Explore Tor, New York City! A New Meetup Starting Dec 7

by isabela | December 1, 2017

 

The Tor community is vast and deep yet remains a virtual entity outside periodic physical events. In New York City on December 7, we are going to start to change that.

Current and future Tor relay operators will assemble on the 20th floor of 150 Broadway, in the LMHQ shared meeting space, at 6:45 PM. This face-to-face gathering is an opportunity to meet others who run Tor relays in NYC, and for those investigating the possibility of running a relay or a bridge. 

The meeting will open with a short introduction, then move into a discussion with relay operators. 

If you run a Tor relay or bridge, or wonder what's involved in running one, this meeting is a great opportunity to  get input from others. NYC apartments and offices are filled with high-bandwidth connections, and there is plenty to spare to help users around the world facing censorship and surveillance.

We are looking to hold meetings every two months in NYC about other related topics going forward. Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

Other topics under consideration for Explore Tor, NYC! meetups include:

  • hands-on workshop on installation of Tor Browser for desktop and mobile
  • trainers meet-up to exchange teaching materials and network with fellow trainers
  • why .onion sites should be an infrastructure component for plain old web sites 

RSVPs are unnecessary, and all are welcome. Join us on December 7 and let's start making the Tor Project a living, breathing part of New York City's tech culture.

Comments

Please note that the comment area below has been archived.

December 02, 2017

Permalink

>< old web sites : yes , it suits at Tor (compliant with their old model/guide-line).
>< N.Y. city : yes, it suits at Tor (compliant with govt-google request).
- Tor is unsecure and not built anonymity/privacy in mind : 1024 rsa ... and not accepted as privacy tool outside of new-york.

As long as the laws will block the elementary rights such the encryption, to be the exclusive owner of his digital data/live & his hardware/laptop/raspberry ; a tool like Tor should be locked at N.Y. (u.s kidtoy for u.s retarded only).

Can't make out whether you are praising Tor Project or criticizing it, but let me try to parse what you (or someone you are quoting) wrote:

>> N.Y. city : yes, it suits at Tor (compliant with govt-google request).

It almost sounds as though you are attempting to argue like this:

1. Major ATT facilities in NYC include

o old Long Lines building (1918) at 6th Avenue and Walker Street (Tribeca neighborhood in lower Manhattan), not very far from 150 Broadway,

o new Long Lines building (1974) at Church and Worth Street (Civic Center neighborhood in lower Manhattan)

o Rego Park Communications Center at Queens Blvd and 62nd Ave (Rego Park neighborhood in Queens)

2. For decades, ATT has practically fallen over itself in its eagerness to assist NSA in illegal targeted and dragnet surveillance schemes.

3. Therefore [sic], Tor Project should not host meetups in NYC.

Surely the absurdity of this argument is apparent?

>> Tor is unsecure and not built anonymity/privacy in mind :

Anyone can easily verify the origins of Tor from the statements at torproject.org. Indeed, the people who developed the onion concept have sometimes posted in the tor-talk mailing list with their recollections of their early work on Tor. The truth, anonymity was the primary goal of Tor from the first, and it would be absurd for anyone to suggest otherwise.

> 1024 rsa ...

Can't tell what you are trying to suggest here, but let me say this: current Tor is a rather complicated and constantly evolving thing. In terms of security, developers often make tough choices which are revisited from time to time. That said, I don't understand your reference to 1024 bit (key length?) RSA.

> and not accepted as privacy tool outside of new-york.

"Tor is not accepted as a privacy tool outside of NYC?" [sic]. Seriously, is that what you are trying to suggest?

> As long as the laws will block the elementary rights such the encryption, to be the exclusive owner of his digital data/live & his hardware/laptop/raspberry;

Governments which serve malware to "targets" are taking a considerable risk, because sometimes a technically able "target" can capture the malware, reverse engineer it, and then publish it, with attribution. Such a prospect tends to make certain governments sound somewhat hysterical.

Er, sorry, you were saying?

> a tool like Tor should be locked at N.Y. (u.s kidtoy for u.s retarded only).

Are you trying to suggest that Tor is a "children's toy" [sic] which would be used only by "foolish Americans" [sic]?

Interesting that so many governments appear to be so anxious to make themselves look weak and terrified by their strenuous attempts to discourage anyone anywhere from using Tor for anything.

It looks like you do not use TBB or a Relay and you like argument in a pleasant & friendly manner but you do not understand & do not know what you are speaking about.
- 1024 rsa & cha 1 are obsolete , unsecure and do not allow anonymity or privacy : it is a technical fact not a philosophical argument.
- You cannot promote a tool labelled as "universal" or flagged as a "freedom appeal for the world" when it works only for usa guys in the usa : every user knows that and your humorous answer is more ridiculous than serious.

Tor is govt & google compliant : it can't be used without to be registered or recorded, censured.
Tor was build for uneducated person in danger most often in the usa : it is related at their weak health/resources/status/intellect ... another way to live together, another way to play a politic role, another way to denounce with Privacy in mind-Anonymously the state police and their brutal behavior.
Nothing to do with the "world" or a Democracy_Republic ... just a civil report not done before by the officials military forces which police/fbi/cia/nsa.

The next generation of onions will maybe solve that but will not be too late ?

Tor is not exportable : it is prohibited (encryption & to be the owner of your data/hardware) almost everywhere ... taxes, provocation, brutality, jail, mental hospital etc. until a suicide or a manipulation ...
usa is not welcome almost everywhere because the rogues states (e.u/fr/uk e.g.) win and because the precedent presidents gone too far (& during too much time) in an abject, cruel, cupid, brutal, insane, sick politic & personal deviant behavior : that is a fact, a historic fact.
I trust more the new president of the united states than the last for listening & reacting with force & good faith.

Tor runs only on a stable & real democracy : it is a matter of honestly and N.Y.C is a test or the last refuge.

> It looks like you do not use TBB or a Relay

3.1415... it goes on forever, you know.

> you like argument in a pleasant & friendly manner

Someone on the internet is... nice?

Oh I see, no longer Nice; they've rebranded as Cyberbit. Someone must be feeling... un-masked.

But if privacy were truly dead, Cyberbit would not be concerned about a bit of public exposure, eh?

> but you do not understand & do not know what you are speaking about

As I said, I am experiencing difficulty in understanding what you are complaining about, upon what factual basis (if any), and what if anything you expect anyone to do about the situation.

I get the impression that

o you *want* to use Tor

o you live in a country where it is more difficult to use Tor than (so far) in the USA

o but you aren't mad at your government, you are mad at Tor Project.

If there's logic to that line of thought, please explain.

> 1024 rsa & cha 1 are obsolete , unsecure and do not allow anonymity or privacy : it is a technical fact not a philosophical argument.

I appreciate that, but I still don't follow. You'll have to be more specific.

Are you complaining about Tor client/server software, about the TP blog, a website associated with the meetup venue, or what?

How are RSA and CHA-1 involved?

What precisely are the security flaws?

What is the threat model which makes these flaws so serious that Tor(?) "does not allow anonymity or privacy"?

It would be helpful if you would be more specific about the country in which you are experiencing problems using Tor.

> You

Just to be clear: I am a Tor user, but not affiliated with Tor Project.

> cannot promote a tool labeled as "universal" or flagged as a "freedom appeal for the world" when it works only for usa guys in the usa

Why do you think that Tor "works only for usa guys in the usa"?

Plenty of users around the world consider that Tor works for them. To be sure, in some countries you may have to use bridges and it may be more difficult to connect to the Tor network than it is (currently) in the USA. I am very worried that it may soon become just as difficult to use Tor in the USA, so if you want TP to post an explainer on bridges and using Tor in a repressive country, I also would like to see such a blog post.

> every user knows that

In which country? It would really help if you could explain in more detail why you have been frustrated in your unsuccessful attempts (?) to use Tor.

> and your humorous answer is more ridiculous than serious.

Cute :-)

> Tor is govt & google compliant

You said that before, and clearly both claims require explanation and evidence. Please provide them.

> it can't be used without to be registered or recorded, censured.

Tor cannot be used without being... registered? In what countries?

It appears to be true that in some repressive countries, citizens are required to register their real names with social media sites, but I haven't heard of requirements that Tor users register (with... the government?) as Tor users. If you know otherwise, please explain, ideally with a link to a government website stating the regulation in question.

Tor cannot be used without being... recorded?

By NSA, you mean? It is true that the Snowden leaks confirm that NSA attempts to record all encrypted datastreams sent/received anywhere in the world, and Tor datastreams are strongly encrypted, so I agree it follows that in this sense, almost anyone using encryption for any purpose (e.g. connecting to a bank, using a smart phone, not just using Tor) is being "recorded", by NSA and no doubt by other actors with global aspirations.

However, the Snowden leaks also show that NSA and its partners were having great difficulties illicitly decrypting such datastreams c. 2011, so they were (are) trying to store them all for decades, in hopes that quantum decryption with allow them to read everything decades later. But it seems clear that no-one, including NSA, really knows how this will play out during the 21st century.

Further, the Snowden leaks show that NSA was unable to effectively attack Tails, and a salient point here is that at the time of the failed attacks described in the leaks, Tails (and its parent Linux distributions) suffered from some horrible defects which would have made it easy for NSA to compromise Tails users, but they obviously simply did not know about the flaw. This was not a flaw in Tails, but a flaw in the Linux software it had inherited from parent distributions.

(Tails is the "OS on a USB/DVD" which is "amnesiac" and provides careful anonymity protections---Tor Browser and much more--- out of the box. Tails is often used by journalists, medical aid workers, human rights workers and political dissidents in dangerous places. Snowden himself used Tails while preparing to leak. People can donate to tails at tails.boum.org. I am a Tails user, but not affiliated with Tails Project.)

Sadly, these days, for more and more citizens of every nation, every place is dangerous.

For example, see this report from the wonderful people at CitizenLab:

https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-ta…
Champing at the Cyberbit Ethiopian Dissidents Targeted with New Commercial Spyware
Bill Marczak, Geoffrey Alexander, Sarah McKune, John Scott-Railton, and Ron Deibert
6 Dec 2017

> google compliant

I worry about Google too, but I have no idea what you might mean by "Google compliant" or why you think Tor is any such thing, or what you expect Tor Project to do about it.

Customers of US telcos such as Verizon should maybe worry more about Nice (now Cyberbit) than Google, since it appears that these companies have for at least a decade hired Nice to track their own customers. How do they do it? Probably this:

thehill.com/opinion/cybersecurity/363533-how-the-nsa-could-spy-on-any-american-phone-without-congressional
How the NSA could spy on any American phone — without congressional approval
Shay Hershkovitz, opinion contributor
6 Dec 2017

Hershkovitz says its the NSA which is abusing SS7 to record PSTN (public switched telephone network) calls inside the USA, but I think the evidence suggests that it is actually Nice (Cyberbit), and that this company has actually been hired by the big telcos themselves. Note that the implication is that Nice is listening to and recording the calls themselves, possibly in violation of US law. NSA insists that it doesn't do that (to Americans), but it is very likely that it simply snatches the recordings as they exit the USA for Israel, where the Cyberbit spooks work. The Snowden leaks contain many specific examples of the fact that NSA is in the habit, not of notifying victims of foreign espionage (e.g. an Israeli company spying on USPER phone call content), but of happily copying the "take", and passing it on to their own "partners".

To be sure, anyone can claim to be a telecom and abuse SS7 the same way the professionals do.

> Tor was build for uneducated person in danger most often in the usa

You seem to be pushing this claim pretty hard. Trouble is, it is directly contradicted by authoritative statements from the originators of Tor, e.g.

svn.torproject.org/svn/projects/design-paper/tor-design.pdf
Tor: The Second-Generation Onion Router

> The original goal of Tor was to gain experience in deploying an anonymizing overlay net-work, and learn from having actual users...

Nick Matthewson has given more detail in posts to the Tor-talk mailing list, but I can't find them right now. As I recall, he said that NRL (Naval Research Laboratory) was interested in having a way for USG staff deployed to a dangerous location for Americans (a current example would be a US State Dept person posted to the new US embassy in Jerusalem) to communicate, for example from their home, without telegraphing that they are USG employees.

A key element in the original vision was that by providing strong anonymity for all, the USG employees could "hide in the noise". This has proven to be so effective that US LEAs (law enforcement agencies) have used Tor to hide their affiliation while investing on-line drugmarts, for example. Further, some in NRL were apparently enthusiastic about helping political dissidents in repressive countries (this was before 9/11, remember) to communicate with outside groups. This was so effective that the most repressive countries have turned to espionage-as-a-service companies such as Gamma International, Hacking Team, and Cyberbit. For more information, please see this recent item from Wired, by the director of Citizen Lab:

https://www.wired.com/story/evidence-that-ethiopia-is-spying-on-journal…
Evidence That Ethiopia Is Spying on Journalists Shows Commercial Spyware Is Out of Control
Ron Deibert
6 Dec 2017

> Nothing to do with the "world" or a Democracy_Republic ... just a civil report not done before by the officials military forces which police/fbi/cia/nsa.

?

> The next generation of onions will maybe solve that but will not be too late ?

?

> Tor is not exportable : it is prohibited (encryption & to be the owner of your data/hardware) almost everywhere ...

Some civil rights groups attempt to track privacy laws worldwide. This is very difficult and involves precisely the kind of international communication which is enabled by Tor, against the wishes of some governments. According to my understanding, Tor is not explicitly proscribed in very many countries. According to my understanding, the USG prohibition on exporting cryptography has been largely moot since the 1990's "cryptowar", which was decisively *lost* by NSA.

If you can provide specifics of a particular law somewhere in the world, please do so.

> taxes, provocation, brutality, jail, mental hospital etc. until a suicide or a manipulation ...

Sorry, you lost me there.

> usa is not welcome almost everywhere because the rogues states (e.u/fr/uk e.g.) win

You mean to say EU actually *won* something? You mean, like an Olympic medal?

Good for them, they need a win.

> and because the precedent presidents gone too far (& during too much time) in an abject, cruel, cupid, brutal, insane, sick politic & personal deviant behavior : that is a fact, a historic fact.

If you are thinking of such deplorable incidents as the U.S. militaries repeated "accidental" bombing of hospitals run by MSF (Doctors without Borders), then I completely agree that the USG has behaved very badly. Alas, so have many other governments: the RU bombing of civilians in Syria and the Saudi bombing of civilians in Yemen are without doubt among the most atrocious human rights violations of the century... so far.

> I trust more the new president of the united states than the last for listening & reacting with force & good faith.

IMO Obama was the smartest and most likable US President in history, not excepting George Washington (renowned in his own time for his compelling personal magnetism) or FDR. He is also without doubt a war criminal because of the methods (e.g. signature drone strikes) he adopted with such enthusiasm in the so-called GWOT. His immediate predecessor, G. W. Bush, is also a war criminal for the same reason, plus CIA torture and secret prisons. Both men should be prosecuted in the ICC for their crimes, and it is not impossible that eventually they will be.

Unfortunately, other world leaders are clearly also war criminals, e.g.

https://en.wikipedia.org/wiki/Vladimir_Putin
https://en.wikipedia.org/wiki/Russian_military_intervention_in_the_Syri…

https://en.wikipedia.org/wiki/Mohammad_bin_Salman_Al_Saud
https://en.wikipedia.org/wiki/Saudi_Arabian-led_intervention_in_Yemen

These people should also be prosecuted in the ICC.

IMO Drump is the most dangerous, mentally incompetent, and emotionally unstable US President in history (not excepting Andrew Jackson or Millard Fillmore), and also the one most prone to authoritarianism, and even to promoting an American genocide. For a review of the warning signs which have historically preceded state-sponsored genocides, see

http://genocidewatch.net/genocide-2/8-stages-of-genocide/

(by a former US diplomat).

IMO, contrary to common perception inside the US, the authoritarian impulse owes more to his troubled nature and to CN influence than to RU influence. And the genocidal impulse arises not from the original Nazis, but from the homegrown American phenomenon which provided so much of the pseudo-intellectual "justification" for Nazi genocides, the KKK.

Sad times, truly sad times...

> Tor runs only on a stable & real democracy

Earlier I think you appeared to say Tor is usable only by people inside the US. It would seem to follow that you believe that the USA is a stable and true democracy.

An authoritative and recent contrary view from inside "the swamp" can be found here:

https://publicintelligence.net/sma-influence-connectedness/

One of the authors of the essays collected in this book frankly admits that the USA has never been a true democracy. And the entire book is full of worries that the USA is far from stable, particularly against internal threats.

You will also be intrigued to find that one author says in essence that Drump and the alt right are more dangerous to the future of the USA than the late and unlamented bin Laden ever was. But another author argues that in order to survive as a single nation the USA will need to become much more authoritarian (after the Chinese model, not the Russian model, I assume).

A few months before his retirement in Oct 2016 as chief of SOCNORTH (the US Special Forces Command division which operates inside the US itself), Rear Adm. Kerry Metz granted an interview to John Gresham (better known as Tom Clancy's collaborator on numerous novels) in which he makes several intriguing statements; see

https://www.defensemedianetwork.com/stories/interview-with-rear-admiral…

> "For us here at SOCNORTH, it’s everything from counterterrorism to countering WMD to countering transnational organized crime, or helping our Mexican partners with that, [and] civil support, usually to the lead federal agency in our theater, in our case most often the FBI... We spend a lot of time talking, working with, and discussing with our various interagency partners: FBI, DHS [Department of Homeland Security], CIA [Central Intelligence Agency], DEA [Drug Enforcement Administration], the State Department... We could get into a longer discussion on Posse Comitatus, but some people often think that that prevents military personnel from doing anything in the homeland [inside the USA]. That’s not true. There are certain categories of support the military can provide. A piece of equipment, advice… there are many things the U.S. military can do to support whoever the lead federal agency is, and you’re not in violation. It’s direct military participation in law enforcement that Posse Comitatus prevents."

IOW, inside the USA, Special Forces can do everything but arrest or shoot civilians. But that might change:

> ... the work [of SOCNORTH] is becoming more important than we considered it in the past, because while we’ve been doing a great job fighting the “away game,” more and more we get indications that the adversaries are trying to bring it to our court. And we may have to play the home game as well.

IOW, in coming decades, SOCNORTH may be called upon to fight inside the US itself.

This does not sound to me like an expression of undying military faith in the continued political stability of the USA.

Where inside the USA does SOCNORTH expect it may have to fight? A clue comes from another recent military study:

publicintelligence.net/usarmy-megacities/
Megacities and the U.S. Army: Preparing for a Complex and Uncertain Future
6 Dec 2014
Forward by Gen. Ray Odierno, Chief of Staff, US Army.

Upon the personal request of Gen. Odierno, a task force visited and studied several cities with populations of more than a million, cities where Gen. Odierno expects the Army may be called upon to fight in coming decades. As you can see, one of these cities was NYC.

> it is a matter of honestly and N.Y.C is a test or the last refuge.

Are you saying that NYC is the last refuge of democracy?

Bill Blasio will be glad to hear this!

IMO, NYC is currently run too much like a security state for any citizen to feel safe... from the government. But it's a complicated situation and there are also good people in parts of the NYC government, maybe even parts of the US, Russian, Chinese governments. For example, here is a shout out to the health workers in RU who are trying to quell the all-drug-resistant tuberculosis crisis, and the US NGO which helps them.

Unfortunately, the SMA document cited above shows that the elements of the US military regard such international medical aid cooperation as a threat to US "national security".

PLEASE _ let this comment be published.
- thank you for your answer but like it is written above ; you are misinformed, lacking of intelligence.
In short , you speak for yourself to yourself.
A public blog like this one is for the readers who are involved, concerned & aware ; you are not.
When you post , you must follow at least some clear & simple principles like these one :
- good faith (you failed)
- truth (you failed)
- evidence, clue, link, background, reputation. (you failed)
and do not mix a blog with a mailing-list ... or a discussion in the street waiting the bus ... it is that you are doing ...
Your ideas, opinions, point of views, demonstrations, are yours as respectable than everybody else but are irrelevant , off topic and outside of a real world.
steve@airmail.nz that is my address and you can contact me except if you are on gmail/yahoo/isp-mail.

§mismatch : that's a pity !

> Governments which serve malware to "targets" are taking a considerable risk, because sometimes a technically able "target" can capture the malware, reverse engineer it, and then publish it, with attribution. Such a prospect tends to make certain governments sound somewhat hysterical.

And here is a good example of why misgovernments everywhere are quaking in their jackboots:

https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-ta…
Champing at the Cyberbit Ethiopian Dissidents Targeted with New Commercial Spyware
Bill Marczak, Geoffrey Alexander, Sarah McKune, John Scott-Railton, and Ron Deibert
6 Dec 2017

> This report describes how Ethiopian dissidents in the US, UK, and other countries were targeted with emails containing sophisticated commercial spyware posing as Adobe Flash updates and PDF plugins. Targets include a US-based Ethiopian diaspora media outlet, the Oromia Media Network (OMN), a PhD student, and a lawyer. During the course of our investigation, one of the authors of this report was also targeted.

December 02, 2017

Permalink

> We are looking to hold meetings every two months in NYC about other related topics going forward. Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

Fabulous! TP needs to continually reach out to "techies" in major population centers, in order to build the volunteer base we need to run relays, perform development, assist research, staff help desks, respond to technical/political crises, and reach out to local/national/international media.

NYC is a great place to start organizing regular meetups. I hope this goes well and that success in NYC will eventually lead to regular meetups in other major cities around the world.

December 02, 2017

Permalink

Great. Unfortunately I live in Brazil and I can attend this spectacular day. I met the Tor project a few years ago. I was never so amazed by the idea of ​​anonymity and freedom of expression that the project provides. I wish everyone good luck in this day.

the idea is generous but the security/anonymity settings are sneak.
good luck , hoping that it will be lived with an opened mind & a soft tolerance.
Donate to tor project & make a pressure to mozilla team for a better secure browser (1024 rsa is a shame !).
i love this u.s.a. : they are the voice of the freedom, truth & honor.

Totally agree that Brazil should be near the top of the list for countries where TP should try to start having regular meetups in Sao Paulo and Rio.

USPERs concerned about police shootings should check out what happens in Rio, omigod.

Also, Brazil has been hit hard by some state sponsored attacks (and the government in Brazil may make some of its own). Don't even get me started on attacks on environmental defenders.

It's the same all over: Iran, Cuba, Vietnam all have environmentalists, and they are all harrassed or worse by local and national government officials.

I'd like to see TP and human rights groups try to reach out to Brazilian secondary school students. We need a generation of dreamers who start to dream about a career defending people against all the bad forces which are harming them, including misgovernments.

December 02, 2017

Permalink

Nice

December 03, 2017

Permalink

While browsing to a new site, the page shows error instead...
502 Bad Gateway
nginx/1.10.3 (Ubuntu)

I've seen that too recently, at salon.com I think. (Not the first time I had seen that message somewhere, but I hadn't seen it for a while.)

I think this means that your destination server is running Nginx under Ubuntu and making the simplistic/harmful/wrong assumption that "all Tor traffic has bad intent" [sic]. I would welcome correction if anyone knows otherwise.

December 03, 2017

Permalink

Just do a video streaming online. No need to do face-to-face.

All of you will get a free ticket to NSA/FBI/CIA facility.

> All of you will get a free ticket to NSA/FBI/CIA facility.

It is true that FBI agents won't have a long walk from the NYC Field Office to the Tor meetup.

So what? We get to play "spot the Fed", that's all.

John Young of Cryptome.org, who is an architect, would make an ideal guide in a walking tour of surveillance state installations in lower Manhattan.

Other places of interest which are not very far from 150 Broadway include the site of the Wall Street horse-cart bombing. FBI never did figure out who was responsible for that, a fact they'd prefer that everyone forget.

> No need to do face-to-face.

For face-to-face you should go to 9 E 91st St (between 5th Ave and Madison Ave).

I'll grant you this: the Russians have always appreciated fine architecture.

Down the block be sure to notice 1 E 91st (overlooking Central Park), the setting for the movie "The Anderson Tapes", starring Sean Connery. The plot centers around an illegal bugging operation of a rather shady character who lives in the building. In the end, as the operation is about to be exposed, the tapes are hastily destroyed.

A few blocks away is the house where CIA's "best agent", a Czech emigre, lived for decades. Used to tell great stories about fabulously bungled secret CIA ops. One of his neighbors was inspired to create a TV comedy, "Get Smart", following a bumbling secret agent who suffers from Dunning-Kroger syndrome. A few years ago newly opened state archives in Europe revealed an interesting fact: the CIA's "best agent" had been a double agent for USSR who spent his career spying on CIA from the inside. Then another newly opened archive revealed another interesting fact: he'd actually been working for the Czech intelligence service all along, spying on USSR espionage operations inside the USA, while pretending to spy on CIA for USSR, while pretending to spy on Americans for CIA. And having a blast the whole time, it seems.

A hero for our time, perhaps?

Imagine dozens of "Santa's" picketing the biggest Verizon store in NYC, protesting the demise of net neutrality, and asking why the big telcos have hired NICE (now Cyberbit).

December 04, 2017

Permalink

Serious (and difficult) question:

What is the best way for a reader of this blog to respond in blog comments when one spots a comment which appears to have the all too familiar hallmarks of a crude Russian troll comment?

Don't know about Russian trolls specifically, but here are two recent examples of two different false claims (both harmful to Tor if they come to be widely believed) which were made in comments in the Tor blog:

https://blog.torproject.org/comment/272168#comment-272168

> The Tor node operators colluded to prevent the DailyStormer onion service from working by throttling/blacklisting connections to them.

(Debunked by pastly. The fake claim about DailyStormer is a recurrent meme which is possibly being given extra life not only by disgruntled neonazis, but also by more powerful adversaries of Tor community.)

https://blog.torproject.org/comment/272090#comment-272090

> sites like riseup and indymedia are fake news that highly distort real events to push their political left-wing agenda and sometimes even totally fabricate news stories.

(Don't know about Indymedia, but as someone else pointed out, Riseup Networks is a grassroots collaborative which hosts email, discussion boards, and mailing lists, not a news site.)

I am reading a lot of pretentious and arrogant claims about what are doing "actors of the net" or elected persons on this blog and i wonder the reason why so many people like spread/spoof using fake news and 'false claims' [ neo-nazis ( no ! ) ,an israeli/ movement promoting the right of rapist (yes ! that's true) ].

The freedom of speech is not a passport for the calumnies & other washing brain/ manipulation.

It is very far of a troll / a russian comment : it is a discourse of a disturbed mind who use the net for be forgiven of his cowardliness. I tell this person that a blog is not a church, a court, an idiot closed community where the perversity is welcome.

You cannot win against the devil but you can denounce him : support Tor making a donation please.

One type of disinformation campaign which has been used by various governments to target human rights groups and political dissidents, and which I think we can reasonably expect our many enemies to use against Tor, is an attempt to discredit NGOs or their employees in some way.

The way this kind of operations works is simple: a shill feeds a fake and debunkable email, document, etc. to a careless reporter who works for the targeted media information, waits for the false story to appear, then feeds links to information which prove the story false to competing news organizations.

It appears to be a current info ops strategy of some governments which USG regards as "adversarial" to do everything they can to further reduce the opinion of US citizens generally of their own mass media, on the theory that this increases distrust of the government, spreads paranoia, and encourages citizens to withdraw from even trying to participate in the political process.

I think TP needs to try harder to explain to not-hopelessly-biased mainstream reporters that Tor is not really part of this problem, but part of a plausible solution to this problem.

As an example: recently an amateur attempted to discredit a mainstream US news organization using such an operation, and got caught. (She was apparently working for a US alt-right advocacy group whose mission is to destroy the US media, not for a foreign government.) And last week, a still unknown actor duped CNN into claiming an enormous scoop involving Wikileaks which was debunked within minutes by WaPo:

https://www.theguardian.com/us-news/2017/dec/08/trump-email-key-wikilea…
CNN forced to climb down over Trump-WikiLeaks email report
Network said Trump had received email that offered hacked WikiLeaks files – but CNN got date wrong and later admitted material was already in public sphere
Tom McCarthy in New York
8 Dec 2017

> CNN was forced to climb down from a report Friday that an encryption key allowing access to hacked content had been emailed to Donald Trump and aides two months before the presidential election

https://theintercept.com/2017/12/09/the-u-s-media-yesterday-suffered-it…
The U.S. Media Yesterday Suffered its Most Humiliating Debacle in Ages: Now Refuses All Transparency Over What Happened
Glenn Greenwald
9 Dec 2017

> Friday was one of the most embarrassing days for the U.S. media in quite a long time. The humiliation orgy was kicked off by CNN, with MSNBC and CBS close behind, with countless pundits, commentators and operatives joining the party throughout the day. By the end of the day, it was clear that several of the nation’s largest and most influential news outlets had spread an explosive but completely false news story to millions of people, while refusing to provide any explanation of how it happened.

Those with long (multi-year) memories will recall that Greenwald himself was targeted, along with a TP employee and Wikileaks, by an disinformation op planned by the CEO of H.B. Gary Federal, a company which went bankrupt after hackers broke into their poorly secured mail server and exfiltrated a treasure trove of presentations and emails showing how well-connected (the CEO had previously been cybersecurity czar for the largest US arms maker) privatized spooks think and behave.

This probably explains why Greenwald's tone in the cited editorial may sound personally aggrieved.

The US "Deep State" is currently hellbent upon pushing a false "meme" holding that "WL is the catspaw of RU intelligence" [sic]. This cannot be true, because WL helped publish both Panama Papers and Paradise Papers, and no government figures are more harmed by these tax-evasion disclosures that President Putin of RU and President Xi of CN. Greenwald has been pretty much the only US media figure to caution against rushing to judgment regarding WL's role in the DNC hacking scandal.

Such considerations would appear to support the suggestion that TP should stand prepared to respond promptly and effectively to information ops targeting TP or its employees, whatever their source (which in most cases are not likely to ever become known with certainty).

> How about ignoring it? They want attention. Don't give them any.

That's probably often the best approach, in the case of specific blog comments.

I should have made it clear I am concerned about the phenomenon of "information ops" (in the current political context inside the US, especially RU government sponsored ops) and how they might be used to discredit the Tor community. I am concerned that dishonest/misguided politicians will attempt to make Tor illegal inside the US. Because Tor Project is an NGO registered in the US, that would be a big problem for Tor users everywhere. I hope it never happens, but I think TP should try hard to prevent it from happening, by pushing back in the political arena against our dangerous enemies (arguably FBI rather than FSB or GRU).

It is never the best approach and i insist & persist : our dangerous enemies are not inside but outside especially in the e.u. in the hart of the rogue-state.
US § FSB are very far of the devil plan which you complain : prove that they do, when, how, why pls.
Tor is an association , often a hoax, do you really think that a country should waste time & money for a poorly secured app blocked at ny most of time ?
Tor using its american status protect the users who are living abroad.
Making Tor illegal in the u.s.a should be a good thing : it will bring more users & more relays.
So, only Tor-team has a benefit of these 'unstable' fake news.
Are they the authors of this campaign ?

It seems that the "Deep State" is equally perplexed about how to defend against information operations; see

A Scientific Approach to Combating Misinformation and
Disinformation Online
Dr. David A. Broniatowski (George Washington University) and Dr. Valerie F. Reyna (Cornell University)

In

Influence in an Age of Rising Connectedness
A Strategic Multilayer Assessment (SMA) Periodic Publication
August 2017

This is an unclassified book intended for "Deep State" readers, but republished for the general public here:

https://publicintelligence.net/sma-influence-connectedness/

Other US military manuals and GCHQ documents leaked by Snowden outline how the "Deep State" conducts its own "information operations", e.g. targeting Glen Greenwald, but these may more helpful in recognizing that one is being subjected to an "information operation" than in defending against them.

Another essay in the book just cited states the author's opinion that Russian government has been more effective than the Chinese government in influencing American thought. I claim that just the opposite is true, and I think the author's mistake arises from a failure to study Chinese government influence operations which focus on the American business community. For example, when President Xi visited the US, he made a point of staying the night in Bill Gates's mansion. Not saying Gates is necessarily an easy "mark" for Chinese influence, just saying that I see plenty of evidence that the Chinese government is very effectively if quietly reshaping the US tech giants to suit its own needs. It's hard to imagine Bill Gates inviting Putin over a slumber party.

December 05, 2017

Permalink

04/12/2017 06:34:21.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
04/12/2017 06:34:21.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
04/12/2017 06:34:21.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
04/12/2017 06:34:21.400 [NOTICE] Opening Socks listener on 127.0.0.1:9150
04/12/2017 06:34:21.400 [NOTICE] Renaming old configuration file to "F:\Tor Browser\Browser\TorBrowser\Data\Tor\torrc.orig.1"
04/12/2017 06:34:21.400 [NOTICE] Bootstrapped 5%: Connecting to directory server
04/12/2017 06:34:21.600 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
04/12/2017 06:34:21.900 [NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection
04/12/2017 06:34:22.100 [NOTICE] Bootstrapped 20%: Asking for networkstatus consensus
04/12/2017 06:34:22.200 [NOTICE] Bootstrapped 25%: Loading networkstatus consensus
04/12/2017 06:34:26.900 [WARN] Received directory with skewed time (DIRSERV:194.109.206.212:443): It seems that our clock is behind by 23 hours, 52 minutes, or that theirs is ahead. Tor requires an accurate clock to work: please check your time, timezone, and date settings.
04/12/2017 06:34:26.900 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
04/12/2017 06:34:27.000 [NOTICE] Bootstrapped 40%: Loading authority key certs
04/12/2017 06:34:30.800 [WARN] Received directory with skewed time (DIRSERV:194.109.206.212:443): It seems that our clock is behind by 23 hours, 52 minutes, or that theirs is ahead. Tor requires an accurate clock to work: please check your time, timezone, and date settings.
04/12/2017 06:34:30.800 [WARN] Our clock is 23 hours, 25 minutes behind the time published in the consensus network status document (2017-12-05 14:00:00 UTC). Tor needs an accurate clock to work correctly. Please check your time and date settings!
04/12/2017 06:34:30.800 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.
04/12/2017 06:35:27.500 [WARN] Received NETINFO cell with skewed time (OR:86.59.21.38:443): It seems that our clock is behind by 23 hours, 52 minutes, or that theirs is ahead. Tor requires an accurate clock to work: please check your time, timezone, and date settings.
04/12/2017 06:35:41.300 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
04/12/2017 06:35:41.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
04/12/2017 06:35:41.300 [NOTICE] Closing old Socks listener on 127.0.0.1:9150
04/12/2017 06:35:41.800 [NOTICE] Delaying directory fetches: DisableNetwork is set.

04/12/2017 06:34:30.800 [WARN] Our clock is 23 hours, 25 minutes behind the time published in the consensus network status document (2017-12-05 14:00:00 UTC). Tor needs an accurate clock to work correctly. Please check your time and date settings!

Yes, without the time being set accurately on your machine Tor won't work.

December 05, 2017

Permalink

> This face-to-face gathering is an opportunity to meet others who run Tor relays in NYC, and for those investigating the possibility of running a relay or a bridge.

Has TP managed to get this meetup publicized in NYC alternative newspapers, alternative radio, etc?

It's terribly important that Tor get some not-bad press right now, in view of political machinations in Washington DC, so I hope relay operators will be willing to try to explain to reporters why Tor is actually a good thing, despite all the horrible things one might hear from FBI and their shills in the mainstream media.

no, please.
- tell the truth , do not clash tor aficionados vs official news.
- explain slowly & quietly what is tor & why tor runs : pedagogy.
if the population reject tor , bad press & Washington dc will relay it on the news : they do not create always the (fake) opinions , they are also the voice of the most people.

December 06, 2017

Permalink

I hope Tor recruits many new node operators at the meetup. Focusing on the why and how of running a node seems a good place to start, but I hope you will find time to discuss possible topics for the next meeting.

In particular, I hope there will be interest in developing what the US "Deep State" calls a "narrative" or "messenging strategy" to counter the unrelenting disinformation about Tor being promoted by FBI and their allies.

Publicintelligence.net has just republished a very useful (unclassified, openly published) book from SMA (one of the many "think tanks" maintained by the US military) which lays out how the "Deep State" currently view "influence operations", such as operations whose goal is to (for example)

o dissuade people from using Tor, assisting or donating to Tor Project,

o dissuade feds from leaking,

o recruit the next generation of drone operators and cyberwarriors,

o persuade young Americans to view FBI in a positive light

See

https://publicintelligence.net/sma-influence-connectedness/

The authors of the essays include people from SOCNORTH (the US Special Operations Command division which operates inside the USA and is based at Peterson AFB in Colorado Springs), John Hopkins Applied Physics Lab (also does stuff for NSA), NCTC, NSI (National Security Innovations, which has offices in Arlington, Boston), RAND (formerly a Tor sponsor, ironically enough), and various universities.

Several of the essays explicitly say that the US military views NGOs (e.g. Human Rights Watch, Amnesty, Tor) as players it needs to spy on, influence, or worse. Authors specifically say that the threats which concern them include "increased activism by nonstate actors", including peaceful NGOs, and "domestic information environment", including Facebook. At least one essay is pretty frank in suggesting that the US will need to become much more authoritarian to survive the coming social upheavals.

The book is well worth reading by everyone who wants to see Tor thrive all around the world.

Several authors also underline the fact that SOCOM (Special Operations Command) including SOCNORTH has a particular interest in using neuroscience, new nanodrone and brain scanning technologies, and new cyberwar techniques against "national security threats" which have expanded to include NGOs operating legally inside the USA.

SOCNORTH actively collaborates with FBI inside the USA, targeting alleged potential national security threats. Posse Comitatus prohibits Special Ops soldiers from actively arresting or shooting at US persons inside the US (outside military bases and other critical infrastructure areas), but they can and so assist in every other way, e.g. with surveillance, undercover penetrations (e.g. burglaries--- the federal euphemism is "covert building access"), access to military intelligence databases such as those kept and sometimes carelessly exposed by INSCOM (NSA's liason with the military and thus FBI through SOCNORTH).

Don't believe it because I say so, believe it because Rear Admiral Kerry M. Metz said so, in a June 2016 interview with John Gresham (better known for his collaboration with Tom Clancy on several novels). Metz commanded SOCNORTH until his retirement a few months after the interview.

Perhaps the most interesting comment he made was this: "while we’ve been doing a great job fighting the “away game,” more and more we get indications that the adversaries are trying to bring it to our court. And we may have to play the home game as well." In other words, SOCOM is training to fight inside US cities, because it expects it may be called upon to fight inside those same US cities.

Fight what? A civil war? Quite possibly: the same book cited above contains several casual references to the fact that the Deep State views Steve Bannon as a figure no less dangerous than the late Bin Laden. (Personally I think that's an underestimation of Bannon, but I'd be happy to see Deep State and the Alt Right destroy each other, hopefully without recourse to a literal civil war, so long as a more pacific and less malicious government emerges from the chaos.)

See

https://www.defensemedianetwork.com/stories/interview-with-rear-admiral…
Interview with Rear Admiral Kerry M. Metz
John D. Gresham
27 Jun 2016

http://www.navy.mil/navydata/bios/navybio_ret.asp?bioID=655
Rear Admiral Kerry M. Metz
Retired Oct. 2016

December 06, 2017

Permalink

> We are looking to hold meetings every two months in NYC about other related topics going forward. Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

How about these:

o Identify and realize "sousveillance" methods enabled/assisted by Tor:

+ provide onion site access to ADS-B tracking data, e.g. to track US federal spyplanes active in the greater New York area (I can give a list of tail numbers and squawks current as of Dec 2015).

+ provide high quality regional maps on which to overlay the tracking data, showing urban areas and identifying airports, military bases, and possibly parks, colleges and hospitals, as well as identifying major roads; Google Maps does this but they themselves spy the heck out of their users, so civil libertarians need an alternative (and you can certainly use UScensus TIGER/Line shapefiles and USGS topographic data to make high quality maps which are at least as good as Google for our purposes); note that to track FBI you usually need a map which covers one or two dozen adjacent counties so sousveillance of spyplanes throws up unusual mapping challenges

o Create a citizen RF "regional intranet" for NYC using Raspberry Pi B (which include WiFi) and have strong end to end encryption

o Map Surveillance State installations and suspicious indications of cell-site simulators (probably not all operated by USG) in NYC,

o (controversial) since the FBI is too distracted running sting operations to try to gauge foreign espionage in NYC, spy on the *other* (not USG) spies,

o Use Tails and "war-driving" to map the electromagnetic signaling environment in NYC (the power companies are doing this--- it's called "spectrum auditing"--- so we citizens should find out for ourselves what's happening in the EM spectrum where we live),

o White hat tools for cybersecurity researchers; for example, can we use Tor to check on whether our DJI drone is really sending geolocation information back to China, as "Deep State" claims?

December 06, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Plan a grassroots movement in which NY Tor and human rights communities reach out to NYC high schools, to offer
+ training for defensive surfing (e.g. using Tor Browser, how PKI certs work and how they sometimes dont work, end to end crypto), patterned on EFF's courses (see eff.org),
+ training in recognizing "fake news" and maintaining some semblance of sentencingproject.orgsanity in general, while participating in social networks,
+ counter the false "privacy is dead" and "you have nothing to fear if you have nothing to hide" memes (c.f. actor Jennifer Lawrence--- if privacy is dead, why is she upset about private photos spaffed all over the internet?)
+ teach about the many hazards to privacy, taking a long view; "what you say today might come back to harm you in ten years when you are trying to get a new job",
+ teach about history of social struggle in NYC, e.g. NYC area Tories during the Revolution, Typhoid Mary, Wall Street buggy bombing, Palmer raids, labor struggles,
+ (controversial) teach about probabilistic and statistical reasoning (e.g. debunking news stories using government stats, teach about the mysterious "murder hump" and how to recognize "fake stats" about gun violence in the US),
+ (controversial) teach about the dangers to people who are in high school right now from NCTC's steady march toward implementing a US counterpart to China's "jasmine credit" system of social control (in which political dissidents are punished by not getting into the college of their choice, being barred from renting or working or getting a loan), perhaps even implementing a counterpart of North Korean style political prison farms populated, not by people the USG suspects of having done anything wrong, but by people whom the USG's unsupervised machine learning algorithms have declared are "more likely than the average person" [sic] to "do something wrong" in the *future*,
+ talks by ACLU lawyers etc on careers in human rights; "you can be a lawyer who doesn't work to perpetuate social injustice" (see the fab stats at sentencingproject.org, but not near meal times because you'll lose your lunch).

o Liase with Southern Poverty Law Center (splc.org) to reach out to NYC schools to
+ discuss our bad experience with the fallout from Gamergate (c.f. bullying in schools),
+ counter alt-right hate messaging,
+ counter the anti-Tor anti-civil-rights messaging from FBI, etc,
+ offer a peacenik alternative to "Deep State" recruitment aimed at young people, e.g. TV dramas like Quantico, Seal Team; "you can be a cyberwarrior who doesn't kill and doesn't work for the US military or the big banks or the telcos or SalesForce".

o Organize to fight for citizen broadband in NYC (this will be tough, since you're taking on ATT and FCC and all them like that).

I think it will be evident to Tor people why I think all of the above are consistent with the goals of Tor (the project) and potentially enabled by Tor (the software).

Nice.
You forgot a danger : the risk that someone steal your identity by imitating your life, your words or invade your life as a 'double' of your relatives/relations.

They do not spy for catching a delinquent but to know how to be yourself or a trick to take your money.

Thank you for your long post.

December 08, 2017

In reply to by Ano+ (not verified)

Permalink

That's why "Onions for Everything" is so promising, it is the best thing I've seen yet to guard against some of the most dangerous kinds of identity theft schemes (the ones executed by rogue governments, abusing a "root" PKI certificate):

> why .onion sites should be an infrastructure component for plain old web sites

Thanks for reading!

> SPLC

thehill.com
Civil rights group sues government over raids on immigrant homes
Lydia Wheeler
11 Dec 2017

> The Southern Poverty Law Center (SPLC) is suing the federal government, accusing it of unconstitutionally raiding the homes of immigrant families....SPLC brought the suit on behalf of three families caught in a targeted sweep of immigrants from El Salvador, Honduras and Guatemala on Jan. 2-3, 2016. In one instance, the complaint alleges, ICE agents claimed to be police searching for criminal suspects and threatened to arrest a family member for obstructing a fictitious criminal investigation to get into the house. In two other raids, ICE agents allegedly showed the residents a photo of the African-American man they claimed to be looking for. Once inside, SPLC said the officers informed the families they were, in fact, ICE agents. The residents, who were in the country legally, were then seized for detention and deportation.

USMS and ICE often impersonate local cops in situations where they do not actually have legal authority to enter. It is not illegal to ask "which agency?" before opening the door, or to step outside and lock the door behind you. In most cases, ICE does not (yet) have legal authority to simply barge into anyone's house or apartment.

Students of history will be aware that one of the chief motivations for the American Revolution was the notorious "Writs of Assistance", general purpose authorizations from the Crown which allowed colonial officials to barge into any house they pleased at any time.

C.f. the opinion expressed by some authors of essays collected in the latest SMA book (cited in other comments to this blog post) that "the USA needs to become more authoritarian" [sic].

December 06, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Create a "rapid response network" which tries to locate and correct (calls/letters to the Editor?) every news story about Tor which contains a false or misleading claim about Tor, a more broadly which attempts to correct overuse of such meaningless terms as "dark web" which are being heavily promoted by FBI as part of their war on Tor,

o Brainstorm how to begin to try to persuade the few remaining "less partisan" US mainstream media figures who write about Tor that there is much more to Tor than the allegedly tor-enabled human trafficking and child pron, for example by pointing to the onion mirrors for the Debian repository and the onion site gateways for many hip media outlets, which are much harder to adversaries (who control a root PKI cert they can force into citizen browsers) to systematically block or redirect,

o Brainstorm how to create a human resource network for (genuine) journalists who are trying to write a story on the latest security scare--- start with email addies for Bruce Schneier and other knowledgeable people; a good example of the kind of potential threat which is very hard for most people to assess is the danger posed (or not?) by AMD and Intel "layer -3" Minix hidden uber-uber-uber OSs built into recent CPUs,

o Reach out to NYC high schools to each about dangers posed to ordinary citizens by the rapidly growing frequency and intensity of "information operations" (Russian, British, whomever) and especially state-sponsored malware (e.g. Ethiopian, Mexican, Syrian governments targeting US citizens inside US--- all more or less admitted by FBI to be true phenomena, not "fake news", and all well documented by Citizen Lab in Toronto),

o Reach out (with due caution) to NYC universities to try to create an American counterpart to Citizen Lab, which avoids any funding tainted by USIC or USG "soft power", but relies on the friends of (genuine) journalism (nothing wrong with Citizen Lab--- they do fab work--- but they are just one lab and The People terribly need many more).

December 06, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Reach out to well established groups like New York Civil Liberties Union for help in training Tor community members in how to lobby politicians effectively,

o Organize call-ins to lobby NYC representatives in the federal and state legislature, the City Council, the Mayor's Office,

o Organize trips to Albany to lobby the state legislature (not an easy sell since it tends to be hostile to NYC concerns and to civil liberties generally),

o Brainstorm more political stunts like the Snowden bust at the revolutionary martyrs in Fort Greene (but this time ask the ACLU to ask Snowden before invoking his image/name again since he wasn't too happy with the bust), perhaps focusing on developing a grassroots backlash to the demise of Net Neutrality; see https://publicintelligence.net/sma-influence-connectedness/ for what looks awfully like a "Deep Stater" who like us is actually worried about what this bodes for the future of "democracy in America", even as he admits that "democracy in America" is more of a never-realized ideal than an established reality.

Clarification:

> Organize call-ins to lobby

lobby, that is, for bills which TP judges support Tor and against those which TP judges will harm Tor, and thus, harm human rights all around the world.

December 06, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Rent a school bus and ask John Young (Cryptome.org) to lead high school students on a bus tour of surveillance state sites in Manhattan (for example, Stuyvesant High School is located in lower Manhattan, next to the endpoint of the recent terror-truck attack, and has many very smart techie students).

December 07, 2017

Permalink

I would be open to the idea of attending such a different and interesting event. I do not know much about how to run a Tor relay. However, the hosting company's (LMHQ) website is not able to be viewed via Tor itself. It seems somewhat out of touch, to support Tor on one hand via hosting such an event but on the other hand literally not support users who are running tor and trying to access your website.

We are hardly in a position to set the web site priorities for an "incubation" location that is providing the meeting space. LMHQ is not endorsing the meeting or the Tor Project.

Planning meeting space in NYC is a difficult feat. Of course you don't need to visit the web site to attend the meeting, and RSVPs aren't required.

Another idea for a future Tor meetup:

o Training session on everything you need to know to set up and maintain your own onionsite (ideally including creating an onionsite right there, but mind the possibility of a shoulder-surfing fed)

> However, the hosting company's (LMHQ) website is not able to be viewed via Tor itself.

Groan.

> It seems somewhat out of touch, to support Tor on one hand via hosting such an event but on the other hand literally not support users who are running tor and trying to access your website.

Yes, we in the Tor community need to keep working to make it easier for website operators and website users to use onion sites without much trouble.

I regularly encounter this problem. If it's important, I sometimes reduce the security slider to "Medium" and that usually fixes the problem. So if you have it set to "High", try "Medium".

December 07, 2017

Permalink

It's great that so many people (person?) submitted possible meeting topics.

However, some of the recommendations are out of the focus of these meetups. There is no question that a general theme of privacy and anonymity will permeate the events, we intend to focus on various aspects of the Tor Project's activities.

It can't be all things to all people. Maintaining a focus that's both relevant and grounded in the TPO is feat that is can be accomplished and hopefully have some longevity.

if you want focus or feat_deal with Tor meetups-meting topics ; you Must lock Tor in NYC.
Educate people etc. is one of their missions available in the usa for usa only registered in the usa under the usa juridiction following the recommendation & sponsors from usa running on the lines of the law of the usa. Nothing illegal, nothing revolutionary, nothing exportable (501), just a local/small association where the phantasm & the provocation help to be be on the self victim side : hypocrite.

> why .onion sites should be an infrastructure component for plain old web sites

I also would like to see creative suggestions focusing on a technical opportunity for Tor to Do Something Great. But I don't think political iniatives should be discounted.

Two recent news stories suggest why TP should reach out to NYC government departments, political staffers, local hospitals and other medical facilities, and the Board of Ed.

First:

http://thehill.com/policy/cybersecurity/363827-local-governments-grappl…
Local governments grapple with ransomware threat
Morgan Chalfant
8 Dec 2017

> Computers hackers are increasingly targeting local governments with cyberattacks for financial gain. Hackers this week successfully infected government servers with malware in North Carolina, locking Mecklenburg County officials out of their systems and slowing its operations to a crawl. Hackers demanded $23,000 in exchange for unlocking the stolen files. Officials are refusing to pay—meaning they will need to rebuild their systems from scratch.

Many of these ransomware attacks appear to originate with a phishing campaign. Operators of websites need to ensure that their own customers/employees are not maliciously redirected to a phishing site, perhaps in a dragnet attack using an illicitly obtained "root" certificate. This problem is about to get much much worse because so many government services (in the US and around the world) are starting to require people to apply or communicate online, in order to save money by closing physical offices staffed by humans. So when someone goes to a "government site" and enters sensitive personal information, when the "government site" is actually a phishinng site that's going to create serious problems for the victims, and eventually for the government.

Second:

The feds have lately been struggling to work up the courage to suggest "DMARC for all". Trouble with that is: DMARC has been broken; see

https://www.wired.com/story/mailsploit-lets-hackers-forge-perfect-email…
‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs
Andy Greenberg
5 Dec 2017

> Pretending to be someone you're not in an email has never been quite hard enough—hence phishing, that eternal scourge of internet security. But now one researcher has dug up a new collection of bugs in email programs that in many cases strip away even the existing, imperfect protections against email impersonation, allowing anyone to undetectably spoof a message with no hint at all to the recipient.

Onion sites could help.

TP needs to explain to government officials and business persons why they should regard Tor part of the solution, not part of the problem.

> However, some of the recommendations are out of the focus of these meetups.

Looking to the future, I think there is a huge need for the good guys (TP and friends) to get young people (e.g. NYC high school students) thinking about working toward a career as a defender (think Citizen Lab, EFF, ACLU, TP, independent journalism) rather than as a cog in the Surveillance Military Industrial Complex or as a Google/Amazon/Facebook operative or as a Wall Street "quant". Many of the OT suggestions seem to speak to that need.

That said, I hope technically creative people will chime in with more suggestions. I don't think it is possible to have too many suggestions.

A good explainer which gives background on why FOSTA/SESTA (promoted in US Congress as anti-human-trafficking laws) are likely to be abused to harm peaceful political protest groups such as environmental groups and local protest groups (e.g. against a major development or airport expansion):

theguardian.com
Online abuse must be curbed. But who decides where the line is drawn?
Owen Jones
12 Dec 2017

> Few would deny the importance of tackling online hatred or child abuse content. The internet, after all, has become a key weapon for those who disseminate and incite hatred and violence against minorities, and for those who pose a horrifying threat to children. It is difficult, though, not to feel discomfort about three rightwing newspapers – the Sun, the Daily Mail and the Times – all leading on the perils of social media.

I too would like to see more suggested topics which focus on technical opportunities for Tor.

However, I don't think there can be too many suggestions for possible topics, since the most essential desideratum is that some suggested topic "catches fire" with some critical mass of potential attendees at future Tor workshops in the NYC area.

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o reach out to some of the excellent math/CS departments in NYC universities, seeking interest in a workshop on how novel cryptographic techniques could help/harm Tor in the future (e.g. quantum computing, but so much more).

o reach out to same, seeking to establish interest in a workshop exploring how to scale the Tor network in the event that a large fraction of the world's citizens wake up to the fact that Tor is their friend, despite whatever bad things their government might say.

December 07, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Reach out to history teachers in NYC high schools to develop a course to

+ teach how privacy violations (e.g quartering troops in homes) by the colonial government were one of the root causes of the American Revolution,
+ teach how anonymous essays played a critical role in fostering revolution,
+ explore how modern NSA social-network/phone tracking methods and FBI "sting operations" might have played out if they had been used by the Crown to suppress the Revolution (for example, one paper shows that modern social network graphing techniques immediately identify Mr. Paul Revere and Dr. Edward Bancroft as key players in Boston whose removal would have crippled the Committee of Correspondence; could the revolutionaries have used modern tools to detect the fact that Bancroft was actually a closet Loyalist spying on the revolutionaries?),
+ Ben Franklin was an enthusiastic proponent of a professional and ethical federal mail service (now the US Mail) which not even the government could spy on; what would he think about the NSA dragnet?
+ explore how freedmen, slaves, Tories, trade unions, spies for and against the revolutionaries, all played critical roles in NYC just before and during the Revolution
+ get a copy of a NYC slave pass from local museums, compare with modern ID cards,
+ teach about the Whisky Rebellion, during which Pres. Washington and his confidante, Gen. Hamilton, led an American army into a wilderness region (now the heavily urbanized Pittsburgh area) to put down a tax revolt, and inquire into whether the hagiography of Alexander Hamilton is historically accurate (Washington pardoned several people Hamilton wanted to execute in the field).

o Arrange for Tor community people to teach guest workshops on the historical background for Signal, Tor, etc.

December 07, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Contact ACLU and suggest to arrange with Edward Snowden a "snowbot" visit to NYC area high school classrooms, perhaps with other former whistleblowers living in the NYC area and/or with ACLU researcher and former FBI behavioral studies agent Mike German also present for extra perspective, interest, and drama (don't forget to publicize in local papers, but be prepared for a hysterical backlash from certain quarters--- if properly handled, a ferocious backlash can in itself help our cause),

o Get together refugees from countries where recent revolutions failed who are living in NYC area, plus NYC academics and representatives from groups such as Black Lives Matter, discuss what has gone wrong in recent revolutions, and brainstorm about how to make a successful bloodless revolution (emphasis on *bloodless*),

o Brainstorm how to try to persaude NYC politicians and public officials to train their own staff not to say "privacy is dead" or "if you have nothing to hide you have nothing to fear".

December 07, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Reach out to Bronx Science, Brooklyn Tech, Stuyvesant High Schools to organize hackathons bringing professional info-techies/coders and high school student to Code for the People,

December 07, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Reach out to NYC high school music teachers and history teachers to arrange guest workshop with NYC musicians discussing the historical background for political backlash against Musicians with an Attitude, e.g.
+ former NYC resident John Lennon was threatened by Alabamians furious by his innocent expression of bewilderment that the Beatles "are bigger than Jesus" (in the mind of contemporary teenagers); compare the remark of a U.S. Navy SEAL (to NYT reporters) which appears to suggest that some SEALs believe they are "bigger than God"; discuss the reasons for the lack of a similar backlash against the SEALs from the Religious Right,
+ FBI's decades long surveillance of Pete Seeger (NYC connection is sloop Clearwater) and Joan Baez in retaliation for their anti-Vietnam-war activity anti-prison camp (Seeger first got into trouble with FBI for objecting to FDR's unconstitutional internment of Japanese-Americans during WWII),
+ FBI's decades long surveillance of Woody Guthrie; c.f. Alice's Restaurant in modern combinatorics and its cryptographic implications,
+ FBI's surveillance of jazz musicians in Harlem during the 1920s and 1930s
+ FBI's surveillance of hip-hop musicians in the present day

Reference for the SEAL comment:

washingtonpost.com
‘Top Secret America’: A look at the military’s Joint Special Operations Command
Dana Priest and William M. Arkin
2 Sep 2011

> “We’re the dark matter. We’re the force that orders the universe but can’t be seen,” a strapping Navy SEAL, speaking on the condition of anonymity, said in describing his unit.

December 07, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Reach out to current graduate students (in Math and related fields) attending NYC universities to attend guest workshops in NYC high schools which teach about cryptographic methods old and new

o Reach out to same plus NYC school history teachers to draw upon David Kahn's classic book The Codebreakers to explore such themes as

+ NSA and US military use intensive communications intercepts to combat narcotics trafficking in the Carribbean (often with intended destination at JFK); compare and contrast the fact that USCG used cryptography to combat rum runners during Prohibition, including in Long Island area,

+ USCG hired NSA legend William F. Friedman and his wife, Elizebeth Friedman, to cryptanalyse (often in real time) messages sent by the rumrunners; WFF later headed the cryptanalysis of the Japanese diplomatic cipher which became known as MAGIC; after the war he became a dissident who opposed NSA spying on Americans, and was kicked out of the agency; the main auditorium at NSA headquarters is named for WFF; NSA tried to classify some very important pre-WWI papers by WWF and raided his home to recover his own copies, but the raiders failed to discover that WFF--- who had been tipped the raid was coming--- had given his copies of his own papers to his neighbor, a precocious boy interested in becoming a reporter and who much later authored a wonderful book on cryptography; this book is today in some respects not entirely politically correct; discuss!

+ Compare and contrast the leaks by the former leader of "the American black chamber" to the Snowden leaks (motivation, effect, backlash); note that Snowden leaked documents show the NSA remains deeply commited to using cryptanalysis and communications intercepts to help USG gain an unfair advantage in treaty negotiations.

+Wikipedia is the encyclopedia where anyone can write anything, yet it is often the most reliable source of information about many controversial topics; how can this be?

References:

https://en.wikipedia.org/wiki/William_F._Friedman
https://en.wikipedia.org/wiki/Elizebeth_Smith_Friedman
https://en.wikipedia.org/wiki/David_Kahn_(writer)
https://en.wikipedia.org/wiki/Herbert_O._Yardley

December 07, 2017

Permalink

Following up on this suggestion:

> teach [high school students] about probabilistic and statistical reasoning

Both are essential to understanding Tor's virtues and potential flaws. Similarly for other privacy-enhancing tools.

And to understanding the enormous threat posed to current US high school students from abuse of machine learning techniques and the algorithmically enabled "New Jim Crow", both in its corporate and governmental aspects.

So why not urge NYC grad students to help NYC high school teachers develop a statistical self-defense course? Using R of course because that is

o the biggest and the best statistical software environment

o open source

o free as in free... pizza (since we are discussing this in a high school context).

References:

How to Lie with Statistics, Darrell Huff, Norton, 1954. Classic nontechnical book, should be readable by high schoolers.

Stuck by Lightning, Jeffrey S. Rosenthal, Harper, 2005. Very readable, by an expert in Markov chain theory. Discusses the mysterious "murder hump", too briefly.

History of Statistics, Stephen Stigler, Dover, 1986. Readable, undergraduate level, great background on the long history of how statisticians have influenced the "justice system" [sic].

Understanding Probability, Henk Tijms. Cambridge University Press, 2012. Very readable.

Introduction to Probability Models, Sheldon Ross, Academic Press, 2007. More advanced but very readable.

Digital Dice. Paul Nahin. Princeton U Press, 2008. Chapter 13 suggests some good evasion problems.

Will You Be Alive 10 Years from Now? Paul Nahin. Princeton U Press, 2014. Chapter 12 has a nice dragnet application.

There are also relevant materials in the math underground (onion sites).

Most recent probability textbooks discuss what Roger D calls the "base rate paradox" (also known as the "juror's paradox" and by many other names), probably the most important fact from probability which every educated citizen needs to know. Some discuss the "prosecutor's paradox" (the mistake of treating all events as independent, a favorite Creatonist tactic also used by dishonest DNA "experts"). Some discuss "Simpson's paradox"; a classic justice-system-reform topic example arises from the statistics of death penalty verdicts in the Deep South.

December 07, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o organize a boycott by US based technical people of USG agencies such as NSA (the world's largest single employer of mathematicians) and cyberespionage-as-a-service companies.

Indeed, I think that all Tor workshops should have the primary or secondary goal of building a boycott movement in which computer scientists, mathematicians, engineers, physicists, statisticians, psychologists, anthropologists, data scientists, etc., pledge not to work for government agencies such as NSA or for companies such as Gamma, Hacking Team, NSO Group, or Cyberbit.

Some years ago, a boycott movement apparently failed. So why do I think it might succeed in 2017?

Two reasons, at least:

1. Drumpkim has pushed many smart people into a state of mortal fear, not without reason. We can harness that fear by suggesting something very positive smart tech trained people can do, or rather not do: they can refuse to use their knowledge and skills to support the surveillance-military industrial complex. And without our knowledge and skills, this industry must die. We are literally the only thing which can remove from the world one of the most deadly existential threats to our own and future generations.

2. Everywhere in the tech world, coders and engineers are now turning against the inhumane applications of the technology they have created. Even in places where many Americans might not expect to see a pro-human rights backlash.

For example, just look what happened at a recent conference inside Israel when one presenter seemed to have no ethical qualms about his work on making drone killings even deadlier:

theintercept.com
This Israeli Presentation on How to Make Drone Strikes More “Efficient” Disturbed Its Audience
Sam Biddle
5 Dec 2017

> Research backed by the U.S. and Israeli military scandalized a conference near Tel Aviv earlier this year after a presentation showed how the findings would help drone operators more easily locate people — including targets — fleeing their strikes and better navigate areas rendered unrecognizable by prior destruction. The doctoral student who presented the research demonstrated how pioneering data visualization techniques could show a drone operator, using lines and arrows of varying thickness, which direction fast-moving people and vehicles were most likely to travel, for example, at an intersection or while fleeing a building. The presentation clearly angered at least some of the crowd, including the moderator, prompting hostile questions.

One other thing: Citizen Lab director Ron Deibert (author of Black Code) has just drawn renewed attention to four of the largest cyberespionage-as-a-service companies:

o Gamma International/Finfisher (UK and Germany)
o Hacking Team (Italy)
o NSO Group (Israel)
o Cyberbit (Israel) (formed from two Israeli companies, Elbit Systems and NICE Ltd)

See

https://www.wired.com/story/evidence-that-ethiopia-is-spying-on-journal…
Evidence That Ethiopia Is Spying on Journalists Shows Commercial Spyware Is Out of Control
Ron Deibert
6 Dec 2017

Because the mere mention of Israel is likely to prove inflammatory in coming weeks, I would like to stress that Israeli citizens (a group which includes Muslims as well as Jews and agnostics) cannot be held responsible for what some disreputable Israeli companies do, anymore than US citizens can be held responsible for what shady US companies do. Further, many Israeli citizens want to see the peace process continue, and are just as concerned as Deibert is about companies like NSO Group and Cyberbit.

I for one would like to hear a report from Roger D about his experiences attending this conference:

> Cyber Challenges to International Human Rights – Jerusalem & Haifa
> December 11-12, 2017.

FWIW, my take on the question of why so many cyberuglies are founded in Israel is that authoritarian minded people (even some anti-semites) are often enthusiastic about the image IDF has in some quarters of being tough no-nonsense strong-armed type people. The cyberuglies have always been quick to capitalize on this impression by including in their video presentations footage of their nastier products in action against Palestinians. That's disgusting and horrifying, but no-one should blame Israeli citizens generally for the misdeeds of a few people who happen to live in Israel.

December 07, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Liase with EFF, Epic, and like-minded organizations, and update LetsEncrypt to OnionItAll (take on Keith Alexander's CollectItAll).

Picking up on this bullet item:

> why .onion sites should be an infrastructure component for plain old web sites

Very glad to see this, because I think this is one of the most urgently needed solutions which Tor can offer to society's current cyberinsecurity mess.

Here is a relevant news article from Wired:

wired.com
Phishing Schemes Are Using Encrypted Sites to Seem Legit
Lily Hay Newman
5 Dec 2017

> A massive effort to encrypt web traffic over the last few years has made green padlocks and "https" addresses increasingly common; more than half the web now uses internet encryption protocols to keep data protected from prying eyes as it travels back and forth between sites and browsers. But as with any sweeping reform, the progress also comes with some new opportunities for fraud. And phishers are loving HTTPS.
>
> On Tuesday, the phishing research and defense firm PhishLabs published new analysis showing that phishers have been adopting HTTPS more and more often on their sites. When you get a phishing email or text, the sites they lead to—that try to trick you into entering credentials, personal information, and so on—implement web encryption about 24 percent of the time now, PhishLabs found. That's up from less than three percent at this time last year, and less than one percent two years ago.

We need to make an organized effort to try to make sure that US politicians understand that https and even DMARC are not panaceas. Neither, no doubt, is making an onion site instead of a regular https site, but we need to explain that

+ this is an arms race between the white hats (us) and the black hats (Gamma, Cyberit) [and NSA/TAO and all them like that]

+ onion sites offer a significant improvement in cybersecurity, at least for the foreseeable future (maybe a year? two years? who knows?), which can buy us time

+ this is really a no brainer, just as the original LetsEncrypt movement was a nobrainer: The People need help right here right now, and Tor can offer something which can help right here right now.

December 08, 2017

Permalink

check tor : http://onionbr5zulufnuj.onion/
* at the bottom : Onion Browser is provided on an “as is” basis, with no warranties or representations, and any use of it is at the user's own risk.
* and : under the MIT license ( it is not a good reference like you know)
* no https version ( lol_ pls add it ! )

is it relevant ?
*when will we have a Tor email client -thunderbird is abandoned ?

December 09, 2017

Permalink

Is maybe being just me thinking the person who be posting nsa surveillance blatherins in tor project ny meetup blog comments section is seeming to be sounding like just like shadow brokers hacker
who also is conceilment of communication to prevent identification dox, me thinking is being same person.
Tor project be doing something positive to world by firing person who had website made of for slandering them after it being revealed they were predator scum bag.
could be making better in about:config settings if shit like geo clipboard sensor face telemetry report privacy spdy media.peerconnect webgl cisco were all set to false and blocked, maybe next revision version of Tor will make better?

Shadow brokers are seeming awesome persons of internet and wish could be drink beer at meeting place one day with them but is understanding cannot be meeting because of identity so we be admiring from far away place in internet land.

512sum verify 34t4jio489rjiop2490r532584242j3f24j5u4292t
maybe is key or maybe is hitting face on keyboard or maybe is coupon code
to be getting discount on

December 09, 2017

Permalink

Wonderful news: Tor Project just got some good press!

Wired.com has been running a timely series of brief guides to cybersecurity (for ordinary citizens with extra steps for endangered people). One of these is a good if brief sketch of what Tor has to offer to everyone:

https://www.wired.com/story/the-grand-tor/
The Grand Tor: How to Go Anonymous Online
Andy Greenberg
9 Dec 2017

> Fifteen years have passed since a couple of MIT grads and a Navy-funded researcher first built The Onion Router, or Tor, a wild experiment in granting anonymity to anyone online. Today, Tor has millions of users. The original project has been endlessly hacked on, broken, and fixed again. While imperfect, it remains the closest thing to a cloak of anonymity for internet users with a high sensitivity to surveillance, without needing serious technical chops. And it’s stronger and more versatile than ever before.

Hear! Hear!

The piece clarifies that Tor Browser is not the only thing Tor offers; Greenberg also mentions Onion Share, Tor Messenger, and allied projects such as Tails.

Now all we need is media attention to the virtues of making every website (or at least, every news site or civil liberties site) an onion site, citing the breakage not just of PKI generally (https certs) but DMARC, which the USG is currently pushing as a cure-all for society's DNS woes.

December 09, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Brainstorm how Tor can possibly enable crowd-sourced projects which aim to build useful counter-surveillance gear which would be particularly well suited to a city such as NYC where so many parties are using state-of-the-art spy gear, such as affordable spectrum analyzers (currently these run to many thousands of dollars, but can surely be built using COTs elements for much less, and NYC techies should probably make some for local news organizations and endangered NGOs such as ACLU and TP itself).

o The Snowden leaks show that NSA routinely uses--- in NYC and other locales-- retroreflectors and such in the kind of attack which can apparently only be defended against by Tempest (i.e. Faraday cages). Brainstorm possible defenses which could be used by ordinary Tor users if provided by developers, as well as by local government officials, UNHCR and other poorly-funded low budget agencies, medium sized businesses, etc.

o Reach out to medium-sized businesses in NYC, pointing out that many of them already know from experience how damaging cyberbreaches can be, asking for reasonable contributions to Tor research in NYC area focused on improving cybersecurity for all, for example by developing an "Onions Everywhere" movement similar to EFF's highly successful "HTTPS Everywhere" movememnt.

o Organize a workshop on how state-of-the-art entropy generating techniques can be incorporated into
+ Tails needs a good source of entropy soon after being booted, or it would generate weak SSL keys or even worse, poor "one use only" GPG keys; Tails is already working on this, but it's a very hard problem and I'm sure they'd be very happy to get some good ideas from the smart people who would attend a NYC workshop aiming to address this problem,
+ (possibly) TP products; e.g. a goal should be to make Tor clients and onion servers use strong entropy even if the operating system by default uses weak entropy to generate SSL keys and such, or even worse has been covertly modified to use an awful entropy source.
+ Part of the workshop could explain how to use dieharder (see the Debian repos) and other tools to identify and diagnose problems with pseudorandom number generators. Very possibly it would be a good idea to accept major added CPU load by having onion sites automatically check the quality of their PRNG from time to time, e.g. during low bandwidth times of day. Such a check could potentially be abused by an attacker who gains access to the reports, of course, so participants could discuss whether there's a smarter way than running checks on the affected server itself.

December 09, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

> many people (person?)

Tor can help keep anonymous posters anonymous, but we know that DARPA and other potential foes of Tor users are hard at work on developing "stylometry" into an effective deanonymization tool.

I think Roger D is familiar with at least one attempt to develop countermeasures to stylometric attacks, which could perhaps be further developed and put into Tor Browser. Ideally this would a utility which behaves like gedit's "spell check", but which identifies low entropy (distinctive) words, grammatical constructions, etc. and suggests high entropy alternatives. Needless to say, this would seem to be very language-specific, but such a tool for English could be helpful to many Tor users.

It could also help these fellows

https://en.wikipedia.org/wiki/Internet_Research_Agency

But we can't let that stop us from working to help ordinary citizens stay anonymous in the face of increasingly sophisticated state-sponsored de-anonymization attacks, often using Big Data repositories.

December 09, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Workshop to study potential future threats to Tor which mess with the clocks used by clients (on personal devices of Tor users) and/or Tor nodes to disrupt Tor traffic, especially to onion sites, and to identify and start developing practical ways to resist such attacks.

o Workshop to study sophisticated "all but global attacker" deanonymization attacks (of the kind studied by Nick and academics, and also unfortunately by NSA) and to brainstorm countermeasures; there have been other such workshops, but you can never have too many of this kind, and NYC, with its wealth of crypto-sophisticated coders, is an ideal venue for this kind of state-of-the-art techniques workshop.

o Workshop to provide onion mirrors for important software depositories in addition to Debian repository, e.g. github.

December 09, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Workshop to identify potential threats to Tor Browser users in which the attacker attempts to abuse the clipboard, and fix any vulnerabilities found.

o Workshop to trawl for state-sponsored malware targeting Tor users, in a carefully coordinated attempt to capture it, reverse engineer it, attribute it, and publish it (with bugfixes).

o Brainstorm how Tor can play a role in allowing selective authentication by Tor users--- prima facie, assisting banking customers to use Tor to log into their bank's website seems absurd, but if we look deeper, maybe onion sites could make it very hard for ordinary criminals to do cross-site scripting type redirections of legitimate bank customers to phishing sites.

o Brainstorm a campaign for high profile NYC citizens, explaining how onions and using multiple modes such as Tor Messenger, Signal, etc., can make them very resistant to "whaling"; why can't someone like Michael Bloomberg become a spokesperson for Tor, eh?

o Workshop to improve Tails documentation (already good but more needs to be explained for ordinary users), including translations (NYC speaks many languages)

> why can't someone like Michael Bloomberg become a spokesperson for Tor, eh?

bloomberg.com was one of the few major media organizations which troubled to report in depth upon the phenomenom of cyberwar-as-a-service companies some years ago (along with The Guardian, WL, and more recently The Intercept). So this suggestion might not be as strange as it may first appear.

December 11, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

I have a suggestion which requires a bit of background.

Back in Jul 2015 a vast amount of internal documents from Hacking Team SRL, the Italian cyberespionage-as-a-service company, including customer lists, pricing lists, marketing presentations, emails, and plans for future malwares, were leaked and published at WL. Along with the similar leak from HBGary Federal (now defunct), the HT documents provide much insight into how these cyberspies operate. For us the most relevant documents described "Project-X", Hacking Team's code name for a plan to attack Tor users worldwide. Arma had this to say

https://blog.torproject.org/blog/preliminary-analysis-hacking-teams-sli…
Preliminary analysis of Hacking Team's slides
7 Jul 2015
arma

> A few weeks ago, Hacking Team was bragging publicly about a Tor Browser exploit. We've learned some details of their proposed attack from a leaked powerpoint presentation that was part of the Hacking Team dump.
>
> The good news is that they don't appear to have any exploit on Tor or on Tor Bro wser. The other good news is that their proposed attack doesn't scale well. They need to put malicious hardware on the local network of their target user, which requires choosing their target, locating her, and then arranging for the hardware to arrive in the right place. So it's not really practical to launch the attack on many Tor users at once.

See also

http://www.forbes.com/sites/thomasbrewster/2015/07/06/us-gov-likes-hack…
Leaked Emails: How Hacking Team And US Government Want To Break Web Encryption T
ogether
6 Jul 2015

Here are links to a few HT emails discussing attacks on Tor:

https://wikileaks.org/hackingteam/emails/emailid/346
https://wikileaks.org/hackingteam/emails/emailid/16286

Motherboard had a good writeup which said in part:

http://motherboard.vice.com/read/hacking-teams-project-x-wants-to-spy-o…
rs
Hacking Team's 'Project X' Wants To Spy on Tor Users
Joseph Cox
13 Jul 2015

> Called “Project X,” Hacking Team’s method proposes to re-route a target's internet traffic before it enters the Tor network, so it could be monitored by the company’s clients. This is described in two PowerPoint presentations included in the 400 GB Hacking Team breach... The idea is that the malware will modify the target's installation of the Tor Browser. The Tor Browser, which is based on Firefox, is possibly the most popular way that people access the Tor network, it gives users all sorts of other security benefits, and routes their traffic through the Tor network....This modification is done so the Tor Browser, unbeknown to the target, does not join the network directly. Instead, the traffic is first re-routed to a node con trolled by Hacking Team's customer.
> ...
> “We have not yet worked our way through all 400 gigabytes of data in the Hacking Team data leak,” The Tor Project said in an emailed statement.

So here are my proposals:

o hold a NYC area workshop to
+ look for any evidence for malicious redirection of the type plotted by HT,
+ trawl through the 400 GB (have Italian translators handy) in order to extract useful insights into HT's methods,
+ devise promising countermeasures TP can implement now or in the future
+ (possibly) review the Snowden leaked NSA and GCHQ internal presentations on their (failed) attacks on Tor, to see whether anything they mention appears relevant to current Tor

o hold a NYC area workshop to
+ liase with WL to set up onion mirrors for the HT and Spy Bazaar material
+ liase with ACLU to set up onion mirrors for the Cellspy material
+ liase with The Intercept to set up onion mirrors for published Snowden leaks
+ (controversial) devise honeypot onion sites which attempt to lure sophisticated cyberspies, with a view toward capturing, reverse engineering, attributing, and publishing state-sponsored malware.

Further goals of the last item would be to throw the fear of G-d into DV and pals, and to provide an irrestible lure for real-life informers, the better to know who they are.

Note that HT malware has been repurposed and used in the wild by other cyberspies/crooks:

https://publicintelligence.net/fbi-spearphishing-hacking-team/
FBI Cyber Division Bulletin: Hacking Team Exploit Used in Spearphishing Campaig
n Targeting U.S. Government
July 24, 2015

> The following bulletin from the FBI Cyber Division discusses a spearphishing campaign targeting U.S. government agencies in June and July of 2015. The camp aign utilized a Adobe Flash exploit based on vulnerability CVE-2015-5119 that was discovered in the 400GB data archive from hacked Italian surveillance technology company Hacking Team that was released publicly earlier this month. The exploit was being sold as a product of Hacking Team and was listed in their product knowledge base. The bulletin notes that the Flash exploit was being used in phishing emails in June 2015 despite the fact that the Hacking Team data was only made public on July 5, 2015.

Regarding HT, please note that we have known for some time that HT had partnered with NICE Systems, the Israeli cyberespionage-as-a-service company which was allegedly hired by large US telecoms to spy on their own customers (including recording voice call content). This ought to worry USPERs because NICE suffered a hugely embarrasing data breach in which someone noticed one of their troves of recorded voice calls had been left exposed for anyone to listen to:

http://www.theregister.co.uk/2014/05/29/spy_platform_zero_day_exposes_c…
Spy platform zero day exposes cops' wiretapped calls
Laundry list of fail includes backdoor, remote unauth access to intercept box
security fail
Darren Pauli
29 May 2014

Just this month, CitizenLabs discussed the merger of NICE with portions of Elbit Systems (the Israeli surveillance/attack drone company) to form a company called Cyberbit, as well as HT malware used by the Ethiopian government to attack USPERs.

December 11, 2017

Permalink

FBI continues to try to outdo FCC in their ferocious disinformation campaign targeting Tor and strong encryption generally:

https://arstechnica.com/tech-policy/2017/12/fbi-director-again-laments-…
FBI director again laments strong encryption in remarks to Congress
“The FBI also invests in alternative methods of lawful engineered access.”
“responsible encryption,” expert asks “responsible to whom?”
Cyrus Farivar
11 Dec 2017

In recent testimony before Congress, the director of the FBI has again highlighted what the government sees as the problem of easy-to-use, on-by-default, strong encryption... The FBI and its parent agency, the Department of Justice, have recently stepped up public rhetoric about the so-called dangers of "Going Dark." In recent months, both Wray and Deputy Attorney General Rod Rosenstein have given numerous public statements about this issue.

techdirt.com
FBI Director Complains About Encryption, Offers To Sacrifice Public Safety In The Interest Of Public Safety
from the an-argument-divided-against-itself dept
Tim Cushing
11 Dec 2017

> FBI Director Christopher Wray offered ... meaningless statistics about device encryption. Through the first eleven months of the fiscal year, the FBI apparently had 6,900 locked phones in its possession. Wray claims this number represents "roughly half" of the devices in the FBI's possession. The number is meaningless, but it serves a purpose: to make it appear device encryption is resulting in thousands of unsolved crimes.

By the way, a common false anti-Tor "meme" which is constantly pushed in blog comments here and elsewhere is the claim that "if the feds want your device, they are going to be able to pwn your device". But that's not true at all. Don't believe it because I say it, believe it because FBI Director Wray just said it:

> As an organization, the FBI also invests in alternative methods of lawful engineered access. Ultimately, these efforts, while significant, have severe constraints. Non-content information, such as metadata, is often simply not sufficient to meet the rigorous constitutional burden to prove crimes beyond a reasonable doubt. Developing alternative technical methods is typically a time-consuming, expensive, and uncertain process. Even when possible, such methods are difficult to scale across investigations, and may be perishable due to a short technical lifecycle or as a consequence of disclosure through legal proceedings.

Snowden put it better: "strong end-to-end encryption works".

December 11, 2017

Permalink

Some readers will probably be interested in this:

You know that thing where NSA hoards dangerous vulnerabilities in widely used software/hardware, rather than warning the manufacturers/users? That's the VEP. The VEP guidelines have just been published. The document is in many ways misleading and self-serving, but offers some clues:

https://publicintelligence.net/us-vulnerabilities-equities-policy/
Vulnerabilities Equities Policy and Process for the United States Government
December 11, 2017

December 12, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

This is probably a very bad idea and I hesitate to suggest it, but it irks me that DPRK (North Korean government) is keeping their citizens in the dark about everything happening in the wider world, so FWIW:

o (controversial) Workshop brainstorming ingenious methods for bringing some kind of covert torified internet to DPRK; can the Raspberry Pi B be modified to be useful inside DPRK by ordinary citizens (note that DPRK's existing internet is tiny and limited to "cleared" officials)
+ warning: this could align with RFA (Radio Free Asia) (probably OK) but also with CIA (very bad)
+ spot the CIA agent in attendance at the workshop
+ spot the CN government spook in attendance at the workshop
+ warning: CIA might try to recruit young people to be dropped into DPRK--- don't get involved with them, they'll get you killed or worse!
+ warning: attendees should expect cyberattacks from USG, CN government, etc.
+ (dangerous) try to capture, reverse engineer, attribute, and publish their malware

This requires

o port Tor to Raspberry Pi
+ even better (but possibly hard): port Debian to Raspberry Pi (raspbian chose to allow a name conflict which makes it hard for Raspberry Pi users to access the Debian software repository)

Related:

o provide onion mirrors and cryptographic signatures for raspbian repository

December 12, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

Following up on the comment about the urgent need to teach modern statistical methods including some Big Data and unsupervised machine learning methods to activists and journalists:

o Workshop to brainstorm better methods of estimating
+ the number of "bad Tor exit nodes" which are eavesdropping
+ the number of exit nodes operated by well-funded intelligence agencies with global ambitions (e.g. RU, CN, USA)

I think Roger knows some ways to do this, but he might not realize that there are many, many possible approaches. Buzzfeed News has assembled a crack team of data scientists led by a reporter who is a former wildlife biologist, so they would be an excellent resource to liase with in planning the workshop.

Some hints on methods which may prove useful:

+ loglinear regression (the easiest)
+ MCMC simulations (offer more robust estimates
+ model "bad nodes" as an "open population" rather than a "closed population"
+ use model diagnostics and model comparisons
+ methods tracking population over time (births, deaths of nodes)
+ non-parameteric latent class models
+ try both Bayesian and frequentist approaches

For example, in a typical loglinear analysis one uses government data on DHS captures of illegal immigrants who are "marked" by their fingerprints taken upon arrest. Given a tabulation of how many people have been captured 1,2,..k times in a given period, one can estimate the population including the number captured 0 times.

Naturally, DHS never says how it estimates the population of illegals inside the US, and one dirty little secret which civil liberty activists can learn from their own experience using statistical methods is that different but plausible-appearing methods for estimating a population size often give wildly different estimates. That's where MCMC simulation and model comparison can help.

In an another example of a typical loglinear analysis, cyberintruders target several major environmental groups seeking their mailing lists. That not only gives them a list of contact information for specific people they can spy on, but also allows them to estimate how many environmentally-minded persons exist who do not yet appear on their "spyworthy" roster. E.g. the bad guys have four lists, and 23 people appears on all four, 104 appear only on the first two lists, etc., which enables them to estimate how many additional environmentalists are so far unknown to them--- very useful when seeking a budget increase! In this example, people are "marked" by their contact information.

One reason FBI wants so very badly to photograph and facially identify everyone who shows up at even a peaceful protest is that FBI analysts can use the facial ids--- even if not associated with an IRL identity--- to carry out a similar analysis; if they surveilled four protests at three locales, and N(k,r) persons were spotted k times at r protests, the bad guys can estimate how many total potential protestors exist, and predict in which locale each one is likely to appear at future protests. And the surveillance-as-a-service companies (often staffed by former feds) can do the same thing.

Again, this speaks to the need for TP and allied groups to seek to discourage graduate students in statistics from joining the bad guys--- much more challenging and infinitely more just to work for The People to curb government/corporate abuses like the ones just sketched.

December 13, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Workshop to organize concerted campaign which seeks to individually contact head librarians at every public library and university/college library (dozens!) in the NYC area, teaching them about Library Freedom Project and urging them to consider becoming a partner.

December 13, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Workshop to
+ Use the recently leaked DailyStormer style guide to write scripts for use by blog maintainers (especially of blog.torproject.org!) to automatically flag submitted comments which exhibit stylistic indicators that the comment may come from a DS fan.
+ Generalize to other commentards, e.g. the Trolls from Olgino.
+ Use this and other sources to extract other information about trolls which will be useful to blog maintainers.

See

huffingtonpost.com
This Is The Daily Stormer's Playbook
A leaked style guide reveals they’re Nazis about grammar (and about Jews).
Ashley Feinberg
13 Dec 2017

> Back in September, Vox Day, a Gamergate holdover who has assumed the position of racist alt-right figurehead, published a handful of brief excerpts from what he described as the “Andrew Anglin” style guide. For the blissfully unaware, Anglin is a neo-Nazi, troll and propagandist who runs The Daily Stormer, one of the more prominent sites of the white supremacist web. The passages selected by Vox Day in his blog post suggested that Anglin is persnickety about detail and presentation ― except on the subject of the Jews, who are to be blamed “for everything.”
>
> HuffPost has acquired the 17-page document in its entirety, as well as transcripts from an IRC channel where the document was shared in an effort to recruit new writers. It’s more than a style guide for writing internet-friendly neo-Nazi prose; it’s a playbook for the alt-right.

Exactly, offers considerable insight into the goals of DS trolls and how they think about their trolling.

You can run a relay from your PC using your existing home(?) connection. (Note that it is not advisable to run an *exit* node from home).

Are you inquiring about donating your PC to be placed in a data center as a dedicated tor node? (Data centers offer better bandwidth, which is possibly more important than CPU power if you want to run a not-fast Tor node.)

December 16, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Workshop to plan/prioritize Tor-nation-building projects
+ NYC has many highly educated people who speak a second language
+ reach out to ordinary citizens in underserved countries (e.g. VE) in their own language
+ identify countries which already have many users but not enough fast nodes

For example, using data from yesterday on published Tor nodes:

Brazil needs some fast routers!!
BW% Nr%
0.0003 0.0054

Argentina needs some fast routers!!
BW% Nr%
0.0001 0.0031

That is to say, Brazil has 0.5% of nodes by number but carries only 0.03% of traffic, suggesting there exists an unmet demand in Brazil for some fast Tor nodes.

In some countries, e.g. RU, it might be hard to provide fast Tor nodes owing to government harrassment, but it seems clear from the number of nodes that there is great demand in both RU and UA for tor service.

West Africa, South Asia, and Central/South America would seem to be very underserved but have great need.

December 16, 2017

Permalink

> Future ideas for Tor-focused gatherings are in the works, with input appreciated. Leave a comment below!

o Workshop to brainstorm something spectacular for PR
+ slogan could be "the government didn't fix the power, but we (TP) provided Tor service"
+ Google &c promised to fix comms but power still out for much of Island
+ can NYC engineers produce inexpensive hand cranked devices which can make an emergency regional internet?
+ torified of course because of the political controversy concerning credible corruption allegations swirling around PR, plus FCC now allowing telecoms to block *legal* content (e.g. criticism of the USG from PR) so ordinary people in PR need to get the word out about what is happening where they live, without censorship.

January 02, 2018

Permalink

I watched the HPO show - I believe the the DPR lives in all (most) of us - the idea, the concept - we can all learn.