Solidarity against online harassment

One of our colleagues has been the target of a sustained campaign of harassment for the past several months. We have decided to publish this statement to publicly declare our support for her, for every member of our organization, and for every member of our community who experiences this harassment. She is not alone and her experience has catalyzed us to action. This statement is a start.

The Tor Project works to create ways to bypass censorship and ensure anonymity on the Internet. Our software is used by journalists, human rights defenders, members of law enforcement, diplomatic officials, and many others. We do high-profile work, and over the past years, many of us have been the targets of online harassment. The current incidents come at a time when suspicion, slander, and threats are endemic to the online world. They create an environment where the malicious feel safe and the misguided feel justified in striking out online with a thousand blows. Under such attacks, many people have suffered — especially women who speak up online. Women who work on Tor are targeted, degraded, minimized and endure serious, frightening threats.

This is the status quo for a large part of the internet. We will not accept it.

We work on anonymity technology because we believe in empowering people. This empowerment is the beginning and a means, not the end of the discussion. Each person who has power to speak freely on the net also has the power to hurt and harm. Merely because one is free to say a thing does not mean that it should be tolerated or considered reasonable. Our commitment to building and promoting strong anonymity technology is absolute. We have decided that it is not enough for us to work to protect the world from snoops and censors; we must also stand up to protect one another from harassment.

It's true that we ourselves are far from perfect. Some of us have written thoughtless things about members of our own community, have judged prematurely, or conflated an idea we hated with the person holding it. Therefore, in categorically condemning the urge to harass, we mean categorically: we will neither tolerate it in others, nor will we accept it among ourselves. We are dedicated to both protecting our employees and colleagues from violence, and trying to foster more positive and mindful behavior online ourselves.

Further, we will no longer hold back out of fear or uncertainty from an opportunity to defend a member of our community online. We write tools to provide online freedom but we don't endorse online or offline abuse. Similarly, in the offline world, we support freedom of speech but we oppose the abuse and harassment of women and others. We know that online harassment is one small piece of the larger struggle that women, people of color, and others face against sexism, racism, homophobia and other bigotry.

This declaration is not the last word, but a beginning: We will not tolerate harassment of our people. We are working within our community to devise ways to concretely support people who suffer from online harassment; this statement is part of that discussion. We hope it will contribute to the larger public conversation about online harassment and we encourage other organizations to sign on to it or write one of their own.

For questions about Tor, its work, its staff, its funding, or its world view, we encourage people to directly contact us (Media contact: Kate Krauss, press @ torproject.org). We also encourage people join our community and to be a part of our discussions:
https://www.torproject.org/about/contact
https://www.torproject.org/docs/documentation#MailingLists

In solidarity against online harassment,

Roger Dingledine
Nick Mathewson
Kate Krauss
Wendy Seltzer
Caspar Bowden
Rabbi Rob Thomas
Karsten Loesing
Matthew Finkel
Griffin Boyce
Colin Childs
Georg Koppen
Tom Ritter
Erinn Clark
David Goulet
Nima Fatemi
Steven Murdoch
Linus Nordberg
Arthur Edelstein
Aaron Gibson
Anonymous Supporter
Matt Pagan
Philipp Winter
Sina Rabbani
Jacob Appelbaum
Karen Reilly
Meredith Hoban Dunn
Moritz Bartl
Mike Perry
Sukhbir Singh
Sebastian Hahn
Nicolas Vigier
Nathan Freitas
meejah
Leif Ryge
Runa Sandvik
Andrea Shepard
Isis Agora Lovecruft
Arlo Breault
Ásta Helgadóttir
Mark Smith
Bruce Leidl
Dave Ahmad
Micah Lee
Sherief Alaa
Virgil Griffith
Rachel Greenstadt
Andre Meister
Andy Isaacson
Gavin Andresen
Scott Herbert
Colin Mahns
John Schriner
David Stainton
Doug Eddy
Pepijn Le Heux
Priscilla Oppenheimer
Ian Goldberg
Rebecca MacKinnon
Nadia Heninger
Cory Svensson
Alison Macrina
Arturo Filastò
Collin Anderson
Andrew Jones
Eva Blum-Dumontet
Jan Bultmann
Murtaza Hussain
Duncan Bailey
Sarah Harrison
Tom van der Woerdt
Jeroen Massar
Brendan Eich
Joseph Lorenzo Hall
Jean Camp
Joanna Rutkowska
Daira Hopwood
William Gillis
Adrian Short
Bethany Horne
Andrea Forte
Hernán Foffani
Nadim Kobeissi
Jakub Dalek
Rafik Naccache
Nathalie Margi
Asheesh Laroia
Ali Mirjamali
Huong Nguyen
Meerim Ilyas
Timothy Yim
Mallory Knodel
Randy Bush
Zachary Weinberg
Claudio Guarnieri
Steven Zikopoulos
Michael Ceglar
Zachariah Gibbens
Jeremy M. Harmer
Ilias Bartolini
René Pfeiffer
Percy Wegmann
Tim Sammut
Neel Chauhan
Matthew Puckey
Taylor R Campbell
Klaus Layer
Colin Teberg
Jeremy Gillula
Will Scott
Tom Lowenthal
Rishab Nithyanand
Brinly Taylor
Craig Colman-Shepherd
A. Lizard
M. C. McGrath
Ross MacDonald
Esra'a Al Shafei
Gulnara Yunusova
Ben Laurie
Christian Vandrei
Tanja Lange
Markus Kitsinger
Harper Reed
Mark Giannullo
Alyssa Rowan
Daniel Gall
Kathryn Cramer
Camilo Galdos AkA Dedalo
Ralf-Philipp Weinmann
Miod Vallat
Carlotta Negri
Frederic Jacobs
Susan Landau
Jan Weiher
Donald A. Byrd
Jesin A.
Thomas Blanchard
Matthijs Pontier
Rohan Nagel
Cyril Brulebois
Neal Rauhauser
Sonia Ballesteros Rey
Florian Schmitt
Abdoulaye Bah
Simone Basso
Charlie Smith
Steve Engledow
Michael Brennan
Jeffrey Landale
Sophie Toupin
Dana Lane Taylor
Nagy Gabor
Shaf Patel
Augusto Amaral
Robin Molnar
Jesús Cea Avión
praxis journal
Jens Stomber
Noam Roberts
Ken Arroyo Ohori
Brian Kroll
Shawn Newell
Rasmus Vuori
Alexandre Guédon
Seamus Tuohy
Virginia Lange
Nicolas Sera-Leyva
Jonah Silas Sheridan
Aaron Zauner
Christophe Moille
Micah Sherr
Gabriel Rocha
Yael Grauer
Kenneth Freeman
Dennis Winter
justaguy

Lee Azzarello
Zaki Manian
Aaron Turner
Greg Slepak
Ethan Zuckerman
Pasq Gero
Pablo Suárez-Serrato
Kerry Rutherford
Andrés Delgado
Tommy Collison
Dan Luedders
Flávio Amieiro
Ulrike Reinhard
Melissa Anelli
Bryan Fordham
Nate Perkins
Jon Blanchard
Jonathan Proulx
Bunty Saini
Daniel Crowley
Matt Price
Charlie McConnell
Chuck Peters
Ejaz Ahmed
Laura Poitras
Benet Hitchcock
Dave Williams
Jane Avriette
Renata Avila
Sandra Ordonez
David Palma
Andre N Batista
Steve Bellovin
James Renken
Alyzande Renard
Patrick Logan
Rory Byrne
Holly Kilroy
Phillipa Gill
Mirimir
Leah Carey
Josh Steiner
Benjamin Mako Hill
Nick Feamster
Dominic Corriveau
Adrienne Porter Felt
str4d
Allen Gunn
Eric S Johnson
Hanno Wagner
Anders Hansen
Alexandra Stein
Tyler H. Meers
Shumon Huque
James Vasile
Andreas Kinne
Johannes Schilling
Niels ten Oever
David W. Deitch
Dan Wallach
Jon Penney
Starchy Grant
Damon McCoy
David Yip
Adam Fisk
Jon Callas
Aleecia M. McDonald
Marina Brown
Wolfgang Britzl
Chris Jones
Heiko Linke
David Van Horn
Larry Brandt
Matt Blaze
Radek Valasek
skruffy
Galou Gentil
Douglas Perkins
Jude Burger
Myriam Michel
Jillian York
Michalis Polychronakis
SilenceEngaged
Kostas Jakeliunas
Sebastiaan Provost
Sebastian Maryniak
Clytie Siddall
Claudio Agosti
Peter Laur
Maarten Eyskens
Tobias Pulls
Sacha van Geffen
Cory Doctorow
Tom Knoth
Fredrik Julie Andersson
Nighat Dad
Josh L Glenn
Vernon Tang
Jennifer Radloff
Domenico Lupinetti
Martijn Grooten
Rachel Haywire
eliaz
Christoph Maria Sommer
J Duncan
Michael Kennedy Brodhead
Mansour Moufid
Melissa Elliott
Mick Morgan
Brenno de Winter
George Scriban
Ryan Harris
Ricard S. Colorado
Julian Oliver
Sebastian "bastik" G.
Te Rangikaiwhiria Kemara
Koen Van Impe
Kevin Gallagher
Sven "DrMcCoy" Hesse
Pavel Schamberger
Phillip M. Pether
Joe P. Lee
Stephanie Hyland
Maya Ganesh
Greg Bonett
Amadou Lamine Badji
Vasil Kolev
Jérémie Zimmermann
Cally Gordon
Hakisho Nukama
Daniel C Howe
Douglas Stebila
Jennifer Rexford
Nayantara Mallesh
Valeria de Paiva
Tim Bulow
Meredith Whittaker
Max Hunter
Maja Lampe
Thomas Ristenpart
Lisa Wright
August Germar
Ronald Deibert
Harlan Lieberman-Berg
Alan L. Stewart
Alexander Muentz
Erin Benson
Carmela Troncoso
David Molnar
Holger Levsen
Peter Grombach
John McIntyre
Lisa Geelan
Antonius Kies
Jörg Kruse
Arnold Top
Vladimir G. Ivanovic
Ahmet A. Sabancı
Henriette Hofmeier
Ethan Heilman
Daniël Verhoeven
Alex Shepard
Max Maass
Ed Agro
Andrew Heist
Patrick McDonald
Lluís Sala
Laurelai Bailey
Ghost
José Manuel Cerqueira Esteves
Fabio Pietrosanti
Cobus Carstens
Harald Lampesberger
Douwe Schmidt
Sascha Meinrath
C. Waters
Bruce Schneier
George Danezis

Claudia Diaz
Kelley Misata
Denise Mangold
Owen Blacker
Zach Wick
Gustavo Gus
Alexander Dietrich
Frank Smyth
Dafne Sabanes Plou
Steve Giovannetti
Grit Hemmelrath
Masashi Crete-Nishihata
Michael Carbone
Amie Stepanovich
Kaustubh Srikanth
arlen
Enrique Piracés
Antoine Beaupré
Daniel Kahn Gillmor
Richard Johnson
Ashok Gupta
Alex Halderman
Brett Solomon
Raegan MacDonald
Joseph Steele
Marie Gutbub
Valeria Betancourt
Konstantin Müller
Emma Persky
Steve Wyshywaniuk
Tara Whalen
Joe Justen
Susan Kentner
Josh King
Juha Nurmi
John Saylor
Jurre van Bergen
Saedu Haiza
Anders Damsgaard
Sadia Afroz
Nat Meysenburg
x3j11
Julian Assange
Skyhighatrist
Dan Staples
Grady Johnson
Matthew Green
Cameron Williams
Roy Johnson
Laura S Potter-Brown
Meredith L. Patterson
Casey Dunham
Raymond Johansen
Kieran Thandi
Jason Gulledge
Matt Weeks
Khalil Sehnaoui
Brennan Novak
Casey Jones
Jesse Victors
Peter DeChristo
Nick Black
Štefan Gurský
Glenn Greenwald
hinterland3r
Russell Handorf
Lisa D Lowe
Harry Halpin
Cooper Quintin
Mark Burdett
Conrad Corpus
Steve Revilak
Nate Shiff
Annie Zaman
Matthew Miller (Fedora Project)
David Fetter
Gabriella Biella Coleman
Ryan Lackey
Peter Clemenko
Serge Egelman
David Robinson
Sasa Savic
James McWilliams
Arrigo Triulzi
Kevin Bowen
Kevin Carson
Sajeeb Bhowmick
Dominik Rehm
William J. Coldwell
Niall Madhoo
Christoph Mayer
Simone Fischer-Hübner
George W. Maschke
Jens Kubieziel
Dan Hanley
Robin Jacks
Zenaan Harkness
Pete Newell
Aaron Michael Johnson
Kitty Hundal
Sabine "Atari-Frosch" Engelhardt
Wilton Gorske
Lukas Lamla
Kat Hanna
Polly Powledge
Sven Guckes
Georgia Bullen
Vladan Joler
Eric Schaefer
Ly Ngoc Quan Ly
Martin Kepplinger
Freddy Martinez
David Haren
Simon Richter
Brighid Burns
Peter Holmelin
Davide Barbato
Neil McKay
Joss Wright
Troy Toman
Morana Miljanovic
Simson Garfinkel
Harry Hochheiser
Malte Dik
Tails project
„nuocu
Kurt Weisman
BlacquePhalcon
Shaikh Rafia
Olivier Brewaeys
Sander Venema
James Murphy
Chris "The Paucie" Pauciello
Syrup-tan
Brad Parfitt
Jerry Whiting
Massachusetts Pirate Party
András Stribik
Alden Page
Juris Vetra
Zooko Wilcox-O'Hearn
Marcel de Groot
Ryan Henry
Joy Lowell
Guilhem Moulin
Werner Jacob
Tansingh S. Partiman
Bryce Alexander Lynch
Robert Guerra
John Tait
Sebastian Urbach
Atro Tossavainen
Alexei Czeskis
Greg Norcie
Greg Metcalfe
Benjamin Chrobot
Lorrie Faith Cranor
Jamie D. Thomas
EJ Infeld
Douglas Edwards
Cody Celine
Ty Bross
Matthew Garrett
Sam P.
Vidar Waagbø
Raoul Unger
Aleksandar Todorović
John Olinda
Graham Perkins
Casa Casanova
James Turnbull
Eric Hogue
Jacobo Nájera
Ben Adida

If you would like to be on this list of signers (please do — you don't have to be a part of Tor to sign on!), please reach us at tor-assistants @ torproject.org.

Philip Angus Nunes

December 16, 2014

Permalink

The EFF collection hasn't been updated to include the documents cited in an important new article on GCHQ's information ops:
https://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside…

In the presentation "Mobile Networks in My NOC World", the picture of two vaguely familiar persons apparently being briefed on anal feeding techniques is apt because
* this pair surely have nothing to hide
* the room depicted happens to be GCHQ's troll den
* it is a rather small room, so you can tell when someone has made an, err... rectal emission.

But seriously, many thanks to Julian Assange, the Tor Project staff, Tails staff, Ed Snowden, and the intrepid reporters who are not afraid to inform the public about governmental misdeeds. And most of all, to the revolutionaries risking life and limb to make a positive change in the world.

Philip Angus Nunes

December 16, 2014

Permalink

One of the problems of Free Speech is that when folks use it, others can use it against them.

Philip Angus Nunes

December 17, 2014

Permalink

Thanks, guys!

This is the only glimmer of hope in the despair.

...

You know...abuse also might trigger suicide attempts or psychotic episodes.

---
May God bless each one of us on our journeys!

Take care,

H.

Philip Angus Nunes

December 18, 2014

Permalink

ونحن معكم ضد التحرش
We are with you against harassment

Philip Angus Nunes

December 18, 2014

Permalink

Putting a list up with full names may open up for targeted harassment? You do not think?

Indeed, one of the trolls involved has been doing precisely this for every name he can map to a Twitter account. Every name on that list asked to be there, though. Sometimes confronting sociopaths requires a measure of courage.

Philip Angus Nunes

December 18, 2014

Permalink

"One of the problems of Free Speech is that when folks use it, others can use it against them."

The principle enemy of everyone anywhere in the world who struggles to advance free speech and privacy (and social justice and ecological stewardship and uncensored political discussions and economic stability and...) is NSA, the (near) global adversary which collects and uses the entirety of communications of every person living or dead to advance its own evil agenda (which often conflicts with the mission of other US government agencies, a fact we can leverage in the political arena in order to try to defend ourselves). We must never forget that one of the weapons this global adversary often uses is highly organized non-attributable trollery informed by advice from psychologists who specialize in promoting paranoia and discord, i.e. trolls.

In the coming months, NSA's most rapid supporters (such as Rep. Mike Rogers) will be attempting to use incidents such as

* the cyberattack campaign targeting Sony

* the harassment campaign targeting Tor developers

to further its unceasing demand for even more surveillance and cyberwar powers. I am already seeing editorials in leading US papers which mention NSA intrusion into "strategic" routers in overseas telecoms in the same breath as cyberintrusions attributed to "Guardians of Peace", without seeming to notice that breaking into someone else's electronic device is illegal and just plain wrong. Wrong when GoP does it, wrong when China does it, and yes, dead wrong when NSA does it. We must oppose and expose arguments that "the ends justify the means", which is of course the very argument used by Russia and China and North Korea to defend their own censorship and cyberwar capabilities.

It seems notable that NSA has actually been collaborating with China in a UN effort to "normalize" censorship in international law, under the rubric of an alleged "national security" need to counter "online rumors". Anyone who knows anything about what the Chinese government classifies as "online rumors" will understand the danger to democracy posed by the lamentable fact that one result of globalization has been that, even as the Chinese and Russian economies have become more like the US economy, the ideology of the US government has become markedly more authoritarian over the past two decades.

NSA is not above mounting a cyberattack or harassment campaign, in a non-attributable fashion, and then using it to argue that it needs even more surveillance and cyberwar and indefinite detention powers to ensure that US citizens remain unscathed in the new era of cyberchaos it has itself created through projects like Stuxnet. (Again, not a rumor, but established fact since the Snowden leaks contain hard evidence of such activity.)

This is not to deny that sometimes a troll is simply an ordinary garden troll. But thanks to Snowden it is now established fact that FVEY agencies have repeatedly and specifically attacked the Tor community, so we must all bear in mind that as Tor developers or even as users, we are more likely than other internet citizens to be "selected" for targeted attacks.

If NSA succeeds in crushing Tor, it will be free to pursue an agenda of global totalitarianism without opposition from ordinary citizens. But if Tor survives, maybe, just maybe, we can eventually eradicate this evil agency (through political pressure on the US government and through technical countermeasures which can eventually render NSA uneconomical for the US Congress to continue to fund).

Philip Angus Nunes

December 18, 2014

Permalink

I have been reading and thinking about the comments in this thread and in the related tor-talk thread. Several people have expressed concern about parts of the his blog post which Roger has since edited out (thanks!). But the concern remains.

I propose that the Project clarify the original blog post along these lines:

"Trollery relies on psychosocial vulnerabilities common to all people and to all communities. Unfortunately, it can be an effective means of disrupting a community when trolls succeed in isolating individuals in order to sow discord. Fortunately, it can be effectively countered when targeted communities simply join in making a strong statement of mutual support."

On a more personal note, to the people who have been targeted by these trolls: it might help to picture trolls as concrete statuettes, mere caricatures of evil standing in the rain making faces in the windows. The value of a statement of community support is that it shows that the real people in the community are on your side of those windows. I hope such mental imagery might help restore the proper perspective on trolls, which is that they should arouse amusement or irritation but never fear.

Philip Angus Nunes

December 18, 2014

Permalink

Years ago I wrote about the internet for my master's thesis. At the time I was very interested in the remote aspect of the technology and the ability for people to instantaneously connect from great distances.

I also saw the potential for abuse.

The bottom line is that our modern culture is accepting of abuse on many levels, so it was a matter of time before it became a problem online. We really need to examine cultural attitudes topwards not only women, but all marginalized groups.

There is a growing, not diminishing acceptance of abuse of all people in this country, particular those with perceived low social status. As long as it is tolerated throughout broader society, it will manifest online.

But all in all I support the effort and will pass the word along

Kendra Moyer

Philip Angus Nunes

December 19, 2014

Permalink

The Snowden leaks establish some pertinent facts:

* FVEY agencies persistently and directly target the Tor user community,

* FVEY agencies routinely employ sophisticated software and highly trained operatives for "information operations" in on-line forums,

* Among these are operations whose intent is characterized (in formerly top secret FVEY presentations) as sowing dissension in order to disrupt some community whose activities are viewed as threatening to the state (for example, Wikileaks),

* Specific methods employed are known to include making defamatory claims about some members of the group to other members.

So these agencies clearly have the *ability* to troll the Tor community. But what would be their *motive*?

One plausible motive is the strong desire in CIA and NSA to prevent the prosecution for war crimes of people directly involved in kidnapping, torture, and assassinations:

http://www.nbcnews.com/news/investigations/bin-laden-expert-accused-sha…

http://www.newyorker.com/news/news-desk/unidentified-queen-torture

https://firstlook.org/theintercept/2014/12/19/senior-cia-officer-center…

The recent feature film "Zero Dark Thirty" lionizes a fictionalized version of Bikowski. I don't think enough is yet known about CIA/NSA counteroffensives (in the political arena and on-line forums) to say that this film is part of CIA "information operation" intended to influence world opinion, but I think there are ample grounds for suspicion. Nor do I think enough is yet known to say that USIC is behind the harassment campaign discussed in this thread, but I think there is sufficient evidence to warrant bearing this possibility in mind as the situation develops.

This is a critical time for the rogue agencies; there is a real possibility that some of their agents will face prosecution and even that the agencies will lose funding, especially as more sources contact journalists to tell what they know about state-sponsored criminality. Tor and Tails are technical tools which continue to play critical roles in enabling responsible journalists to cover these stories. It is already clear that CIA/NSA are desperate to cover up their crimes, and I think it makes perfect sense that they would try very hard to obstruct any activities which might help to ensure that the dark truth ultimately emerges from the shadows.

Among the hundreds of journalists who knew Bikowsky's name, only Glenn Greenwald and Peter Maass had the courage to finally publish it, for which they deserve our fervent thanks, precisely because, as several people pointed out above, in any civilized society governed by the rule of law, people who commit extremely serious crimes must be brought to account. It seems noteworthy that Greenwald has been a target of the USIC for years, no doubt because our enemies are terrified by anyone who refuses to be cowed by state power. We need more journalists like that, and more technical tools to protect their sources and to enable their vital work.

Philip Angus Nunes

December 19, 2014

Permalink

"One of the problems of Free Speech is that when folks use it, others can use it against them."

True; see “significant threat to the preservation of the anonymity of Tor users” in
https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-december-17t…

DARPA has funded unclassified academic research on both stylometry attacks and on possible defenses, such as anonymouth.

Their motivation for funding stylometry attacks is obvious, and verified by their unclassified statements: USIC is deeply concerned about citizen researchers who use "open source" documents to research and expose the nature and extent of the Surveillance-Industrial complex, in part because such research necessarily includes analyzing the interpersonal relationships of key figures in USIC and in the private companies on which it relies, which can result in exposing the identity of USIC operatives. But why would DARPA also fund research into *defenses* against stylometry? The answer is of course that USIC operatives themselves extensively employ anonymous postings in various "information operations" intended to influence public opinion or to alter the behavior of people who threaten to expose state-sponsored criminality. So the USIC feels a need both to deanonymize "opposing" posters using stylometry attacks, and to defend their own operatives against exposure using such attacks.

The consequences of deanonymization can be severe:

https://firstlook.org/theintercept/2014/12/17/barrett-brown-sentenced/

https://en.wikipedia.org/wiki/Aaron_Swartz

Unfortunately, USIC agencies are by no means the only US government agencies who wish to defeat open source projects like Tor which can enable citizens to assist journalists in exposing state-sponsored criminality while reducing the likelihood of reprisals.

It is now widely appreciated that in the realm of electronic surveillance, the advance of technology has enabled intelligence agencies to broaden the scope of real time surveillance from the political leaders of hostile states to... essentially everyone. In the same way, technical advances have enabled US agencies to broaden the scope of computer modeling of the cognition, emotions, and behavior of individual persons (and their reaction to proposed USG policies) from world leaders to... essentially everyone.

It is now possible for US agencies to simultaneously model millions of individuals (and their interpersonal interactions and their reactions to local governmental policies), seeking to determine which among a list of alternative proposed policies and/or "targeted interventions" can most effectively influence civic trends and/or the behavior of individuals flagged as allegedly potentially posing future threats of various kinds to "state interests". Some notion of the original motivation for and sophistication of such modeling can be found here:

http://spectrum.ieee.org/computing/software/modeling-terrorists

Relevant buzzwords include "threat scoring", "predictive analysis", "algorithmic governance", and "suasion operations". Companies currently marketing such programs to the USG include IBM, SAS, and Palantir.

Threat scoring has rapidly evolved from computer modeling which targets alleged "terror networks" outside the USA (and spammers and credit-card scammers) to modeling which targets US citizens such as PETA activists and fracking protesters. The first tentative steps toward implementing such systems on a wide scale have already occurred, with little fanfare in the press (excepting specialized newsletters intended for LEA employees):

http://blogs.reuters.com/great-debate/2014/12/12/police-data-mining-loo…

It is notable that in an interview in Der Spiegel, John Podesta (author of the eponymous report on Big Data) specifically said that such precrime threat scoring is the aspect of the "new Jim Crow" which most concerns him. From

http://www.spiegel.de/international/germany/interview-with-obama-adviso…

"SPIEGEL: In your report on NSA and "big data" for President Obama, you describe the potential opportunities and threats of this technology. What dangers do you see of big data in the hands of a surveillance system like the NSA?

Podesta: I think about it more in the context of law enforcement. You begin to -- particularly with predictive analytics -- blur the line between the presumption of innocence and targeting individuals. We are in a constant state of both adopting the technology and trying to formulate policy that is consistent with a value base that respects civil liberties, respects the integrity of the person and respects the need to ensure non-discrimination. The technologies are powerful tools to both enhance those rights of freedom and expression. But there is also a dark side to all of this, too. It has the potential to have a chilling effect for the government to hold that much data. So it's a struggle to get the balance."

This rapidly evolving threat to the freedom of speech of ordinary citizens is just one more reason why everyone should use Tor when posting comments. And don't forget that the USIC intends to store everything for decades, and a comment which does not appear "controversial" today might easily be portrayed as "criminal" tomorrow.

Concerning links: one notable aspect of the Barrett Brown prosecution is that if federal prosecutors get their way (and in the US "justice" system they generally do), a legal precedent will be established ensuring that anyone who simply posts a link may incur the threat of a long prison sentence. This would represent a significant victory for those who seek to prevent the exposure in the press of corruption and state sponsored criminality.

Concerning expensive governmental programs which have no chance of success even on their own terms: even Wikipedia articles clearly expose why NSA/CIA/LEAs will never be able to accurately predict who will commit some rare criminal action years in advance. The underlying mathematical phenomenon is precisely the same as is often discussed in tor-talk in connection with discussions of traffic analysis, and in the wider world, in connection with programs which attempt to screen the general population for rare diseases. The problem is that almost all of the people who "test positive" do not in fact have the disease. In the same way, most events flagged by stateful firewalls are false positives, and most people flagged as "potential threats to LEA officers" do not actually pose such threats. Roger sometimes call this the "base rate fallacy" but this term is too imprecise.

Philip Angus Nunes

December 19, 2014

Permalink

And so it begins. From

http://www.rand.org/blog/2014/12/preventing-cyber-attacks-sharing-infor…

"At least one type of information should be shared with U.S. critical infrastructure and financial firms—the IP addresses of Tor network nodes. Tor is a global network that helps users maintain anonymity by obfuscating users' true online locations. While it has many benefits, it is increasingly used to hide criminal activity online. The recent cyber attacks against JPMorgan Chase and Sony Pictures Entertainment highlight the need for such information sharing.
...
Tor, like other anonymity networks, has many legitimate uses. It is used by journalists, human rights defenders, and pro-democracy activists in countries where censorship is common and Internet access is tightly controlled and monitored. However, as cyber attackers become more sophisticated, they may use the Tor network in more cyber attacks, and use it to exploit the data they capture from critical infrastructure and financial firms. This will make it increasingly difficult for defenders to track and protect against cyber intrusions. There is no reason why legitimate bank customers, studio employees, or others that need to communicate with private firms like Sony Pictures or JPMorgan would need to use Tor. The U.S. government should provide the information it has on the constantly changing set of Tor nodes that exist around the globe. Tor IP addresses could then be blocked to prevent potentially damaging cyber attacks in the future."

Notice that Gonzales is proposing to share the IP addresses of *entry guards and relays* as well as exit nodes.

China, Russia, USA continue to move closer together in their attitude towards Tor. What a tragedy for democracy.

Yes, I agree.

In fact, not only do we publish the directory information (both current and historical -- see metrics.torproject.org), we also offer a service designed for law enforcement (and relay operators after the fact) if they want to look up a given IP address and time:
https://exonerator.torproject.org/

Also, I think the article (including Brian Krebs's article) misunderstands the data around number of bank attacks that involve Tor. I hope they actually publish the underlying report and numbers, so we can look for methodology errors like "we looked at the 1% of the attacks that seemed most unusual, and we found that many of those were Tor connections, therefore many of the whole data set of attacks are Tor connections."

Can the information you collect be used to reconstruct Tor routes after the fact? To identify hidden services? Could a hostile government use it to identify dissidents?

I read that rand.org article just yesterday, and saw flaws in it.

1. Overstating the role of tor.

If I understand the third paragraph correctly, the tor network was not directly involved in transporting the data away from Sony's servers, rather this was done using Sony's own playstation network. Only afterwards was tor then used, in a secondary manner merely to upload the data to file-sharing websites.

Taking this story as presented, it doesn't really make sense, especially the implication of tor being the critical problem. Why not use tor to extract the movies directly? Maybe because tor couldn't cope as easily as the playstation network with handling "perhaps several terabytes" of data in a timely manner? Maybe because playstations can download movies, and so large transports through that medium would look innocuous?

So the whole thing was found to be masterminded from a luxury hotel in Bangkok, Thailand, by "IP address sleuthing". The article doesn't tell us if a tor exit node was set up inside the hotel and happened to be used, or was deliberately used, or the mastermind was actually a pseudonymous client of the hotel and its wifi network. What was that post above saying about Thailand being a strong base for covert US operations again?*

"This circuitous route was used to mask the trail of the attackers and to enable large amounts of stolen data to be stealthily removed from the Sony network."

Really? The article just stated that tor wasn't the transport used to remove the data, and seems to assert it was definitely masterminded from Bangkok. It seems that tor was used only in part of the operation and maybe not enough of it or in the right parts, yet it gets all of the blame.

I can only conclude this article was written to meet a pre-formed opinion.

2. Tor node IPAs.

Yes, it seems the author is unaware that lists of tor exit node IPAs are public information. Or, maybe he hopes others remain unaware of this, perhaps he is hoping to win the government contract to run the dissemination service?*

"Notice that Gonzales is proposing to share the IP addresses of *entry guards and relays* as well as exit nodes."

I don't read that. Only the exit node IPAs need to be listed and blocked, surely? The rest is wasted effort.

3. Legitimately logging into a bank account with tor.

OK, here goes my main point ...

"There is no reason why legitimate bank customers, studio employees, or others that need to communicate with private firms like Sony Pictures or JPMorgan would need to use Tor."

"If thwarting banking cyberheists were the true goal here, there would be no need to for anyone but banks to block any IPs but the IPs of exit nodes ... "

Good counterpoint, but ...

When I became mentally ill, I wanted to research my illness, but keep its existence secret (stigma, employability, etc.). There was a problem though: recents laws meant my ISP was required to log which websites I was visiting, and store these for some time. The astute will get the privacy threat model. TAILS, thus tor, saved me there.

Recently, I spent several months in a mental hospital. Restriction take away many freedoms when you are there. Astonishingly, most patients had their mailing addresses changed to c/o the hospital, even for their banks, just to get their mail while being detained. Of course, I did not follow suit, wondering what my bank would make of me and my credit worthiness upon noting that I must be suffering from a mental illness. I still needed to access my bank account, and at least the hospital did provide internet access. What would happen, though, when I logged into my bank account? The IPA would no longer be that of my home, but what would my bank see? Again, the astute will get the privacy threat model.

I was lucky, the staff let me boot up TAILS (though I'm unsure most knew what I was really doing).

Maybe the hospital actually obfuscates the IPA for privacy. Maybe the bank does not really care to inspect the IPA. I doubt it. Try actually verifying this with hospital or bank staff, or their IT partners, and you're on your way into a Franz Kafka novel. There is no way to tell.

So, there you are, all, a legitimate reason to log into a bank account from tor.

Mr. Dingeldine, another 'use case' for you! Did you or anyone else expect that one?

Anyway, this is straying from the topic of this blog, and relates much more to the blog about tor being targeted. In my next post, I'll bring relevancy back by discussing censorship.

-- Straggler

* Conspiracy theories are soooo easy to make up!

Philip Angus Nunes

December 22, 2014

Permalink

"We support freedom of speech, but" is right there with all other "I am/am not a ..., but" sentences.

Right you are. I was answering this for somebody else, so I'll answer it here too:

Q: Doesn't being anti-harassment mean you are against free speech and pro-censorship?

A: No, it doesn't. We're fans of free speech and that means we're against censorship.

I really like the way Professor Jean Camp explains this apparent contradiction:

"""Threats are not about speech, they are about silencing. Threats are the opposite of dialogue. If a small minority of men can silence a great number of women, speech is not served. Any person who is silenced by threats of violence is damage to free speech.

Anonymity can and is targeted at supporting speech. Threats can and are targeted at silencing speech."""

Our statement against harassment is meant both as a gesture of support, and to raise awareness about the issue and try to get all of the neutral people in the middle to be mindful about it when choosing their behavior. The answer to bad speech is more speech.

Philip Angus Nunes

December 22, 2014

Permalink

This post is vague. If a person states that rape happens often and is awful but at the same time he/she does not believe that x or y woman was raped in any particular case, such as the U-VA rape allegation, will Tor retaliate by denying him/her privacy?

I think we need more specificity as to which way Tor is headed.

Philip Angus Nunes

December 22, 2014

Permalink

Does Tor intend to de-anonymize users believed to be engaging in online harassment?

No.

We aren't advocating removing protection from harassers. We didn't mean that we will undermine Tor or retaliate by escalating the harassment or involve government authorities to punish harassers.

Rather, the statement is about how we are now going to stand up and participate and discuss and engage with the topic of harassment and not stand quietly by, hoping somebody else will deal with it.

Some supporters have suggested that we change "not tolerate" to "not support" to avoid these misunderstandings. The problem with "not support" is that it allows us to say "This is wrong; I will contribute to fixing it by not participating." And that's exactly the response that's gotten us, the Internet community, to this point. Instead we need to contribute to fixing it *by participating*. That's what this statement is all about (and why it says "this is a start").

This is what I wanted to see. Thank you for your comments. At this point it seems that we cannot expect technology projects to not toe a political line, but as long as you continue to provide your service with no respect to political views I can continue to support you.

Philip Angus Nunes

December 23, 2014

Permalink

Way up above there somewhere, someone wrote that censorship is a necessary evil.

There is an ethics argument that you only know you are a good person if you have the potential to do evil deeds, but choose not to do them.

Tor is a tool that gives people the potential to do good deeds and evil deeds. It is our choices that define us, not tor.

If you censor evil deeds, how do you know people are now good? You can't (unless you are that 'privileged watchman', rather than the protected victim). Better is to allow people (and tor) to carry on and see what the outcome is. Better is to give the trolls their chance to be a troll. Only then, when it goes 'quiet' and things are civil, can we really say that the behaviour of people has reached a better standard.

Maybe trolls will always be here, but if we don't try it, how will we ever know we can reach that better standard? Any other way, censorship, harrassment, bullying, stupidity, are manners of failure preventing this.

In the meantime, when trolls do troll, we can speak out, document, complain, ciriticise, etc., to appeal to intelligence to select the better arguments. Doing that is taking a stand, but it is not consorship. It is the opposite of censorship.

In the end, we will get what we deserve, because it's a tautology really, which is a much better way to run things: tautologies never fail. :)

-- Straggler

Philip Angus Nunes

December 24, 2014

Permalink

One irony of the December 2014 Sony megaleak is that Sony acquired the rights to the Snowden movie

http://cryptome.org/2014/12/sony-options-gg-snowden.htm

(The email discusses a forthcoming news release which was published in May 2014. The nonpublic talking points are the content which was published as part of the leak.)

https://firstlook.org/theintercept/2014/12/22/sony-hack-snowden-movie-s…

The only truly newsworthy part of the Sony megaleak is that the leaks confirm in detail what many have long suspected: that Hollywood actively collaborates with CIA in producing propaganda films such as "Zero Dark Thirty".

https://www.techdirt.com/articles/20141222/08155829502/lawsuit-filed-to…

This instance of midwestern zaniness is comparable to

https://en.wikipedia.org/wiki/Indiana_Pi_Bill

Philip Angus Nunes

December 24, 2014

Permalink

I agree with Straggler that the Tor Project should prominently debunk the RAND blog mentioned above:

http://www.rand.org/blog/2014/12/preventing-cyber-attacks-sharing-infor…

Many people in USG pay attention which RAND issues recommendations, even when its advice is highly questionable. (If memory serves, one of the most notorious past recommendations from RAND was its technocratic judgement, during the Reagan presidency, that one complete multimegaton thermonuclear detonation occurring in the USA every twenty years would constitute an "acceptable" rate of lethal mishaps involving US nuclear weapons. The good citizens of Kansas might beg to disagree.)

I think the Project should request an unredacted copy of the secret report issued by Financial Crimes Enforcement Network (FinCEN), which is part of the US Treasury Department, on 2 December 2014, alleging that Tor nodes are used in a large fraction of the most dangerous attacks on the US financial infrastructure. Brian Krebs says the he was given a copy of this report, which he describes here:

https://krebsonsecurity.com/2014/12/treasury-dept-tor-a-big-source-of-b…

According to Krebs, the authors of the FinCEN report searched "6,048 suspicious activity reports (SARs) filed by banks between August 2001 and July 2014" for mention of the IP addresses of 6000 known Tor nodes (not just exit nodes?). Krebs says "investigators found 975 hits corresponding to reports totaling nearly $24 million in likely fraudulent activity", but does that mean 975 of the 6048 SARS reports mention the known IP address of some Tor exit node, or that 975 of the known IP addresses of roughly 6000 Tor nodes are alleged to appear in SARS reports? Did these "investigators" even check that the machines with the suspect IP addresses are even listed as Tor exit nodes functioning during the time frame of the SARs reported incidents?

There are so many unanswered questions here that it is impossible to put any credence in the allegations publicized by Krebs unless he provides much more information about the evidence presented in the FinCEN report.

Krebs appears to cite this post from the Tor blog

https://blog.torproject.org/blog/call-arms-helping-internet-services-ac…

as evidence that Roger acknowledges that it is "necessary" for banks to block Tor exit nodes by IP, while seeming to acknowledge that Tor may have legitimate uses. But I think he may have misunderstood Roger. For example, consider the predicament of a US embassy employee who wishes to check his/her bank balance in a US account without tipping possibly hostile local ISP employees that the person associated with a particular local IP address banks at a USG credit union? Such a person might be tempted to use Tor to contact the banks webform (after all, the username and password are presumably protected by a properly configured and fully patched TLS connection).

On the issue of cybersecurity, I don't yet see any reason to conclude that Krebs is necessarily an ideological opponent of Tor, but I do see plenty of evidence that the Project should be trying to educate him about how good citizens use Tor.

Calling for the USG to encourage sites to block Tor nodes is like calling for the USG to recall the F-150 pickup truck (stamped "made in America") on the grounds that almost 20,000 US residents are killed each year in vehicular accidents, many no doubt involving the F-150.

Incidentally, Krebs just published a follow-up on the DPRK issue:

https://krebsonsecurity.com/2014/12/the-case-for-n-koreas-role-in-sony-…

in which he concedes that "a sizable number of readers remain unconvinced about the one conclusion that many security experts and the U.S. government now agree upon: That North Korea was to blame" and presents further arguments for attribution to DPRK. His first try is convincing everyone DPRK is to blame can be found here:

https://krebsonsecurity.com/2014/12/fbi-north-korea-to-blame-for-sony-h…

I don't think Krebs is being accurate when he implies that all the "experts" have accepted the DPRK attribution, while only "a sizable number of [inexpert] readers" continue to express doubt. There are plenty of seasoned cybersecurity experts who are also continuing to express doubt.

Some of the circumstantial evidence Krebs presents could, I argue, be more reasonably interpreted as evidence for a different attribution. For example, he writes:

"It is interesting to note that the attackers initially made no mention of The Interview, and instead demanded payment from Sony to forestall the release of sensitive corporate data. It wasn’t until well after the news media pounced on the idea that the attack was in apparent retribution for The Interview that we saw the attackers begin to mention the Sony movie."

This kind of ideological confusion or backtracking could be regarded as weak circumstantial evidence for the hypothesis that the 2014 megaleak is due to cyberhacktivists, perhaps assisted by disgruntled Sony employees (one might cite the precedent of the HB Gary Federal leak).

Krebs says

"Both of those terms reference the military classes of ancient Rome: “hastati” were the younger, poorer soldiers typically on the front lines; the “principes” referred to more hardened, seasoned soldiers. According to a detailed white paper from McAfee, the attackers left a calling card a day after the attacks in the form of a web pop-up message claiming that the NewRomanic Cyber Army Team was responsible and had leaked private information from several banks and media companies and destroyed data on a large number of machines."

Many literate people read history, and some occasionally adopt a nomme de guerre referencing ancient Roman history. This "evidence" could also be misinterpreted as evidence that Someone was trying to frame Edward Snowden for these cyberattacks.

Ironically, one of the bloggers whom Sony threatened in retaliation for discussing material from the leaks was... Brian Krebs. Further evidence that Sony is possibly the most clueless corporation on the face of this planet.

Philip Angus Nunes

December 26, 2014

Permalink

If only there were more people on this list. The thing I find most concerning with online harassment is the fact that people think they can treat you differently if they can't see you. Just go on YouTube and watch any prank/social experiment with the pranksters telling Facebook comments randomly to people in the street; just watch the reactions.

Philip Angus Nunes

December 26, 2014

Permalink

Thanks to the Tor volunteers and staff (Atagar and maybe others) for so quickly detecting and mitigating the attempted Sybil attack earlier today!

https://lists.torproject.org/pipermail/tor-consensus-health/2014-Decemb…

theregister.co.uk/2014/12/27/tor_lizard_squad_sybil_attack

Thanks to Wikipedia volunteers for so quickly updating this article:

https://en.wikipedia.org/wiki/Lizard_squad

(Tiny quibble: as I understand it, Thomas White is a Tor volunteer but not a Tor staffer.)

Please correct me if any of the following are wrong:

* in the hour before 1430 hours on Fri 26 Dec 2014 UTC, about 3000-3500 new Tor nodes suddenly appeared
* the new nodes all have nicknames beginning "LizardNSA", and all but a handful share the tld googleusercontent.com
* all the Lizard nodes all had low bandwidth (or was the bandwidth manually zeroed by Tor staff action in the consensus?)
* within one hour, this was identified as an apparent Sybil attack and the new nodes were blacklisted
* yes, Lizard Squad briefly operated about "half of all Tor nodes"
* no, that's no cause for panic, because Lizard Squad never controlled more than a fraction of 1% of the total bandwidth
* the nodes were configured as Exit nodes but were also configured to "sinkhole" all traffic
* Lizard Squad posted a few messages to tor-talk from a riseup.net account which did not appear to offer a plausible explanation of their intentions

(Poorly?) informed speculations:

* crude (and unworkable) DDOS targeting Tor?

* an (unworkable) massive deanonymization attack on Tor users?

* someone trying to frighten ordinary or potential new Tor users with bad news stories claiming that "Tor is broken"? [sic]

* someone trying to frighten or obstruct a small group of Tor users for obscure purposes with no relevance to the wider community?

* someone trying to give FBI an (absurd) "excuse" to NSL riseup.net?

We do know from Snowden leaks that a well established GCHQ tactic against Anonymous type disorganizations is to try to frighten away potential "associates" by tying certain domains or certain kinds of political activism to illegal activities. We also know that USIC and its allies tend to try to "justify" their surveillance dragnet by claiming that they have a "need" to predict whether or not peaceful political groups are about to turn "violent". So once again, Tor has been (maliciously?) "implicated" in a well publicized event which seems to benefit only the surveillance-industrial complex.

I would not discount the possibility that all these events are NSA or its allies mounting "false flag" attacks, but I am increasingly inclined to speculate that the most likely explanation for most or all of them is a small politically unaffiliated "hacking" [sic] group.

With respect to the discussion above of a possible connection between Gamergate and the harassment of Tor developers, it is intriguing that according to Wikipedia, Lizard squad

* previously targeted Sony a few months ago
* claims responsibility for taking down DPRK's internet a few days ago
* claims responsibility for DDOS attacks on two major gaming sites earlier this month and a few days ago

Philip Angus Nunes

December 26, 2014

Permalink

"Even Wikipedia articles clearly expose why NSA/CIA/LEAs will never be able to accurately predict who will commit some rare criminal action years in advance":

Thanks to James Ball for explaining this point in his recent "Comment is Free" piece in The Guardian:

http://www.theguardian.com/uk-news/2014/dec/02/youre-the-bomb-are-you-a…

Unfortunately, Ball failed to mention the fact that Gen. Hayden revealed years ago that Bayesian inference using communications metadata (and modeling of the kind discussed in the IEEE Spectrum article) has been used for years by NSA in drawing up the targeting lists for drone strikes. As Hayden put it (quoting from memory, so this may not be the exact quote), "we kill people based on metadata" [and computer modeling]. Charming. I wish reporters would ask the academics cited in the Spectrum article to explain why their work is not morally equivalent to the work of the now infamous "torture shrinks".

I hope that all other reporters covering the internet know all about Bayes's formula and the failure of Bayesian inference in the presence of a tiny base rate. If not, the Tor Project should make sure to teach them. There are further serious errors governments are likely to make, if we let them, but let's start with the simplest error.

Philip Angus Nunes

December 26, 2014

Permalink

Following up on the point made above that when P stalks Q, it is not always true that P is a man and Q is a woman:

From

http://www.theregister.co.uk/2014/12/26/nsa_doc_dump_shows_staff_routin…

'The files have been heavily censored, but still manage to show that, either by accident or design, NSA staff routinely engaged in illegal surveillance with almost no comeback from management. Take, for example, the case of a female analyst who used the NSA's vast databases to conduct a little research on her husband. The report covering the first quarter of 2012 states that she accessed her hubby's personal telephone records to look for possible "targets," over a period of three years, and when found out was "advised to cease her activities."'

I see two possibilities, neither of which helps NSA defend against the growing clamor to simply eradicate this rogue agency:

1. no-one at NSA ever gets more than a "girls/boys will be girls/boys" snigger from the (male/female) boss,

2. Madam LoveInt *was* the boss (one imagines a breathless headline in the Crystal City Courier: "Teresa splits from James").

https://firstlook.org/theintercept/2014/09/19/powerful-nsa-official-inv…

To those with knowledge of the details of loveint episodes, should the Lizard have no objection, might I suggest using Tails to contact journalists? If you don't like The Intercept, try The Hollywood Reporter.

The Register notes ACLU "was only able to file the request thanks to knowing specifically what to ask for, thanks to internal documents leaked to the world by Edward Snowden".

Once again, a heartfelt thanks to Snowden, who used Tails (and thus Tor) for the purpose intended. May his example further inspire our Fifth Column!

Philip Angus Nunes

January 04, 2015

Permalink

Roger's blog confused at least some non-gamers who initially had little idea what he was talking in this paragraph:

"The Tor Project works to create ways to bypass censorship and ensure anonymity on the Internet. Our software is used by journalists, human rights defenders, members of law enforcement, diplomatic officials, and many others. We do high-profile work, and over the past years, many of us have been the targets of online harassment. The current incidents come at a time when suspicion, slander, and threats are endemic to the online world. They create an environment where the malicious feel safe and the misguided feel justified in striking out online with a thousand blows. Under such attacks, many people have suffered — especially women who speak up online. Women who work on Tor are targeted, degraded, minimized and endure serious, frightening threats."

While the Gamergate harassment campaign may not be directly related to the harassment campaign obliquely referred to in the statement of solidarity, the following two items may clarify the reference to "serious, frightening threats":

http://www.theguardian.com/technology/2014/dec/03/zoe-quinn-gamergate-i…
Zoe Quinn: 'All Gamergate has done is ruin people's lives'
Keith Stuart
3 Dec 2014

http://www.salon.com/2015/01/03/why_activists_and_feminists_get_so_many…
Why activists and feminists get so many death threats
Valerie Tarico
3 Jan 2015

Philip Angus Nunes

January 06, 2015

Permalink

Hi,

Women are human beings, and as such, they have the right
not to be discriminated against. The same apply for all
human beings.

In order to fight the discrimination, I think the best way
is to hit it where it's the most painful for it:

We should not silence the discrimination but instead fight
it back by shaming the ideas behind it and the people who
do it on the basis of the wrongfulness of theses ideas.

I think it is way more effective, and it doesn't raise any
free speech issues at all.

As a side note, many women are extremely competent, and the
reason why they appear not to be is only due to the
consequence of the discrimination. The same apply for
all kind of discrimination.

Denis 'GNUtoo' Carikli.