, and Cloudflare's whole business model is to aggregate a bunch of websites, and treat an attack on any of them as evidence that the IP address is bad and should not be allowed to fetch the rest of them either.

For more background, see my blog post here:
https://blog.torproject.org/blog/call-arms-helping-internet-services-ac…

Ultimately the right answer is to teach the Cloudflare people that there are better ways to accomplish their goals than the one they're using. At present it looks like that will require a lot of work on the part of the technical community.

test

December 14, 2015

Permalink

So bad a person who has no prior experince on technology (im not even saying cryptograpy) will be the leader of the most advanced cryptography project on the world

> So bad a person who has no prior [experience] on technology (im not even saying cryptograpy) will be the leader of the most advanced cryptography project on the world

Are you kidding? Assuming you mean Shari Steele, did you not realize that before coming to Tor Project, she played a key role at Electronic Frontier Foundation, the leading US-based technology-oriented civil rights organization, for more than a decade? You should probably take a few minutes to read this review of Crypto Wars I (from the 1990s), in which EFF played a critical role:

http://arstechnica.com/information-technology/2015/12/what-the-governme…
What the government should’ve learned about backdoors from the Clipper Chip
The Obama administration's calls for backdoors echo the Clinton-era key escrow fiasco.
Sean Gallagher
14 Dec 2015

test

December 16, 2015

Permalink

arma can we trust shari?
arma how good do you know your fellow colleagues who writing tor code....do you visit them at their house know their life do things together?
whats the chances theres a snitch?

> arma can we trust shari?

Well, I'm pretty paranoid--- for example I expect this blog to be trolled by JTRIG, Fifty Centers, or Putinoids-- but even I think the answer is obviously "yes".

> arma how good do you know your fellow colleagues who writing tor code....do you visit them at their house know their life do things together?

Hmm... so you want Roger to spy on Tor devs? Do you see a small contradiction here with Tor Project's values?

> whats the chances theres a snitch?

The Project has much more work to do, so it will be hiring more developers. I myself have urged the Project to be very careful about new hires. And I've been very happy with sukhbir's posts here, for example, so my impression is that while there is little the Project can do to prevent NSA/CIA/GCHQ from trying to infiltrate their ranks, those organizations may decide that the risks are too large for them to try to infiltrate the Project, given the small chance of success.

Which is not to say that anyone should let down their guard. People who live in a police state must be paranoid, which for sure is double plus ungood--- this is one of the reasons why we do not want to live in a police state! Tor can help change our situation for the better.

test

December 17, 2015

Permalink

MAIL Arma: you should allow people to chose the exit node they want to use..at least the country of the node. this would solve so many problems. it would be like a marketplace.. say you trust the german gov more than usa, so you can chose just the german exit nodes.. sure some wouldnt be used, so what- thats called freedom to choose.

also if i have to submit something to a uk website and my ip addres have to be uk. it would help alot to allow people to chose exit.

and really... why you still host torproject server on us soil? host it in switzerland then nobody watches who visits the site

I share your concern about fact that the Tor Project is based in the USA--- maybe not for the same reasons.

But unfortunately, it would be wrong to assume that European governments are not operating their own national dragnets. Indeed, it is very difficult to name any modern nation which is not operating its own dragnet. I mention Iceland or Norway as being "less intrusive", but that is more of a forlorn hope that a fact-based assessment.

That said, the US is racing so rapidly towards something which looks an awful lot like technologically enabled fascism, that it is appropriate to question whether *any* human rights or civil liberties organization can still regard the USA as a "safe haven" from governmental abuses.

If they come tomorrow for Tor, you can be certain that the day after they'll come for ACLU and EFF. And if the French government comes for Tails tomorrow, the day after they'll come for MSF and RSF.

It's all of them against all of us.