Tor's Innovative Metrics Program Receives Award from Mozilla

by karsten | June 22, 2016

Good news for data enthusiasts who trust numbers more than words: The Tor Project has just received an award from Mozilla's Open Source Support program to improve Tor metrics over the next 12 months.

While some analytics programs collect data in ways that violate the privacy of users, Tor's metrics program seeks to keep users safe as we collect and analyze data. We use the data to develop ways to allow more people to access the free Internet via Tor, and we make all data available to the world, so that Tor users, developers, journalists, and funders can see and understand the ways that people use Tor worldwide.

Mozilla's mission is to ensure the Internet is a global public resource, open and accessible to all. Mozilla Open Source Support (MOSS) is an awards program specifically focused on supporting the Open Source and Free Software movement. Their Mission Partners track is open to any open source/free software project undertaking an activity which significantly furthers Mozilla's mission.

Over the coming year, our main goals for this project will be:

1. To make CollecTor (our primary data collection service) more resilient to single-point failures, by enabling multiple CollecTor instances to gather data independently and exchange it in an automated fashion. Doing this will reduce the number of gaps in our data, and make it less likely that an error at one server will make the data invalid.

2. To create an easy-to-use observation kit containing DescripTor (our library for parsing and analyzing Tor servers' descriptions of themselves) together with user-friendly tutorials for evaluating Tor network data. This will make it easier for programmers to write tools that examine historical and current data about the servers that make up the Tor network.

3. To set up more instances of the network status service Onionoo to improve its availability, and work on the most pressing usability issues of the Atlas network status service;

4. To further reduce the amount of sensitive usage data (such as bandwidth totals and connections-per-country) stored on Tor relays and reported to the Tor directory authorities. While we believe that this data is safe the way we handle it today, we believe that improved cryptographic and statistical techniques would allow us to store and share even less data.

5. To improve the accuracy of performance measurements by developing better methods and tools to analyze and simulate average user behavior;

6. To make the Tor Metrics website more usable, so that users, developers, and researchers can more easily find, compare, and interpret information about Tor's usage and performance.

We're excited about this news for a great many reasons.

First, it is one more important step in diversifying Tor's funding.

Second, while the project focuses on improving six important aspects of Tor metrics, it also aims at more general improvements to make Tor metrics software more stable, scalable, maintainable, and usable. These improvements are typically harder to "sell" in funding proposals because their results are less visible to funders. It's reassuring that Mozilla understands that these improvements are important, too.

Third, this award is the first one awarded to Tor's young metrics team, only established 12 months ago in June, 2015. It's an appreciation of the initial work done by the metrics team and a very good basis for the upcoming 12 months.

Writing the award proposal was a successful cooperation of a number of Tor people: it would simply not have happened without Isabela, who made contact with Mozilla people; it would not have been readable without Cass's remarkable ability to translate from tech to English; it would not have contained as many good reasons for getting accepted without iwakeh's invaluable input; and it would not have been accepted without Shari's efforts in asking a leading security expert to write an endorsement of our award request. Finally, this blog post would certainly not have been as readable without Kate's and Nick's editorial capabilities. And now let's go write some code.

Comments

Please note that the comment area below has been archived.

June 22, 2016

Permalink

Mozilla awesomeness! $152,500 to Tor - $77,000 to Tails ... free Internet 4 all <3

June 26, 2016

Permalink

TP deserves praise for trying to provide statistical evidence that the Tor network is helping to promote grassroots democracy around the world. So plus one for the congragulations.

But it should be said that there is a dark side to "evidence-based" decision-making (such as the decision by a philanthropist to fund Tor Project): USG agencies have been busily adopting on a massive scale individualized "evidence-based" algorithmic decision making targeting every US person. Critics (including this commentator) argue that the details matter, and that because of the secret unaccountable unreviewable way in which USG is going about this ugly business, these initiatives amount to enshrining new and ancient prejudices (e.g. anti-Muslim, anti-black, anti-"nutcase") in government policies, hidden under a veil of "scientifically validated" [sic] algorithmic decision-making which is allegedly "free from human biases" [sic].

So while I applaud TP's metrics program, I also urge TP to speak out, along with like-minded civil liberties advocacy groups such as ACLU and EFF, against the dangers posed by the kind of real-time continuously updated government computed "citizenship scores" which are being openly introduced in "Asian authoritarian" nations such as China and also being introduced in secret in "Western democratic" nations including the USA.

There is a further irony: even as agencies like FBI are strongly pushing for ever broader powers to tap ever more sources of personal information on every US citizen, to be fed into their precrime risk scores, even as FBI loudly trumpets the alleged virtues of "evidence-based" risk scoring, FBI is strongly opposing every proposal to apply metrics to FBI's own programs. A perfect example is the scandalous lack of oversight of FBI's enormously expensive NEXTGEN biometric database, also known as NGI (NEXTGEN Initiative). As EFF and ACLU FOIA's have revealed in great detail, more than a decade ago, FBI tried to define some evidence-based criteria which its facial identification system should meet, but as it became clear that the system was failing to come anywhere near to meeting these goals, FBI kept watering down the criteria until they became meaningless, then removed them entirely.

This is why FBI has insisted on exempting NGI from the Privacy Act: it was anxious to prevent the public from finding out that NGI is nothing but an enormous boondoggle. For the same reason, FBI is demanding that no public servant question the effectiveness/safety of other secret programs such as

o widespread abuse of Stingray type "cell site simulators" to target (in particular) everyone attending peaceful public events such as political rallies,

o widespread, expensive, and potentially unsafe FBI spyplane flights over US cities, often at low levels, where they interfere with civilian airliner approach paths, conflict with civilian microdrones and birds, etc,

o widespread abuse of public utility poles to secretly install FBI spycams,

o widespread use of perhaps a hundred thousand paid informants (the Stasi would be proud) to help infiltrate such alleged "national security threats" [sic] as Bread Not Bombs (a group which plans to feed citizens who cannot get to groceries due to disruptions caused by police blockades occasioned by the forthcoming RNC),

o abusive and unconstitutional sting operations targeting developmentally disabled youths,

o programs which pressure state and local police agencies to adopt increasingly intrusive surveillance technologies, including inside-the-home surveillance methods just coming on the market which use a new generation of miniaturized covert audio bugs, electronic surveillance devices, thermal and radar imagers, to watch what "subjects" are doing inside their own homes,

o programs which expand the militarization of American policing, by providing free of charge armored vehicles, automatic weapons, poison gas grenades, surveillance drones, guidebooks on military-intelligence style "operations" targeting peaceful civilian advocacy groups,

o programs which coach local police agencies on how to lie to judges, prosecutors, defense attorneys, and juries, for example by concealing the fact that critical evidence came from an illegal burglary, hidden spycam, audio bug, or electronic surveillance,

o secretive information-sharing programs which strengthen dangerous ties between FBI, local police agencies, and military "force protection" paramilitary intelligence/special-forces units, as well as military agencies such as NCIS and AFOSI which have been enthusiastically targeting non-military Tor users (yes, ironic, given that other arms of the vast US military octopus have played a role in the genesis and continued not-very-well-laundered financial support for Tor),

o FBI organized Shared Responsibility Committees which will bring together FBI agents, police officials, psychologists, social workers, and educators, to continuously review and determine sanctions for "troubled" schoolchildren, beginning with American high schoolers but soon to include FBI's ultimate target group, preschoolers aged 2-7 with such measures as forcible administration of psychological testing while the child is undergoing fMRI brain scans (because FBI thinks this will enable them to determine decades in advance who will be the anti-RNC demonstrators of the future).

Yes, FBI, Big Brother would be proud of your incredibly dangerous and unbelievably useless organization. No wonder you are terrified by the thought that some of Milton Friedman's loyal devotees might suggest that FBI itself should come in for a spot of rational "does it work?" examination by those public servants who have sworn to oversee federal agencies, in the public interest and in the name of sensible government.

Once again, we see the USG double standard operating in full-on deception mode: "more and more metrics for us [the government targeting the citizens], no metrics for you [citizens who wish to keep an eye on the government]."

That has to change.

FBI and USIC will oppose review, because they know very well that if they were forced to provide statistical evidence bearing on whether their agencies make sense, the answer would be crystal clear: FBI, NSA, CIA, and all the rest of the super-secret alphabet soup are far more trouble that they are worth, and are doing nothing whatever, once you examine some hard ground truth, to "keep America safe".

For more about FBI's NGI, see the links here:

https://www.eff.org/foia/fbis-next-generation-identification-biometrics…

Forgot to say: a critical difference between USG metrics and Tor Project metrics is that when USG says it is "anonymizing" information that is invariably a sham, but TP is really serious about protecting its users. I wish everyone took that attitude!

Still, protecting users from having their anonymity compromised during collection of "metrics" data is worthless if you (looking at Roger, not Karsten) hire a CIA officer as a TP Project Manager and give him access to critical internal TP discussions even before he quits CIA to join TP. See what I'm saying?

Technical protections are not enough. You also need legal protections for your staff and for TP itself, jurisdictional variety, and you need to vet future job candidates very carefully. And I think you need to gently encourage all TP employees to be aware that considering how intensely all the worlds spooks are targeting Tor, what they do when they are not on the clock at TP could hurt our community, if it helps the bad guys to apply further disinformation and disruption operations.

June 26, 2016

Permalink

This is great news, congratulations all! And it surely would not have been possible without Karsten's steady lead in the Tor Metrics project. :)

June 28, 2016

Permalink

> First, it is one more important step in diversifying Tor's funding.

Yes, and Mozilla is about as good a funding source as you could find, other than individual user contributions.

So thanks to everyone who contributed to TP getting this prize money!

July 08, 2016

Permalink

Karsten. Any idea on the order/priority of completion? It looks like 1,3,6 are the easiest to target.