A New Era at the Tor Project

by wseltzer | April 13, 2015

Andrew Lewman, our current Executive Director, is leaving The Tor Project to take a position at an Internet services company. While at Tor, Andrew was passionate about using our tools to help people from diverse backgrounds and points of view benefit from online privacy. We thank Andrew for his contributions and wish him well.

The Board has asked Tor’s Executive Committee to plan the transition. As a member of this committee, I can say that I expect that Tor Project co-founder Roger Dingledine will serve as interim Executive Director while we conduct the search for a permanent replacement.

Although we are sad to see Andrew leave, Tor is entering an exciting period of growth. We are exploring the establishment of Tor Labs and launching new programs like our Tor Summer of Privacy.

Our developers are building the next generation of Internet anonymity tools — and we continue to lead the international discussion on Internet freedom and liberty through our public talks and research.

Thanks to the entire Tor community for your help as we move forward!

--Wendy Seltzer
Member of the Board of Directors of the Tor Project

Comments

Please note that the comment area below has been archived.

Thanks Wendy!

Yes indeed, I have been talking to many people lately about what structure we want for Tor and how we can make things work more smoothly. Having folks like Kate, Isabela, and Tom on board, with Wendy and many other great people nearby and happy to help, means we're in a much better position than we were a year ago.

Now is a great time to continue engaging with the community as well. If you have questions or concerns, I encourage you to talk to your nearest Tor person (on irc for example, but there are many options).

This is a great opportunity for us to re-focus on Tor's values, including writing excellent software and being part of a strong community that communicates well.

--Roger

Roger says he wants to re-focus on Tor's values but these days I'm confused about what those values are. Just on this page there is Orwellian mumbo jumbo about hidden services which aren't really hidden which is like talking about metadata which isn't metadata. Speed isn't the primary goal of Tor--security is--and if the need for speed undermines security then it should have been laughed off the developer list serve instead of getting promoted. In my own view I have witnessed a growing disconnect between the demand for sexy programming and what I always took as Tor's core value--security.

So I welcome Roger's comment that he wants someone to reflect Tor's core value. I just which I could say with confidence what those are and I just can't.

It seems pretty clear to me what the proposal for "direct onion services" is for: network services that want the security properties of hidden services except for the one of hiding the server's location, such as enforced client anonymity, secure name resolution, and free end-to-end encryption. An obvious application is known websites that want to support Tor use, such as Facebook and Wikipedia, or to require it, such as WikiLeaks and SecureDrop. Instead of spreading FUD, try and understand what's going on and think about how you can positively contribute.

Also, Tor is and always has been about the balance between performance and (theoretical) security, because it recognizes that an anonymity service that is too slow or inconvenient won't be used by very many, and thus can't really provide much anonymity. If theoretical security were a goal, we would all be using DC-Nets.

April 13, 2015

Permalink

For all of those out there who are interested in the new position, I ask the Tor project: what qualifications would one be expected to have to fill this role? Is Tor looking for a business-minded person? Or one with more code experience? Or something entirely different? I understand the need for passion, that I do have; especially for this project, though I am not quite sure what Tor is now looking for. Maybe I can't find an already existing link that provides answers to these questions?

April 13, 2015

Permalink

Hello, I am a retired teacher and am interested in helping to promote and educate the regular person about Tor. I meant regular person in the sense compared to a company .Help to encrypt corporations and companies seems to be available but not for the single user. I had to place an ad on Craig's list to find someone to help me and he was a student visiting San Diego. What is sorely needed is for computer experts, the geeks and hackers to offer encryption services, to help the 'regular person' get started on using it. Also to help with encrypted emails.I am still struggling as it is a learning curve that you computer experts may not be able to imagine. Try knitting for the first time! In any case, that is what is needed. I am sharing the little bit I do know how to do with others. I thank you for Tor, and hope to learn more and become proficient
enough to help teach others, teaching is my speciality. I did teach beginning computer to grade school students as a guest teacher.
Thank you,

Cheri in San Diego.

In many cities around the world there are regularly cryptoparties (see https://en.wikipedia.org/wiki/CryptoParty ) which are events to do exactly what you're asking for. They're usually free and open to the public. Unfortunately, I don't see any in San Diego listing on https://cryptoparty.in (one of the main websites for organizing them) but maybe there will be in the future or maybe you could travel elsewhere in California to attend one (and if they learn you up good enough maybe you can even start one in San Diego yourself!).

April 13, 2015

Permalink

Congrats to Andrew. Sounds like the last bastion of good is leaving Tor. Time to find another place to volunteer.

This will never get posted. Tor is the Roger fan club, as it has been all along.

April 14, 2015

Permalink

Get rid of more people.
That way you can have a new era every day.

mutters to oneself:
some crazies must have got loose on this blog

April 14, 2015

Permalink

12 years and this is his thanks? amaze.

maybe pando will pay for his story to we can learn all about the real TOR.

April 14, 2015

Permalink

@all haters
You are ridiculous. Do something meaningful with your time instead of discrediting Tor.

@all government PSYOP operatives
You will lose. It's that simple.

April 14, 2015

Permalink

maybe he got fed up with all the criminality surrounding the tor proejct whilst they insist it has some good uses. 99% criminals and script kiddies and 1% paranoia.

April 15, 2015

Permalink

It's always sad to see someone go but on the other side there are
many competent people which will be eager to pick up the position.
As tor is getting mainstream maybe it's time to change of gear and
prepare for the upcoming changes.
Long live to the tor project.

April 15, 2015

Permalink

All the best to Andrew in his future endeavors! I wish him a truly heartfelt thanks from all of us.

April 15, 2015

Permalink

This news comes as a bit of a shock; both because Andrew Lewman has been with Tor Project for so long and because it comes at a crucial time:

o the Project needs to adapt (and is adapting) to an increasingly dire and diverse threat environment both for Tor users and for the Project,

o the Project momentarily enjoys certain invaluable opportunities (one was just mentioned: Tor is going mainstream) which should be seized, but only after careful consideration of hidden dangers.

I was about to call, in fact, for the development of a Five Year Plan, incorporating feedback from the user community. Drawing up such a plan would be a natural high priority item on the agenda of the next director, I think.

The announcement didn't give a departure date for Andrew, but I hope he can find time before he leaves to write a blog offering his own thoughts on future directions for the Project.

April 15, 2015

Permalink

> Congrats to Andrew. Sounds like the last bastion of good is leaving Tor. Time to find another place to volunteer. This will never get posted. Tor is the Roger fan club, as it has been all along.

This comment is certainly thought provoking, although possibly not along the lines the poster intended:

o FBI and GCHQ use a perversion of theories of social psychology (peddled by Ph.D. consultants who should be expelled forthwith from their profession) to inform their tactics. But known examples suggest that their trolling remains fairly crude.

o One element common to the FBI and GCHQ "social disruption" playbooks is to try to make key members of a targeted organization jealous of each other or distrust each other. (Classic example include FBI's attempts to disrupt the civil rights movement in the 1960s; see the Snowden leaks for presentations from GCHQ/JTRIG on tactics they use in social media.) FBI has always employed such methods against "subversive groups" which threaten the established order (the one per cent), and GCHQ is known to employ a very broad definition of "terror groups" which to judge from the appearance of a laptop currently on display at the Victoria and Albert Museum includes journalists who use Tails (which uses Tor).

o And then there is Gamergate (their operators are presumably untrained, but certainly no less proficient, in fact they are probably better than FBI/GCHQ at trollery.). Attribution is difficult.

o Not everything which quacks like a duck is a duck, but ducks are common in our corner of the internet, and things which quack are generally ducks.

Your studied obliviousness to some of the world's largest spy and propaganda agencies from non-English-speaking countries where Tor is most critically needed raises questions about your own innocence.

April 17, 2015

Permalink

Can we now please move towards a new datagram protocol?
Perhaps with some change in the suits, the direction of parts of the project may be re-evaluated as well?

April 20, 2015

Permalink

I have every confidence that if EFF were contacted they could ask for lists of people to choose a candidate from. They might also be able to keep the oposition out of the cookie jar.

I LOVE TOR! I just need more tor: tor OS , tormail, tor puppy (Linux), tor NOOBS (New Out of Box Software) (and xtsocksx )for Raspberry PI, tor server, Tor chat, tor services, Tor Bay, TORmazon, tor radio, TorFI, Tor Dos, Tor games servers, Tor Cloud, TorFox, Tor V, Tor rency, Torcoin for donation to torProject, TorMaps & TOR gps VOICE ACTIVATED, TOR ANIMATION, and other programs designed to not give up data, LAFS and RubberHOSE,TorDocuments, TorNiversity, TorriPedia, Tor Office, and many many TorZines Published by Anomyous freedom of press., sTORage... Tor Movies.... And I would love to see "g"rated tor news and entertainment all in the public domain.... in short a tor society based on freedoms.... of Anomyous Association...

And no I am not available to do the job!

April 22, 2015

Permalink

Andrew, Thanks!

Also Thanks to Everyone who: promotes, fixxes, hosts, volunteers, manages, relays, EXITS, Hides, services, hides, adapts, enables,... ... ... tor.

Also thanks Roger Dingledine, and Micah F Lee and Linus Torvalds and all the names I do NOT know at tor and torproject and tor at stackoverflow, and github and EFF.org Without whom tor could/would/did not happen.

Freedom from "pryers into affairs not their own" is what you are making happen. Freedom from overbearing Big Brother. Freedom from GCHQ. Freedom from NSA. Freedom from the Police State. (and there are many of them and they join together to try to prevent private communication so that they may police us in spite of the many laws prohibiting them from doing so. This by the way is the very definition of FASCISM.) Freedom from the Great Firewall Of china or iran or wherever. Freedom of press, of movement, of culture, of association.

And thanks to those who choose to win the good fight(s) wherever it/they need(s) to be fought. Thanks to all those who know, believe, And act on the belief that ONE PERSON CAN CHANGE THE WORLD IN SOME (PERHAPS SMALL) WAY(S) IMPROVING SOME CONDITION FOR AS MANY AS POSSIBLE and TEACHING and INSPIRING OTHERS TO DO SO IN WHATEVER WAYS ARE POSSIBLE.

Thanks to all who will not take no as an answer to freedom, responsibility, sagacity, resource. Thanks to all those who will stop the bullies wherever they are found and not becomming bullies themselves.

THANKS TO YOU WHEREVER YOU ARE FOR MAKING YOURSELF A BETTER PERSON SO THAT YOU CAN MAKE THIS WORLD A BETTER PLACE FOR SOMEONE, ANYONE, WHEREVER YOU DO THIS! THANKS FOR YOUR LOVING AND CARING AND SMILES AND AFFECTION AND SPREADING THIS TO ANYONE WHO WILL LISTEN AND RECIPROCATE.

THANKS FOR BEING A MENSCH!

THANKS FOR PROMOTING PEACE WITHOUT WHICH EVERYONE SUFFERS HARM WITHOUT LIMITS.

April 23, 2015

Permalink

I have used TOR for some years and pay homage to its developers. However I have seen it go from a basic easy to use system to something that is designed for experts. All i want is privacy. I don't want facebook and anything to do with the google spying. So please consider different versions so more people get involved.

1. A version trimmed of the fat without no script which I find impossible to fathom out the best way to set. No google links, no javascript. Etc.

2. A more advanced version with the above and anything else the geeks need.

Me

Unfortunately, I don't think you're aware of what you're asking for. If anything, Torbrowser has been evolving more towards the general (mostly) uninformed user. All of those things such as noscript and window resizing are required in order to prevent users from deanonymizing themselves. Yes, they might make it more difficult to use but without them you aren't safe. In addition, more versions of Torbrowser will just create more confusion amongst users in exactly your position of wanting the best protection but not knowing anything about the technology. I'm not sure what you're talking about for the google links and google spying except maybe meek, but I'm not sure why you think meek is used by default let alone mandatory I'm not sure. And while Facebook does maintain a Hidden Service, Torproject is in no way responsible or supporting it.

April 23, 2015

Permalink

Someone wrote:

> Your studied obliviousness to some of the world's largest spy and propaganda agencies from non-English-speaking countries where Tor is most critically needed raises questions about your own innocence.

Not sure whether this refers to the preceding post beginning

> This comment is certainly thought provoking, although possibly not along the lines the poster intended

but assuming it did: it would indeed be strange if people who criticize FVEY dragnet surveillance did not also criticize Russian dragnet surveillance (for example). But not to worry, because human rights advocates do criticize human rights abuses wherever they occur. That's precisely how we became NSA targets.

I'm glad you raised the issue of human rights abuses by non-FVEY governments, because I think it is critically important that Tor users assume a global perspective. Here are some reasons why:

o one original motivation for developing Tor (as I understand it) was to promote democracy (or at least, more open and genuine democracy) in places like Burma, China, Cuba, Egypt, Iran, (then) Soviet Union, Syria, Vietnam,

o before 9/11, the US was generally viewed by human rights organizations which work in repressive countries as a safe base of international operations, and was viewed by many political dissidents around the world as a non-repressive country to which they could try to flee if necessary,

o after 9/11, human rights organizations have become increasingly appalled by gross human rights violations by the US government (GITMO, Abu Ghraib, thousands of extra-legal and extra-territorial assassinations),

o previously, human rights advocates focused their efforts on oppressive nations known to target dissidents at home and political exiles abroad, but the Snowden leaks proved a game-changer because they revealed the extent to which FVEY targets all citizens everywhere, making FVEY the Universal Enemy of all freedom and democracy loving citizens everywhere in the world,

o the Snowden leaks drove home the point that the US is no longer a safe haven for political exiles or domestic dissidents; to the contrary, it has become to all intents and purposes the Universal Oppressor,

o this raises serious questions about how human rights organizations can continue their work; currently, most continue to be based in FVEY nations but they are becoming increasingly nervous about the intentions of their host governments,

o one of the biggest and best organizations, Human Rights Watch (HRW), is currently suing the USG over some of its worst human rights abuses, an action which I consider natural, necessary-- and courageous!

Further, I want to ensure that Tor users recognize that the concerns and experiences which have impelled them to adopt Tor are widely shared by citizens around the world, in part because we are all in this together, and there is strength in numbers.

Here are a handful of recent cases publicized by HRW:

https://www.hrw.org/news/2015/04/03/bahrain-free-rights-activist-held-t…
https://www.hrw.org/news/2015/03/23/oman-3-year-sentence-rights-activist
https://www.hrw.org/news/2015/04/14/dispatches-journalist-pilloried-ira…
https://www.hrw.org/news/2015/03/20/guardians-free-word
https://www.hrw.org/news/2015/01/25/vietnam-plainclothes-agents-target-…
https://www.hrw.org/news/2015/04/15/dispatches-silencing-veteran-chines…
https://www.hrw.org/news/2015/03/26/dispatches-punishing-burma-s-studen…
https://www.hrw.org/news/2015/04/15/saudi-arabia-prominent-activist-mar…
https://www.hrw.org/news/2015/02/22/singapore-blogger-s-conviction-viol…

Regarding the last two items, an NCTC document singles out precisely two nations for praise in how they handle their domestic security situation: Singapore and Saudi Arabia. This underscores the point that one of the most horrid unintentional (?) consequences of "globalization" has been that human rights around the, rather than rising to pre-9/11 levels in the US or higher, have fallen to Soviet Union standards or worse. Oppression is a global problem, and with the help of information technology, it is rapidly getting worse, for everyone, everywhere.

Why is this happening? The answer is complicated, but one critical enabling element is easy to understand: the rapid appearance of thousands of private corporations, most of them based in FVEY countries (or Europe or Israel), which sell dragnet surveillance systems and specialized targeted surveillance gear to corporations and governments all around the world, typically focusing their marketing efforts on "conflict zones" such as North Africa, the Middle East, Ukraine.

Several of these companies boast (in marketing literature) that their malware can subvert Tor, so Tor users should know something about the dragnet-surveillance-as-a-service industry because they certainly target our community. Here is a collection of excellent news articles on spycos such as Gamma International and Hacking Team:
http://topics.bloomberg.com/wired-for-repression/

For some technical analyses of malware sold by Gamma and friends to repressive govts, see this wonderful site:
https://citizenlab.org/

For a vast collection of spyco literature from international cyberwar expos:
https://wikileaks.org/spyfiles/list/releasedate/2011-12-01.html
https://wikileaks.org/spyfiles/list/releasedate/2011-12-08.html
https://wikileaks.org/spyfiles3.html
https://wikileaks.org/spyfiles4/documents.html

And here are two compendia of profiles of hundreds of spycos all around the world:
https://www.privacyinternational.org/?q=node/9
http://buggedplanet.info/index.php?title=Main_Page
Here you can find much information about spycos which are USIC contractors:
http://voices.washingtonpost.com/top-secret-america/

Here are some articles about spycos which sell malware to German govt agencies, which have been implicated in targeting Tor users specifically:
http://www.spiegel.de/thema/staatstrojaner/

Some idea of how commercial cyberspies think can be gleaned from these documents leaked from a US spyco, Stratfor:
http://wikileaks.org/the-gifiles.html
And for the mindset of governmental spooks, see these documents leaked from the Assad regime in Syria:
https://wikileaks.org/syria-files/
and this news story on the origins of ISIS's master plan:
http://www.dailysabah.com/mideast/2015/04/20/former-saddam-officer-mast…

Here are two compendia of Snowden-leaked FVEY surveillance documents:

https://www.eff.org/nsa-spying/nsadocs
https://snowdenarchive.cjfe.org/greenstone/cgi-bin/library.cgi

Some Tor users may have heard about the Zero-Day Exploit market where cybercriminals and USG agencies like NSA buy malware. But in the land of three letter acronyms, another agency which spies on every citizen in the Bahamas (and other nations) is the DEA. From an expose at Motherboard:

"The Drug Enforcement Administration has been buying spyware produced by the controversial Italian surveillance tech company Hacking Team since 2012, Motherboard has learned. The software, known as Remote Control System or RCS, is capable of intercepting phone calls, texts, and social media messages, and can surreptitiously turn on a user’s webcam and microphone as well as collect passwords. The DEA originally placed an order for the software in August of 2012, according to both public records and sources with knowledge of the deal."

Gamma International is based in London (with strong ties to Munich), while Hacking Team is located in Italy. But most spycos are located in the US, which is one reason why the USA matters to everyone concerned about human rights issues. For example,

Root9B, LLC
5755 Mark Dabling Boulevard, Suite 250
Colorado Springs, CO 80919
Tel: (719)-505-6717
Fax: (719)-471-2968
www.root9b.com

is a company which boasts that their workforce consists mainly of former NSA cyberwarriors, and offers, if its corporate clients desire, to hack into the computers of their "enemies" (one imagines Walmart might hire them to hack into union databases, for example). And the DEA buys malware from Root9B as well as Hacking Team. Surf to
https://www.fpds.gov/ezsearch/fpdsportal
and search on
USA GLOBAL_VENDOR_NAME:"ROOT9B LLC"
to see some contracts. (Don't be misled by the NAICS codes: bizarre euphemisms are a common element in USG contracts related to national security; Root9B's business is cybersurveillance/cyberwar as a service, as you can see from their own website and from their boasts about their workforce of NSA/SIGINT veterans.)

The US House of Representatives just passed a huge expansion of the NSA dragnet, a move which was opposed by Human Rights Watch
and dozens of other civil/human rights organizations. Human rights organizations are horrified by similar dragnet surveillance/oppression bills in

France:
https://en.rsf.org/france-human-rights-organisations-alarmed-25-03-2015…

Pakistan:
https://en.rsf.org/pakistan-legislators-urged-to-overhaul-23-04-2015,47…

Russia:
https://www.hrw.org/news/2015/04/20/russia-government-against-rights-gr…

UK:
https://www.hrw.org/news/2015/04/17/undermining-attorney-client-privile…

USA:
https://www.hrw.org/reports/2014/07/28/liberty-monitor-all-0

But when it comes to human rights concerns, what could be more horrifying than the extrajudicial assassination of persons who in some cases may be entirely innocent?
http://america.aljazeera.com/articles/2015/3/16/aclu-sues-obama-adminis…

I remarked above that USA was once a nation to which victims of human rights abuses could flee. But now the US is implementing a police state at home and refusing entry to political refugees:
https://www.hrw.org/reports/2014/10/16/you-don-t-have-rights-here-0

Another reason why the USA is a nation of particular importance to anyone interested in human rights is that other nations tend to follow its lead, and since 9/11 the USG has been leading the world down the path to what Comey calls "a very bad place". Just as the militaries and intelligence agencies of other nations are rushing to ape the Pentagon/NSA in implementing cyberespionage and cyberwarfare, other nations are following the US lead by using waterboarding and other abhorrent torture techniques:
https://www.hrw.org/news/2015/04/15/dr-congo-release-7-detained-democra…

Some US/UK citizens might not be aware that before WWII fascism seriously threatened to gain a foothold in their countries, and could pose such a threat again. All over the world, fascist elements are currently re-entering the political "mainstream":
http://america.aljazeera.com/opinions/2015/4/modis-deafening-silence-on…
This is also visible in the Ukraine, and pointing this out does not make one a catspaw for Putin.

One is reminded of the refrain in "Cancer Ward": "Bad news all around". Or in context: Bad governments all around.

We are all in this together. As citizens, we are all being targeted by at least one government, and probably more than one. Seems like its all of us against all of them. Hopefully some of them will soon begin to come to their senses and realize that governments cannot simultaneously attack their own citizens (with surveillance, malware, rockets) and claim to be a "Great Nation". Indeed, historically, this kind of excess is strongly associated with the imminent collapse of the regime. Whether or not we desire anarchy, it seems possible that in the not very distant future, we will get it.

Tor can play a critically important role here by enabling citizens to debate these issues with a (hopefully) lesser chance of immediate targeted reprisal from their governments (or from another government).

Tor can also help (unless CISA becomes law in the US, i.e. the Internet) by enabling human rights activists to research dangerous oppression-enabling companies like Gamma International with less risk of an immediate reprisal from such companies. As an example of a positive result from such Tor-enabled OSI (open source intelligence):
https://en.rsf.org/royaume-uni-uk-rebukes-producer-of-03-03-2015,47640…
https://en.rsf.org/eu-catches-up-takes-steps-to-07-11-2014,47211.html

April 27, 2015

Permalink

@ arma:

In your position as Interim Executive Director of the Tor Project, could you post a new blog stating some of your thoughts on what the priorities for the Project should be over the next few years, and asking Tor users for their suggestions?

I have some ideas I'd like to share, and I suspect others do also.