Spread the word about Tor

by karsten | March 31, 2015

To all Tor advocates,

For all of you who want to spread the word about Tor at a symposium or conference and need printed materials, we finally have something for you:

Download these brochures here:

LanguageAvailable formats
ArabicPDFODGTXT
Brazilian PortuguesePDFODGTXT
ChinesePDFODGTXT
EnglishPDFODGTXT
FrenchPDFODGTXT
GermanPDFODGTXT
PortuguesePDFODGTXT
RussianPDFODGTXT
SpanishPDFODGTXT
SwedishPDFODGTXT
TurkishPDFODGTXT

EDIT: Adding new translations as they come in (thanks, folks!). If you're considering translating these brochures, please contact us first at tor-assistants@lists.torproject.org to make sure nobody else is already working on the same translation.

There are three different versions of the brochure, all with the same front and different backs:

  1. Law Enforcement & The Tor Project: Geared as a quick reference for law enforcement audiences (not just investigators, but also support services).
  2. The Benefits of Anonymity Online: This is meant for journalists, domestic violence organizations, and others focused on protecting their identity online.
  3. Freedom & Privacy Online: The target audience here is the general public - helping educate people about the reasons that protecting their privacy is important.

Feel free to use these brochures to spread the word about Tor. And just in case you're new to Tor and wondering whether you're permitted to use these brochures: yes, absolutely! We really want people to talk about Tor. Even if you don't have good answers for all the questions people might come up with, these brochures might serve you as a guidance.

Need a stack of these for an event? Contact us, tell us about the event and how many brochures and which of the three versions you need, and we'll mail them to you. Note that we might ask you to write a trip report and give us some feedback on the brochures in exchange.

Also, we will be offering updated versions of these brochures on an ongoing basis.

Thanks for spreading the word about Tor!

Comments

Please note that the comment area below has been archived.

March 31, 2015

Permalink

I have to say, I'm not quite sure how I feel about the very first line on the Law Enforcement brochure being "Abuse is the Exception". If a LEO has no idea what Tor is, reading that will immediately put the idea in their mind that "Oh, so Tor is a thing that's abused, even some time?" You may want to consider revising that.

It's sort of like what we furries have learned about the media. If you start out an interview by saying "Oh, no more than %5 of us are sexual deviants", it'll immediately put the idea in everyone's mind that furries are sexual deviants. It's best to just avoid the topic all together.

Agreed. In fact, we already changed that heading to "Who Uses Tor?" in the linked PDF and ODG but didn't update the preview picture. So, yes, this is already fixed. Thanks for the comment!

Basically, you're right. BUT: What about knife producers? Knifes are abused on a daily basis, but how could this really discredit the good use of knifes for medical operations or cooking? Rather than concealing the fact that there is marginal abuse, you should find good analogies to convey just proportions of the problems every technology faces.

I think the main point of the other anonymous commenter was that it's critical to pick the right words there, not to leave out this part entirely. Well, unless I got that wrong. What I can say is that we had to touch on the topic of abuse, because, sadly, that's how some law enforcement officers first learn about Tor. That's different from knifes or most technologies that can be abused. But this is our chance to tell law enforcement that what they're handling, the case where some jerk abused Tor, is the exception, not the rule. Earlier versions of this brochure didn't mention abuse at all, but we decided that they were lacking practical relevance for law enforcement people.

March 31, 2015

In reply to karsten

Permalink

Acknowledged. You definitely made the right decision by adding the abuse topic to the LEA version.

March 31, 2015

Permalink

Those are great but any chance of having those made in french? I'll be hosting a crypto-party in Montréal soon and having those on hand would be perfect... Is anyone working on a translation?

Thanks.

We have somebody working on a Spanish translation, but nobody for French yet. Would you want to contribute a French translation? We'd be happy to distribute that on the Tor website. Thanks!

March 31, 2015

Permalink

That's an unusual paper size, how many people would have that size or aspect ratio on hand?

Converting the obsolete measurements into something decent A5 seems pretty close and is half the standard A4 paper-size so basically everyone not in the US has it on hand.

It's "half letter size", because the original version was designed by people who are used to US paper formats. (I don't have letter paper at hand, either.) But it should still look okay when printed out on A4 paper.

March 31, 2015

Permalink

OH, WOW! This is really amazing and unbelievable! I've been waiting for something like this for years, literally! I had a similar idea and told Roger about it, but he didn't answer. Obviously, someone had the same idea like me.

This is the best news I've encountered in recent days. I'm somehow speechless. I hope you have at least a slightly guess how significantly you are making the world a better place.

Thanks Tor! Thanks community! You are classy!

March 31, 2015

Permalink

Is this the first working result of your new Director of Communications? If yes, congratulations!

Well, not exactly, though Kate Krauss provided some very valuable feedback on the final draft of these brochures. But it's really based on work from Leiah Jansen, Kelley Misata, and Karen Reilly performed two years ago, plus recent efforts to update and rewrite content with contributions from Lunar, Harmony, Noel David Torres Taño, Andrew Lewman, Roger Dingledine, Julius Mittenzwei, Paul Syverson, Kate Krauss, and myself. Few things at Tor are the result of a single person.

March 31, 2015

In reply to karsten

Permalink

As always, we can count on the Tor community. Big thanks to all of you! Without you, the world would be a darker place.

March 31, 2015

In reply to karsten

Permalink

Kate Krauss? Has she already been introduced officially to the community? On the Tor webpage, I can't find her in the "Tor people" area.

Good point, we should fix that. Kate Krauss is Tor's new press person. But better wait for the update of the Tor people page for a better description of what she does.

karsten

April 01, 2015

In reply to karsten

Permalink

I just realized I missed Griffin Boyce in that list and probably others, too.

March 31, 2015

Permalink

Tor seems to really speeding up its PR efforts. First, the new Tor animation video. Next, the new brochures. What a great start of spring 2015!

Here's a nice article of DailyDot describing "Tor's great rebranding".

http://www.dailydot.com/politics/tor-media-public-relations-perception/

Nuggets:

"In October 2014, Tor hired Thomson Communications, a Boston-based public relations firm..."

"The firm has mostly served as a stepping stone to the recent hiring of the Tor Project’s own media professional, Kate Krauss, and the creation of a public-relations operation unprecedented for the organization."

March 31, 2015

Permalink

The line

"The Tor Project builds and distributes free tools that allow
journalists, human rights activists, diplomats, business people,
and everyone else to use the Internet without being watched
online by governments or companies."

is clunky, should read more like

"The Tor Project builds and distributes free tools that have allowed
journalists, activists, citizens, politicians, businessmen, military and police to use the Internet anonymously.

Points:

No point in discriminating against what type of activists as if one is more credible than the other.

Use of PC term "business people" is unncessary, businessmen refers to all people "men as in mankind" not just a particular gender.

The phrase "ordinary people" looks down on others, "Everyone else" you swept into the bin, like a big "and the rest of your kind", we are citizens not "everyone else".

Diplomats is a strange political focus to bring up, better to say generally politicians.

The qualitative "without being watched online by governments or companies" only brings in a small subsection of Tors uses. Generally Tor is an anonymizing tool, and if anything it will bring more scuritiny by governments than if you hadnt used it at all.

Lastly, what it does is not so much as sigificant to people as what is has done. Say that Tor has a reputation of this and not just a claim that it will.

This is very helpful feedback! We're currently collecting suggestions for an updated version to be released later in April in order to make the translation task less painful. We'll consider your suggestion for that version. Thanks!

karsten

April 01, 2015

In reply to by Anonymous (not verified)

Permalink

This is awesome! But we'll also need the translated text in a text file, so that we can put it under version control and ask you or somebody else to update it whenever the English text changes. Can you contact us at tor-assistants@lists.torproject.org to talk this over? Thanks!

April 01, 2015

Permalink

Which version of the brochures do I take when talking to politicians and lawmakers?

April 02, 2015

Permalink

The Tor protocol explanation uses the usual "Alice" and "Bob", but then talks about "web page requests". It might be an idea to make it more explicitly clear that Alice is trying to browse Bob's website.

Indeed, that might clear up things a bit. As I wrote above, we're currently collecting suggestions for an updated version to be released later in April (or May?) in order to make the translation task less painful. We'll consider your suggestion for that version. Thanks!

April 02, 2015

Permalink

This news article on the thread

https://blog.torproject.org/blog/crowdfunding-future-hidden-services

might draw a badly-needed laugh:

http://www.theinquirer.net/
Tor proposes crowdsourced and more accessible hidden services
Dave Neal
31 Mar 2015

Companies like Google and Apple have got it in the neck for securing their users' privacy, and their unwillingness to drop this stance has frustrated needy detectives.

"We are disappointed by the position taken by these tech firms and it only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet," said Europol director Rob Wainwright this week.

"[Tech firms] are doing it, I suppose, because of a commercial imperative driven by what they perceive to be consumer demand for greater privacy of their communications."

Swines.

The differences between how the "mainstream media" and "tech media" report US/UK demands to outlaw crypto/Tor are very striking.

April 02, 2015

Permalink

A very useful handout for FVEY constituents attempting to lobby their representatives:

http://www.parliament.uk/briefing-papers/POST-PN-488/the-darknet-and-on…"
The darknet and online anonymity - POST Note

See also

http://boingboing.net/2015/03/10/parliamentary-office-of-scienc.html
Parliamentary Office of Science & Technology tells Cameron Tor is good, unstoppable
10 Mar 2015
Cory Doctorow

Be prepared to explain who Cory Doctorow is.

April 02, 2015

Permalink

More Comey-mocking, this time from one of my favorite US tech writers:

https://www.techdirt.com/
FBI Director Angry At Homebuilders For Putting Up Walls That Hide Any Crimes Therein
Mike Masnick
26 Sep 2014

the freaking out continues... insanity...

why isn't Comey screaming about the manufacturers of paper shredders, which similarly allow their customers to hide papers from "lawful surveillance?"

this demonizing of encryption as if it's only a tool of pedophiles and criminals is just ridiculous. Regular everyday people use encryption every single day. You're using it if you visit this very website. And it's increasingly becoming the standard, because that's just good security.

I like to use another analogy: imagine young J. Edgar Hoover back in 1920 screaming to the press that this new-fangled thing the automobile must be outlawed because it is hideously dangerous "bank-robbery-enabling technology", and imagine an angry Henry Ford pushing back. Not unlike FBI vs modern-day tech giants, perhaps?

Arguing "if FBI get's its way yet again, this will cost jobs" (by preventing economic growth resulting from strong civilian encryption) is one of the few arguments which actually makes politicians prick up their ears. A complementary argument: growing an electronic privacy industry will create jobs (most effective when presented by Google employees eager to strike out on their own); "if we don't, the Germans will". (Germans should of course argue that their own government should seize the opportunity to replace the US as the world's provider of data services.)

Another argument which reliably draws the interest of US politicians: explain how the unencrypted health records of 7 million US military persons* and their families were stolen in the third largest breach of HIPAA protected PHI yet reported to HHS, how foreign intelligence agencies can use such troves of stolen EHRs, and how strong encryption would have impeded them. Trawl through healthitnews.com for many stories about EHR insecurities and massive data breaches, and note how many would have been easily prevented if only strong encryption were mandated by law.

*Including the NSA/TAO ROC-ers at Lackland AFB, ouch, the irony, it burns most atrociously, Sir!

The reason why arguments which make more sense to privacy advocates (such as appealing to international norms exemplified by the universal human right to privacy as expounded by the UN) appear to fall on deaf ears is not so much that lawmakers truly don't care about human rights, but that they need to hear an argument which they feel they can actually use in the current political environment in FVEY legislatures.

Another point worth making: data services corporations, health insurers, the rapidly growing industry (see Root9B, Rook Security, Cyveillance) which sells cyberwar services to banks and other international corporations, and the surveillance-industrial-complex are all competing for a very small number of black-hat-hackers with the necessary knowledge and skills. Eradicating NSA's SIGINT division would immediately provide thousands of people who can be retrained as health-data-protectors in a government-sponsored crash program (first stop: political re-education camps instructing former ROC-ers about the US Constitution and the revolutionary origins of the USA). Also, freeing up ROC-ers for data protection work would reduce the pressure on FBI and other agencies to hire so many people convicted of criminal cyber-bank-theft schemes; the dangers of this practice should be self-evident to lawmakers.

April 02, 2015

Permalink

I concur with others here who feel that US persons who value Tor should at least attempt the Constitutionally approved method of lobbying their Congressional representatives, even though none of us is so naive as to expect this to prevent CISA from being enacted into US law. By do doing you are in effect following the example of Edward Snowden, who attempted to "work within the system" to bring a modicum of sanity into the USIC, before he became a whistleblower.

It is important to recognize that the current attempts to

* outlaw Tor (especially hidden services)
* grant FBI the "authority" to hack at will into Tor nodes, HS servers, and perhaps even into any computer running TBB
* mandate backdoors in all operating systems and cryptosystems

include at least several closely related items which are currently being very intensively pushed by a concerted USG sponsored media onslaught:

* Proposed change to Rule 41(b) of the US Code of Criminal Procedure
* CISA
* FTA (Fast Track Authority) for TPP (Trans-Pacific Partnership)
* at least two executive orders

(For more information, see the links at the end of this post).

It is also important to know that the "9/11 Committee" continues to issue influential advisory white papers, in particular calling for the FBI to convert itself from a law enforcement agency into a domestic intelligence agency. And top FBI officials have been bragging about how effectively they have implemented this recommendation

http://motherboard.vice.com/blog/obamas-pick-for-fbi-director-says-the-…
Obama's Pick for FBI Director Says the FBI Is an Intelligence Agency
Derek Mead
9 Jul 2013

http://www.washingtonpost.com/
FBI’s Comey focused on violent home-grown extremists, global spread of terrorism
Sari Horwitz
19 Sep 2013

“I saw that [ACLU] said we were a domestic intelligence agency and my response was, ‘Okay, good,’ ” said Comey, who was relaxed and had shed his jacket in a roundtable gathering with 18 reporters. “I think that’s one of my responsibilities, to continue [former FBI director] Bob Mueller’s work to transform the bureau into an intelligence agency.”

It is amazing that the US Congress has raised so little objection (apart from a dramatic speech by NSA stalwart Diane Feinstein) to the more or less openly acknowledged fact that USIC spies intensively on the Congress and on everyone who communicates with Congress. One reason why that is so troubling is that it implies that "privacy advocates" tend to be "frozen out" of the political process, because they are acutely aware that expressing to their representative any views contrary to the interests of the surveillance-industrial complex is likely to get them placed on watchlists of persons who are assessed to pose a "potential national security risk".

But if you are a Tor user, you are already on watchlists. In particular, NSA enumerates the IPs of all devices communicating with a Tor directory authority, and they tie real-life identities to all IPs. And GCHQ monitors visitors to torproject.org as a favor for NSA. Further, dozens of documents emanating from NCTC and allied USG agencies suggest watchlisting anyone who expresses a wide variety of views, including:

* what some analyst considers to be "excessive concern for civil liberties"
* anyone who expresses a personal grudge or complains about discrimination
* anyone who has been a victim of or witnessed a violent crime
* anyone who expresses anti-nuclear views
* anything some analyst considers to be a "conspiracy theory"
* anyone who has recently purchased a weapon (does a Black phone count?)'

How do such zany criteria come to be enshrined as USG policy in soberly written official documents? Simple: when you hire thousands of people tasked with sitting around all day thinking up horrid scenarios for how "US interests" could be harmed by, among others, "domestic extremists", you should expect more and more... imaginative... whitepapers to result. When you hire tens of thousands of people tasked with sitting around all day reviewing the private lives of individual citizens, looking for "evidence" of "terrorist proclivities", you should expect more and more imaginative interpretations of entirely innocuous daily activities. For example: various NCTC/DHS/Fusion Center bulletins have warned about allegedly suspicious and "potentially dangerous" persons who... wear backpacks... ride bikes... carry binoculars... pay with cash in bookstores... take photographs.

And it doesn't help that so many Fusion Center analysts gained their basic training in military intelligence units in Afghanistan or Iraq, or in at least one case, while conducting interrogations of "high-level detainees" at GTMO. (Who knew, until Wikileaks published an example, that there is such a thing as a diploma certifying the recipient's expertise in "enhanced interrogation"? And shouldn't every US citizen be alarmed that Fusion Centers show such an interest in hiring people who possess this kind of military credential?)

So if you are reading this blog, maybe even if you simply live in the USA, you are most likely already on plenty of watchlists.

Ironically, many current congressional staffers previously worked as activists and were placed on secret USIC watchlists, and once you are on one of these lists, you can never get off. Same thing happens in the UK:

http://www.theguardian.com/uk-news/undercover-with-paul-lewis-and-rob-e…
Police face further pressure over covert monitoring of MPs
Rob Evans
1 Apr 2015

Here are some informative news stories about current FBI demands to turn the US into an even more authoritarian state:

http://fcw.com/articles/2015/03/27/fbi-encryption.aspx
FBI wants 'legislative fix' on device encryption
Adam Mazmanian
27 Mar 2015

https://threatpost.com/
Obama Administration Seeks More Legal Power to Disrupt Botnets
Dennis Fisher
12 Mar 2015

https://www.techdirt.com/articles/
Judicial Committee Gives FBI The First OK It Needs To Hack Any Computer, Anywhere On The Planet
Tim Cushing
17 Mar 2015

http://www.homelandsecuritynewswire.com/
Justice Department takes first step toward expansion of search warrants’ reach
18 Mar 2015

And to counter claims that

* "it's all for our own protection"
* FBI, DEA, USSS agents never "break bad"

see these

https://www.eff.org/deeplinks/2014/11/fbis-suicide-letter-dr-martin-lut…
FBI's "Suicide Letter" to Dr. Martin Luther King, Jr., and the Dangers of Unchecked Surveillance
Nadia Kayyali
12 Nov 2014

https://firstlook.org/theintercept/2015/03/12/fbi-appeared-use-informan…
Why Was an FBI Joint Terrorism Task Force Tracking a Black Lives Matter Protest?
Lee Fang
12 Mar 2015

http://www.forbes.com/sites/sarahjeong/2015/03/31/force-and-bridges/
Criminal Charges Against Agents Reveal Staggering Corruption in the Silk Road Investigation
31 Mar 2015

http://arstechnica.com/tech-policy/2015/04/new-silk-road-docs-show-how-…
New Silk Road docs show how site got looted by cop who hijacked dealers’ accounts
Joe Mullin
2 Apr 2015

http://arstechnica.com/tech-policy/2015/04/disgraced-dea-agent-from-sil…
Disgraced DEA agent from Silk Road case sent weird messages to Mt. Gox CEO
Cyrus Farivar
2 Apr 2015

When even Forbes speaks of "staggering corruption" in the Surveillance State, US lawmakers ought to be capable of recognizing that something has gone terribly, terribly wrong.

April 03, 2015

Permalink

Users and developers: what is our plan? If we don't have one, we better make one ASAP.

I urge Tor Project to:

* establish legal support in advance (I assume this has been done) of reception of NSLs and other demands from USG, China, Russia, India, Pakistan or other governments,

* establish in advance plans for relocating key TP people/assets in the event that US/UK/FR declares Tor illegal (but where to relocate?),

* following the example of the Tails Project, use Shamir's secret sharing scheme to counter possibility of one or more developers being rendered and rubber-hosed,

* if the Project deems these proposals unduly alarmist (and I certainly hope they are), please solicit posts from recognized legal scholars explaining why such recent developments as the Executive Order of 1 Apr 2015, which bearing in mind the stunningly "imaginative" misuse of language by NSA revealed by Snowden, appears to imply (lawyers, if I am wrong please tell us why!) that the assets of Tor node operators anywhere in the world can be frozen without notice or appeal.

The cited EO doesn't seem to have a number yet, but there is a press release at whitehouse.gov. The title is of the order is:

"BLOCKING THE PROPERTY OF CERTAIN PERSONS ENGAGING IN SIGNIFICANT MALICIOUS CYBER-ENABLED ACTIVITIES"

Mainstream US press coverage (aka USG propaganda) suggests the order is nominally aimed at the semi-mythical Iranian/Chinese state-sponsored cyberhacker and/or the semi-mythical Romanian banking cyberheist gang, but as seems to be the new normal, the language is extremely broad and it appears that the definitions offered could easily be twisted by self-described domestic intelligence/cyberwar agency FBI, bearing in mind the fact that all Tor users routinely build circuits using nodes hosted on (mostly commercial) servers located in many nations, operated by (mostly) private citizens residing in many nations.

The order declares a "national emergency" (heavens) and directs USG agencies to

(i) freeze/seize all assets of anyone who is or comes under control of US authorities (think CIA kidnapping, or servers located in Ireland but owned by Microsoft)

who USIC believes may be engaged in

(ii) anything tending to impinge on US national security, foreign policy, financial stability

Or as the self-described constitutional lawyer and leader of the free world (aka chief-assassin by probabilistically-targeted drone strikes) puts it:

(i) "All property and interests in property that are in the United States, that hereafter come within the United States, or that are or hereafter come within the possession or control of any United States person of the following persons are blocked and may not be transferred, paid, exported, withdrawn, or otherwise dealt in"

(ii) "any person determined by the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to be responsible for or complicit in, or to have engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of:
...
(C) causing a significant disruption to the availability of a computer or network of computers"

Could FBI interpret (C) to cover impeding USIC dragnet surveillance by using Tor? Could NSA's Xkeyscore activities be interpreted to constitute a "network of computers"? It seems clear (C) could cover DDOS, so teens tempted to try that on should consider the possibility that their parents house might be seized as happened recently to an American grandmother whose open-WiFi was abused by someone for DDOS. Could expressing criticism of e-trading be interpreted as attempting to cause financial instability in the US economy? Could The Intercept's reporting on GCHQ/CSE abuses be interpreted as harming US foreign policy?

For example, could my assets be seized if I use Tor to point out that in a recently leaked document, GCHQ itself confirms that it specifically targets absolutely every last human being living in Iran? That another just leaked NSA document specifically includes among the nations targeted by GCHQ the significant two letter country code "UK"? Britons, this means YOU!

The documents I just mentioned can be found at

https://firstlook.org/theintercept/2015/04/02/gchq-argentina-falklands/

We should also bear in mind the fact that documents coming from NCTC and the US "mainstream press" routinely express admiration for two nations in particular:

(i) Saudi Arabia, an absolute monarchy which routinely imprisons peaceful protesters, severely restricts travel/education of women, and outlaws the practice of (many) religions

http://www.hrw.org/world-report/2015/country-chapters/saudi-arabia

(ii) Singapore, the very model of the modern asian authoritarian state, the only country which openly implemented Poindexter's TIA

http://www.salon.com/2015/04/01/we_decide_what_is_right_never_mind_what…

http://www.salon.com/2015/03/31/lee_kuan_yew_is_finally_dead_and_americ…

For a recent example of an NCTC document which praises precisely two countries (Saudi Arabia and Singapore), see:

https://firstlook.org/theintercept/2015/02/09/government-develops-quest…

April 03, 2015

Permalink

It is wonderful to see the Tor Project becoming more politically sophisticated, and I feel this is necessary to oppose lobbying by our enemies.

I feel that many of the more ambitious suggestions on this page (and the related thread on HS) can be interpreted as urging the Tor Project to reach out to like-minded groups such as AccessNow, EFF, ACLU, Tails, Riseup, and relevant projects at Github. (All of these resources currently appear to be under active state-sponsored attack.) In that spirit, two more suggested initiatives which I feel would be very useful in the current environment which is rapidly becoming so hostile for activists all over the world:

* form a collective for forensic analysis of devices which have come into the physical control of "the authorities" (with the goal of reverse engineering and publishing our enemies's best malware, in order to make them think long and hard before attacking us; ideally analysis would include testing microcontrollers, BIOS, firmware)

* form an international collective for legal analysis of proposed and enacted laws, govt and corporate policies, US presidential executive orders, Russian presidential decrees, etc.

These are not things Tor Project can do alone. Privacy-minded persons/groups need to band together in some kind of mutual defense pack to preserve what is left on-line of the cherished principles of freedom of speech/information/religion/assembly.

April 03, 2015

Permalink

Another kind of outreach by Tor Project which I think would be valuable, and which is somewhat analogous to "educating" LEAs around the world, would try to dissuade well-intentioned vigilante groups who have apparently operated undeclared families of Tor nodes for the purposes of identifying and retaliating against Tor users these vigilante suspect of belonging to targeted groups such as:

* extremists, especially Islamic extremists

* malware punters

* bot herders

* child pron sharers

* human traffickers

* "recreational" drug users

Many people, even many people here, might find at least one of these target groups so objectionable that abusing Tor to identify such persons might seem reasonable.

However, arguments against running Tor nodes for the sole purpose of attempted extraction/characterization of content from Tor network traffic might include pointing out other reasons why people really really need Tor for purposes at least as "good" (by our standards) as the ones named above are "bad" (by someone's standards). For example:

* grass-roots organizations in Mexico struggling against drug cartels and corrupt local government officials

* survivors of battering seeking to communicate with other survivors

* union organizers in countries where governments and corporations are hostile towards unions (i.e. pretty much everywhere)

* anti-austerity activists in Greece and Spain

* Occupy activists in the USA

* environmentalists in countries like Canada, Iran, Vietnam whose governments target such persons for surveillance or worse

* pro-democracy organizers in Burma, USA

* anti-monarchists in Thailand, UK

* residents of countries with an official religion who wish to organize in order practice some other religion in secret

The problem is of course that when vigilantes perform MITM+DPI to attack some target group, they inevitably wind up attacking all these other people too.

It is worth pointing out that some vigilante groups appear to be state-sponsored. In the US, at least one well meaning group which appears to operate an undeclared Tor family for purposes of surveillance of a narrow target population appear to openly engage in public-private partnerships with state government social service agencies, which illustrates the scope of the problems we face from well-meaning persons who are messing with the Tor network.

Another argument would be to explain what Mossad did in Liliehammer, Norway, back when Golda Meir was PM.

April 06, 2015

Permalink

> Another argument would be to explain what Mossad did in Liliehammer, Norway, back when Golda Meir was PM.

On 21 Jul 1973, a team of Mossad agents under the personal direction of the chief of Mossad, Michael Hariri, assassinated a waiter, Ahmed Bouchiki, in front of his wife (who was pregnant with their first child), in Lillehammer, Norway. The team had mistaken Bouchiki for Ali Hassan Salameh, a Black September operative credited by Mossad with masterminding the massacre at the 1972 Olympics in Munich. Several members of the kill team were arrested by Norwegian authorities before they could flee the country (Hariri himself barely escaped capture), tried, convicted, and quietly released some years, under intense pressure for the US State Department.

PM Golda Meir was furious with Hariri, who had personally assured her that "Mossad never screws up". But he knew that was a lie when he said; in fact, he personally traveled to Norway because the kill team consisted of greenhorns, so he felt they needed close supervision from an experienced assassin.

The point is that political assassination, even of the "worst of the worst", is a bad idea because no nation is immune from mistakes, just as no guided munitions is immune from "collateral damage".

Not to mention a fine point which appears depressing irrelevant when the sole superpower is functioning as the world's leading rogue state: murder is illegal everywhere, and political assassination contravenes international law.

See

https://en.wikipedia.org/wiki/Lillehammer_affair

https://www.propublica.org/series/drones

http://www.nytimes.com
Chasing Radicals (and Breaking the Rule of Law)
Byran Burrough
14 Mar 2012

Tim Weiner, Enemies, Random House, 2012

The FBI, under intense pressure from the US political leadership, has remade itself into a domestic intelligence agency tasked with the dragnet surveillance of the People, especially people who protest "national security policy" such as targeted drone killings. If it continues to become more and more like CIA/NSA and less like an agency whose mission is to respect the law while enforcing the law, and as the US judicial system increasingly abandons the sacred principle that all persons are equal under the law, FBI will inevitably take an another mission: domestic assassination. But many, even in USIC, believe that is not such a novel mission for FBI.

You've seen the picture: men standing on the balcony, pointing at the assassin's window, and one guy kneeling, checking King for life signs. That man was James Harrison, the undercover FBI agent who had infiltrated King's inner circle. He wasn't trying to save King, he was making sure King was really dead, as the Director desired. See

http://www.salon.com/2015/04/05/the_mlk_murder_mystery_how_slain_leader…
The MLK murder mystery: How slain leader’s death became a true crime whodunit
Matthew Pulver
5 Apr 2015

April 06, 2015

Permalink

Congressional views of Tor are shaped in part by The Hill, so Tor Project should read this article:

http://thehill.com/policy/cybersecurity/237905-private-darknet-markets-…
Private 'darknet' markets under siege
Cory Bennett
4 Apr 2015

> Darknet marketplaces using the anonymous online network Tor have been under siege this week from “the most serious attack TOR has ever seen,” according to one marketplace operator.

It's Tor, not TOR.

> “TOR developers are saying that they think the problem will be solved in a few more days,” a Middle Earth operator who goes by “MEMGandalf” said earlier this week on social media website Reddit. It’s not clear who is behind the attack and whether it is ongoing. But darknet marketplaces have received increasing scrutiny from government investigators in recent months. Just a few weeks ago, the Department of Homeland Security subpoenaed Reddit for information about the top posters on the subforum the Middle Earth operator used to announced the attack.

...

> FBI Director James Comey has called it the “going dark” problem, where criminals are able to operate in a zone of complete anonymity. But Tor is also the leading privacy tool used to help dissenters hide from authoritarian regimes, protect journalists from persecution and simply keep information safe from hackers. The U.S. government funds the vast majority of the software’s development costs. The contradiction has put the Obama administration in a tough position: trying to simultaneously defend the right to online anonymity while finding a way to digitally track suspected criminals.

The Hill is read by many Congressional staffers, so perhaps there is some hope after all for the Tor community that concerted lobbying from ordinary citizens just might put off CISA until wider heads can put in much needed amendments (or even better, kill this new surveillance monster law).

http://arstechnica.com/security/2015/04/bugs-in-tor-network-used-in-att…
Bugs in Tor network used in attacks against underground markets
Sean Gallagher
3 Apr 2015

> The operator of an underground marketplace hosted within the Tor network has reported a flaw in Tor that he claims is being used for an ongoing denial of service attack on the site. The problem, which is similar to one reported by another hidden site operator in December on the Tor mailing list, allows attackers to conduct a denial of service attack against hidden sites by creating a large number of simultaneous connections, or "circuits," via Tor, overwhelming the hidden service's ability to respond.

Tor users, if possible please report anomalies while browsing the non-dark net too. In recent days, there have been reports from Tails users of disconnections from the LAN, followed by immediate reconnections. This could be a bug in Tails, but some speculation NSA/GCHQ may be attempting to bypass one of Tor's great strengths, perfect forward security. From the canonical source for practical attacks on SSL/TLS:

http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl…
How does the NSA break SSL?
Matthew Green
2 Dec 2013

> the session resumption mechanism can be finicky: session keys must either be stored locally, or encrypted and given out to users in the form of session tickets. Unfortunately, the use of session tickets somewhat diminishes the 'perfectness' of PFS systems, since the keys used for encrypting the tickets now represent a major weakness in the system. Moreover, you can't even keep them internal to one server, since they have to be shared among all of a site's front-end servers! In short, they seem like kind of a nightmare.

For legislative staffers whom, we hope, might read this blog (using Tails of course, we hope): if you missed the Guardian story on how NSA operatives made sure NIST standards used a flawed pseudorandom number generator, here are some handy links:

https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
The Strange Story of Dual_EC_DRBG
Bruce Schneier
15 Nov 2007

http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-…
Revealed: how US and UK spy agencies defeat internet privacy and security
James Ball, Julian Borger and Glenn Greenwald
6 Sep 2013

http://blog.cryptographyengineering.com/2013/09/on-nsa.html
On the NSA
Matthew Green
6 Sep 2013

http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-duale…
The Many Flaws of Dual_EC_DRBG
Mathew Green
18 Sep 2013

April 06, 2015

Permalink

> It seems clear (C) could cover DDOS, so teens tempted to try that on should consider the possibility that their parents house might be seized as happened recently to an American grandmother whose open-WiFi was abused by someone for DDOS.

It is an easy guess that Tor will be blamed for the forthcoming OpIsrael, if it happens as threatened:

http://thehill.com/policy/cybersecurity/237972-adl-warns-jews-of-digita…
ADL warns Jewish groups of 'digital terrorism'
Elise Viebeck
6 Apr 2015

> The campaign — dubbed #OpIsrael on Twitter — is intended to “erase” Israel from cyberspace, according to its organizers. Anonymous and its affiliates have a history of targeting Jewish institutions over Israel’s activities in the Palestinian conflict.

I don't wish to offend Anonymous, but I feel it neccessary to point out that opposing state-sponsored political assassinations (a favorite "tool" of two notorious rogue nations, USA and Israel) does not imply support for OpIsrael! Here are some reasons why OpIsrael is IMHO a bad idea:

* dissident acts which appear "too easy to be a good idea" probably are (a sub-principle of the principle that offers which appear "too good to be true" probably are)

* Snowden said that if you aren't willing to risk a great deal for your moral principles, you probably don't believe very deeply in said principles, from which it follows, I think, that dissident acts which appear (emphasis on appear) risk-free probably don't mean very much

* opponents of the more lethal and illegal actions by USA and Israel have the moral high ground, until we descend to the kind of active cyberattacks which are used by our enemies (breaking into computers owned by someone else, denying others their little soapbox), and this is political terrain we should not give up without careful strategic thought,

* there are Israeli dissidents too, and they bitterly oppose political assassinations, mistreatments of Palestinians, the possibility of making war on Iran, etc., and if you cut off from the Internet the entire nation of Israel, you'll harm people who actually agree with the political aims of OpIsrael,

* if USIC thinks they've fingered you as participating in OpIsrael, regardless of where you live, the USG may well try to seize your computer, your bank account, your parent's house, etc.; just look what they did to Aaron Swartz, who was simply sharing some journal articles from a site which a few months later made them all freely available anyway.

https://en.wikipedia.org/wiki/JSTOR#Aaron_Swartz_incident

So support Tor, and use Tor, but not for DDOS, OK?

April 06, 2015

Permalink

I bring you the happy news that, in the spirit of Banksy, a public memorial honoring Edward Snowden has just been dedicated in NYC:

http://animalnewyork.com/2015/theres-a-massive-illicit-bust-of-edward-s…
There’s a Massive, Illicit Bust of Edward Snowden Stuck to a War Monument in Brooklyn
Bucky Turco
6 Apr 2015

This action immediately caught the eye of a newspaper which is read by many congressional staffers:

http://thehill.com/policy/technology/237977-artists-secretly-install-sn…
Artists secretly install Snowden monument
Julian Hattem
6 Apr 2015

These are both excellent articles, but IMHO they fail to stress the sheer size of what happened early this morning:

o the Prison Ship Martyrs Monument is in essence a column 150 feet tall (it is in fact the worlds tallest freestanding Doric column);

o the monument marks one corner of a mass grave (constructed after the war) which holds the remains of some 11,000 Patriots who died on the prison hulks which were moored in Wallabout Bay during the Revolutionary War,

o the invasion of Brooklyn by the UK on 22 Aug 1776 was the largest amphibious invasion ever launched, a record held until the D-day landing in Normandy,

o the Battle for New York, which raged from late Aug through Sep 1776, involved more soldiers than any other battle of the war,

o Washington's main accomplishment was to narrowly avoid his entire army, with the help of impossibly good fortune, aka a miraculously obscuring fog just when the Patriots needed it most, followed by a (mostly) successful fighting retreat up Manhattan Island and then across the Hudson River,

o almost all American prisoners held by the British were sent to the prison hulks, where almost all soon died; the British simply tossed the dead into the bay; many of the bodies wound up being buried by the action of the tides in the shore of the Bay,

o British and American prisoners held by the Americans were comparatively well-treated, and most survived; many Hessian prisoners chose to remain in America after the war,

o during construction of the Brooklyn Navy Yard in 1803, the natural shoreline was altered, leading to the discovery of many bones of the unfortunate Patriot prisoners,

o the Federal government refused to deal with the situation, so the notoriously corrupt Tamany government arranged for the bones to be re-interred on a nearby Hill (the site of the present monument); the crypt was dedicated in 1808,

o the monument is located in Fort Greene Park, which is named for Washington's best general, Nathaniel Greene, who unfortunately for the Patriots sat out the Battle of New York because he had come down with a life-threatening case of the flu,

o the site is close to the site of Cobble Hill fort, from which Washington observed the British, who had outflanked the American defenders, slaughter the brave Maryland regiment, causing him to cry in anguish "O What brave lads I must lose this day!",

o the bust of Snowden weighs 100 pounds and is proportional in size to the height of the column,

o there is a new dedicatory plaque reading simply "Snowden",

o several other recent "art pranks" in NYC have resulted in determined police investigations, so this action was quite risky for the artists.

The analogies between

o King George III's terribly misguided government and current US government policies,

o the grievances of the 1776 patriots and the grievances of modern privacy and Occupy advocates.

o grass-roots tactics such as closing the Kings courts in 1775, the Boston Tea Party, and Vietnam war era "sit-ins" and modern acts of "vandalism" of valuable properties,

o the fearful atmosphere of menace endured by all participants in the dramatic events leading up to the Revolution, and the current hysteria about domestic dissidents,

are extensive and impressive. For details, see

Ray Raphael, A People's History of the American Revolution, New Press, 2001

Barnet Schecter, The Battle for New York, Pimlico, 2003

John Gallagher, The Battle of Brooklyn, Sarpedon, 1995

All three of these books, incidentally, are so provocative that I fear they are in serious danger of being banned by the USG, so if you can find a copy, make photocopies and pass them around.

April 06, 2015

Permalink

In addition to the unofficially dedicated Snowden monument in Brooklyn, well-traveled citizens can view an exhibit in the Victoria and Albert Museum in London:

http://thehill.com/policy/technology/237880-smashed-snowden-laptop-on-d…
Smashed Snowden laptop on display in British museum
Julian Hattem
3 Apr 2015

> A laptop that was used to store leaked files from Edward Snowden and then destroyed under watch from U.K. intelligence officers is now on display at a prominent London museum. The smashed MacBook Air is on display at the Victoria and Albert Museum as part of an exhibition examining “the role of public institutions in contemporary life and what it means to be responsible for a national collection.”

The politicians who read The Hill will appreciate better than most, I think, the fact that in participatory democracy, visual symbolism matters. Smashing electronics belonging to a leading UK newspaper else does not make the UK government look at all healthy or sane.

April 08, 2015

Permalink

> In addition to the unofficially dedicated Snowden monument in Brooklyn

It has already been destroyed by NYC officials.

Corrections from Parks and Wreck: early in the 19th century, as the Navy Yard was being built, the remains of c, 11,500 Patriot soldiers were buried in another location. Walt Whitman (editor of The Brooklyn Daily Eagle, also known to early twentieth century schoolchildren for subversive acts of poetry) campaigned to create the Prison Ships Martyrs Monument. The crypt under the "official" monument only holds a small selection of the bonees of the unfortunate prisoners. The current resting place of the other Patriots appears to be unknown.

April 08, 2015

Permalink

May I suggest that Tor Project brainstorm with two more important groups of potential allies in the struggle against the Surveillance State?

o legal think tanks such as the Brennan Center

o groups whose membership is drawn from the professions on which the Surveillance State depends utterly for technical support, such as

Federation of American Scientists (FAS)
1725 Desales Street NW, Suite 600
Washington, DC 20036

American Mathematical Society (AMS)
201 Charles St
Providence RI 02904

It is well known that the American STEM professions (Stat-Sci-Tech/ Engineering/Math) were largely beholden to the Defense-Industrial complex even prior to 9/11. In particular, for decades NSA has been proud to bill itself as the largest single employer of PhD mathematicians in the world. The reason NSA needs so many math PhDs is that everything NSA does critically depends upon mathematics, often novel mathematics which can only be created by dedicated cadres of specialists in arcane areas of number theory, graph theory, probability theory, differential equations, and other fields.

Not so well known, perhaps, is the extent to which, after 9/11, the USIC moved onto American campuses. Many US universities have joined the University of Maryland, College Park* in hosting USIS agents in on campus USIC-funded academic programs, in addition to inviting NSA to embed "talent spotters", "advisors", and "consultants" in academic departments. Some go so far as to say that since 9/11, the American mathematical profession has effectively become an NSA captive.

*Edward Snowden's first worksite, as an employee of the Surveillance-Industrial Complex, was a large NSA-funded research facility on the campus of UM College Park.

However, after publication of the first Snowden leaks, many members of the AMS suffered a dramatic change of heart about working on the behalf of the Surveillance State. There are now at least two active mathematician-led anti-NSA campaigns, which seek to

o force AMS to break off all ties with NSA,

o induce faculty senates to vote USIC off American college campuses.

These movements are supported by EFF; why not Tor Project too?

The Notices of the AMS has been publishing an on-going "debate" on the demerits of working on behalf of NSA. Somewhat comically, the editors complained that they tried hard to find mathematicians who would speak up for NSA post-Snowden, but could only obtain comments from current or former employees, who are hardly impartial commentators.

Some excerpts from the rather one-side "debate":

Stefan Forcey (University of Akron) laid out the problem:

From Volume 61, Number 1 (January 2014)
Dear NSA: Long-Term Security Depends on Freedom
https://www.ams.org/notices/201401/rnoti-p7.pdf

> Many mathematicians earn NSA funding for their research, their students, and their universities through an annual grant competition administered by the American Mathematical Society.

He explained why NSA is so terrified by the prospect of being ostracized from the AMS:

> It would be shortsighted for the NSA to push away our top scientists by appearing negligent. Leadership at the NSA evidently realizes the vital importance of public and scientific support. A portion of their effort is dedicated to improving all levels of math education and supporting open, unclassified math research in the United States.

Forcey neglected to discuss an important aspect of the controversy: NSA sometimes classifies "open" research after the fact, and has not hesitated to retaliate against anyone who resists classification of research not funded by NSA (an attitude which has encouraged the growth of the mathematical underground, which represents another community which could use improved Hidden Services to advantage, for example for sharing underground technical reports or "liberated" NSA sponsored research).

Two leading mathematicians urged that AMS ostracize NSA:

Volume 60, Number 11 (September 2013)
AMS Should Sever Ties to NSA
Alexander Beilinson (University of Chicago)
https://www.ams.org/notices/201311/rnoti-p1432.pdf

> I am writing this Letter to the Editor to suggest the AMS sever all ties with the NSA (National Security Agency)... the NSA destroyed the security of the Internet and privacy of communications for the whole planet. But if any healing is possible, it would probably start with making the NSA and its ilk socially unacceptable just as, in the days of — my youth, working for the KGB was socially unacceptable for many in the Soviet Union.

Volume 61, Number 2 (February 2014)
Thomas C. Hales (University of Pittsburgh)
The NSA Backdoor to NIST

> In my opinion, an algorithm that has been designed by NSA with a clear mathematical structure giving them exclusive back door access is no accident, particularly in light of the Snowden documents.

This eventually drew a response from Michael Wetherheimer, Director of Research at NSA:

The Mathematics Community and the NSA
Encryption and the NSA Role in International Standards
https://www.ams.org/notices/201502/rnoti-p165.pdf

(See the blog posts by Matthew Green for a detailed rebuttal of his claims.)

One mathematician who is not a full time employee of NSA but longstanding ties to that agency, struggled to find something positive about NSA. Andrew Odlyzko (University of Minnesota), a leading coding theorist, wrote:

Volume 61, Number 6 (June/July 2014)
The Mathematical Community and the National Security Agency
https://www.ams.org/notices/201406/rnoti-p623.pdf

> My carefully considered view is that our society has become preoccupied with terrorism to an absurd and harmful degree. That is what has driven the intelligence agencies to the extreme measures they have taken... much of this activity is worse than a crime; it’s stupid. Terrorism is a threat to our society, but it is simply not an existential threat that justifies extraordinary measures. We face a variety of threats—from car accidents, which take about as many lives each month as the 9/11 tragedy, to weather (ranging from sudden disasters, such as hurricanes Katrina and Sandy, to the dangers from climate change), to global avian flu pandemics. The moves taken in the name of fighting terrorism, including the intrusive NSA data collection that has recently come to light and more generally the militarization of our society, are not justified by the dangers we currently face from terrorism. In fact, these moves will likely inhibit our ability to deal with many of the other threats and probably will even inhibit the antiterrorism campaign.

A former NSA employee, Richard George (Johns Hopkins Applied Physics Laboratory) attempted to defend NSA's dragnet:

Volume 61, Number 7 (August 2014)
NSA and the Snowden Issues
https://www.ams.org/notices/201407/rnoti-p772.pdf

> As an NSA employee, I was aware of the rules about signals intelligence. When public discussions about foreign intelligence take place, there are some facts about the SIGINT system that people need to know: NSA is a supplier of intelligence, not a consumer; NSA does not choose its targets; NSA activities and processes are driven by laws established by Congress and by directives from the President, the Secretary of Defense, and the Director of National Intelligence (DNI).

Another former NSA employee, whistle-blower William Binney, contradicted these claims:

Volume 61, Number 8 (September 2014)
The Danger of Success
https://www.ams.org/notices/201408/rnoti-p902.pdf

> NSA removed the privacy protections for US citizens and decided to collect and store as much data as it could ingest. No one had privacy from the government anymore. I of course objected, as in my mind these actions were, at a minimum, a violation of the First, Fourth, and Fifth Amendments to our Constitution. The First Amendment was violated because the graphing of social networks (enhanced by other knowledge bases—for example, a reverse lookup of the phone book) would show the people you are associated with. The First Amendment says you have the right to peaceably assemble, and the Supreme Court has held (e.g., in NAACP v. Alabama) that the government does not have a right to know with whom you are assembling. The collection of your email, chatter, and phone calls (recorded or transcribed) is a violation of the Fourth Amendment right to be secure in your affairs. And using content data in order to search for criminal activity can be a violation of the Fifth Amendment, which gives the right not to be a witness against yourself. An example of this is the “parallel construction” techniques used by the FBI and the DEA’s Special Operations Division...

A NSA retiree, Roger Schlafly, contemptuously dismissed such concerns:

Volume 61, Number 11 (November 2014)
Opposing an NSA Boycott
https://www.ams.org/notices/201410/rnoti-p1183.pdf

> Some mathematicians are urging boycotts and other political actions based on overwrought laments about the National Security Agency (NSA)... There is a long history of academics getting over-excited about relatively inconsequential issues.

Schlafly added:

> Google and Facebook are huge multi-billion dollar companies that make all their money by inducing you to use free services, spying on you while you do, and then selling ads based on your preferences. When your privacy is not being sold, it is being stolen. Nearly everything about you is being tracked, recorded, archived, indexed, sold, and used for commercial purposes. Most of this is unregulated. New technologies are likely to accelerate this trend.

This letter drew furious responses from many mathematicians. Tom Leinster (University of Edinburgh) wrote:

Volume 62, Number 2 (February 2015)
The AMS Must Justify Its Support of the NSA
https://www.ams.org/notices/201502/rnoti-p120.pdf

> In 2011, the NSA explicitly stated its goal of universal surveillance, describing its “posture” as “collect it all”, “know it all”, “exploit it all”. The same year, the NSA’s close British partner GCHQ said it was intercepting over fifty billion communication events per day. In 2012, a single NSA program celebrated its trillionth metadata record.

> Schlafly is, at least, correct in noting that outrage at the intelligence agencies’ abuse of surveillance powers is nothing new: from the FBI’s bugging of Martin Luther King and subsequent attempt to blackmail him into suicide, to the 2011 extra-judicial killing of an American child by CIA drone strike (a program to which the NSA supplies surveillance data). He is justified in worrying about the data held by Google, Facebook, etc., but he writes as if concern over that and state surveillance were mutually exclusive, which of course they are not; and much of that data is harvested by the NSA’s PRISM program anyway.

Daniel W. Stroock (Massachusetts Institute of Technology) wrote:

Volume 62, Number 2 (February 2015)
Difference between the NSA and Google
https://www.ams.org/notices/201502/rnoti-p120.pdf

> No doubt the practices of Google are a real danger, but commercial companies are subject to regulations and can be brought before open courts whose judges are appointed by an elected president and have to be approved by the Senate. The regulations governing the NSA are classified, and the NSA is answerable only to a closed court whose judges are appointed, without further review, by a man who himself was appointed by a president who believed that one can defeat terror by declaring a war on it. Maybe these distinctions seem trivial to Dr. Schlafly, but even he should be able to understand why somebody like Alexander Beilinson, who grew up in a country where all courts were secret, does not.

Perhaps the most remarkable contribution to date came from a leading writer of popular math books, Keith Devlin (Stanford University), who revealed that he had been working on dragnet programs for several years:

Volume 61, Number 6 (June/July 2014)
The NSA: A Betrayal of Trust
https://www.ams.org/notices/201406/rnoti-p623.pdf

> Over the course of my work on NIMD, I saw systems demonstrated under nonclassified circumstances that, in a few seconds, could produce incredibly detailed and deeply personal profiles of individuals based on an Internet search that pulled in many isolated publicly available facts. So when I hear officials from President Obama down say, “It’s just metadata,” I smell a deliberate attempt to mislead the population they are supposed to serve. Metadata tells you practically everything you need to know! In fact, much of the focus of my NIMD work was on the degree to which contextual features of signals (information sources) play a role in the knowledge that can be acquired from that signal. I was asked to join Veridian’s project in NIMD precisely to look at that issue.

And what did Devlin learn during his years working for the Surveillance State? He learned that these programs cannot possibly work for their alleged counterterrorism purpose:

> based on everything I learned in those five years, blanket surveillance is highly unlikely to prevent a terrorist attack and is a dangerous misuse of resources that, if used in other ways, possibly could prevent attacks (such as the 2013 Boston Marathon bombing). Anyone with a reasonable sense of large numbers could surmise a similar conclusion. When the goal is to identify a very small number of key signals in a large ocean of noise, indiscriminately increasing the size of the ocean is self-evidently not the way to go...

> And the bigger you make the dataset, the wider the information trawl, the more unlikely that it will lead to an effective countermeasure. Thus, not only did NIMD fail to meet its goal, but as the data collection grew (we did not know about the pending degree of growth at the time, of course, nor its scope), the more inaccessible that goal became. It is reasonable to assume that the number of genuine potential terrorists is small and not growing (at least not dramatically). Consequently, the bigger the data trawl, the harder it is to spot the bad guys, no matter how much computing power you bring to the problem.

Devlin expresses a post-Snowden emotional catharsis familiar to many who have "sold their soul" to the Surveillance state:

> The only reason I am putting these words down now is the feeling of intense betrayal I suffered when I learned how my government and the leadership of my intelligence community took the work I and many others did over many years, with a genuine desire to prevent another 9/11 attack, and subverted it in ways that run totally counter to the founding principles of the United States, that cause huge harm to the US economy, and that moreover almost certainly weaken our ability to defend ourselves...

> Personally, I would not trade freedom in order to prevent terrorist attacks, even if they were more frequent than the current de facto frequency of every ten years or so. If you do that, the terrorists have won. To give up those freedoms to run an Orwellian surveillance program that, based on the intelligence community’s own research, is known to not only not work but to divert resources that if properly targeted (i.e., narrow and deep) could work, is completely wrong.

> As things currently stand, I would not collaborate further with any of the US intelligence services. They have betrayed all of us who were glad to do what we could for the benefit of the free world and have used our work to trample over the Fourth Amendment, to do immense harm to US economic competitiveness, to weaken the Internet on which modern society depends, and to expose us to increased danger from our enemies (the latter two are “own-goals” that result from deliberately weakening the mathematical cryptosystems used in the Internet). I urge all my fellow mathematicians to take a similar stand.

Further essays by leading mathematicians decrying NSA's War on US have appeared in other venues, including:

Edward Frenkel (UC Berkeley)
The perils of hacking math
Slate
30 Sep 2013
http://www.slate.com/articles/health_and_science/science/2013/09/nsa_mi…

Tom Leinster
Maths spying: The quandary of working for the spooks
New Scientist
23 Apr 2014
http://www.newscientist.com

Tom Leinster
Should mathematicians cooperate with GCHQ?
London Mathematical Society Newsletter
http://maths.ed.ac.uk/~tl/LMS_newsletter_April_2014.pdf

The anti-NSA movement has drawn some attention, but not enough, from the mainstream media:

Mathematicians Urge Colleagues To Refuse To Work For The NSA
Kashmir Hill
5 Jun 2014
http://www.forbes.com/sites/kashmirhill/2014/06/05/mathematicians-urge-…

I urge Tor Project to try to help EFF, ACLU, allies in AMS, and other concerned citizens place other stories in the mainstream media explaining the growing anti-NSA movement among USA STEM professionals.

To repeat an argument which has appeared in several blog comments in this space: the Surveillance state must be opposed by means technical, political, psychological and sociological. In particular, a concerted effort by the leadership of the US STEM professions could starve NSA of the talent pool it needs to continue its abuses of freedom.

April 08, 2015

Permalink

In several tor-talk posts over the years, posters have cited the so-called "base rate fallacy". (I'd offer a link but search engines failed to find any of the tor-talk posts I have in mind). Unfortunately the Wikipedia article

https://en.wikipedia.org/wiki/Base-rate_fallacy

is not at all good in explaining this fallacy, and doesn't mention that it applies to dragnet surveillance. The fallacy IS clearly discussed in many textbooks on statistics and probability theory, but in contexts such as a hypothetical dragnet medical screening for a rare but deadly illness, again obscuring its applicability to dragnet surveillance.

This is very unfortunate because IMHO this fallacy provides a simple argument which undermines the very basis of the Surveillance State, at least if we accept at face value the claim that the purpose of dragnet surveillance is to prevent acts of terrorism. The point is that such acts are very rare, and Bayes's formula shows quite clearly why attempts to predict in advance the occurrence of very rare events

o won't work

o will gravely harm large numbers of innocent persons flagged by the dragnet as a "potential future terrorist".

Depending on the audience, one can amplify the argument by explaining why repeated sequential application of Bayes's formula assumes statistically independent events, an assumption which is very strong and surely invalid in the context of dragnet surveillance which attempts to predict in advance who will commit very rare and very specific types of events. One can go further by considering the invariant measure for the transformation underlying any one application of the Bayes's formula.

The urgency of making this argument is amplified by the fact that NCTC has begun to introduce checklists designed in ignorance of the fallacy, which educators, social workers, and other officials are asked to use in order to target children for a lifetime of "selectee status" and other state-sponsored discrimination.

Accordingly I suggest that arma collaborate with a leading mathematical dissident (Edward Frenkel? Keith Devlin?) an essay which attempts to explain for a general audience what the base rate fallacy says and what it implies about dragnet surveillance. This could then be "shopped" to high visibility publications such as Scientific American, New Scientist, even Harpers or The Atlantic.

April 08, 2015

Permalink

These slides are great and this is the right step to get the message out to the masses.

Some personal observations, which I feel worth mentioning:

"Criminals who are willing to break the law already have more effective options than using Tor."
- I dont believe that criminals are worth to mention at all, wheather they use Tor or not is irrelevant; after all criminals also use the internet - so what - does that stop everybody else from using the internet?
On a side note; if a more effective method exists to protect the reader and his privacy - why should he even consider using Tor?
And sarcastically - Please teach me and everybody else this more effective method, so we can start using it.
That space, if removed, could be used for other information, i.e. "Citizens of repressive regimes, like (China?), use Tor to ensure they do not face prison terms for telling the truth or their very opionion"

"How Tor works" - this appears on every page, but the first.
I struggled to comprehend this scheme at first sight and believe the ordinary internetuser may be overwhelmed when reading encryption or layers of encryption. The repetition of this scheme takes up valuable space that could also be used for additional information or to shorten the document.
I personally find the established graphic with the 9 relays between Alice and Bob much easier to understand. (Meaning the one depicted on torproject.org)

Last not least, if the document only had one or two pages, it had more chance to be read by people who nowadays may expect information to be received in a few strong bullets or headlines.

I concur that criminals should need no mention. LEA is always after Tor, mainly mantraing that it is solely used by criminals. While we know this is not the case, this mantra serves the purpose to keep the masses off Tor (and "in the fangs of NSA, Google & Co".

There is nothing in this world that has a primary positive use but cannot be used in a criminal way: Cars, knifes, baseball bats, paper, fingers, words, ... you name it - I am sure some criminal can come up with an idea to abuse it.

Would we be mantraing that knifes are only used by criminals often enough repeated to the point that people start to believe they can be thrown into prison by only owning a knife, this would not only drop knife sales, but also people would start breaking and not cutting bread again.

To me the criminal mantra is like the question : "Do you still beat up your partner?"

There is no right answer to that question and commenting on it in any wayis admitting to the fact one actually beats up their partner.

In my opinion ignoring and not commenting at all will serve the project a much more positive picture.

April 08, 2015

Permalink

Please delete my prior 3 page repetition of the "How Tor Works" comment - just realised I misunderstood the brochure - while looking at it - apologies ;)

April 08, 2015

Permalink

> collaborate with a leading mathematical dissident (Edward Frenkel? Keith Devlin?) on an essay

Bruce Schneier?

He's already written the first draft of the proposed essay:

https://www.schneier.com/blog/archives/2006/07/terrorists_data.html
Terrorists, Data Mining, and the Base Rate Fallacy

But the essay I have in mind would be far more ambitious. It should:

o explain conditional probabilities for novices

o explain independent events

o state Bayes's formula

o explain it using the same values for the probabilities for

+ dragnet (medical) surveillance for a very rare but deadly disease

+ dragnet surveillance for alleged potential future terrorism

o contrast the awful results (almost everyone who "tests positive" would never commit a terrorist act, but will suffer serious consequences from the fact that the government believes otherwise) with events having "not highly improbable" or "highly likely" base rates, such as spam-mail,

o exploit the voluminous comments on Schneier's post to anticipate and debunk some of the more common responses (for example: yes, NSA/CIA know all about this math, in fact the CIA handbook for analysts even explains a weak form of the fallacy, but this doesn't imply that NSA would not spend dozens of billions per year on dragnet surveillance it knows wont work as counter-terrorism--- because counter-terrorism is not the true purpose of the dragnet),

o explain why proposals to simply sequentially apply Bayes formula using many allegedly "independent" tests are also mathematically dubious (since the base rate is so low, you simply get more chances to observe unusual fluctuations, thus harming more people with lifelong state-sponsored discrimination),

o explain why dynamical systems (think invariant measure) suggests that even if huge numbers of truly independent tests for "terrorism proclivities" could somehow be found (surely an impossible dream), the result would a society with almost everyone in prison (but with almost all of these political prisoners being quite harmless), and of the small remaining population still roaming free, equal parts extraordinarily dangerous and extraordinarily harmless.

(I have not yet had the chance to read his most recent book, on Big Data; maybe he does all of these things in that book.)

Writing the article would be a significant expository challenge, but Bruce Schneier is certainly one of the authors most capable of successfully meeting that challenge. Plus, he sits on the EFF advisory board.

Also useful: two sites which use the same basic math in the context of medical testing:

http://phoenixskeptics.org/2013/07/14/false-positives-and-the-base-rate…
False Positives and the Base Rate Fallacy

http://www.statisticsdonewrong.com/p-value.html
The p value and the base rate fallacy

Persuading Schneier to write such an essay would be an enormous accomplishment, although it's a bit depressing to realize that the world's best known crypto writer pointed out the problem almost ten years ago, yet the US Federal Congress is set to approve yet another vast enlargement of the extent and intrusiveness of the existing domestic dragnet, on the grounds of "combating terrorism".

IMO, the most important untold story related to the Snowden leaks is an enormous story which is not even secret, not really, the extent to which the USG is using "agent-based" "microsimulation" to model the future behavior of every citizen, and by applying "tailored" "suasion" programs, to nudge them toward behavior more suited to the agenda of the one per cent. Another relevant buzzword here is "algorithmic governance" or "algorithmic regulation":

https://en.wikipedia.org/wiki/Algorithmic_Regulation

This has been touted in too many USG documents to count, but it has drawn acute criticism from Evgeny Morozov:

http://www.commonwealthclub.org/events/2014-04-10/evgeny-morozov-big-da…
Big Data, Small Politics: Algorithmic Regulation and Its Pitfalls
Evgeny Morozov
10 Apr 2014

Another point worth making when you lobby Congress: the foundation of Judeo-Christian ethics, the Golden Rule, states "do unto others as you would have them do unto you" (hence, don't make unprovoked attacks, unless you want to invite like treatment from other parties). In his recent book, the well known American philosopher T. J. Kaczynski proposes to add a rider which I regard as a very dangerous innovation: "but it is OK to harm someone if you think he is going to harm you" (paraphrasing).

But of course this principle, which would authorize all manner of "pre-emptive strikes", is precisely the principle invoked by PM Benjamin Netanyahu (and John Bolton and...) when they urge a military assault on Iran:

http://www.huffingtonpost.com
John Bolton Wants Israel to Attack Iran
Allison Killkenny
25 May 2011

And this is precisely the principle FBI wants "authority" to apply to ordinary citizens, when it sends malware to everyone visiting a HS, on the principle that any of those people might be "doing something wrong". And this is precisely the modification which FBI Directory Comey will enshrine in US law, unless all of the following occur:

o CISA fails to pass,

o the proposed change to Rule 41(b) is prohibited by an Act of Congress,

o the recent EO declaring a "national emergency" and authorizing eternal cyberwar on ordinary citizens is successfully challenged in the US Supreme Court.

It is not very surprising that Comey has closely studied the writings of Kaczynski, but it IS surprising that he has enthusiastically and uncritically adopted the ethics of the "Unabomber".

What does it mean when the chief law enforcement officer of the sole superpower believes it is necessary and appropriate to use the ethics of the prison yard (which Kaczynski specifically cites as his inspiration)? It means that if Comey gets his way, this is what the future holds for us all:

http://thecontributor.com/everything-wrong-us-prisons-one-picture
David Fathi
Everything That Is Wrong With US Prisons in One Picture
7 Apr 2015

April 09, 2015

Permalink

As Tor Project becomes more politically active, should it consider joining coalitions like this?

https://www.eff.org/deeplinks/2015/04/new-coalition-site-fight215org-la…
New Coalition Site Fight215.org Launches to Amplify Opposition to the NSA’s Mass Surveillance
Nadia Kayyali
8 Apr 2015

Going even further

o should Tor Project endorse candidates?

o should Tor Project join HRW, EFF and others in letter-writing campaigns seeking the release of specific imprisoned bloggers in oppressive countries such as Bahrain, Iran, Vietnam, Russia, China, USA?

Should we discuss pros and cons in deciding how far the Project should go in taking a stance on political topics?

My first thoughts, for what it is worth, is that the Project should join some carefully selected coalitions seeking, by political means, to thwart NSA's desire to conduce eternal dragnet surveillance of all peoples everywhere.

April 09, 2015

Permalink

> in the spirit of Banksy, a public memorial honoring Edward Snowden has just been dedicated in NYC

Also, in the spirit of the "liberty poles" which sprang up all over British America in 1775:

https://en.wikipedia.org/wiki/Liberty_pole

The redcoats reliably responded much as NYC Parks & Rec responded earlier this week to the Snowden monument, by attacking the poles with an axe. In NYC, in 1775, the People responded by erecting their next liberty pole inside an iron cage, which proved capable of resisting the destructive efforts of the British occupying forces.

"Oi", you say, "poles springing up all over America?!" I can't reply "get yer mind out of the gutter" because the Roman version of the liberty pole-- most American revolutionary war iconography referenced the Roman republic-- certainly derives from fertility rituals. This is the kind of semi-naughty fact which tends to be omitted from American textbooks, but which might make history class seem momentarily interesting so some students.

Strange as it may sound, NSA bosses have expressed great concern that all those d**k pics are corrupting the morals of their often youthful operatives. This is why they put out a gravely serious tender seeking improved d**k pick filtering software for XKeyscore.

Strange times, strange times.

April 10, 2015

Permalink

http://www.theregister.co.uk/2015/04/10/us_intel_china_ban/
US govt BANS Intel from selling chips to China's supercomputer boffins
Iain Thomson
10 Apr 2015

This kind of ban seems likely to rapidly expand from "hostile states" to NGOs. After enough time for the US public to become accustomed to hearing about bans of "known criminals" [sic], could the USG ban US companies from selling hardware to Human Rights Watch? The Tor or Tails developers? If they can and do, what is our plan?

April 23, 2015

Permalink

Tor users: we are the future!

From

https://www.aclu.org/blog/speak-freely/generation-snowden
Generation Snowden
Anthony D. Romero
21 Apr 2015

"The message to the authorities could not be clearer: Snowden is not going away. A large and important segment of our society sees Snowden as hero and whistleblower — and its members are the future... When millennials translate their political ideals into public policy, the future will be more in the spirit of 1776 than 1984, and Snowden will assume his place in American history as whistleblower and patriot. The establishment might not like him now, but one day, it will erect a monument honoring him."