The Tor Social Contract

At The Tor Project, we make tools that help promote and protect the essential human rights of people everywhere. We have a set of guiding principles that make that possible, but for a long time, those principles were more or less unspoken. In order to ensure that project members build a Tor that reflects the commitment to our ideals, we've taken a cue from our friends at Debian and written the Tor Social Contract -- the set of principles that show who we are and why we make Tor.

Our social contract is a set of behaviors and goals: not just the promised results we want for our community, but the ways we seek to achieve them. We want to grow Tor by supporting and advancing these guidelines in the time we are working on Tor, while taking care not to undermine them in the rest of our time.

The principles can also be used to help recognize when people's actions or intents are hurting Tor. Some of these principles are established norms; things we've been doing every day for a long time; while others are more aspirational -- but all of them are values we want to live in public, and we hope they will make our future choices easier and more open. This social contract is one of several documents that define our community standards, so if you're looking for things that aren't here (e.g. something that might be in a code of conduct) bear in mind that they might exist, in a different document.

Social goals can be complex. If there is ever tension in the application of the following principles, we will always strive to place highest priority on the safety and freedom of any who would use the fruits of our endeavors. The social contract can also help us work through such tensions -- for example, there are times when we might have a need to use tools that are not completely open (contradicting point 2) but opening them would undermine our users' safety (contradicting point 6). Using such a tool should be weighed against how much it's needed to make our technologies usable (point 1). And if we do use such a tool, we must be honest about its capabilities and limits (point 5).

Tor is not just software, but a labor of love produced by an international community of people devoted to human rights. This social contract is a promise from our internal community to the rest of the world, affirming our commitment to our beliefs. We are excited to present it to you.

1. We advance human rights by creating and deploying usable anonymity and privacy technologies.

We believe that privacy, the free exchange of ideas, and access to information are essential to free societies. Through our community standards and the code we write, we provide tools that help all people protect and advance these rights.

2. Open and transparent research and tools are key to our success.

We are committed to transparency; therefore, everything we release is open and our development happens in the open. Whenever feasible, we will continue to make our source code, binaries, and claims about them open to independent verification. In the extremely rare cases where open development would undermine the security of our users, we will be especially vigilant in our peer review by project members.

3. Our tools are free to access, use, adapt, and distribute.

The more diverse our users, the less is implied about any person by simply being a Tor user. This diversity is a fundamental goal and we aim to create tools and services anyone can access and use. Someone's ability to pay for these tools or services should not be a determining factor in their ability to access and use them. Moreover, we do not restrict access to our tools unless access is superceded by our intent to make users more secure.

We expect the code and research we publish will be reviewed and improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute this information. We also design, build, and deploy our tools without collecting identifiable information about our users.

4. We make Tor and related technologies ubiquitous through advocacy and education.

We are not just people who build software, but ambassadors for online freedom. We want everybody in the world to understand that their human rights -- particularly their rights to free speech, freedom to access information, and privacy -- can be preserved when they use the Internet. We teach people how and why to use Tor and we are always working to make our tools both more secure and more usable, which is why we use our own tools and listen to user feedback. Our vision of a more free society will not be accomplished simply behind a computer screen, and so in addition to writing good code, we also prioritize community outreach and advocacy.

5. We are honest about the capabilities and limits of Tor and related technologies.

We never intentionally mislead our users nor misrepresent the capabilities of the tools, nor the potential risks associated with using them. Every user should be free to make an informed decision about whether they should use a particular tool and how they should use it. We are responsible for accurately reporting the state of our software, and we work diligently to keep our community informed through our various communication channels.

6. We will never intentionally harm our users.

We take seriously the trust our users have placed in us. Not only will we always do our best to write good code, but it is imperative that we resist any pressure from adversaries who want to harm our users. We will never implement front doors or back doors into our projects. In our commitment to transparency, we are honest when we make errors, and we communicate with our users about our plans to improve.

k239

August 13, 2016

Permalink

"Saying "Whenever feasible" with regards to open independent verification implies that it might not always be possible to do so. If an independent entity cannot verify the source code, it is not open. Thus contradicting the first statement."

k239

August 14, 2016

Permalink

Speaking as user who depends upon Tor for almost all on-line transactions:

Overall: very happy to see it is thoughtfully written and anticipates many possible future problems. Thank you!

Some point by point comments:

1. Love the lede: framing the TP mission in terms of HR is exactly right and what I hoped to see when I first suggested a statement of core values.

2. Very wise to anticipate that there might be emergency circumstances where you need to hold something back. Also you need keep bridge IP's nonpublic until a better censorship-evasion strategy is available.

But here is one embarrassing thing you should *not* hold back: "We messed up big time when we hired someone who turned out to be a CIA agent to write code; we should have realized who he worked for an not hired him in the first place, but when we learned who he was, we fired him".

Since that embarrassing thing has already occurred, please make that post telling the official TP story of what happened.

Here is another thing (which I hope has not yet occurred) which you should *not* hold back: if you receive an NSL.

Someone needs to simply break that gag order by screaming to the world. In my judgment, FBI would not dare to actually imprison you all. But I admit that I would not be the one risking the DOJ's frightening wrath. (Eric Holder wanted to put Snowden on the death list, and there are probably other US citizens on the list, maybe even citizens living inside the USA.) But speaking of Snowden, someone who had the NSA documents proving the extent of NSA's "Collect it All" programs needed to leak them, and someone very courageously did just that. (Thank you, Edward!) In the same way, some NGO (Debian?) or company which has received an NSL needs to very courageously leak it, putting the well being of their fellow humans ahead of their own well-being.

3. "The more diverse our users, the less is implied about any person by simply being a Tor user." Hear! Hear!

4. "We are not just people who build software, but ambassadors for on-line freedom." Yes!

5. "We never intentionally mislead our users nor misrepresent the capabilities of the tools, nor the potential risks associated with using them. Every user should be free to make an informed decision about whether they should use a particular tool and how they should use it." Excellent, thank you!

It would be very helpful if Tor developers somehow found time to post explainers in this blog, addressing such points as pros and cons of disabling Javascript entirely, pros and cons of using i2p (in Tails), overview of how Tor uses different kinds of crypto and what might be future and current dangers to Tor users, overview of the coming quantum crypto threat, overview of the situation with helping users find bridges anonymously...

6. "We take seriously the trust our users have placed in us. Not only will we always do our best to write good code, but it is imperative that we resist any pressure from adversaries who want to harm our users. We will never implement front doors or back doors into our projects." Hmm...

You chose your words carefully and it worries me that once again by omission you seem to imply that TP *has* been served with an NSL. Once again you missed an opportunity to flatly state that you have never received an NSL, implying that you have. Which leaves Tor users wondering: what are the implications for our safety?

k239

August 14, 2016

Permalink

> I stand with torproject and debian, anyday. They are part of the solution, not the problem.

I am worried about a few phrases which raise serious doubts in my mind (about the Chasteen affair, whether or not TP has received an NSL with an eternal gag order), but on the whole I think this statement is much needed, long overdue, and came out pretty well.

I am also *very* encouraged by the fact that Tor Project is working much more closely with Debian Project. In fact for years I tried to urge both projects to collaborate more closely, something which now seems to be happening.

I am also very encouraged to see TP adopt promoting HR (human rights) as their central goal, and paying much more attention to the political side of the struggle against FBI's demand for backdoors, etc., also things I advocated for years.

I would like to urge TP to start thinking about as a grand vision for the future.

Some things I'd like to see TP, EFF, Amnesty, MSF, RSF, FOTPF, ACLU take a hand in promoting:

o a privacy industry (the drone industry has been grown with USG help, so why not privacy?, TP should say; USIC and FBI be damned, TP should tell congresspeople, the electorate wants jobs jobs jobs!); maybe FEC, FCC, the privacy caucus in the US House of Reps can help?; maybe Democratic congresspeople will be more friendly to privacy issues, to encrypted citizen/politician comms, to cybersecurity for HMOs, HIEs, small-government-agencies, small-NGOs, small-ISPs, small businesses following the DNC hack?

o a citizen owned and volunteer operated wireless mesh network, to help evade evil telecoms which want to force people to pay premium for even modest privacy protections, and to help them evade "smart city" dragnet microsurveillance; such meshes can leverage SDR (software defined radio) technology; maybe NIST can help?

o a trustworthy company which makes and sells to consumers inexpensive readily available RF (radio frequency) spectrum scanners (using SDR); I like TP as a non-profit NGO but perhaps if funding diversity is falling short we should think about spinning off a company which makes and sells things, but which might be somewhat trustworthy via its connection with TP; my idea is that the best way to check your WiFI capable devices are not making mysterious connections is to look at RF signals originating very near your own location; notice that this will be useless unless accompanied with lots of (currently very arcane) reliable information about what "normal" RF signals look like and how they probably originate, or the users will overwhelmed by false positives; compare Edward Snowden's recent venture,

o trustworthy companies which sell various other privacy enhancing devices, such as Faraday screens, laptops/phones/routers made with more secure chips, more secure removable storage devices, audio bug transmission detectors, radar retroreflector detectors, surveillance drone detectors, facial-identification countermeasures (assume the face of a different popular culture celebrity every day?; maybe Revlon can help?), gait-changing footwear, humanoid robots for identity exchange, drone-shoot-down technology...,

o taking a leaf from Collect-it-All, why not Audit-it-All?; maybe NIST and the privacy caucus can help try to secure funding? (I have no connection whatever with an NSA-founded company which says it is already trying to Audit-it-All, and I urge skepticism concerning their motives, but I recognize that in principle some NSA spin-offs might inadvertently do some good despite being basically evil),

o inexpensive microscopes and micro-dissection kits (is that an Argentine ant or a Chinese cicada?).

k239

August 15, 2016

Permalink

TOR as it is now is so unstable in the LINUX environment, that for lack of a nicer way to put it, you guys are getting as bad as MicroSnarf with releasing bad code that just doesn't cut it.

in the near term I am contemplating just ditching TOR because it sucks so bad and makes my LINUX system very unstable in the graphics environment. It's just a sure bet that your half baked coding is just not ready for prime time live.

"we are honest when we make errors" really should be; "we recklessly release bad code and hope you won't notice how unstable your platform is when you run it.."

guys, get a clue. you really are falling on your swords.

> TOR as it is now is so unstable in the LINUX environment, that for lack of a nicer way to put it, you guys are getting as bad as MicroSnarf with releasing bad code that just doesn't cut it.

I think your ire is misplaced. It appears to be true that as the Linux kernel gained popularity over the past decade, and as huge tech companies started to help to rewrite it, the kernel has become less stable and more vulnerable (certainly it has gotten much much larger). But even if you accept this statement, you should not blame TP, which is not responsible for the care and feeding of the kernel.

I use Debian and while I have noticed an increase in instability (in applications, not the kernel!), I certainly would not advocate avoiding Debian. Quite the contrary, both Debian Project and Tor Project deserve much credit for their increasingly close coooperation, a development which is surely unwelcome among the criminal element (state-sponsored or not).

k239

August 15, 2016

Permalink

One way to defend against NSLs might be to have some of the development and project people working in a partnered non-subsidiary organization residing outside USA jurisdiction, and mirroring all internal docs automatically. Non-USA staff would have an ongoing awareness and automatic copies of docs received, and could post (or at least leak) stuff without legal consequence.

k239

August 16, 2016

Permalink

French government considers law that would outlaw strong encryption
https://www.dailydot.com/layer8/encryption-backdoors-french-parliament-…

Some interesting comments and some absolute rubbish; but the main point of concern for me is why I've visited this site in the first place.

A user in my company has come to me with their c drive encrypted - having further inspected the read me .txt file, it explains that in order to de-crypt the files we need to visit and download Tor Projects Browser - to which we are directed to the website via the txt doc!?!

I've had to deal with a crypto locker outbreak twice this year, so we have backups and its no big deal. Having messaged Tor on Twitter, they responded by private messaging me - I responded back with a non PM and now you're no longer answering me .... its not my fault if you don't like the association of Ramsome ware!

The final and worse part is you telling me its "criminals" that have encrypted the drive and not Tor - which is correct I'm sure its not Tor, but when I need your software to de-crypt the users data?!?! That association comes back into play as above!

The only logical thought is the so-called "Criminals" feel Tor needs a boost in downloads - how nice of them criminals!!

I am sorry that you are forced to deal with malicious and destructive software.

Criminals use roads, post offices, telephones, Internet and also Tor. Again, we still are sorry about it.

The creator of the ransomware you are facing is the one who decided that you would need to communicate to them using Tor. We have never asked to be in the documentation you've been reading. The social contract above explains why we are making Tor. Most users of Tor need to protect their freedoms online, and they surely do without harming others.

Tor is a non-profit. All software currently released by Tor is available free of charge. We have no financial interests in having more downloads. We would prefer a world without ransomware, and we wish their creators would never have discovered Tor. Meanwhile, we can't modify Tor to prevent them to use Tor without endangering everyone else. It doesn't mean they can't be stopped: this is what criminal investigators do.

Hmm, so a criminal is exploiting Tor so that you are made to pay a ransom in a way that can't be traced back to that criminal? I've heard of this...

Someone recently told me they had been a victim of ransomware: some message popping up saying install Tor, visit such and such hidden .onion website, pay $amount BItcoins and only then get back an unlock code to decrypt the locked files.

As it turned out, the writer of the ransomware was so inept that the victim couldn't even enter the PIN to unlock the screen to his Android tablet to do so. Later, the victim told me he had found a way on the internet to 'reset' that whole thing.

I read a blog a few weeks ago that a lot of ransomware encryption is actually very weak, so why not research this instead of raging at Tor? Of course, this weakness won't last.

Still ...

1. "... but when I need your software to de-crypt the users data?!?!" Um, no? You're being made to use Tor to make an 'untraceable' payment. It may well stipulate Bitcoin, though actually Bitcoin transactions are always traceable (the criminal's probably misunderstood this).

2. If so, why not rage at Bitcoin as well as Tor as the criminal used that as well?

3. "A user in my company has come to me with their c drive encrypted ..." Sigh. The source of the problem, really? I've read that 'reputable' companies are stocking up with Bitcoins ready to pay those ransomware purveyors quickly lest files critical to business operations suddenly become locked. One has to wonder what the OpSec policy is here, maybe: "let's just stockpile Bitcoins to pay off the crims, so that we don't have too think too hard about our employees browsing rando sites with unbridled Javascript running cross-site scripts sourcing rando adverts (the commonest source of malware) on office PCs running unsecured out-of-the-box MS Windows."

> I've had to deal with a crypto locker outbreak twice this year, so we have backups and its no big deal.

It is unfortunate that cybersecurity is so hard, because smaller companies and NGOs cannot realistically hope to hire the very expensive individual help from a genuine expert which they would need to protect their networks.

The situation is frustrating and seemingly intractable, but my sympathy with beleaguered semi-pro sysadmins ends when they issue horribly ill-informed attacks on Tor Project. As lunar said, everyone benefits from postal services (despite the fact that some people misuse the mail), transit systems (despite the fact that some people drive drunk), and the internet (despite the fact that some people misuse it).

I, for one, welcome our new overlords.

One issue I have with my tor browser is that it travels overseas and back to the us. It seems like it would be better to have a tor center in St Louis that scrambles everything. Also, a lot of websites work poorly with Tor. Blogger from Google is such a set. A list of news sites and community sites that are Tor friendly would be great. Maybe a Tor badge to id them up front.

Why is it an issue that your internet traffic traveels overseas and back? (The Tor Browser doesn't 'travel' obviously ;).)

Also, have you read any of the Tor info about why Tor uses no less than three relays, and why these should be beyond central control in their selection and their management?

I agree it would be great if popular sites would care about being more Tor friendly. Facebook have already made that move by using an Onion site. Sadly, most big sites have business models firmly aimed at the naive, who run standard configurations that give everything up about themselves to these business models to exploit and never realise it.

>Facebook have already made that move by using an Onion site
Yes but it is useless as requires javascript so they can still trace you.
Google are watching you!!!

Yes, exactly, but this is what I meant. Facebook using an onion service shows a proof of concept that it can be done (I think it was Alec Muffett (@AlecMuffett) who arranged this). Javascript is the other major problem of big sites being Tor unfriendly, and it's a major part of their enforcing a 'standard' configuration ("Please enable Javascript!") that Google et al. get to exploit.

St. Louis, really? Where NSA maintains an "upstream" dragnet collection system?

They are easy enough to find, and reasonably priced, depending
on brand name. For avoiding this, a wise business owner can take several
effective stop in order to reduce more his promotional expenditures.

what is mean tbh can does ../ mean

Microsoft, Mozilla and other browser vendors have installed root security certificates that have passed their
requirements. It is because I am living true to creating the
future, healthier me, and this requires the discipline to delay.

Please use WARRANT CANARY for your website. Very easy to do. This will help us.

I am VERY worried that Tor was corrupted if they received a NSL. The governments are getting too strong now and this is a scary time!!

Help your users. Warrant canary will do much to help!!

Please..

So I was mentioning that one of the Tor developers (Isis Lovecruft) has a warrant canary on her personal website, and she recently removed herself away from the USA to avoid a possible NSL from the FBI. Her canary last six months a time.

I was wondering if that means we have to wait up to six months bar one day to learn that a NSL was delivered if it was done so on day 1 of the canary's life.

Should Tor Project choose a canary with shorter lifecycle (monthly, weekly, ...)? Should there be one for the whole project, or one per employee?

Tor is developed by multiple people all over the world, not one set of individuals. Because it is open source software, it is not very easy to get a backdoor inserted into well-reviewed open source software without anyone noticing. For example, there was an attempt at a backdoor in Linux years ago, but it was noticed before it was ever released, and Linux is far more bloated and harder to audit than Tor.

Also, there are a lot of misunderstandings going around about how NSLs work. NSLs don't give the government the power to force someone to add code to a project. NSLs are not magic. And think about it... If they were powerful enough to force someone to add malicious code to their project, they could also force someone to continue to update a warrant canary.

At this point, try OK, but never ever assume privacy and or security regardless.

A clearer explanation of Snowden's theory of how the Equation Group malware was grabbed by an unknown actor in 2013:

http://www.theregister.co.uk
#Shadowbrokers hack could be Russia's DNC counter-threat to NSA
Claimed NSA hacker outfit Equation group confirmed to be breach victim.
17 Aug 2016
Darren Pauli

> One of the most interesting hacks in recent memory is almost certain to be a compromise of infrastructure operated by an ultra-elite hacking group thought to be the United States' National Security Agency.
> ...
Initial analysis by the likes of Kaspersky Labs, NSA whistleblower Edward Snowden, and a host of independent security researchers shore up claims by a hacking group calling itself Shadow Brokers that the exploits and toolsets it hopes to auction for millions of dollars in Bitcoins are legitimate Equation group weaponry. Kaspersky Labs last year revealed the Equation group to be what strongly appears to be a state-sponsored actor. Many in the security industry agree, based on deep analysis of this group's activities, that it is highly likely to be a wing of the National Security Agency given a series of very striking operational and technical similarities.
> ...
> "This code similarity makes us believe with a high degree of confidence that the tools from the ShadowBrokers leak are related to the malware from the Equation group," researchers from Kaspersky Labs' GReAT research team say. The team's confirmation is based on "highly specific crypto implementations" which link the files in the online dump to those found as part of the February Equation Group research.
>
> The breach, if Kaspersky's analysis is correct, does not mean the NSA has been hacked or compromised in a traditional sense. Rather it appears likely the hack is a 2013 compromise of a command and control server which harboured the dumped tools and exploits, a feat which intelligence boffins say is not uncommon. Analysis of time stamps shore up the argument. The last known file access date of around June to October 2013 coincides with the time Snowden fled the US to reveal the extent of the NSA's global spying apparatus. The former NSA analyst explains that the agency may have cycled servers used in offensive operations after he fled out of caution, an act that would have cut off any attacker with a foothold in command and control boxes.
> ...
> Snowden suggests the auction is a ruse, and attackers are using the dump as a warning shot to the NSA.

So long as the Torproject's web presence isn't covered by a credible kinda "canari", oft enough updated and that could be validated using some kind of easily verifiable cryptographic hash or signature, it is impossible to trust anything Tor does, say or offer. Of course, the absence to this day of such a system COULD signify that the TP is already pwned. I'm ot saying it is but by all means, DO NOT TRUST Tor for anything serious UNTIL such a mechanism exist and be fully explained, maintained and independently reviewed & validated.

On the warrant canary, plus one.

> DO NOT TRUST Tor for anything serious UNTIL such a mechanism exist and be fully explained, maintained and independently reviewed & validated.

This advice is useless unless you can suggest a superior alternative. An open source tool which is well maintained by an expert trusted team and has recently been independently audited by a highly regarded team of security experts.

The answer is not to stop using Tor. The answer is to try to help make TP better, which will help ensure that TP is able to continue to improve its products, such as Tor Browser, Tor Messenger, Selfrando, etc (many of which can be reused in other open source projects once a privacy industry is established).

canari warrant is finished : it was a test.
tor can be trust for serious taff but i agree with you about an independent audit even if the real problem is more about global survey or fake node/relay than the tor project ...

@Shari:

I see a growing consensus joining me in calling for TP to use warrant canaries.

If the problem is that TP has long been laboring under a secret NSL with gag order, TP needs to call a press conference in Berlin or Stockholm and *reveal it*.

Normally I would urge you to listen to lawyers, who will of course feel obligated to advise against such a risky step, but in this case I make an exception. I feel that the NSL eternal gag order is politically speaking the weakest point of the Patriot Act statues, the one most likely to fail if challenged. So weak that the first NGO which violates the gag order will, I believe, find that DOJ will discover some face saving reason why it doesn't after all care that the NSL was revealed. We users also need to know the scope of what information the USG has been demanding.

I have a question: It is disabled by default webrtk support in tor?
If it enabled in Tor Project, then better use a clean firefox with your real ip, same shit.
I use some extra addons. from my experience they are safe and open source, you can find them in firefox addons page, where you can read more about they do.
I think this addons must come by default in Tor Browser.
1. No Script
2. BetterPrivacy
3. Disable HTTP Referer at Startup
4. Disable WebRTK
5. Disconnect
6. Disconnect Search
7. HTTPS Everywhere
8. Privacy Badger
9. Random Agent Spoofer
10. Refferer Control
11. Self-Destructing Cookies
I tested my browser for leaks, i have no leaks. What you belive about this addons.
WebRTK leak your DNS and IP if it is enabled even if you use Tor Project or any VPN, and webRTK are enabled by default in most browsers like firefox, chrome, opera, safari etc.
WebRTK test --> https://diafygi.github.io/webrtc-ips/
Stay Safe bro, the StuxNet are free and he learn, develop himself day by day.

Why is this more "sticky" than the information that the master Tor bridge authority has been changed, a change that needs to go into effect for bridges by the end of this month?

These are nice sentiments, but getting the code to continue to work and to keep updating it for emerging threat profiles is much more important, and it's that stuff that deserves to be "sticky" instead.

I get bridges from bridges.torproject.org. Most of them seem to be down out of the box but a few seem to work for weeks. But in past month, whenever I connect (using current Tails), I often see a mysterious all zeros line in Onion Circuits which never completes any circuits. Any idea what is going on with that?

Someone has proposed a "strike" by relay operators to protest the firing of (someone who can perhaps not be named in this blog?).

See tor-relays thread:

https://lists.torproject.org/pipermail/tor-relays/2016-August/009998.ht…

Comments:

1. This situation happened only because TP had no real leadership or employee policies until Shari took over. That would be water under the bridge except that she has not clarified whether the people who hired DC are still involved with TP HR issues. Those people need to be closely supervised by Shari because they have made serious errors which have almost crippled TP.

2. Thanks to DC's legal threats (apparently), the whole JA/DC situation became so f'd up that no justice will ever be possible for anyone. Very possibly, TP's hands have been tied by a forever mysterious/secret out of court settlement with DC. Who was outed as a CIA agent by... JA. Makes you wonder what is really going on....

3. Shari and other TP leaders need to be vigilant going forward against the next attempt by an intelligence agency (could be US, RU, CN, FR, PL, SY, DE, DK, etc) to plant a mole inside TP, or to disrupt TP.

4. It is critically important that TP find a jurisdiction where employee law allows TP to state that anyone applying to work at TP who fails to disclose "under cover" jobs or lies on resume for any reason, even if a former employer requires them to lie, will be fired immediately when the deception is uncovered. (C.f. "the DC loophole": aka "I wanted to tell you the truth about my real work in Iraq, but CIA told me couldn't".) Claims of good intentions are no excuse. Unless you are Snowden or Kiriakou, you can't quit CIA on Monday and start working at Tor Project on Tuesday without telling TP you are a USIC agent. That is not and never could be acceptable to at-risk Tor users around the world.

5. I too am worried by all the signs suggesting that USIC finally got its way by "neutralizing" JA. I too am worried that the people who spoke up most forcefully for firing him may have ties to USIC (CMU, Cymru, although clarifications would always be welcome, hint, hint). At the same time, a "strike" would give FBI what it wants, by neutralizing Tor, so that's obviously out of the question. As several people said, the situation stinks of USIC manipulation, but at risk users (an exponentially growing group!) need Tor so badly that their needs must come first.

6. The Social Contract is excellent first step towards preventing existential problems in future.

7. Someone complained about all new board but I think new board has very impressive credentials, modulo some reservations about USG ties one or two members.

8. If TP is under NSL, someone brave who we all know works for TP (RD maybe?) needs to call a press conference in Germany or China and reveal all. Your lawyers will give you different advice, but I believe DOJ would find face saving way to avoid trying to charge you with a felony. ("Oh, we thought that NSL expired long ago".)

Excellent, well-balanced article profiles Herd, Pond, Riposte, Vuvuzela/Alpenhorn, Dissent:

http://arstechnica.com/security/2016/08/building-a-new-tor-that-withsta…
Building a new Tor that can resist next-generation state surveillance
Tor is an imperfect privacy platform. Ars meets the researchers trying to replace it.
J.M. Porup (UK)
31 Aug 2016

> ...
> After interviewing numerous leading anonymity researchers for this article, one thing becomes clear: Tor is not going away any time soon. The most probable future we face is a world in which Tor continues to offer a good-but-not-perfect, general-purpose anonymity system, while new anonymity networks arrive offering stronger anonymity optimised for particular use-cases, like anonymous messaging, anonymous filesharing, anonymous microblogging, and anonymous voice-over-IP.
>
> Nor is the Tor Project standing still. Tor today is very different from the first public release more than a decade ago, Mathewson is quick to point out. That evolution will continue.
> ...

OT in this thread, but topical in this blog:

James Comey is warning that:

1. he plans to spend the next few months "collecting evidence" that the world is:"Going Dark" (apparently he means he will be collecting anecdotes from US police departments about all the phones they seized but cannot unlock),

2. next year, he intends to push harder than ever for mandatory backdoors.

Weary reporters were mostly unable to crack a smile at Comey's latest tag line:

https://www.theguardian.com/technology/2016/aug/31/encryption-fbi-build…
Encryption: FBI building fresh case for access to electronic devices
James Comey, the agency’s director, says it is gathering information in preparation for ‘adult conversation’ on balancing privacy with need to fight crime
31 Aug 2016

> “The conversation we’ve been trying to have about this has dipped below public consciousness now, and that’s fine,” Comey said at a symposium organised by Symantec, a technology company. “Because what we want to do is collect information this year so that next year we can have an adult conversation in this country.”

techdirt.com facepalmed:

> Oh, James Comey. The FBI Director seems to have staked out his reputation on being the guy who will go to his grave refusing to understand what basically every technology expert has been telling him for the past couple of years: his desire to backdoor encryption will make everyone less safe. But Comey is pot committed on his belief that encryption is bad and that Silicon Valley just needs to nerd harder and it'll somehow come up with encryption that has a magic golden key for him. His latest is saying that it's time for an "adult conversation" on encryption:

And our favorite vulture is certainly growing exasperated with idgits!

http://www.theregister.co.uk/2016/08/31/fbi_wants_adult_conversation_ab…
FBI Director wants 'adult conversation' about backdooring encryption
How about f**k off – is that adult enough?
Iain Thomson
31 Aug 2016

Yes, it's getting harder than ever to take James Comey seriously. It is all too easy to conclude that he has set himself such a sissyphean task that we can safely dismiss him as a harmless idiot.

After all, given all the recent hacking of alleged politician-owned devices, potential altering of US election outcomes, etc, which Comey's own agents claim they are "taking sreiously", it seems that people like Nancy Pelosi might finally be starting to understand that the world needs more encryption and more importantly much better device security, not more zero-day hoarding or NSA/TAO attacking, still less mandatory encryption backdoors.

But we should not be lulled by Comey's (calculated?) foolery into dismissing his attempts to induce the US Congress to mandate encryption backdoors or device insecurities, since Congress might well be persuaded by cynical party leaders to pass a very broadly written law which exempts Congress from FBI hacking or snooping, but otherwise authorizes FBI to order companies to do whatever FBI wishes to whomever they name (dozens or billions of people), all in utter Patriot Act type secrecy--- that way, when the financial system collapses, the legislators can claim they realized they wouldn't understand what they were voting for if they voted for a law which defines terms and spells out procedures, so they voted for a vague law in hope federal agencies would "figure it all out".

But of course it is the responsibility of Congress to figure out policy issues, even when these issues involve technology. And some members (e.g Ted Lieu) do have tech credentials. So we mustn't let Congress get away with simply ducking debate or pleading ignorance. If they are ignorant, they are not doing their job right and they should be fired.

Some of us keep trying to warn that the most important question begged by the Snowden leaks is the question of what USG plans to *do* with all that data it is collecting about al of us. And the answer is: predictive behavioral analysis, personalized algorithmically decided sanctions for individual citizens who stray from the Party line, even preventative detention for persons suspected of potential future misdeeds, or even potential future thoughtcrime. And the first victims will be the Usual Suspects, prosecuted under a sheen of Scientific Authority and alleged impartiality which only slightly disguises the customary racist and economic disparities which are endemic in the US "justice" system:

https://www.aclu.org/blog/speak-freely/predictive-policing-software-mor…
Predictive Policing Software Is More Accurate at Predicting Policing Than Predicting Crime
Ezekiel Edwards, Director, ACLU Criminal Law Reform Project
31 Aug 2016

https://www.teamupturn.com/reports/2016/stuck-in-a-pattern
Stuck in a Pattern
Early evidence on "predictive policing" and civil rights
August 2016
A report from Upturn
David Robinson & Logan Koepke

The new Jim Crow indeed.

Tor can help prevent it from happening, or at least to slow it down.

I don't believe you anymore, you are making Censorship as well.

Sorry for the somewhat off-topic yet important request :
can you please urgently change whoever (google?) is providing the 'antirobot" challenge at bridges.torproject.org. I for one can't for my salvation solve the challenge even once, so the page is totally useless ! All the more so ludicrous that I suspect actual robots would be better able to solve the challenges.

If you can't change providers, at least try to change the actual parameters, if possible. The present thing is unreadable to a normal human, IMO.

1. Tor has a diverse funding.
2. USA funding doesn't contradict Tor goals.
3. For the US Tor permits to overthrow anti-US regimes.

Do we know more about (3)?
What happen when such regimes are overthrown?
What is the US Agenda?