phobos's blog

Tor Check Outage on 03 and 04 July 2013

Over the past 24 hours https://check.torproject.org has been unavailable due to excessive DNS queries to the exitlist service. It seems there are a number of individuals and companies with commercial products relying upon this volunteer service. We finally hit the point where we couldn't keep up with the queries and simply disabled the service.

This is a volunteer service offered as a proof of concept. We strongly encourage people to run their own. The code is available at https://svn.torproject.org/svn/check/trunk/.

The new Tor Browser 3.0 alpha series includes a new way to detect "tor or not" locally, without relying on a single point of failure service. This is the first step towards finally retiring check.torproject.org for good.

As of 09:00 on 04 July 2013, the service is re-enabled. We reserve the right to take it down as needed without notice.

A weekend at New England Give Camp

Trip Report for New England Give Camp 2013

I spent the entire weekend with New England Give Camp at Microsoft Research in Cambridge, MA. I was one of the non-profits, representing ipv tech, Tor, and offering myself as a technical volunteer to help out other non-profits. Over the 48 hours, here's what I helped out doing:

  • Transition House
    • Help evaluate their IT systems
    • Look at, reverse engineer, and fix their Alice database system
  • Emerge
    • Update their wordpress installation
    • Help fix the rotating images on the site
  • ipv tech
    • Hack on fuerza app
    • Get fuerza into a git repo, now here at gitorious
    • rewrite the app to be markdown and static files to work offline
  • Children's Charter
    • Help resurrect their hacked WordPress installation and build them a new site.

I also did a 30 minute talk about technology and intimate partner violence. Over the past few years, I've seen every possible technology used to stalk, harass, and abuse people--and those that help them. I'm helping the victims and advocates use the same technologies to empower the victims and turn the tables on the abusers in most cases. The ability to be anonymous and be free from surveillance for once, even for an hour, is cherished by the victims and affected advocates.

Our team was great. Kevin, Paul, John, Bob, Carmine, Adam, and Sarah did a great job at keeping motivated, making progress, and joking along the way. Microsoft, Whole Foods, and a slew of sponsors offered endless food, sugary drinks, beautiful views, and encouragement throughout the weekend.

Cambridge Community Television interviewed me at the very end of the event. There's also a Flickr group full of pictures.

Overall it was a great experience. I encourage you to volunteer next year.

Trip Report: White House Forum to Combat Human Trafficking

Trip Report White House Forum to Combat Human Trafficking, 09 April 2013

I was invited to attend the White House Forum to Combat Human Trafficking. I've been part of a task force to look at the role of technology in human trafficking. Secretary of State John Kerry sent a video since he was in another country at the time. A local Tor volunteer from Cambridge, Massachusetts has White House Press credentials and was able to cover the event. This article is a better writeup and interview, with video, than anything else I've seen covering the event. Interestingly, no other press showed up to cover the event. It seems CCTV Cambridge was the only press covering this White House initiative.

The room was full of a mix of people from law enforcement, human rights organizations, legal firms, and commercial companies. Eric Holder, Attorney General of US, Janet Napolitano, Secretary of DHS, and Cecilia Munoz, Director of Domestic Policy Council, all gave speeches about what their respective organizations are doing to fight trafficking. The US Dept of Health and Human Services is the main organization behind all of this. Their end trafficking site is a fine starting point.

As far as my role, it's been to think about how technology is being used by traffickers and how victims could get help in their situations. Thorn, FAIR Girls, and Polaris are all working on solutions and gathering raw data to support decisions.

I then spent some time talking to various organizations in DC and helping to explain Tor to more law enforcement.

Overall, it was a good day trip to DC.

CryptoParty Stockholm

I attended the Stockholm Cryptoparty on Saturday the 16th of February. I was asked to give the opening talk, "Varför krypto?", to start off the day. My goal was to explain why cryptography should be used daily by everyone in mundane ways. The general topic was about how I watch kids using cryptography daily, without knowing it or without fully understanding the technical details behind it. This is ok. Kids chat a lot. When you introduce Off-the-record to their chats, they instantly understand that the chats are now private, and can be authenticated. The distinction between the two concepts is fairly easy to grasp, even if they don't understand the details of hashes, key exchanges, or ciphers. Once a few core people start using OTR, for example, then it spreads to their friends and soon you have networks of kids using OTR having safe and secure chats.

The simplest three steps people can take to begin using cryptography daily are:

  1. Use https everywhere in your browser.
  2. Use a browser password manager. KeePass is as good as any. The point is to keep username/passwords unique and complex per site/service. The next time LinkedIn or some major site loses tens of millions of passwords, you're protected because it's not the same username and password you used for your gmail, facebook, twitter, banking, and vkontact accounts.
  3. Use Tor for actions you want to keep private. Everything on the Internet leaves a trace. The world knows you're a dog online.

Thankfully, I could give the introduction in English and not have to offend the attendees with my poor Swedish. Linus gave a great Tor talk in Swedish. Overall, the day went well. We had huge pizzas and generally a great time. Many people were new to cryptoparties and new to cryptography in general. It was a great time. As an American, it was nice to see about 50% women attending. There were a number of younger kids learning about all of this too. The cryptoparties I've attended in the USA have been all men and the maybe one girlfriend or wife dragged to the event.

(Unfortunately, the camera recording my talk malfunctioned and corrupted the video. However, other images and videos from the day are available on our media server.

Thanks to DFRI, Sparvnästet, and iis.se for hosting the event and inviting me to attend.

Trip Report: World Bank and Second Muse Domestic Violence Hackathon

Over the weekend, I attended the Hacking against Domestic Violence event in Washington DC, sponsored by the World Bank and Second Muse. I was there to help define problem statements, think about security and privacy risks of the solutions, and to help judge the solutions crafted by the attendees. A total of 10 teams congealed over the weekend. Everyone had creative solutions to the problem statements. Generally the sheer quality of output and enthusiasm was the first thing I noticed about all of the teams and their apps. Everyone in DC focused on mobile phone compatibility, even if their solution worked on the general web itself. There are plenty of photos available from the 7 involved countries.

I ended up spending most of my time with the team working to develop protocols to protect survivors from surveillance. We called ourselves Team Fuerza. The full presentation is available. A volunteer recorded a video of the presentation as well. Related images and videos are uploaded to my Tor people site.

Because I was involved with a team, I volunteered to give up my voting rights on the judges panel to avoid any issues. I then ended up presenting for the team for the status update and final presentation.

Overall, it was a great two days and the team made a lot of progress in a short amount of time. A big thanks to the team (Sarah, Az, Cid, Adriana, Andrew, and Justin), SecondMuse, the World Bank, and all of the attendees for their efforts in holding a hackathon in 7 countries simultaneously.

The World Bank and Second Muse should have their final press release and announcement of the results soon.

UPDATE 2013-02-08: World Bank accounces their press release about the hackathon. Team Fuerza, won the USA hackathon!

Hacking Against Domestic Violence

This January the Tor Project is supporting the Central America Domestic Violence Hackathon. The goal of this effort is to address the challenge of domestic violence by building technology solutions to assist agencies that work to support victims and advance efforts to bring perpetrators to justice.

This is being done by supporting communities on the ground in six Central America countries and Washington, DC. Already some of the organizations involved, including SecondMuse and the World Bank, have worked with these communities to define problems with potential for technical solutions. Next, these problems will be refined and then hacked on at a series of coordinated hackathons on January 26th and 27th, 2013.

We want to invite the Tor community to join us in this process. How can you help? There are two ways:

  1. Join the collaboration around defining strong problems. You can do this by reading the problem definitions and adding your comments, questions, and ideas. These problems have been generated primarily by non-technical organizations and your insight from a technical perspective can be invaluable. This includes feasibility, use cases, privacy and security concerns, existing solutions, and more.
  2. Join us on January 26th and 27th in one of the seven locations: Guatemala, El Salvador, Honduras, Nicaragua, Costa Rica, Panama, or Washington, DC.

We believe we can make a difference on domestic violence, and we need you.

Finally, if you'd like to get involved on a deeper level by organizing a problem refinement event, meeting with organizations in these locations, helping organize a hackathon, or more - contact the team running this project at vdhackathon@secondmuse.com.

Tor Browser Bundle alpha testing with Tor 0.2.4.x-branch

Testing versions of Tor Browser Bundle which include the alpha branch of the core Tor technology, version 0.2.4.6, are available directly from our archive at https://archive.torproject.org/tor-package-archive/torbrowser/tor-browse...

Tor 0.2.4.6 represents a volatile, testing branch of Tor for new and experimental features. A change log is available.

This is a very experimental version, please test and provide feedback at https://bugs.torproject.org.

Transparency, openness, and our 2011 financial docs

After our standard audit, our 2011 state and federal tax filings are available. We publish all of our related tax documents because we believe in transparency. All US non-profit organizations are required by law to make their tax filings available to the public on request by US citizens. We want to make them available for all.

Part of our transparency is simply publishing the tax documents for your review. The other part is publishing what we're working on in detail. We hope you'll join us in furthering our mission (a) to develop, improve and distribute free, publicly available tools and programs that promote free speech, free expression, civic engagement and privacy rights online; (b) to conduct scientific research regarding, and to promote the use of and knowledge about, such tools, programs and related issues around the world; (c) to educate the general public around the world about privacy rights and anonymity issues connected to Internet use.

All of this means you can look through all of our source code, including our design documents, and all open tasks, enhancements, and bugs available on our tracking system. Our research reports are available as well. From a technical perspective, all of this free software, documentation, and code allows you and others to assess the safety and trustworthiness of our research and development. On another level, we have a 10 year track record of doing high quality work, saying what we're going to do, and doing what we said.

The world is moving towards new norms for reduced personal privacy and control. This makes anonymity all that more rare and valuable. Please help keep us going through getting involved, donations, or advocating for a free Internet with privacy, anonymity, and keeping control of your identity.

Syndicate content Syndicate content