[Explore Tor, NYC!] Tor for Journalists: April 12

 
The Tor community is vast and deep yet remains a virtual entity outside periodic physical events. Last December, we opted to change that. We're continuing that thread with our next Explore Tor, NYC! meetup, happening on Thursday, April 12 at 6:45PM at Barnard College in uptown Manhattan.
 
Come to this meetup to learn about how Tor can help you facilitate meaningful, adversarial journalism without being tracked or surveilled. If you're a journalist and not tech-savvy, you might find encryption daunting or be overwhelmed by what privacy-preserving recommendations would work best for you. But just as technology has enabled pervasive surveillance, it can also provide a shield to safeguard your communications. We want to show you why Tor is a critical tool, how to use it, and answer any questions you have.
 
This session will be led by David Huerta from Freedom of the Press Foundation. He'll provide a soft-landing into the relevance of Tor to journalists today and any others who are new to Tor.
 
We'll start with a presentation and follow with ample time for questions. If you're curious about any particular aspect of Tor, this event is for you. We're looking forward to an engaging discussion where everyone leaves a little more knowledgeable.
 
Where & when:
 
Thursday, April 12 @ 6:45-8:45 PM 
 
Altschul Hall, ALT 805
Barnard College
42 Claremont Ave
New York, NY 10027
 
There is no admission fee nor RSVP required for this event.
 
Join the [regional-nyc] mailing list to get notifications of upcoming NYC events in your inbox and stay connected with the locals online, too.
 
See you there. o/
João Luiz Nonnenmacker

April 05, 2018

Permalink

Great news! This is a good example of the kind of outreach TP needs to be doing as much as possible with limited resources and within limitations imposed by sensible priorities.

At this particular meetup, I think it's important to stay focused on bringing journalists into the fold, so to speak. But it might be good to take the opportunity to explore interest in future "Tor to NYC area journalist" outreach meetups.

One topic many reporters at the meetup might be interested in exploring is the question of how much protection the following will offer, or indeed whether it is a sensible concept at all technically or politically:

thehill.com/policy/cybersecurity/381036-nyc-to-launch-free-cyber-security-tools-to-protect-residents-from
NYC to launch free cybersecurity tools for residents
Olivia Beavers
30 Mar 2018

> New York City will boost its residents' internet security by rolling out two free cybersecurity tools, New York Mayor Bill de Blasio announced Thursday. The NYC Secure program will cost the city about $5 million per year as it works to protect New Yorkers from facing malicious cyber activity online. “New Yorkers aren’t safe online. And we cannot wait around for other levels of government to do something about it or the private sector to do something about it because we will be waiting a long time if we do that,” de Blasio said at a news conference. The mayor warned that hackers could steal private data such as bank account details or information about someone's identity that can then "be weaponized and turned against us." “It’s our job in government to make sure that people are safe online. This is a new reality and we are taking the first steps into that reality,” he continued, adding that he hopes other cities follow suit. New York City residents can download a smartphone app that will alert users when it detects suspicious activity on their devices.

In the same vein, a very important but under-reported WiFi security story:

washingtonpost.com
US acknowledges potential unauthorized spying devices in DC
Olivia Beavers
3 Apr 2018

> The Department of Homeland Security (DHS) is acknowledging for the first time that foreign actors or criminals are using eavesdropping devices to track cellphone activity in Washington, D.C., according to a letter obtained by The Hill... It said it is also aware of IMSI use outside the Beltway.

NYC is one of the unnamed "other cities" where we know Stingrays are being used by non-USG actors. And DHS admits it knows of nothing which can stop this--- which probably means it doesn't want to know because FBI screams in DHS's ear that it "needs" Stingrays for everything [sic].

So it's up to pro-citizen-privacy adepts like Edward Snowden and Micah Lee to concoct effective anti-Stingray countermeasures. And some have been trying to rise to the challenge--- they deserve the support of any democratic society.

Some further issues which US media ought to cover more extensively and accurately and which affect the Tor user base:

1. Over the past five years, a decades old ideological conflict between EU and US views on who rightfully owns personal data has come to crisis, largely unreported by US media. Here is a good explainer of the current situation:

wired.com
The Next Cold War Is Here, and It's All About Data
Vying against each other are societies that believe that individuals have an absolute right to control their personal data and those that believe that personal data is a good to be traded on the open market.
Tom Pendergast
28 Mar 2018

> The headlines about the trade wars being touched off by President Trump’s new tariffs may telegraph plenty of bombast and shots fired, but the most consequential war being waged today is a quieter sort of conflict: It’s the new Cold War over data protection. While the Facebook/Cambridge Analytica crisis currently burns as the latest, hottest flare-up in this simmering conflict, tensions may increase even more on May 25, 2018, when the European Union’s General Data Protection Regulation comes into effect.

The basic conflict is between the EU view that privacy is not dead and that individuals have a right to control how very personal data (e.g. HIV status--- see the Grindr scandal) is used/shared/reshared, while the US view has been that companies should enjoy unregulated use of even enormous and very sensitive datasets on individual lives (both on and offline). And something very strange but welcome is happening: the EU view is rapidly spreading, and even gaining traction among US companies which are willing to give up revenue from dangerously lax data sharing to gain the benefits of a global framework, which reduces their legal exposure in their global operations. But some companies--- Facebook is perhaps the best known example--- rely on free sharing at the core of their business models and may find it impossible to adapt to the new legal environment.

2. Another welcome development is the fact that citizens of some of the more progressive EU nations are starting to push back against naive and rapid adoption of new technologies, such as the promise of "cashless economies":

theguardian.com
'Being cash-free puts us at risk of attack': Swedes turn against cashlessness
Sweden’s central bank governor has called for public control over its payment system. Others say a fully digital system is vulnerable to fraud and attack
David Crouch in Gothenburg
3 Apr 2018

In a related development, citizens of the US are starting to push back against the too rapid adoption of driverless vehicle technologies and citizen-operated drone technologies, on the grounds of public safety concerns which have been highlighted by many recent but underreported incidents (the recent vehicular homicide by a test vehicle being a notable exception--- but the important revelation that the Mayor kept the test program secret has not been widely reported).

3. There has been very little coverage in US media (even "alternative media") of the alarming fact that "fake-news suppression" laws have been spreading like wildfire (in EU, former SU, Middle East, Africa, Latin America, and South Asia):

techdirt.com
More Governments Granting Themselves Extra Censorship Powers With 'Fake News' Laws
from the silence,-peasants! dept

> Fake news is apparently everywhere. All over Europe, legislators and officials are trying to regulate content with "fake news" legislation and directives, as though the term could somehow be narrowly-defined enough that regulation could even have a positive effect. All these new laws and demands for cooperation from tech companies are sure to generate plenty of negative effects, not the least of which is these laws will become tools for censorship and a super-easy way to silence dissent. It's not just a European thing. It's happening in nations around the world. Countries already known for heavy-handed control of the internet are using "fake news" to seize even more control of news outlets and communications platforms. Countries generally viewed as more generous with their rights are lining themselves up for authoritarian mission creep by setting themselves up as the final arbiter of real/fake news. The EFF is reporting similar efforts are underway in Latin and South America.

Some of us have tried to warn about the dangers for years. Just a few recent examples of how these laws are being abused to criminalize political dissent (which is always their true purpose, even in Drump's America):

theatlantic.com
Four More Years of Censoring Culture in Egypt
The current president has presided over a purge of liberal expression. And he’s nearly guaranteed to win another term this week.
Edmund Bower
26 Mar 2018

It's not just Egypt but also Pakistan, France, ... one could go on and on unfortunately. And it is clear that the Drump administration also wants to introduce similar laws in the US (to some extent, the recent and disastrous SESTA/FOSTA may play the role of such a law), which could directly endanger TP.

A horrific example of how mainstream US media can very easily adopt a "false meme framing" of a major story is the failed prosecution of the wife of the Pulse nightclub shooter, which was adequately reported only by The Guardian during the 14 month leadup to the actual trial. Here's a good post-trial analysis from HuffPo:

huffingtonpost.com
Everyone Got The Pulse Massacre Story Completely Wrong
And another, smaller injustice was obscured: the sadistic prosecution of Noor Salman.
Melissa Jeltsen
Family handout
Noor Salman was acquitted of helping her husband with his attack on Pulse nightclub in Orlando, Florida.
4 Apr 2018

IMO "sadistic" is the appropriate description. I think the prosecutors should be brought up on charges of malicious prosecution, because they knew their victim was innocent. And liberals should note that the FBI is not their friend, but a very dangerous and largely unchecked secret police agency whose main mission has always been political oppression.

The "fake news" problem in the US is set to get much worse. A cautionary example of how the promoters of politically motivated "fake news" all over the world often use the "fake news meme" itself to push propaganda:

huffingtonpost.com
Dan Rather Has Scathing Words For Sinclair News Anchors Reading 'Propaganda'
The legendary news anchor called the company's effort "Orwellian."
Andy McDonald
2 Apr 2018

> Renowned former CBS news anchor Dan Rather chimed in on the disturbing story that Sinclair Broadcast Group, owner of more than 170 U.S. TV stations, had forced its local news outlets to read the same script decrying “false news.”

(People who remember why Rather was fired might not feel he is the best person to speak out against fake news, but he is not the only one--- even some Sinclar station anchors have spoken up, anonymously, in itself an example of why journalists need to know how to help whistleblowers, who are sometimes other journalists with something important to say that their corporate overlords don't want anyone to hear.)

Here is a description of a typical politically motivated covert information warfare operation which illustrates the often international character of such conspiracies:

theguardian.com
Former Trump aide approved 'black ops' to help Ukraine president
Exclusive: Paul Manafort authorised secret media operation that sought to discredit key opponent of then Ukrainian president
Luke Harding
5 Apr 2018

4. Currently, Google and Facebook appear to be all powerful and far from benign overlords of the personal lives of the hapless citizen, but they can't yet arrest and incarcerate anyone--- criminal prosecution and prison being still the prerogative of nation states. And currently, Boeing and Northrup Grumman cannot declare war on the citizens of some locale--- militaries and wars still being the prerogative of nation states (and drug cartels). But as the very concept of the nation states continues to become irrelevant, all this will change, and that's a huge story which has not been reported. But for the rapidly increasing irrelevance of the nation state, see:

theguardian.com
The demise of the nation state
After decades of globalisation, our political system has become obsolete – and spasms of resurgent nationalism are a sign of its irreversible decline.
Rana Dasgupta
5 Apr 2018

During the next decade, we can expect to see the demise of the political concept of democracy, with the principal ideological global conflict becoming rule by corrupt Mafia state type dictatorships by another name versus rule by criminal cartels. I.e. a difference without a difference.

One of the implications is of course that human rights advocacy, social justice advocacy, and environmental advocacy, will all become even more dangerous, with lethal government reprisals against citizens who choose to take the risks spreading all over the world, including to the former "Western democracies".

Widespread adoption of Tor and similar tools by journalists worldwide is one of the very few programs which might slow this horrifying development.

João Luiz Nonnenmacker

April 05, 2018

Permalink

It is sad that American, and probably Canadian journalists, need this. And somewhat ironic, as the internet was once associated with anonymity.

João Luiz Nonnenmacker

April 05, 2018

Permalink

Please be sure journalists in NYC are aware of a huge development which will help them do their jobs better:

eff.org
Congress Will Finally Make Its Research Reports Public
Joe Mullin
2 Apr 2018

> The recent omnibus bill passed by Congress contains a nugget of good news for those interested in access to publicly funded research.

In my experience, CRS (Congressional Research Service) is one of the very few entities in US government which can obtain accurate information on what the USG knows about itself and what it is doing in particular areas of public life. Even better, in my experience, CRS is truly nonpartisan--- it actually does (mostly) what CIA (falsely) claims to do, offer unbiased summaries of the facts--- in this case, about what USG is up to, not what some "adversary government" in up to. CRS reports are usually clearly written and concise without skimping on the detail necessary for an informed analysis of public policy.

For decades, various groups have leaked a subset of CRS reports, e.g. on national defense topics, and for years, ACLU, EFF and other groups have pointed out that in principle CRS reports have always been public documents. But because they are often "commissioned" by congresspersons who are unhappy with a report which undercuts their ideological position on some issue, they have generally been "deep sixed" unless they happen to support the congressperson's position.

So this is really huge and journalists everywhere should immediately start checking to see whether CRS has issued a recent report on the topic whatever story they are currently researching. If so, you have an accurate and pertinent summary of the facts of the matter. Older CRS reports tend to be much less relevant, in my experience, and can even be misleading if the law or political situation has changed, as it usually does. Sometimes CRS updates its own reports two to five years later, but this is never assured, so recent reports (last few years) will be the most informative.

What's the Tor connection? Simple--- to decrease the chance that your competitors (in another organization or even the same if you work for Bloomberg for example) will realize what you are working on, connect via Tor to the presumed new CRS repository.

She first came to my attention when I found her blogs for the MA chapter of ACLU:

https://www.aclu.org/bio/kate-crawford

Cathy O'Neil would also be an excellent person to reach out to and who I think is in NYC area.
Also anyone with Propublica in the NYC area who is involved in their superb series on bias in machine learning algorithms.

https://www.technologyreview.com/s/608248/biased-algorithms-are-everywh…
Biased Algorithms Are Everywhere, and No One Seems to Care
The big companies developing them show no interest in fixing the problem.
Will Knight
12 Jul 2017

> “It’s still early days for understanding algorithmic bias,” Crawford and Whittaker said in an e-mail. “Just this year we’ve seen more systems that have issues, and these are just the ones that have been investigated.” Examples of algorithmic bias that have come to light lately, they say, include flawed and misrepresentative systems used to rank teachers, and gender-biased models for natural language processing.
>
> Cathy O’Neil, a mathematician and the author of Weapons of Math Destruction, a book that highlights the risk of algorithmic bias in many contexts, says people are often too willing to trust in mathematical models because they believe it will remove human bias. “[Algorithms] replace human processes, but they’re not held to the same standards,” she says. “People trust them too much.”

A fabulous book which explains the basic problems very well.

@ any journalists who are interested in exploring this issue, which will no doubt be a deep wellspring of important stories for decades to come: I highly recommend using R (the free open source statistical software platform, widely regarded as the best in the world) and playing with some of the many packages which offer machine learning tools. Even with small data sets--- most packages include example data sets and extensive help with sample computations--- the problems become evident. First you are impressed by the power (when you try ML on an "appropriate" data set), then when you start trying other data sets, you begin to see the problems, including biases.

As with any technology, Big Data and machine learning and AI have "good science" and "bad science" applications for "good purposes" and "bad purposes". Reporters should IMO regard it as part of their job to know enough about statistics (which is best learned by using it!) to debunk "bad science" uses. The challenge is to explain to readers why governments everywhere are rushing to develop "bad science" for "bad purposes", which will cause great harm to society even though these programs cannot possibly achieve their stated (bad) purpose.

Another core knowledge set would be asymptotic properties of certain combinatorial (counting) problems relevant to civil liberties and cybersecurity/privacy. An easy example is the Birthday Problem, which has all kinds of applications to cryptology and privacy. But there are many others--- Roger D can probably think of some. The goal is to understand how problems scale with the size of the dataset, the number of persons under surveillance, etc. This is needed to establish that, contrary to USG claims, just about everyone is affected by this abuse or that. Judges can certainly come to understand the relevant math needed to "show standing", the only question is whether they are courageous enough to use that knowledge in their rulings.

So far, the Executive branch has been enthusiastically using probability theory and statistics (often in Bad Science version) to trample all over the rights of the ordinary citizen, while the Judiciary has staunchly refused to use Good Science to defend the Constitution. It will always be a terribly uneven contest until judges get smart and start showing that they understand the math. Because the government will have no answer to a valid mathematical disproof of their false claims in court.

João Luiz Nonnenmacker

April 06, 2018

Permalink

We apologize for the inconvenience: to prevent possible abuse of the Startpage service, your Internet connection has been prevented from accessing it.

This happens when a large number of search requests are received from one's Internet connection in a short amount of time -- for example, if you are using "screen-scraping" software, or if you are sharing a connection with many people, perhaps through a proxy service.

• If you are using a proxy service to reach Startpage, disabling it should avoid this problem.
• Otherwise, if you have received this message in error, please contact us at with details and our support staff will try to resolve the issue.

We apologize for the inconvenience. Because Startpage does not retain usage logs, these inexact measures are necessary to protect the service from high volume "robotic" use. We appreciate your patience and our support staff is available to rectify this problem whenever possible.

MORE SEARCH ENGINES BLOCING TOR.....MANY SITES ARE BLOCKING TOR TOO........startpage duckduckgo walmart bestbuy food4less and so on...................................what to do!?????????????????

Sometimes sites like Startpage or DuckDuckGo do get too many requests from those few who abuse the Tor system. Neither of these sites have policies to block Tor; indeed, Startpage also offers Startmail, an encrypted email service that uses 4096 bit public key encryption. Current U.S. law prohibits export of public key encryption technology using more than 2048 bits (3 guesses at the level of encryption the USIC can currently defeat).

When you get this message from Startpage just change the Tor path you're using and it should work fine. I use Startmail, Startpage and Ixquick, a more secure and comprehensive search engine provided by the same company, every day, and all my electronic communication is over the Tor network.

As for DuckDuckGo, Orfox - the android browser app based on Firefox and configured to use Tor in conjunction with Orbot - the android app that connects mobile devices to the Tor network - uses DuckDuckGo as its default search engine.

Regards,

EJ

João Luiz Nonnenmacker

April 06, 2018

Permalink

I'm happy to see Tor, FPF, and EFF (linked in Tor Blog's Sunsetting Tor Messenger post) working closer together instead of merely seeing their logos on the same site implying they approve of a project's efforts.

To increase attention for this event, this post could be reformatted as a PRESS RELEASE and submitted to news offices in and around NYC -- TV, newspaper, and independent organizations, national and local.

João Luiz Nonnenmacker

April 06, 2018

Permalink

We've detected that you have connected over Tor. There appears to be an issue with the Tor Exit Node you are currently using. Please recreate your Tor circuit or restart your Tor browser in order to fix this.

If this error persists, please let us know: error-tor@duckduckgo.com

João Luiz Nonnenmacker

April 07, 2018

Permalink

Is there a consideration to make a recording of the session available to the wider public?
The information and explanations provided might be useful to others, too.
However I would also totally understand not doing that to protect the attendees.

Please don't record events. A follow-up post sounds much better. If many do want a "video" of the event, you could write down the major questions the audience asks, and later on make a screencast of a LibreOffice Impress or PowerPoint or animated version with voice-over and concise Q&A organised under their topics and edited together for smooth absorption. In the follow-up post, include the most important Q&As as text. Please do not cite the names of audience members or questioners unless they request it. Instead of writing a full post, you could link to sites that already have guides such as at TorProject or at your co-presenters site, https://freedom.press/training/ and https://freedom.press/tools/ or the EFF, RiseUp, et al.

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

4 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.