Conversation with a European Donor

by phobos | December 3, 2009

I had a conversation with a private donor from Europe yesterday. During the discussion, I asked,

Is there more we can do in the EU to help protect privacy and anonymity online?

The answer is,

You are already doing it as far as I am concerned: I started using TOR due to the recent coming into force of the legal requirement that UK ISPs must keep all web-browsing and e-mail connections for a year (?), and the fact that practically everyone and his cat (in government, of course) can ask to see those records without judicial review. Maybe you should stop talking about China and Tibet as places where anonymity are needed by journalists, and talk about the EU were anonymity is needed by all.

We continued to discuss the surveillance society that is the UK, and how the UK government is happy to export it to the rest of Europe. Governments are also large and complex. Many times one part of the government proposes and starts to roll out some policy or law, only to have another branch work to stop it. An unrelated, but classic example of this is,

Anyway, you are right about your characterization of governmental organizations; just look at this link and try not to laugh too loudly:

http://news.bbc.co.uk/2/hi/uk_news/politics/8379759.stm

It's great to hear from normal people that they are concerned about what is going on in their country. And that they are taking both tacts of supporting technological and political organizations that are working to address these laws. Not everyone has to be an activist to care about what's happening to the Internet.

There are groups like the Open Rights Group and Liberty tackling these issues on a political level. EFFi in Finland, Bits of Freedom in the Netherlands, and the CCC in Germany are other fine organizations working to stop or limit the creeping Internet surveillance.

The quotes are published with the donor's permission.

Comments

Please note that the comment area below has been archived.

December 03, 2009

Permalink

thanks for you tor-firefox....i can use it! hardly belive it...i thought it is very hard..
非常感謝。。

December 06, 2009

Permalink

I'm surprised torbutton can go so long without an update, if noscript and other plugins receive frequent updates, why not torbutton? Enough people testing it to look for bugs - exploits - etc or not

Yes, it does need more frequent releases. Torbutton has one person working on it, part-time. We'd love more help in writing code, doing the anonymity leak research, reverse engineering the firefox codebase, and fixing the anonymity bugs. Every firefox release brings new issues. The Firefox 3.5 codebase is very different from the 3.0 codebase, so we have to spend lots of time analyzing it.

Finding the bugs is fairly easy, fixing them without breaking firefox isn't so easy. Fixing them without breaking firefox and maintaining expected behaviour without leaking your identity is even less easy.

If you know javascript, firefox codebase, and can help us with solutions, we're more than happy to talk to you and accept your patches.

December 07, 2009

In reply to phobos

Permalink

"Torbutton has one person working on it, part-time"

bless his/her soul!

I wish you for more help with torbutton soon! Thank yous!

P.S. I hate captchas! :-(

phobos

December 08, 2009

In reply to by Anonymous (not verified)

Permalink

We dislike captcha's as well, An army of human spammers has little difficulty in bypasing them. However, the alternative is that the captcha's go away and we spend all day cleaning up blog spam posts. Right now, the best we can do is the captcha. We're open to other ideas.

December 08, 2009

In reply to phobos

Permalink

You could try a hashcash. If you set it to require ~20 seconds of CPU work then the spammers might not bother (Or you can always adjust it upwards and downwards to get it just right).

December 07, 2009

Permalink

I'm currently witnessing large time skews reported:

Received directory with skewed time It seems that our clock is behind by # hours, # minutes, or that theirs is ahead. Tor requires an accurate clock to work: please check your time, timezone, and date settings.

when my time is set correctly. Unless I change my system time to match the skewed time given by the directory, I cannot use tor, the skewed time messages will continue when I stop and start tor again unless I change my system time to match the skewed directory time which does not match my correct local time, then restart tor and it works but my local time on my cpu is now set to match a skewed time of a difference of 6 hours or more.

Why does this happen?

Another problem:

Random times I see:

Received http status code 404 "Not found" from server X while fetching consensus directory.

These problems are happening because............................. why?

December 08, 2009

In reply to by Anonymous (not verified)

Permalink

I suppose it's just a MYSTERY.

What boggles the mind is someone can respond in defense of CAPTCHAs but not in response to this problem.

is anybody there? this is a real problem I've noticed in several locations. or do I have to complain about something as trite as a dislike of captchas (I don't mind them at all) to garner some attention?

This is a blog posting about fundraising, and probably isn't the best place to report an issue with the software.

Please read this for the appropriate steps to follow.
https://www.torproject.org/documentation.html.en#Support

I'm using Arch Linux, and compiled Tor from trunk (as of last night) and had a similar experience.

My timezone was set to UTC, and my bios clock was set to local time. To resolve the issue, I set my bios clock to GMT and adjusted my timezone appropriately.

(For the record, it took me 6 tries to get the captcha right...)

December 08, 2009

In reply to by Anonymous (not verified)

Permalink

Is your time zone set correctly?
The time on your clock might be right, but if you set the wrong timezone tor wont work.

phobos

December 09, 2009

In reply to by Anonymous (not verified)

Permalink

There are two problems here:

1) Your client might not have an accurate clock, such as one set to sync to time servers, or ntp over the Internet.

2) The server you asked for directory information has an incorrect clock, possibly because its clock isn't synced to ntp servers.

Tor doesn't have an easy way to tell which end has the incorrect time, so we tell you about it. If your client is using ntp synchronization, then just ignore the error is the best answer have right now.

As for the 404, they appear occasionally when a server just updates its consensus, or if it doesn't have the descriptor you asked for, hence the 404. We probably should deprecate the warning on this to info level. There isn't much you as a user can do, other than wait. Tor will automatically try other servers anyway.

December 10, 2009

In reply to phobos

Permalink

i
am
happy
with
answers
above
thank
you

December 08, 2009

Permalink

2424

December 08, 2009

Permalink

Thank you for your work on Tor. I support your decision to use captchas because it is necessary to reduce the flood of spam.

What people find hateful about captchas are stupid ones.

People are text readers, not mind readers. Instead of the unhelpful captcha instruction "respecting upper/lower case", the captcha here could clearly state the intended algorithm to use for deciding between lower and upper case (for the many case-ambiguous letters like C, O, V, etc).

December 10, 2009

Permalink

PLEASE ALLOW BRIDGES LIST TO EMAIL OTHER THAN GMAIL AND YAHOO AT LEAST PARTIAL LIST PLEASE THANK YOU

phobos

December 11, 2009

In reply to by Anonymous (not verified)

Permalink

such as from where?

we require DKIM headers to make sure the email isn't spoofed and you aren't mailbombing someone with packages or spam.

December 14, 2009

Permalink

FYI: In FireFox 3.0 (have not confirmed with 3.5), when Google Search was the default browser search, information about all pages you visited using Firefox (tor or not) was sent to a Google server.

January 29, 2010

Permalink

When I connect to a blog or forum through Tor Polipo and Vidalia my local time appears on their sitemeter and with little search they can guess it's me . Different countries but same time zone inaccurate with country exit and same configuration of PC . Is there a way to change the time accordingly to exit country to be really anonymous? Thank you.

February 03, 2010

Permalink

Dear Donors
I am founderPresident of An Integrated Social Development Organization(.PRASAR) is working for the disable.indigenous.and fight against the poverty alleviation.PRASAR ia also working on education.health.leprocy prevent.PRASAR is registered organization
by the Bangladesh Government.PRASAR is looking kind donors to support organizational programs in soon.Please write me about your co-operation to spread
activities to support the helpless people.Again my m,best thank to you.

Yours sincerely
Priti sarman
President
PRASAR chittagong .Bangladesh.