Greetings from Tor's New Executive Director

by ssteele | December 11, 2015

Shari Steele

I am honored to be joining the Tor Project today as the new Executive Director. I've been a big fan of Tor for a long time—ever since I met founders Roger Dingledine and Nick Mathewson in 2004 and learned about the important work they were doing to provide anonymity for online communications. Today Tor is an essential part of the Internet freedom infrastructure. Activists around the world depend on Tor, as do whistleblowers, victims of domestic violence, and regular citizens who care about their privacy.

This incredible team of people has built an amazing organization. I hope to help grow the Tor Project by building a more sustainable infrastructure and a more robust funding base, as well as by achieving greater adoption of Tor products by mainstream Internet users. There's a lot to be done, but I think we'll have fun while working to make the Internet safer and more secure.

I look forward to meeting many of you in the coming weeks and months, and I welcome your ideas and suggestions.

Yours in freedom,
Shari Steele


Please note that the comment area below has been archived.

December 11, 2015


Shari was the mother of the Electronic Frontier Foundation -- guiding it for 15+ years. This is the best possible outcome for the ED search. Welcome Shari!

Yes! I am very happy with how this ended up. There was a while there in the search process where we were trying to figure out what sort of backup plans might be workable, if we didn't find any great candidates. Then we found Shari, and she'd had some time after finishing the EFF spot to recharge, so the timing worked out really well.

December 11, 2015


Go Shari! Tor couldn't have hoped for a better leader. A leader that was behind one of the most important digital rights organizations of our time.

December 11, 2015


Hi, Shari Steele. You are welcome!
您好, 莎丽斯蒂尔. 欢迎您!
您好, 莎麗斯蒂爾. 歡迎您!

Please pay more close attention to the internet users inside GFW.
You will be our hero.

Thank you very much!

December 11, 2015



December 11, 2015


Namaste Shari,

Congratulations in your new position. Looking forward to exciting and interesting accomplishments that you no doubt will achieve.

And yes, we shall have fun as well as we make Tor & planet a phenomenal place to inhabit.

WELCOME! Truly, Shari is on the bridge!


December 11, 2015


Welcome Shari, and be sure that we will do our best to help you succeed in this role! Thank you for accepting to lead Tor!

I'm still shocked at the audacity of some of the people involved in these huge government over-reaches. The one that I'm still upset about, from last year that I think not enough people noticed, was the "number of acceptable collateral murders for each person they wanted to kill with a drone strike" chart.

Tor isn't going to be able to fix all of the world's problems by itself -- not even all of the world's civil liberties problems. That's why it's key that we continue to be part of a larger ecosystem of great projects.

December 15, 2015

In reply to arma


> I'm still shocked at the audacity of some of the people involved in these huge government over-reaches.

Another very important argument against encryption backdoors is that US federal agencies are by no means immune to corruption. DEA and DHS/CPB in particular are said to be riddled with cartel moles, a circumstance which clearly has the US political leadership very worried. The concern is that the few corrupt agents who are caught and convicted very likely represent the tip of a very dangerous iceberg:…
There Might Still Be Crooked Cops from the Silk Road Investigation
Sarah Jeong
14 Dec 2015

> Former DEA agent Carl Mark Force was sentenced to six and a half years, and former Secret Service agent Shaun Bridges was sentenced to five years and eleven months. Their crimes were numerous: they stole bitcoin, compromised investigations, and Bridges even set up a cooperating witness for a theft that the agent himself committed, leading to Silk Road leader Ross Ulbricht, aka the Dread Pirate Roberts, issuing a hit on the witness. But Force and Bridges probably weren’t the only corrupt cops inside the Silk Road Task Force.

December 15, 2015

In reply to arma


> Good thing we hired Shari, not her husband.

@ arma: speaking of spouses, let me try again to clarify something. Please believe that I am not trying to criticize anyone's character here, but to make a potentially useful suggestion (which also has some potential drawbacks):

I don't particularly care who Rachel is married to. I *do* care that she knows about stylometry. For this reason, I don't want her "working for DARPA" (well, doing academic research funded by DARPA grants), I want her to work for Tor Project.

One potential problem is that this proposal would raise the nepotism issue--- very awkward since I like to remind Tor users of NSA's infinitely nastier nepotism problem (Teresa and James Shea).

Lots of people in the technology field have at some point had some relationship with USG, even with DOD or spooky agencies. This certainly does seem to be a recurrent theme for Tor's leadership, which just raised the issue itself by announcing a matching fund drive from Rob Thomas of Cymru/Dragon.

However, one point to bear in mind is that working for DOD or even NSA for some time decades ago is a very different thing from recent work, because the entire USG has since 9/11 gone so far in adopting authoritarian and even fascistic notions of governance. In particular, the Pentagon ties of Bill Vass appear to be decades old. Much more recent apparent links between Rob Thomas and the most lethal enemy of Tor are a much more serious concern. I look forward to reading in this space Thomas's forthcoming (yes?) complete disclosure and frank explanation of the apparent contradiction between his matching drive and Cymru/Dragon's work with USG.

@ Shari: you certainly seem to be experiencing a baptism of fire in your new job! One of Roger's most admirable characteristics has been that he tends to keep his cool. His reaction to legitimate question about Rachel's work for DARPA on stylometry was an unfortunate exception. In my view, a carefully written but honest explanation in the Tor blog from Rachel, Rob Thomas themselves, and maybe even Bill Vass, would be the most effective way to avoid something the enemies of Tor want to create, a division between Tor users and the Project leadership.

December 12, 2015


we are honored too.
do you plan removing the observatory feature ?
do you plan removing the http option (default) for an only https feature?
do you plan removing the windows tor-bundle ?
do you plan adding calomel addon ?
do you plan opening library-tor-relays in america, eu, russia, africa australia and not only for us/spanish books ?
do you plan adding on this blog (tor-blog) a box with three negatives options -spam/troll/off-topic - that the users can give their negatives opinions about the quality of the posts ?

Gosh. These are quite detailed questions -- an interesting choice of priorities. :)

For the first four, those look like Tor Browser development and strategy questions. Shari is not replacing the Tor Browser team -- you should go ask them what they think of those.

For the library Tor relay question, that one is best directed towards Alison, who is doing great work on evangelism and education around libraries, privacy, and freedom. I believe if all goes well she's going to have a cameo in the "State of the Onion" talk in Hamburg this year, so she can update everybody on her latest work.

And for the blog usability question, I would say this blog platform is held together by duct tape, but even the duct tape is showing its wear. We have been moving forward with plans to replace it, but I don't think they're as high priority as some of the other things I'm excited for our new execdir to come in and help with.

December 12, 2015


Good news. Hope looking into the possible banning of TOR in France and other countries will be high on the priority list, TOR is not just terrorists and pedos like the media pretends!.

December 13, 2015

In reply to arma


yes but the article is oriented in a tor propaganda : no value.

December 12, 2015


"and regular citizens who care about their privacy"
=> Last but definitely not least. Strength in number, every single casual John Doe using the network makes the network stronger.

Otherwise, as everyone already said, welcome too :)

This is actually just a Firefox question. So, however you do it in Firefox.

(I tried clicking on the little magnifying glass in the search box, and it gave me a "change search settings" option. That looks promising!)

December 13, 2015


Please release an easy to use GUI based Windows client. There used to be one, and it wasn't stable... then you discontinued it... probably for good reason. Now for an updated easy to use client on the world's most popular platform.

December 13, 2015


Tor on Windows provides false sense of security and weakens security of the Tor network. Tor relays on Windows OS is bad for security of the Tor network, and Tor on Windows provides false sense of security to its users since Windows spies on everything and reports it all. We need to ban Tor on Windows so Windows users do not continue having a false sense of security and to also promote the move away from Windows to more secure systems.

Or at the very least, do not allow Windows computers to operate as a node, and on the Windows versions have a big warning that reads "WARNING: You are using a Windows computer which renders Tor useless at maintaining your privacy since your operating system is spyware. It is recommended to move to a Linux/Unix operating system"

About Tor relays on Windows I don't know, but banning Tor clients on Windows wouldn't make sense: as previously posted, the more people use it the better, because it makes every user one among a larger crowd.
Even if the security of those Windows users isn't optimal, it's not a problem if they don't actually need a superb security, and it grows the crowd which is a good thing for those who really do need optimal security.

December 13, 2015


Welcome Shari. Great to see you are settling into your new position nicely. I really look forward to watching where you take the Tor project to next. Best of luck for the coming months and beyond, and hope you have a splendid new year.

December 13, 2015


This is a suggestion I've made elsewhere but is it possible to make tor messenger users operate a relay node by default? So everyone enjoying the benefit of the IM is also "strengthening the network" as per above commenter?

I understand mobile is a different kettle of fish entirely but could we one day see a downloadable tor message app where the average pleb can not only use the IM functionality but contribute a node without needing any expertise to do so?

Back on topic - seems like a great hire, well done

December 13, 2015


Welcome! In recent statements you have alluded to not wanting to step on the toes of EFF in your new role at Tor. While I agree that Tor's main task is to provide tools, I believe that only through effective and public defense of the ideas of privacy and security will you see the mass adoption needed to make the tools useful in the first place.

December 13, 2015


Do the human verification captcha before entering various sites inject code into the Tor Browser to intentionally identify you or are you still protected behind Tor?

December 13, 2015


(Part One)

Welcome, congratulations and felicitations!

Roger has no doubt warned you that the Tor user base can be rather demanding, and I want to waste no time in proving that this is no exaggeration!

Roger just said something very important which bears repeating:

> Tor is part of a larger family of civil liberties organizations, and this move makes it clear that Tor is a main figure in that family.

I completely agree, and I believe that at a time when all the Western governments have apparently made a concerted sharp turn towards authoritarianism--- even fascism--- the biggest threat to the continued existence of the Project may be political or legal. Which is not to deny the gravity of the ever more diverse and sophisticated technical attacks which the Project will face in coming years.

For this reason, over the next few years I believe that the highest priority tasks for the leadership of the Tor Project are

o building even closer relationships with other civil liberties and humanitarian organizations (EFF, ACLU, RSF, MSF) and key technology NGOs (Citizen Labs, Debian, Tails, OSF),

o being always available to the most influential tech reporters as a source of apposite quotes responding to political attacks on Tor, crypto, etc.; this requires building personal relations and also following closely news stories (especially ones written by those same reporters),

o working with US legislative staff to ensure that as Executive Director of the Tor Project, you are invited to give testimony rebutting that from people such as FBI Director James Comey,

o working with other civil liberties groups and with STEM (Science, Technology, Engineering, Math/stat) professional organizations and US/EU universities to construct boycotts of NSA/DARPA/IARPA/GCHQ, and to craft Codes of Conduct for research on social media and communities such as Tor users, based upon the example of IRBs (but note that this requires simultaneously campaigning to oppose the dismantling of IRBs for medical research in the US threatened by numerous bills now before the US Congress),

o working with other civil liberties groups to encourage serious journalists to expose the most important post-Snowden story; to wit, thanks to Snowden, we know that FVEY is trying to steal everyone's lives/data exhaust, but too few people understand what they plan to do with our data exhaust: to use Bayesian predictive analysis (think IBM Watson) applied to Big Data troves to assign everyone individual citizenship scores, for such purposes as CVE programs currently being ramped up by US and EU governments, programs which specifically target youngsters aged 3-7 for scoring, suasion, and even such drastic interventions as removing children from their home.

That said, in the end Tor cannot exist without energetic and determined devs, and in coming years Tor will clearly need to enlarge the circle of critical developers. So keeping them happy and recruiting fresh blood must have a very high priority. I agree with a strategy I think I see the Project pursuing here, which acknowledges that Tor cannot match Google salaries, but leverages the fact that many people want to do challenging work which will really help a very large number of people, as opposed to simply trying to strike it rich (and the Project wouldn't want to employ people like that anyway--- they're too bribeable).

Tor Project is growing and must grow, and growth always presents problems which the Executive Director must track and ameliorate. One useful general strategy here (and I think Roger would agree) might be to adopt a modular philosophy, in which one continually re-evaluates political/technical goals of subprojects, taking account of the people involved and whom they work best with, to try to ensure that if some subproject becomes useful to many projects outside Tor, it can perhaps be split off into a new NGO, if that would be useful, or at least given freedom to expand gracefully inside Tor Project if not.

Fixing vulnerabilities as they are uncovered must always have a very high priority, of course. Here, urgent problems for the devs probably arrive according to a Poisson distribution, i.e. they tend to cluster. That's just in the nature of how these things work. The Project must continue to be able to take crises in its stride, without letting a bad stretch of serious bugs derail its longer term projects.

In particular, the Project must continue to try to see that further critical R&D gets done, whether as part of Tor Project or in a sister organization, for example

+ continuing research on GFC, SORM, and other censorship/surveillance technologies,

+ research to counter "out of band" deanonymization attacks such as Stylometry (a very hard problem, but I think that some far from useless technical countermeasures would be easy if time-consuming to achieve),

+ research to try to solve or ameliorate untoward consequences of core design decisions in current Tor, such as the most dangerous traffic correlation attacks (also a very hard problem, a fact which should be attractive to the right kind of researcher),

+ projects to develop and market low-cost countermeasures to hardware woes (such as more secure routers for ordinary people, working with industry to provide properly signed firmware upgrades for linux-friendly routers, "Faraday cage" bags, wide frequency scanners leveraging software-designed radio to search for suspicious RF transmissions),

+ providing encouragement to innovators with wild ideas (using drones and/or low power transmitters to build a grassroots open/free alternative to the existing internet, retroflector screens, TEMPEST countermeasures, etc), while gently discouraging obviously ill-advised schemes (e.g. dubious "Tor in a box" schemes).

December 13, 2015


(Part Two)

Over the next few months, I believe that the most urgent task for the Tor leadership is to join with other civil liberties groups in mobilizing the Tor userbase to speak out against attempts in the US and EU countries to exploit political hysteria to legislatively mandate backdoors in civilian encryption, "split keys" (see Shamir's Secret Sharing Scheme for example), "key escrow", or other "unicorns" being demanded by James Comey ("if unicorns don't exist, Silicon Valley must create them"). Here I think the most effective countermeasures may include:

o being ready with carefully crafted quotes when reporters call after the FBI's PR machine seeks to exploit each new "kinetic outrage" (e.g. San Bernardino, Bataclan), major cybercrime incidents, etc., to attack TM, TB, Tor, and encryption generally (analogies can be very effective),

o working with ACLU, EFF, EPIC, etc., to help journalists understand how medical privacy provides an example everyone can understand of why strong non-broken (backdoored) crypto is essential to protect ordinary citizens from very serious harm,

o working with ACLU, EFF to help journalists explain the four worst mathematical fallacies which underlie the Dragnet ("if we collect it all, we can use Big Data analysis to extract all those elusive needles" [sic]):

+ "prosecutor's fallacy": confusing Pr(E|H) with Pr(H|E); a nice concrete example uses E = person is male/female, H = person is color blind,

+ "base rate fallacy": even a "highly accurate test" for some specific condition or potential future event will flag mostly innocents when used dragnet style to try to predict rare conditions or rare events (e.g. to identify which Americans have some undiagnosed rare cancer, or which children aged 3-7 will in future commit some rare act such as a mass shooting)--- ask Roger about this!,

+ "creationist's fallacy": treating events which are not statistically independent as if they were, leading to multiplying lots of probabilities and coming up with an absurdly tiny probability that, for example, someone with a low citizenship score has been unjustly tainted in a "judgment by algorithm" (in the case of "naive Bayes" it requires further mathematical analysis to explain why claims that these errors "wash out" in CVE but not medical applications are fallacious),

+ "Simpson's paradox": a simple argument showing how "drilling down" into huge data sets is as likely to lead to greater confusion than to greater insight; a classic example shows with real data how a hypothetical just prosecutor in a death penalty case could repeatedly reverse her previous conclusions using the statistical analysis of multidimensional contingency tables as further variables are added,

(all of these points are related to the broader issue of criminal justice reform and concern about the fact that forensic "science" [sic] is in fact almost entirely pseudoscience founded upon serious misconceptions such as the four just outlined.

I might also mention the (counter-intuitive?) fact that probabilities and "preferences" are not transitive, so A > B, B > C, C > A are possible. This awkward fact is usually concealed from decision makers who are being pitched some computerized tool which allegedly can make hard decisions better than humans can.

December 13, 2015


(Part Three)

Two difficult issues might prove unhelpfully contentious if they are not carefully handled:

+ the Tor Project has so far been funded mostly by government-tied sources (mostly USG sources, in fact),

+ personal ties between current/former USIC employees/contractors and Tor Project employees might be seen as potentially undermining Tor's mission.

With the aim of trying to help you avoid allowing the enemies of Tor to exploit these issues to harm us, I'd like to try to summarize how I understand the sometimes strongly expressed views of myself and other Tor users:

o in the short term, Tor may not be in a position to turn down funding from generous donors, but in the long term (as the Project clearly now agrees), Tor must seek to avoid taking too large a fraction of its *total* funding from any one "block" (USG/FVEY, some large corporation or, hypothetically, a possibly self-serving NGO such as the Gates Foundation)

o a valid point which Roger has sometimes made in the past is that not everyone employed by the USG (or the Chinese or Russian government) is an ogre, and the project can benefit from maintaining relations with government employees who can be plausibly regarded as potential allies

o that said, as institutions, it has been clearly demonstrated (see for example NSA's nasty campaign to weaken crypto standards) USIC and other intelligence agencies simply cannot be trusted, and these agencies are not above trying to coax us into believing that particular employees have friendly intentions toward us, in order to harm our organizations, and for this reason, the Project must keep employees of agencies such as GCHQ, NSA, DARPA at arms length.

Another unfortunate recurring phenomenon is the fact that Tor Project is likely to be targeted by GCHQ/JTRIG and NSA/TAO operatives in troll campaigns, using much the same tactics as the notorious Gamergate operatives in a serious state-sponsored effort to disrupt the Tor community, and indeed the wider tech community. I believe Roger has handled this very difficult problem about as well as anyone, so he can probably prepare you for the task of very carefully "defensively constructing" statements to try to defuse future incidents of troll campaigns.

An important point which is also useful for the ongoing project to make Tor a thoroughly mainstream tool used daily by many (most) Internetizens: the enemies of Tor want ordinary people who should become Tor users but have not yet taken the plunge to believe certain falsehoods, and these false claims commonly appear in social media forums whenever Tor is mentioned (probably not always by coincidence):

+ "Tor is broken" [sic]

+ "Tor is merely a kiddie toy if the government is individually targeting you" [sic]

+ "Tor is a USG project and has always been backdoored" [sic]

+ "Tor devs write bad code and fail to fix vulnerabilities" [sic]

+ "Tor Project is riven by internal dissension and is about to self-destruct" [sic]

Of course the truth is much less dire and also much more complex, which can make it a challenge to briefly explain why these claims are all false.

As an example of countering the "Tor is a USG project" lie, I recently suggested asking Paul Syverson to write a guest post summarizing how he remembers the early history of Tor, and hopefully if his employer permits to laud the current role of modern Tor Project as an unalloyed Force for Good.

NRL affiliated researchers who work with Tor could perhaps be invited to post guest blogs explaining their research and its motivation. (Provided that their employer permits this, and provided that this would not draw unwanted attention to their swimming against the anti-Tor current inside the USG--- the researchers themselves are probably the best judge of that).

As a counterexample to the suggestion that no-one is the USG is our friend, one might point (cautiously) to a recent incident in which

(i) nusenu noticed that several relays were suddenly advertising an absurdly large B/W,

(ii) someone else reached out to the operator, who happens to be affiliated with NRL,

(iii) said operator almost immediately joined the discussion to explain that he had made a specific goof, and was trying to correct it (by reconfiguring his relays, confirming that they all belong to one family, then rebooting his relays and making a bug report).

I tend to think this incident suggests that some people who happen to work at NRL can still play useful roles, despite their ties to the Pentagon. I don't think this is inconsistent with insisting that DARPA employees must be held at arms length, because DARPA is just too evil. The difference as I see it, based upon information available to me, is that DARPA tasks some contractors with *breaking* Tor, while NRL has apparently so far not done that, and has even tolerated some people who we believe are interested in *improving* Tor, not *breaking* it.

Still this kind of research typically has a more or less explicit "dual use" nature: the results can be used to help us, or to harm us. Cleanly separating these dual faces of "security research" will never be easy, but the IRB model can help.

@ Shari:

Matching fund drives can be a very useful way to raise much needed money, but sometimes the source can be problematic:

The following post raises the concern about USG/contractor involvement to a new level of angst in the minds of the many Tor users who have long been concerned about the potential impact of Cymru Research and Dragon on the privacy of ordinary Tor users:…

I urge you to urge Rob Thomas to take the opportunity to try to explain what Cymru/Dragon do, who they share information with, and how he reconciles all this with assisting Tor.

I know that Roger spent one summer long ago as an NSA intern (he's been up front about that), and perhaps because I know other such persons, I have accepted his account. But Thomas has to date never addressed in public long-standing concerns about Cymru's associates, which to my mind is a more urgent concern.

December 13, 2015


Part Four)

To conclude my initial barrage of well-intentioned advice, I'd like to mention some recent initiatives which I like very much:

o Awesomeness Project,

o Tor Library Project,

o interviews with awesome Tor users such as Laura Poitras,

o Tor Messenger (when interviewing future additions to the team, one thing I hope you will point to as an example of abilities beyond coding which Tor seeks in a developer is that Sukhbir has been careful to try to briefly explain his design decisions as these are questioned by worried potential users, and to acknowledge up front that he may need to reverse some of them in light of future experience),

o important cooperative efforts with outside entities such as Debian, specifically Reproducible Builds (even though I obviously don't really understand it yet, a circumstance which can no doubt be rectified through further "explainer" blog posts from Roger or whomever is qualified to explain it for non-coders).

Also, I like the fact that Roger has tried to remain available to the user base by writing judicious responses to comments on his blog posts, and I hope you'll be able to do even more of that.

One idea which might be worth trying in future posts would be to seek to construct some way of classifying posts according to intended audience (prospective developers? average users?) or difficulty level (novices? expert coders?), and trying to quickly convey this information at the top of each post, maybe using some kind of symbol (bonus if the symbol is interpretable even to those who have disabled image loading).

December 14, 2015


Here's something which should help in our campaign to make Tor use mainstream: Twitter has apparently endorsed Tor for at-risk Twitter users!…
Beware of state-sponsored hackers, Twitter warns dozens of users
Journalists, security researchers, and activists receive Twitter warning e-mail.
Dan Goodin
14 Dec 2015

> Twitter has warned dozens of users that their account data may have been targeted by state-sponsored hackers.
> In e-mails sent to security researchers, journalists, and activists over the past few days, Twitter officials said there's no evidence the attacks were successful. Still, the messages said Twitter officials are actively investigating the possibility that the accounts were breached. Dozens of users have reported receiving the advisory, with this list showing 36 people and this one listing 32 users.
> ...
> While many people tie their Twitter account to common names and recognized e-mail addresses, others attempt to use the service anonymously. The advisory went on to suggest that people in the latter category use services such as Tor.

This story from The Guardian explains the irony of Twitter secretly endorsing Tor to its most at-risk users:…
Twitter warns users they may have been hacked by 'state-sponsored actors
14 Dec 2015

> Twitter’s specific warning has sparked criticism from those who received it, however. The company advises users to use the anonymous browser Tor to keep their identity secret in the face of hacks, but Tor users have often accused the firm of blocking accounts that log in using the service, thinking they are spammers. Users whose accounts are blocked in this way can get them back by verifying with a phone number – and phone numbers are one of the pieces of information that Twitter has warned may have been stolen in the attacks.

December 14, 2015


@ Shari:

As you know, other groups such as EFF occasionally ask their members to call politicians to express a view on key legislation like CISA. Calls to action can be more challenging for a Project with an international userbase, but it might be worth considering sometimes asking US/EU users to express a view on key legislation in their country.

In case anyone missed it, CISA passed both houses of the US Congress, by a wide margin. A half-dozen pro-privacy amendments were introduced during the debate but all were rejected, under the understanding that the privacy protections would be written in during "conferencing" (the procedure used to meld a bill which has passed the two houses in two versions into one law before it is sent to the US President for signature). But in conference, the NSA lobby suddenly reneged on their word to funnel the shared data through DHS, which would be told to "anonymize" it, and this has apparently led to an unexpected delay. See:…
Opponents launch 11th-hour campaign to kill cyber bill
Cory Bennett
14 Dec 2015

> Privacy advocates have launched a last-ditch campaign to block a major piece of cybersecurity legislation that could soon be added to an expected omnibus spending deal.…
Senate Intel chair: Still no deal on cyber bill
Cory Bennett
14 Dec 2015

> For several days, lawmakers have been on the cusp of completing the compromise text of a cyber bill that would encourage businesses to share more data on hackers with the government... But a series of 11th-hour debates over the measure’s privacy language have drawn out the talks. While many industry groups, lawmakers and even the White House insist the bill is a necessary first step in the fight against hackers, civil liberties groups and some lawmakers have warned the legislation could allow the intelligence community to collect more private data on Americans and are pushing for stronger privacy provisions. The last-minute delay has endangered lawmakers’ hopes of getting a final bill on President Obama’s desk by the new year.

December 14, 2015


Calls to action to oppose CISA seemed to have little effect on the US Congress, but strangely, a call to action to oppose the Kazakhstan mandatory rogue certs may have given that government pause (very good news if so):…
Kazakhstan’s Unsettling New Cybersecurity Plan
Josephine Wolff
14 Dec 2015

> ...lots of countries, including the United States, have been struggling to deal with encrypted digital communications and to provide appropriate access channels for law enforcement or intelligence officials. That is, essentially, what a mandatory certificate issued by the Kazakh government would do, by enabling government officials to execute man-in-the-middle attacks on their citizens’ encrypted communications. At the same time, Kazakhstan’s approach is a relatively new one, both because it seems to rely on its government issuing a certificate specifically designated for the purpose of intercepting traffic, and because it relies on individuals to proactively download that certificate onto devices.
> Unsurprisingly, the Kazakhstan plan has drawn considerable criticism for undermining cryptographic protections and weakening device security. Somewhat more surprisingly, the criticism seems to have actually had some effect...

Read and weep:…
Last-Minute Budget Bill Allows New Privacy-Invading Surveillance in the Name of Cybersecurity
Jenna McLaughlin
18 Dec 2015

> In the wake of a series of humiliating cyberattacks, the imperative in Congress and the White House to do something — anything — in the name of improving cybersecurity was powerful.
> But only the most cynical observers thought the results would be this bad.
> The legislation the House passed on Friday morning is a thinly disguised surveillance bill that would give companies pathways they don’t need to share user data related to cyberthreats with the government — while allowing the government to use that information for any purpose, with almost no privacy protections.
> Because Speaker of the House Paul Ryan slipped the provision into the massive government omnibus spending bill that had to pass — or else the entire government would have shut down — it was doomed to become law. (This post has been updated to reflect the vote, which was 316 to 113.)

December 14, 2015


Nice review of Crypto Wars I and how the old arguments against Clipper apply to NSA Director Adm. Michael Roger's recent proposal to "split keys":…
What the government should’ve learned about backdoors from the Clipper Chip
The Obama administration's calls for backdoors echo the Clinton-era key escrow fiasco.
Sean Gallagher
14 Dec 2015

We need to see more Op-Eds like this:…
Social media, encryption debate much larger than ISIS
Nicholas A. Glavin
24 Dec 2015

> Reactionary measures by technology companies and law enforcement agencies to tackle online extremist content will set a dangerous precedent in the future. A bill introduced earlier this month by Sen. Dianne Feinstein (D-Calif.) requires for the reporting of terrorist content related to the "distribution of information relating to explosives, destructive devices, and weapons of mass destruction." The measure, in addition to a proposed congressional commission on encryption, is yet another attempt by Congress to bridge a thorny gap between the technology sector and the federal government following the attacks in San Bernardino, Calif. and Paris.

Because this:…
Six cybersecurity lawmakers to watch in 2016
Katie Bo Williams
28 Dec 2015

> On the heels of passing its most significant cybersecurity legislation in years, Congress is poised to tackle a slate of fresh digital issues in 2016. Concerns over terrorist use of encrypted technology, proliferating hacks on retail companies, invalidated data transfers between the U.S. and the European Union, and more have pushed lawmakers to urge action on cybersecurity. Here are six lawmakers to watch on cybersecurity issues in 2016...

Example of the kind of Op-Ed TP needs to help counter:
The Debate Over Encryption: Stopping Terrorists From ‘Going Dark’
Encrypted devices block law enforcement from collecting evidence. Period.
Richard Burr
23 Dec 2015

WSJ hides content behind a paywall, but see this:…
Senate Intel chair: 'It's time' for encryption legislation
Cory Bennett
24 Dec 2015

> Congress must enact a law that would require companies to decrypt data upon government request, Senate Intelligence Committee Chairman Richard Burr (R-N.C.) argued Thursday in a Wall Street Journal op-ed.
> “Criminals in the U.S. have been using this technology for years to cover their tracks,” Burr said. “The time has come for Congress and technology companies to discuss how encryption — encoding messages to protect their content — is enabling murderers, pedophiles, drug dealers and, increasingly, terrorists.”

December 15, 2015


Congratulations! Tor is needed even more now than ever before. Tor helps me (and I have tor nodes that I run as well) and others the important need to keep anonymity and confidentiality. Looking forward to helping the Tor Project out even more.

Harish Pillay

December 15, 2015


The world needs reliably anonymized HS hosted blogs.

Why? Here is one reason:

A growing number of grass-roots movements targeting government corruption, untrammeled corporate power, big banks, deforestation, etc, are one of the few hopeful signs. But these can only arise when the citizenry has access to good information. And increasingly, professional journalists everywhere have been co-opted or cowed by governments, crime lords, oligarchs, rival militias, and other powerful interests. So citizen bloggers have taken to anonymously reporting on news in their region which "official" media don't wish anyone to know about.

According to CPJ, the number of journalists imprisoned by the four worst countries (in numbers, not per capita) are:

China 49
Egypt 28
Iran 19
Turkey 14

The most rapid growth is in Turkey, a NATO country.

CPJ did not attempt the virtually impossible task of estimating the rate of assassinations of bloggers who try to report anonymously on drug cartel ordered violence in Mexico (because the professional news organizations are afraid to report these--- too many have been killed).…
China, Egypt, Iran lead in imprisoning journalists, report says
Lisa De Bode
15 Dec 2015

It's all of them (governments, megacorps, and other criminal gangs) against all of us (the People).

For Tor users who live in NATO countries, Turkey is a particularly troubling case because it is a NATO country, and the policies followed under Erdogan suggest that journalists living in other "Western-oriented" countries may in coming years be increasingly imprisoned under CT laws if they report news which the government would rather keep secret:…
Turkey’s long history of attacks on the press
By arresting journalists, Erdogan is continuing an age-old national tradition
18 Dec 2015
James Ryan

> On Nov. 26, the editor-in-chief and the Ankara bureau head of the Turkish newspaper Cumhuriyet — Can Dündar and Erdem Gül — were arrested and charged with belonging to a terrorist organization. Their arrests took place after their paper, Turkey’s longest running daily, published footage and articles that suggested that the Turkish security services were sending weapons to Syrian rebel groups — a charge the government denied.
> As of this writing, Dündar, who received this year’s Press Freedom Award from Reporters Without Borders, is in pretrial detention in Silivri Prison. Similar instances over the period between parliamentary elections on June 7 and Nov. 1 triggered an emergency investigation by the Committee to Protect Journalists, and a separate report, released Dec. 15, found that the number of imprisoned journalists in Turkey “rose dramatically” in 2015.

Good example of a news story US/EU citizens should read while they still can:…
America’s Secret African Drone War Against Islamic State
Nick Turse
17 Dec 2015

December 15, 2015


@ Shari and Roger:

From time to time over the past few years, Roger has alluded to a small and endangered community inside the USG (especially the State Department) or with close ties to USG (e.g. NED). This community has quietly--- even secretively--- helped to fund Tor over the years, and sometimes even tries to advocate for Tor within the USG.

But this community also has a long and somewhat troubled history of trying to "win the hearts and minds" of dissident citizens in other countries--- particularly ones whose governments are openly unfriendly toward the USG--- to the ideology of free speech, representative democracy--- and sometimes, the ideology of free market capitalism.

Roger has hinted that Tor Project needs to protect such friends or their funding by going out of its way to avoid criticizing their missteps and secrecy, even as some Tor users vocally protest that the secrecy (Sponsor F and all that) is an anachronism which is singularly unhelpful to the cause these NED-type entities claim to espouse.

I endorse that view, but assuming (wrongly?) that in the short term State Department funding for Tor is still regarded as essential, I want to warn you to be prepared to respond to new challenges from politicians desperate to improve the amazingly dismal popularity ratings of the US Congress by picking on left-leaning USG programs whose track record leaves them open to criticism.

The current political threat to entities like NED and USAID comes from the radical right, but the State Department's most recent gaffe is so astonishing that even Glenn Greenwald is calling it out.

One of the propaganda programs operated by the State Department is a propaganda tweeting program they call "Think Again, Turn Away", a social media "suasion" operation which is also part of the USG's mostly secretive and extraordinarily ineffective and counterproductive CVE (Countering Violent Extremism) programs. The State sponsored tweets are of course intended to counter what the USG views (with questionable judgment) as the "highly effective" propaganda tweets from IS.

And the people who run TATA just very publicly pushed out Ayaan Hirsi Ali, of all people, to try to turn Somalis away from the path of Islamic radicalism. This is certainly a curious choice, given the well known facts that she is a divisive (and among Muslims, a much-hated) figure who has

o declared herself an apostate from Islam,

o praises Israeli PM Netanyahu,

o insists that the US is at war with all Islam, not just radicals

Seriously. It's as if State had named Che Guevara as someone who can turn the Sandinistas back to path of banana capitalism. As if the NSA had named Edward Snowden as the perfect person to promote its dragnet to an increasing skeptical American public.

Really, State Department? Really now?

Remember those posters who sometimes turn up here, warning Tor users that "if the USG wants to get you, they will get you--- there is no escaping their power and omniscience" [sic]?

Really? *This* government? (snicker)

When the State Department Tries to Choose Muslim Thought Leaders to Win “Hearts and Minds”
Glenn Greenwald
15 Dec 2015

> Few things produce darker and more warped comedy than when the U.S. government launches new propaganda campaigns to “win the hearts and minds of Muslims.”
> ...
> Last year, the State Department announced with great fanfare a new social media campaign to counter ISIS’ online messaging. They called it “Think Again, Turn Away,” and created Twitter and Facebook accounts in that name. Its self-described purpose on Facebook: “Our mission is to expose the facts about terrorists and their propaganda. Don’t be misled by those who break up families and destroy their true heritage.”
> It was a massive comedic failure from the start. And that failure continues. Yesterday, Think Again, Turn Away’s Twitter account promoted and hailed someone they think will serve as an inspiring thought leader for Muslims around the world [Ayaan Hirsi Ali]
> ...
> If the U.S. government were actually serious about trying to change how it is perceived around the world, it would change its behavior that — as its own study found — causes massive anti-American sentiment around the world. In lieu of that, it continually attempts to propagandize people into changing their views, and the only thing remotely surprising about that choice is how remarkably inept the government is at doing it.

Greenwald cites a Gallup poll from Jan 2014 showing that a large fraction of people around the world identity the USA as the worst threat to the rest of the world:…
In Gallup Poll, The Biggest Threat To World Peace Is ... America?
Eric Brown
2 Jan 2014

The pollsters also reported that a large majority thought 2014 would be better than 2013, an instance the kind of very human but irrational optimism in the face of all contrary evidence which the USG is trying to exploit in its inward facing CVE programs, which stress the doctrine of "resiliency", a code word for the governments displeasure with the fact that more and more citizens are not content to make do with less and less:…
The Revolt of the Anxious Class
15 Dec 2015
Robert Reich

> The odds of falling into poverty are frighteningly high, especially for the majority without college degrees.
> Two-thirds of Americans are living paycheck to paycheck. Most could lose their jobs at any time.
> Many are part of a burgeoning “on-demand” workforce – employed as needed, paid whatever they can get whenever they can get it.
> Yet if they don’t keep up with rent or mortgage payments, or can’t pay for groceries or utilities, they’ll lose their footing.
> The stress is taking a toll. For the first time in history, the lifespans of middle-class whites are dropping.

Two relevant figures which the former Secretary of Labor failed to mention: the total wealth of the lower 200 million Americans is topped by the wealth of the 20 richest, and for the first time in a century, more Americans belong to the lower class than to the middle class.

> irrational optimism ... which the USG is trying to exploit in its inward facing CVE programs, which stress the doctrine of "resiliency", a code word for the governments displeasure with the fact that more and more citizens are not content to make do with less and less

Jay Stanley of ACLU offers some useful insights on how the global depression (or whatever euphemism one prefers) exacerbates pre-existing threats to civil liberties and human rights:…
Economic Stagnation and Political Turmoil Test Our Civil Liberties
Jay Stanley, Senior Policy Analyst, ACLU Speech, Privacy & Technology Project
15 Dec 2015

> If these economists are correct, history suggests that we could be in for a period of sustained political instability. And that, in turn, will have big implications for our civil liberties.

December 18, 2015


@ Shari:

I want to make sure you are aware of yet another category of looming potential threats to the community of cybersecurity-privacy-anonymity promoting research/tools (particularly Tails Project, a close ally of Tor Project).

You probably know Ron Deibert of Citizen Labs, and I hope you have read his excellent book Black Code! No human rights organization could be more critical to the circle to which Tor Project belongs than Citizen Labs, which has played an outstanding role in recent years in documenting horrific abuses by governments which buy tailored exploits of zero-day vulnerabilities from corporations such as Gamma International and Hacking Team.

Unfortunately, several current USG proposals threaten security research such as that performed so well by Citizen Labs.

One proposal before the US Congress should sound familiar to veterans of Crypto Wars I: some members want to criminalize cybersecurity auditing tools such as airodump-ng (included in Tails):…
Lawmakers revolt over anti-hacking regs
Katie Bo Williams
18 Dec 2015

> At issue is the implementation of a little-known international agreement [the Wassenaar Arrangement, a household term in human rights circles] governing export regulations for so-called intrusion software — digital hacking and surveillance tools that the agreement’s crafters were concerned could be used by to crack down on journalists and dissidents.
> Security experts have long argued that the arrangement defines “intrusion software” too broadly, effectively outlawing the export of legitimate tools that companies use to test and fortify their own defenses.

Another theme in these proposed bills is familiar from the CISA fiasco--- a bill which was nominally intended to address the horrendous state of USG/corporate cybersecurity, but which actually does nothing to improve cybersecurity, while giving NSA even more dragnet surveillance powers. Namely, the new push to redefine software as munitions is nominally intended to curtail companies like Gamma International from selling to the most brutal regimes on the planet, but actually does nothing to do that, and instead would criminalize legitimate security research.

A poster just mentioned, somewhere in this blog, security researcher and staunch Tor "asset" Jacob Appelbaum, who played a key role in exposing the NSA/ANT catalog which another poster just mentioned somewhere else in this blog:…
hopping for Spy Gear: Catalog Advertises NSA Toolbox
Jacob Appelbaum, Judith Horchert and Christian Stöcker

Yesterday, Juniper Networks, a major provider of commercial firewalls and routers, announced that it has discovered what it delicately calls "unauthorized code" in several of its products. As Dan Goodin was quick to point out at Ars, this may well represent the NSA/ANT FEEDTROUGH malware uncovered by Appelbaum et al:…
“Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic
Backdoor in NetScreen firewalls gives attackers admin access, VPN decrypt ability.
Dan Goodin
17 Dec 2015

> [the] article published by Der Spiegel reported that an NSA operation known as FEEDTROUGH worked against Juniper firewalls and gave the agency persistent backdoor access.
> "This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers," the article reported. "Thanks to FEEDTROUGH, these implants can, by design, even survive 'across reboots and software upgrades.' In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH 'has been deployed on many target platforms.'"

As you know, a major issue here is that US military returning from active conflict zones often become police officers, and frequently want to continue to use the surveillance tools which they previously used against overseas "terror suspects":…

> THE INTERCEPT HAS OBTAINED a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States.
> The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.
> The Intercept obtained the catalogue from a source within the intelligence community concerned about the militarization of domestic law enforcement.

A related potential threat to Tails and other tools which by default partially spoof the unique machine ID of a laptop or other device running Tails: several bills being introduced in the US Congress (similar bills are being introduced in the EU) would criminalize anyone using "multiple devices", which could criminalize using Tails (without disabling the anonymization unique identifier spoofing feature). Indeed, given NSA's history of creative Top Secret redefinitions of words to mean whatever they want them to mean, "multiple devices" could perhaps ultimately be secretly reinterpreted to mean anyone who uses any Tor circuits (which involve multiple nodes), or maybe even anyone who uses the Internet ("anything which is not expressly forbidden to NSA is regarded as permissible"):…
GOP: Bolster surveillance in wake of attacks
Jordain Carney
11 Dec 2015

> A trio of freshman Senate Republicans, including one White House contender, is trying to up pressure on Congress to pass new surveillance legislation, saying it's needed to defeat "radical Islamic jihadism" after a string of recent attacks.
> ...
> [Rubio's bill] would also make permanent two other provisions of the NSA reform bill tied to "lone wolf" suspects and those who use multiple devices, as well as a portion of the Foreign Intelligence Surveillance Act that allows the NSA to collect vast amounts of information about Americans’ and foreigners’ behavior on the Internet, which is set to expire in 2017.

Another potential danger to Tor users may come from the increasingly common practice of US LEA agents buying malware and spy gear "off the shelf". Some of these tech savvy agents have even gone into business to sell spy gear built on top of some of the same open source tools we all use every day:…
US cop goes war-driving to find stolen gear by MAC address
Richard Chirgwin
9 Sep 2015

> In a move that opens up a whole new world of "swatting," Iowa City's The Gazette reports that city [police] officer David Schwindt has created software to go war-driving for MAC addresses.
> He calls the software L8NT (oh, "latent," l33t-speak from a policeman no less), and with a suitable antenna, it will try to match any MAC addresses it encounters with "known stolen goods."
> Schwindt acknowledges that people might not have ever noticed the MAC address of their laptop, desktop, tablet, mobile phone, refrigerator, smart TV, or broadband router. Of course, if the Wi-Fi is turned off or the device is powered down, it's not going to be visible.
> The Register notes that while MAC addresses are assigned on a unique basis by the IEEE, they're no longer immutable, meaning any tech-savvy crook with time to spare can hide the provenance of stolen goods. Then there's ploys like Apple's decision to randomly change iThings' MAC addresses, which Cupertino implemented in iOS 8 as a way to make it harder to identify devices connecting to public WiFi networks.
> Schwindt promises that his software doesn't look for any personally sensitive information while it's scanning for contraband MAC addresses, but could create another problem if a malefactor with the right information created a new "swatting" attack by entering a target's home gateway via the nearly-always-unchanged default password, then giving it a MAC address that will interest the police.

Swatting is a real phenomenon, and a very dangerous one, as Linux security guru Brian Krebs can testify. LEA induced swatting would be a novel and particularly ugly twist on this kind of potentially deadly "prank".

Far more expensive (and dangerous) tools such as Stingrays are being bought "under the radar" by police unions and public-private partnerships which claim exemption from FOIA laws, rather than by police departments themselves. This is nothing less that money-laundering by LEAs.

A closely related issue is the rapid growth of vigilantes who are adopting technology to pursue people they identify as fitting some objectionable "signature". One problem here is that such vigilantes are no less likely to dox entirely innocent people than are the pros when it comes to dragnet surveillance:…
GCHQ can hack your systems at will – thanks to 'soft touch' oversight
Privacy International battle exposes 'bulk' warrants
1 Dec 2015
Alexander J Martin

> The "soft touch" oversight regime for GCHQ's offensive hacking activities has been revealed during an IPT hearing, which has received two sets of complaints to hear over the course of this week – one from Privacy International, and one from an international coalition of internet and communications service providers which Privacy International assisted.
> The complaints regard the offensive hacking, or computer network exploitation (CNE) activities, of GCHQ, which are alleged to have been unlawful under the Computer Misuse Act 1990, as well as in violation of Articles 8 and 10 of the European Convention on Human Rights. The agency denies the allegations

One of the worst problems with FVEY dragnets, especially in the UK, is that these are subject to little real external oversight. But vigilantes are subject to no oversight whatever.

What could go wrong? Consider for example the advent of ubiquitous microdrones, bearing in mind the fact that in the US, anyone can fly a camera or taser-equipped or machine shotgun equipped microdrone to within 25 feet of someone they dislike (in the EU the standard is more like a hundred meters):…
And Now Drones Can Take Pictures at Night
Justin Peters
11 Dec 2015

> the [Chinese] dronemaker DJI plans to introduce a drone camera that uses thermal imaging to provide visibility in sub-optimal conditions. The Zenmuse XT, developed in conjunction with the imaging company FLIR Systems, basically uses an object’s heat signature the way that normal cameras use visible light: by illuminating the object and allowing the camera to see it. Because an object’s heat signature can be detected in darkness as well as light, thermal photography is ideal for night-vision applications. Basically, night vision is great for finding people who are hiding or otherwise concealed. Rescue workers searching for survivors in, say, an earthquake could use a thermal-imaging drone to find people at night as well as in the daytime. Are you a fleeing criminal seeking to evade the police by hiding in a nearby cornfield? Well, tough luck, pal: The cops’ thermal-imaging drone will quickly blow your cover. Want to always win at hide and seek? Have I got the drone for you!

All that might sound great to the casual reader, but consider the widespread abuse of thermal imagers to track all citizens in US cities experiencing "civil unrest", which has extensively documented by the ACLU, most recently in Baltimore, MD.

Imagine what the OK vigilante described in this story (or an ethically-challenged paparazzo) would do with a thermal-imager equipped DJI drone:…
Alleged john, prostitute busted by drone, face criminal charges
Beware the sousveillance state: Anyone can film you in public.
Cyrus Farivar
4 Dec 2015

> An Oklahoma man has received the distinction of being the first "john" in the state to be criminally prosecuted and arrested after being caught in the act by a drone. Local police records show Douglas Blansett, 75, was arrested and released on Thursday. That's according to local anti-prostitution Oklahoma City-based activist and private investigator Brian Bates, who has run for years, a collection of videos of suspected sex workers and their johns.

Some US vigilante groups are already using popular DJI drones (the most popular models cost under 2000 USD) to create on-line databases offering "mugshots" of persons unfortunate enough to be homeless (or to be mistaken for homeless persons):…
What some of the richest people in America say about the poor when they think no one is listening
27 Aug 2015

> The group was founded by residents of Murray Hill and Kips Bay, predominantly wealthy neighborhoods on the east side of midtown Manhattan, where buildings have doormen and British-sounding names like the Wilshire, the Sycamore and Windsor Court. On its website the group says its mission is to “improve quality of life and public safety” in the neighborhood; it also runs a closed Facebook group where members post pictures of people they think are homeless.

Other vigilantes (or blackmailers?) are targeting drivers passing through "Red light" areas:…
New software watches for license plates, turning you into Little Brother
Cyrus Farivar
5 Dec 2015

There appears to be, as yet, no US law which would prevent a vigilante from arming his drone with pepper spray or taser devices. Could protesters who show up at Trump rallies be targeted by Trump supporters operating armed drones? It seems not beyond the realm of possibility.

One of the most frustrating aspects of these novel civil liberties issues is that, as the CISA and Wasenaar debacles show, any attempt to get the US Congress to address them intelligently is likely to be traduced by the enemies of privacy and civil liberties into further surveillance bills disguised as anti-vigilante bills.

This all seems to be part of the growing acceptance in governments and even among technologically illiterate ordinary people of the false principle that "surveillance will effectively address any social problem" [sic]. When in fact, the dragnet solves no existing problems, even while introducing new ones. Such as providing new technological tools to government officials who "break bad". Imagine what the cops described in this story might to with a DJI thermal imager equipped consumer microdrone:…
The terror behind Daniel Holtzclaw: The horrific truth about police & serial abuse
An Oklahoma City officer has been convicted on dozens of charges of abuse. But he isn't alone
Eesha Pandit
14 Dec 2015

Overall, these novel privacy and civil right problems provide us with a political opportunity even as they present us with unwanted new dangers. The problem is: how can US-based civil liberties groups like Tor Project work within a broken political system, one increasingly veering towards a Chinese-style authoritarian shame-based society, to guarantee that the human rights enshrined in the US Constitution (and various EU and UN documents) are respected in an age of rapidly developing intrusion technologies, while ensuring that attempted legislative fixes are not subverted by our enemies into bills which fail to address the issues they are nominally intended to fix, while granting our enemies even more invasive warrantless dragnet surveillance powers?

December 19, 2015


This the "suggestion box thread", correct?

@ Shari:

I urge you to set two specific goals as part of the larger goal of mainstreaming Tor usage:

First, nonprofit NGOs such as Charity Navigator rate other nonprofits by their transparency, financial accountability, efficient use of donations, etc. For example ACLU Foundation rates highly:

And EFF rates even better! (So good job there)

CN knows about TP but has not yet rated it:…

> Organizations such as this, that get most of their revenue from the government or from program services, are therefore not eligible to be rated.

So USG and its secretive contractors/partners (e.g. NED) are doing TP no favor by dominating your funding.

But if Tor Project dropped USG funding today and were rated tomorrow, I imagine that it would fare quite poorly, due to such factors as the inexplicable delay in a long-promised outside audit.

So I urge you to work toward making neccessary changes to make sure that if TP is rated by CN, it will get at least three stars in the first go round. And you should inquire what would cause them to decide to rate TP.

Second, enemies such as Michael Hayden grimace when they mention "privacy advocates", but they tend not to deny that EFF, ACLU are "stakeholders" in privacy issues. For example, EFF and ACLU were invited to express views to the authors of the so-called Podesta report on Big Data commissioned by President Obama.

So I urge you to work towards ensuring that TP is considered by DC policymakers to be a "stakeholder" with status comparable to EFF, ACLU, and EPIC.

December 23, 2015


@ Shari:

I would like to suggest another long range goal:

I think Tor Project should look for clever ways in which it can possibly help to grow a "privacy industry" in "the West". We need such an industry to counter the zero-days-marketplace and cyberespionage-as-a-service industry (represented by companies such as Gamma and Hacking Team), not to mention NSA/FBI's life-threatening program to break civilian encryption (even USG encryption, as the Juniper firewall fiasco shows).

Some things we need:

o vendors of open source SOHO routers who provide prompt signed firmware updates

o vendors of high quality Faraday cage bags, including enclosures for RFID chipped credit cards, ID cards,

o vendors of specialized hi-quality IMSI-catcher catcher devices which can detect "Stingrays", "DRT boxes", and other such nastiness (ideally these would become inexpensive default components of consumer smart phones),

o vendors of devices to detect tracking tags (especially ones with on-board memory) in footwear and other items of everyday apparel, which are being used to track unsuspecting citizens (by retailers, and no doubt by enterprising LEAs and intelligence agencies too),

o vendors of wideband software-defined-radio devices with good GUIs to help at risk renters, journalists, small health providers, etc., search for evidence of suspicious radio/radar signals near their home/office/hotel-room, such as MIT's 300 USD hardware which enables snoops to image their neighbors through the walls using WiFi signals (perfect for landlords or municipal agencies trying to find "evidence" they can use to evict a tenant they dislike, or for US Chamber of Commerce to deploy against Occupy activists in their own homes).

As one example of how this might work: perhaps Tor Project can try to find a vendor capable of selling hoodies with a picture of Snowden and the onion logo which function as hi-quality Faraday cage bags (for phones or laptops in use during critical operations which we don't want governments to easily snoop on using stray EM emanations). In exchange for using the Tor Project logo and Laura P's portrait of Snowden, the company would donate a percentage of profits to TP. So this would be a fund-raising activity which would provide buyers with something which can help keep them safe, even as they donate to Tor Project. Just an idea.

In the US Presidential contest, Hillary Clinton is calling for a dangerous and collossally wasteful "Manhattan Project" to break encryption but only for USG, i.e. a multi-trillion dollar "unicorn hunt".

Suggest countering with a much more useful idea: a Manhattan Project to audit all commercial security-critical hardware: SOHO routers, hi-grade bridges, smart phones, hi-grade firewalls (Hey Juniper, we're looking at you!) etc. Specifically looking for backdoors (which as the Juniper fiasco shows can be as simple as an easily-missed change to a PRNG parameter which removes most of the entropy from a crypto generating device), as well as accidentally introduced s/w vulnerabilities.

December 23, 2015


@ Shari:

In an ideal world in which Tor Project had lots of resources to do many things, one of the most important projects would be a long overdue complete overhaul of the website, in order to help newcomers to quickly learn first the things they most need to learn first in order to use Tor (well, TBB and the eventual post-beta release of TM) safely.

Since we don't live in such a world, and since the current design is not awful, I suggest a compromise:

Tails has an excellent documentation page which attempts to address first the issues which a new user will need to overcome first:

o why they should consider using Tails even if they are not "doing anything wrong" [sic], i.e. the point of amnesia,

o what they can and cannot expect Tails to do to protect them),

o never ignore warnings about bad certificates etc,

o how to download and *verify* the current Tails iso,

o how to burn a bootable Tails DVD and/or make a bootable USB stick with Tails installed,

o how to use Tails to surf the web and do other useful things on-line,

o how to use Tails off-line to write (and safely store on an encrypted USB) sensitive documents (e.g. anonymous whistle-blowing, anonymously expressing criticism of a governmental policy),

o coming attractions in future editions of Tails.

I think Tor Project should try to prepare something similar for TBB and TM. To this end, I suggest you (Shari) post a new blog post asking for suggestions from readers (especially in at-risk areas) to try to explain their "number one confusion" about Tor. The feedback could be very useful for whoever writes the suggested document.

Now a key point is that the document should be written in basic English for non-computer-knowledgeable people, and every effort should be made to keep it short. Then, you (Shari) can call for volunteers to translate it into other languages, and an easily found page on the website could then direct potential new users to a page where they can choose to read the "newbie guide" in their own language.

Some have argued that the Exec Dir (or her assistant?) need to follow Tor-relevant news. If TP had a document along the lines I suggest, they could immediately prioritize obtaining Spanish and Amharic translations to help these important grass-roots movements in Spain and Ethiopia:…
Spain's lost generation pins its hopes on political revolt
In unparalleled challenge, newcomer parties poised for historic gains in general election
Alex Tieleman
19 Dec 2015

> Embittered by austerity and disillusioned with a two-party system that has been in place in Spain since the late 1970s... millions of indignados (outraged) have taken to the streets — in protests that culminated in January 2014 with the creation of Podemos. Led by the ponytailed political science professor Pablo Iglesias, the party has rocketed to political prominence.
> ...
> Evictions have become emblematic of the economic crisis that has walloped Spain since 2008, as the conservative People’s Party (PP), which assumed power in 2011, pushed austerity measures to reduce the country’s deficit. Under Prime Minister Mariano Rajoy, unemployment peaked at 26.9 percent in 2013. Joblessness among 16-to-24-year-olds reached 55.8 percent that year.
> ...
> Pablo Simón, a political science professor at Carlos III University in Madrid, is convinced that Sunday’s elections will spell doom for Spain’s two-party system.

Which is exactly what happened. Hurray!…
Protesters in Ethiopia reject authoritarian development model
The Oromo students’ defiant protests are a response to decades of systemic and structural marginalization
Awol Allo
19 Dec 2015

> Oromo protesters want a human-centered development that places people at the center of government policies and programs and allows everyone to get a fair share of what belongs to all.
> ...
> On Dec. 17, Communications Minister Getachew Reda described the protesters as “terrorists” and “demonic.” Prime Minister Hailemariam Desalegn has threatened to take “merciless action against any force bent on destabilizing the area,” echoing pronouncements by the country’s counterterrorism task force, which has promised “legal and proportionate” measures.
> This is an old tactic in Ethiopia, where protests and public proclamation of dissent are criminalized. Addis Ababa often dismisses genuine local grievances as evil designs of anti-development elements. Over the last decade, the government in Addis Ababa used the “war on terrorism” and the rhetoric of development to silence independent voices and curtail democratic debate. The press is effectively muzzled, and independent civic and political organizations face an array of government tactics, including manipulation, co-optation and violent repression.

The Hacking Team leaks show that the Ethiopian government is a major customer, and their targets include Ethiopian emigres living in "the West".

As for Spain, well read and weep, because it appears to be returning to the fascist model of government:
Spain Brings In New Snooping Law; Allows Wide-Ranging Surveillance -- And Government Malware
Glyn Moody
11 Dec 2015

> Earlier this week Spain's new Criminal Procedure Act came into force. Although this is an update to an old law from 1882, it legalizes the use of some of the most modern digital snooping techniques around, as an article in El País explains (original in Spanish). For example, one option under the new law is to install malware on a suspect's devices, a really bad idea we warned two years ago might happen. The new law specifies that surveillance can be carried on equipment used habitually or occasionally by a suspect, but does not clarify what happens with networks or a shared family computer. The Spanish police will also now be able to deploy undercover agents online who can interact with other users, and record their conversations, even if those take place with members of the public in their own homes.

@ Shari:

Another crucial point in Crypto Wars II is that China and other authoritarian nations are seeking to "justify" [sic] their draconian censorship/surveillance by pointing to bills recently passed by or proposed in the US Congress:
China Using US Encryption Fight To Defend Its New Encryption Backdoor Mandate
Mike Masnick
28 Dec 2015

> It's not like this wasn't easy to predict (because we did exactly that), but as China is pushing forward with its new "anti-terrorism" law, it's using the US's fight over encryption as a reason for why the law shouldn't be a problem. Part of the law would require that companies backdoor any encryption for the Chinese government:…
China: New anti-terror law won't hurt tech firms
Katie Bo Williams

23 Dec 2015

> China's foreign minister on Wednesday insisted that U.S. companies have nothing to fear from a new anti-terrorism law... “This rule won't limit the lawful operations of companies, does not provide a 'back door' and will affect neither the firms' intellectual property nor Internet users' freedom of speech,” Chinese Foreign Ministry spokesman Hong Lei said. The law is “both totally rational and necessary” to combat the threat of terrorists using the Internet to operate within China, Hong added.

Hong Lei sounds just like James Comey, eh?

China is in fact making a huge PR push at the very same time that the US enemies of freedom are pushing the same authoritarian FUD-driven notions:
Beijing defends Internet censorship as freedom through order
Katie Bo Williams
9 Dec 2015

> China’s internet czar on Wednesday defended the nation’s extensive Web censorship, insisting that “order” leads to broader freedoms, according to Reuters. "Freedom is our goal. Order is our means," Lu Wei, head of the Cyberspace Administration of China, told reporters at a briefing on the country’s upcoming World Internet Conference.

Almost as if FBI is working with PRC to promote fascism on-line.

In addition to Turkey, Poland is another NATO nation which is, practically in the blink of an eye, turning fascist:…
Law to curb power of top court 'is end of democracy in Poland'
Legislation enacted by President Andrzej Duda has ‘broken country’ and could pave way for authoritarian rule, warn pro-democracy campaigners
Alex Duval Smith in Warsaw
28 Dec 2015

> The leader of Poland’s new pro-democracy movement said the government has “broken the country” after the president, Andrzej Duda, enacted a measure critics say could open the path to authoritarian rule. The amendment radically changes how rulings are made by the highest legislative court, the constitutional tribunal, and its signing by Duda follows warnings from the European Union and nationwide street protests.

The only good news here is that the authoritarians don't always see eye to eye:…
Polish military police raid Nato centre in Warsaw
New rightwing government moves to take control of counterintelligence centre in attempt to consolidate grip on power
Julian Borger
18 Dec 2015

> Polish military police have raided a Nato-affiliated counterintelligence centre in Warsaw in the latest of a series of moves by the country’s new rightwing government to consolidate its hold on power.

> Almost as if FBI is working with PRC to promote fascism on-line.

There no longer exist any governments which can be reasonably described as "democratic" or even "communist", but only governments which can reasonably be described as "fascist".

What a tragedy.

December 23, 2015


@ Shari:

A can't miss sufficient criterion for deciding whether you need to follow an issue: Edward Snowden is tweeting about it:
Edward Snowden ‏@Snowden
19 Dec 2015

>> Reports indicate a backdoor designed by NSA has been repurposed by America's adversaries and used against us:

> Lately, the US Government has been asking for backdoors in encryption and networks. They got what they asked for.

FBI and friends have been loudly calling for mandatory backdoors into all computer hardware and software, especially cryptographic tools. The tech community (including the CEOs of all the major tech corporations) have unanimously replied: you can't do that without breaking encryption for everyone, which would have horrendous and economically devastating effects on everyone's cybersecurity--- including the security of the USG itself.

All of our concerns have been validated in precise detail by the revelation of what appears to be a clandestinely inserted NSA backdoor in commercial company-grade firewalls sold by Juniper Networks. This is probably *not* the NSA backdoor described by Jacob Appelbaum and others in his expose on the NSA/ANT catalog, which was one of the most important portions of the Snowden leaks. But it probably *is* a second kind of NSA backdoor into Juniper products.

Actually, Juniper belatedly disclosed two different backdoors:

o a hard to spot but absurdly easy for anyone to exploit hard-coded backdoor password,

o a fiendishly subtle change to a crucial PRNG parameter which allows a sophisticated governmental attacker to secretly decrypt data streams tunneled through a seemingly well-secured company-grade VPN from a trusted US vendor of commercial VPN/FW devices.

An excellent write-up for non-technical people:…
Secret Code Found in Juniper’s Firewalls Shows Risk of Government Backdoors
Kim Zetter
18 Dec 2015

> On Thursday, tech giant Juniper Networks revealed in a startling announcement that it had found “unauthorized” code embedded in an operating system running on some of its firewalls.
> The code, which appears to have been in multiple versions of the company’s ScreenOS software going back to at least August 2012, would have allowed attackers to take complete control of Juniper NetScreen firewalls running the affected software. It also would allow attackers, if they had ample resources and skills, to separately decrypt encrypted traffic running through the Virtual Private Network, or VPN, on the firewalls.
> ...
> Juniper is the second largest maker of networking equipment after Cisco. The Juniper firewalls in question have two functions. The first is to ensure that the right connections have access to a company or government agency’s network; the other is to provide secured VPN access to remote workers or others with authorized access to the network. The ScreenOS software running on Juniper firewalls was initially designed by NetScreen, a company that Juniper acquired in 2004. But the versions affected by the backdoors were released under Juniper’s watch, eight years after that acquisition.
> ...
> The security community is particularly alarmed because at least one of the backdoors appears to be the work of a sophisticated nation-state attacker.
> “The weakness in the VPN itself that enables passive decryption is only of benefit to a national surveillance agency like the British, the US, the Chinese, or the Israelis,” says Nicholas Weaver, a researcher at the International Computer Science Institute and UC Berkeley. “You need to have wiretaps on the internet for that to be a valuable change to make [in the software].”
> But the backdoors are also a concern because one of them—a hardcoded master password left behind in Juniper’s software by the attackers—will now allow anyone else to take command of Juniper firewalls that administrators have not yet patched, once the attackers have figured out the password by examining Juniper’s code.
> ...
> [Security researcher Ronald] Prins thinks both backdoors were installed by the same actor, but also notes that the hardcoded master password giving the attackers remote access to the firewalls was too easy to find once they knew it was there. He expects the NSA would not have been so sloppy. Weaver says it’s possible there were two culprits. “It could very well be that the crypto backdoor was [done by] the NSA but the remote-access backdoor was the Chinese or the French or the Israelis or anybody,” he told WIRED.
> NSA documents released to media in the past show that the agency has put a lot of effort into compromising Juniper firewalls and those made by other companies.
> An NSA spy tool catalogue leaked to Der Spiegel in 2013 described a sophisticated NSA implant known as FEEDTROUGH that was designed to maintain a persistent backdoor in Juniper firewalls. FEEDTROUGH, Der Spiegel wrote, “burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers…..” It’s also designed to remain on systems even after they’re rebooted or the operating system on them is upgraded. According to the NSA documents, FEEDTROUGH had “been deployed on many target platforms.”
> FEEDTROUGH, however, appears to be something different than the unauthorized code Juniper describes in its advisories. FEEDTROUGH is a firmware implant—a kind of “aftermarket” spy tool installed on specific targeted devices in the field or before they’re delivered to customers. The unauthorized code Juniper found in its software was embedded in the operating system itself and would have infected every customer who purchased products containing the compromised versions of the software.
> Naturally, some in the community have questioned whether these were backdoors that Juniper had voluntarily installed for a specific government and decided to disclose only after it became apparent that the backdoor had been discovered by others. But Juniper was quick to dispel those allegations. “Juniper Networks takes allegations of this nature very seriously,” the company said in a statement. “To be clear, we do not work with governments or anyone else to purposely introduce weaknesses or vulnerabilities into our products… Once this code was discovered we worked to produce a fix and notify customers of the issues.”
> Prins says the larger concern now is whether other firewall manufacturers have been compromised in a similar manner. “I hope that other vendors like Cisco and Checkpoint are also now starting a process to review their code to see if they have backdoors inserted,” he said.
> ...
> [Noted cryptographer and Tor supporter Matthew] Green says the hypothetical threat around NSA backdoors has always been: What if someone repurposed them against us? If Juniper did use Dual EC, an algorithm long-known to be vulnerable, and this is part of the backdoor in question, it underscores that threat of repurposing by other actors even more.

Mike Masnick clearly states the lesson for policy-makers (not that they'll be smart and listen to the people who actually understand cybersecurity):
US Gov't Agencies Freak Out Over Juniper Backdoor; Perhaps They'll Now Realize Why Backdoors Are A Mistake
Mike Masnick
21 Dec 2015

> NSA still has to be the leading suspect here, and the insistence that it's the Chinese or the Russians without more proof seems like a pretty clear attempt at keeping attention off the NSA.
> And, of course, all of this is happening at the very same time that the very same US government that is now freaking out about this is trying to force every tech company to install just this kind of backdoor. Because, as always, these technically illiterate bureaucrats still seem to think that you can create backdoors that only "good" people can use.
> ...
> Putting backdoors into technology is a bad idea. Security experts and technologists keep saying this over and over and over and over again -- and politicians and law enforcement still don't seem to get it. And, you can pretty much bet that even though they now have a very real world example of it -- in a way that's impacting their own computer systems -- they'll continue to ignore it. Instead, watch as they blame the Chinese and the Russians and still pretend that somehow, when they mandate backdoors, those backdoors won't get exploited by those very same Chinese and Russian hackers they're now claiming were crafty enough to slip code directly into Juniper's source code without anyone noticing.

Matthew Green does a magnificent job of explaining some of the technical details in a way non-programmers can understand:
On the Juniper backdoor
Matthew Green
22 Dec 2015

> Pretty much every cryptographic system depends on a secure random number generator, or RNG. These algorithms produce the unpredictable random bits that are consumed by cryptographic protocols. The key word in this description is unpredictable: if an attacker can predict the output of your RNG, then virtually everything you build on it will end up broken.
> This fact has not been lost on attackers!
> ...
> The creepiest thing about [the hard to spot parameter change which destroys the function of the PRNG] is that there doesn't seem to be any unauthorized code. Indeed, what's changed in the modified versions is simply the value of the Q point. According to Ralf this point changed in 2012, presumably to a value that the hacker(s) generated themselves. This would likely have allowed these individuals to passively decrypt ScreenOS VPN sessions.
> ...
> To sum up, some hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional -- you be the judge! They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone -- maybe a foreign government -- was able to decrypt Juniper traffic in the U.S. and around the world.
> And all because Juniper had already paved the road.
> So why does this matter?
> For the past several months I've been running around with various groups of technologists, doing everything I can to convince important people that the sky is falling. Or rather, that the sky will fall if they act on some of the very bad, terrible ideas that are currently bouncing around Washington -- namely, that our encryption systems should come equipped with "backdoors" intended to allow law enforcement and national security agencies to access our communications.
> One of the most serious concerns we raise during these meetings is the possibility that encryption backdoors could be subverted. Specifically, that a backdoor intended for law enforcement could somehow become a backdoor for people who we don't trust to read our messages. Normally when we talk about this, we're concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that.
> The problem with cryptographic backdoors isn't that they're the only way that an attacker can break into our cryptographic systems. It's merely that they're one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes.

Further technical analysis here: Analysis of the Backdoored Backdoor
Some Analysis of the Backdoored Backdoor
Ralph-Phillip Weinmann
21 Dec 2015

December 24, 2015


@ Shari:

One of the most dangerous enemies of privacy, civil liberties, and political freedoms is the US Chamber of Commerce:
Just Before Passing Surveillance Expansion, Lawmakers Partied With Pro-CISA Lobbyists
Lee Fang
24 Dec 2015

> Last Thursday, Sens. Jim Inhofe, R-Okla., Cory Gardner, R-Colo., and Thom Tillis, R-N.C., along with a number of other lawmakers, went to the U.S. Chamber of Commerce’s famously lavish Christmas party.
> The next morning, on December 18, the senators voted to pass the omnibus spending bill that included a version of CISA that guts privacy protections and creates new channels for both government agencies and private businesses to share information with the National Security Agency and law enforcement.
> ...
> The latest version of CISA that passed Congress strips privacy protections and allows information unrelated to cybersecurity risks to be shared with government agencies. Yet the chamber has been less concerned with privacy and more interested in developing a close relationship with intelligence agencies.
> At a summit to help pass CISA last year, Ann Beauchesne, the chamber’s lead CISA lobbyist, got up and asked NSA Director Adm. Mike Rogers how the Chamber of Commerce could “be helpful to you?” She pledged a renewed lobbying effort even — as The Intercept previously noted — suggesting a viral marketing campaign to build public support akin to the “ALS ice bucket challenge.”

Next year we must be ready to effectively counter another well-funded anti-encryption lobbying and media frenzy orchestrated by the Chamber. And possibly we should prepare defenses against targeted "disruption" programs similar to those used by GCHQ's JTRIG and HSOC divisions, as revealed in documents leaked by Snowden and analyzed by The Intercept in Feb 2014:
How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations
Glenn Greenwald
24 Feb 2014

> Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums.

> Today’s newly published document touts the work of GCHQ’s “Human Science Operations Cell,” devoted to “online human intelligence” and “strategic influence and disruption”:
> Under the title “Online Covert Action”, the document details a variety of means to engage in “influence and info ops” as well as “disruption and computer net attack,” while dissecting how human beings can be manipulated using “leaders,” “trust,” “obedience” and “compliance”:
> The documents lay out theories of how humans interact with one another, particularly online, and then attempt to identify ways to influence the outcomes – or “game” it.

You may recall that one of the major revelations from the HB Gary Federal leak was that a major law firm which works for the big banks, and also works closely with the Chamber, had hired HBGF to target Wikileaks staffers, Glenn Greenwald, Jacob Appelbaum, and others with a smear campaign and a disruption campaign similar to those used by JTRIG/HSOC.

December 28, 2015


@ Shari:

I suggest that you try to keep an eye on US "police journals", Fusion Center bulletins leaked at, etc., because TP needs to understand how our enemies think.

Matthew Harwood just wrote an excellent article at truthdig explaining the topsy-turvy "North is South, Up is Down, Crime is Law, Protest is Terror" world of American copthink:
Welcome to Cop Land
Matthew Harwood
21 Dec 2015

> If you’ve been listening to various police agencies and their supporters, then you know what the future holds: anarchy is coming—and it’s all the fault of activists
> ...
> According to [US cop cheerleaders] and others like them, lawlessness has been sweeping the nation as the so-called Ferguson effect spreads. Criminals have been emboldened as police officers are forced to think twice about doing their jobs for fear of the infamy of starring in the next viral video. The police have supposedly become the targets of assassins intoxicated by “anti-cop rhetoric,” just as departments are being stripped of the kind of high-powered equipment they need to protect officers and communities. Even their funding streams have, it’s claimed, come under attack as anti-cop bias has infected Washington, D.C. Senator Ted Cruz caught the spirit of that critique by convening a Senate subcommittee hearing to which he gave the title, “The War on Police: How the Federal Government Undermines State and Local Law Enforcement.” According to him, the federal government, including the president and attorney general, has been vilifying the police, who are now being treated as if they, not the criminals, were the enemy.
> ...
> In 14 states, versions of a Law Enforcement Officers’ Bill of Rights (LEOBR) have already been passed, while in 11 others they are under consideration. These provide an “extra layer of due process” in cases of alleged police misconduct, according to Samuel Walker, an expert on police accountability. In many of the states without a LEOBR, the Marshall Project has discovered, police unions have directly negotiated the same rights and privileges with state governments.
> ...
> Since Americans first took in those images from Ferguson of police units outfitted like soldiers, riding in military vehicles, and pointing assault rifles at protesters, the militarization of the police and the way the Pentagon has been supplying them with equipment directly off this country’s distant battlefields have been top concerns for police reformers... Even the idea that the police shouldn’t sport the look of an occupying army in local communities has, however, been met with fierce resistance.
> ...
> As with our wars abroad, think mission creep at home. A program started to wage the war on drugs, and strengthened after 9/11, is now being justified on the grounds that certain equipment is useful during disasters or emergencies. In reality, the police have clearly become hooked on a militarized look. Many departments are ever more attached to their weapons of war and evidently don’t mind the appearance of being an occupying force in their communities, which leaves groups like the sheriffs’ association fighting fiercely for a militarized future.
> ...
> Federal and state law enforcement can now often keep property seized or sell it and retain a portion of the revenue generated. Some of this, in turn, can be repurposed and distributed as bonuses in police and other law enforcement departments. The only way the dispossessed stand a chance of getting such “forfeited” property back is if they are willing to take on the government in a process where the deck is stacked against them.
> ...
> Post-Ferguson developments in policing are essentially a struggle over whether the police deserve special treatment and exceptions from the rules the rest of us must follow. For too long, they have avoided accountability for brutal misconduct, while in this century arming themselves for war on America’s streets and misusing laws to profit off the public trust, largely in secret. The events of the past two years have offered graphic evidence that police culture is dysfunctional and in need of a democratic reformation.
> ...
> The post-Ferguson public clamor demanding better policing continues to get louder, and yet too many police departments have this to say in response: Welcome to Cop Land. We make the rules around here.

So are the cops the bad guys in America? Well, yes they most certainly are, because--- to mention just one example of a ubiquitous phenomenon in US society:…
Chicago Police “Accidentally” Shoot, Kill 55-Year-Old Woman
Daniel Politi
27 Dec 2015

> Chicago Police shot and killed two people early Saturday morning, including a 55-year-old mother of five who was apparently fired on by accident. The police apparently did mean to shoot 19-year-old engineering student Quintonio LeGrier, who was threatening his father with a metal baseball bat. Bettie Jones lived downstairs from LeGrier. LeGrier’s father was the one who called the police and then called Jones to open the door once officers arrived, according to the local ABC affiliate.

So the father "did the right thing" (as per cop cheerleader instructions) and called the police. Who shot both his mother and his (unarmed) son. Does that make the cops the "good guys" in this story?

We who support the Black Lives Matter movement are not actually "anti-cop", much less opposed to the Rule of Law. The basic problem here is that US police have spent way too much time embedded with the US military overseas, insist on using the same military gear back home and seeing everyone as a potential suicide bomber. Which is to say that they've converted "officer safety concerns" into raging paranoia and unrestricted militarization of American police work. And occupying armies are *never* "the good guys", in any neighborhood. Given the response to the US military in Iraq and Afghanistan, it is hardly surprising that when the police treat Americans as "insurgents" suitable for targeting with military weapons, the People start regarding the cops as "the bad guys". Or more accurately, people in gang-infested areas see the cops as just another gang, better armed and wearing a different uniform, but essentially a gang of criminal thugs.

December 29, 2015


@ Shari:

What is the significance of the following for Tor users (especially in China, but also in other nations)?…
China introduces its own 'snooper's charter'
Alex Hern
29 Dec 2015

> A new anti-terror law in China gives the government the explicit power to demand technology firms decrypt electronic messages stored on their servers, sparking concern – and confusion – from foreign companies.
> ...
> Defending the law, the Chinese government pointed to legislation proposed in Western nations, such as Britain’s draft investigatory powers bill, which grants similar powers to the UK government. Speaking after China’s largely rubber-stamp parliament passed the law on Sunday, Li Shouwei, deputy head of the parliament’s criminal law division under the legislative affairs committee, said China was simply doing what other Western nations already do in asking technology firms to help fight terror.…
China passes anti-terrorism bill that worried tech
David McCabe
28 Dec 2015

> China, citing national security, has recently imposed more requirements on American companies wishing to operate within its borders. Those include one requiring companies that provide software to Chinese banks to turn over their source code to the government.
> ...
> the [latest Chinese "counter-terrorism"] law requires technology companies to provide Chinese authorities with technical assistance and help with decryption. The newspaper reported that it does not include a measure from the draft version that would have forced companies to hand over certain proprietary data.
> ...
> Chinese authorities say the law is necessary because terrorists are increasingly using the Internet to organize and recruit. In particular, the government is worried about insurrection in the Xinjiang region.
China’s new anti-terrorism law requires tech firms to help government
28 Dec 2015

> China passed a controversial new anti-terrorism law on Sunday that requires technology firms to help decrypt information, though not to install security "backdoors" as initially planned, and allows the military to venture overseas on counterterror operations. Chinese officials say their country faces a growing threat from fighters and separatists, especially in its unruly Western region of Xinjiang, where hundreds have died in violence in the past few years.

An important quibble: "their country" is historically inaccurate. Xinjiang (and about half to two thirds of the territory inside the modern borders of PRC) did not belong to China until the last century, which may help to explain why many who live in outlying provinces do not consider their homeland to rightly belong to China.

Not to mention this:

> Rights groups, though, doubt the existence of a cohesive militant group in Xinjiang and say the unrest mostly stems from anger among the region's Muslim Uighur people over restrictions on their religion and culture.

The reporters note that

> The law has attracted deep concern in Western capitals, not only because of worries it could violate human rights such as freedom of speech, but because of the cyber provisions.

Oh, the irony, the irony...

> The new law also restricts the right of media to report on details of attacks, including a provision that media and social media cannot report on details of activities that might lead to imitation, nor show scenes that are “cruel and inhuman.”

Censorship, dragnet surveillance, prohibitions against speaking forbidden languages, forcing entire cultures underground... it's all about evil governments controlling every detail of the day to day and even the inner spiritual lives of each citizen.

It's all of them against all of us.

January 03, 2016


@ Shari:

Did I miss an announcement in this blog of another important new initiative from the Tor Project?…
The Tor Project Is Starting a Bug Bounty Program
Joseph Cox
29 Dec 2015

> The Tor Project, the non-profit that maintains software for anonymity on the internet, will soon be offering a bug bounty program, meaning those who find vulnerabilities in Tor applications could get paid for their efforts. The announcement was made during the recurring “State of the Onion” talk at Chaos Communication Congress, an art, politics and security conference held annually in Hamburg, Germany.
> ...
> “The program will start out invite-only,” Mike Perry, lead developer of the Tor Browser, said during the talk, and added that vulnerabilities “specific to our applications” would fall into the program.

And there is this interesting detail: just one of our many enemies is offering 30K to break TB:

> In November, [black hat] researchers were awarded $1 million by new exploit [i.e. malware-as-a-service] company Zerodium for hacking the latest iOS operating system. Zerodium will pay $30,000 for an exploit that affects the Tor Browser.

The story is also being reported in The Hill:…
Anonymity network will pay hackers who find flaws
Cory Bennett
29 Dec 2015

> The nonprofit behind the largest online anonymity network said Tuesday it was launching a reward program for researchers who uncover vulnerabilities in Tor applications.
> ...
> “We’re growing, we’re really really growing,” said Roger Dingledine, one of the original developers of Tor, during Tuesday’s talk. “More and more people [are] just doing regular things with Tor, protecting themselves.

If she read this, Sen. Feinstein must have suffered a fit of conniptions.

No, you did not miss it. We started the bug bounty program in invite-only mode to test the waters and get used to the workflow. Once we open this up there will be a proper announcement.

January 07, 2016


@ Shari:

As you are no doubt aware, IRS has for years targeted US-registered nonprofits which want to offer security or anonymity-enhancing software, even app makers who simply offer strong end-to-end encryption, with demands that they either put in a back door for USG or lose their 501c status.

Please be sure to follow this issue, because I am confident that IRS will return with a new version of this kind of "chilling" regulation:…
IRS withdraws controversial rule after charity backlash
Tim Devaney
7 Jan 2016

> The Internal Revenue Service (IRS) is backing down from a controversial rule that would have pressured nonprofits to collect the Social Security numbers of their donors.
> ...
> The IRS proposed the changes in September, but was caught off guard by the reaction from charitable organizations. Though the rules would have been voluntary, nonprofits feared that collecting Social Security numbers would make them a target for hackers.
> Currently, nonprofits send donors a written acknowledgement verifying contributions of $250 or more, which they use when filing their tax returns. The IRS was encouraging these charitable organizations to collect the Social Security numbers of their donors and provide it directly to the agency.
> ...
> Nonprofits warned the rule would have a “chilling effect” on donations and make charitable organizations a target for hackers, discouraging people from giving.
> Charitable organizations would have been pressured to invest in expensive cyber security defenses, but any breaches would have opened them up to legal action.
> ...
> Even if nonprofits could protect the Social Security numbers or decide to collect it at all, scammers could call the unwitting donors, pretending to represent a charitable organization they donated to and demand this sensitive information.
> This would have raised concerns of identity theft across the nonprofit community that would have discouraged donors from giving, critics warned.

January 09, 2016


@ Shari:

We need to make reporters understand that Tor Project should have a seat at the table whenever White House officials hold a cybersummit. Because TP is a core internet technology used by millions of endangered freedom loving people all over the world.

But be careful. The following news story hints that some White House officials now hope to fund/encourage "private" vigilantes to operate rogue Tor nodes targeting "extremist propaganda" (a term left dangerously undefined):…
White House sees child porn efforts as model for fighting terrorism
Mario Trujillo
8 Jan 2016

> The White House believes the government’s partnership with technology companies to limit the spread of child pornography could be a model to help blunt the effect of terrorist groups online.
> Top government officials traveled to San Jose, Calif., on Friday to meet with some of the most well-known U.S. technology companies to solicit their help in the battle against extremist propaganda.

As you may know (ask Roger), certain US vigilante groups already operate Tor nodes which scan Tor traffic for (they say) child porn. That might sound virtuous, but it opens the door to abuse, and I don't think the Project should tolerate nodes which try to sniff traffic, subvert encryption, or engage in other unprincipled "research", or even worse, engage in vigilantism.

January 10, 2016


@ Shari:

I think you should read this first person account of a clandestine meeting between the US actor/director, medical relief activist, and sometime journalist Sean Penn, and "El Chapo" Guzman, CEO of the Sinaloa cartel:
El Chapo Speaks
A secret visit with the most wanted man in the world
Sean Penn
9 Jan 2016

> labeling TracPhones (burners), one per contact, one per day, destroy, burn, buy, balancing levels of encryption, mirroring through Blackphones, anonymous e-mail addresses, unsent messages accessed in draft form.

What's that? Unsent drafts of intra-bulletin board messages?

Was El Chapo Guzman undone by the same deficient opsec technique as Gen. David Petraeus?

> From the moment [Mexican actress] Kate [del Castillo] had gone out on a limb with her tweet of January 2012 through the beginning of our encrypted negotiations to meet El Chapo...
> ...
> I ask Alfredo how he can be sure we are not being followed or surveilled. He smiles (I note he doesn't blink much) and points out a red scrambler switch below the cockpit controls. "That switch blocks ground radar," he says. He adds that they have an inside man who provides notification when the military's high-altitude surveillance plane has been deployed. He has great confidence that there are no unwanted eyes on us.

Er... US spy satellites carry optical telescopes and electronic sensors.

> ...
> The pilot, using his encrypted cellphone, talks to the ground. I sense that the military is beefing up operations in its search area. Our original landing zone has suddenly been deemed insecure.
> ...
> I even received a credible tip that the DEA had indeed become aware of our journey to Mexico.
> And then an encrypted message came from Kate: "Got it!" [The formal interview which Guzman promised to provide to Penn.]

I fear that our enemies may attempt to exploit the mentioned usages of encryption to harm us.

Some interesting exchanges in the interview:

> Q: Is it true what they say that drugs destroy humanity and bring harm?
> A: Well, it's a reality that drugs destroy. Unfortunately, as I said, where I grew up there was no other way and there still isn't a way to survive, no way to work in our economy to be able to make a living.

I've heard e-traders say the same thing, about their role in the US economy.

> Q: Do you think it is true you are responsible for the high level of drug addiction in the world?
> A: No, that is false, because the day I don't exist, it's not going to decrease in any way at all.

Now he sounds like Jamie Dimon talking about the US addiction to consumer credit.

> Q: Do you think terrorism activities in the Middle East will, in any way, impact the future of drug trafficking?
> A: No, sir. It doesn't make a difference at all.
> ...
> Q: What is your opinion about who is to blame here, those who sell drugs, or the people who use drugs and create a demand for them? What is the relationship between production, sale and consumption?
> A: If there was no consumption, there would be no sales. It is true that consumption, day after day, becomes bigger and bigger. So it sells and sells.

Guzman has a point there, as many progressives have long stated. Penn asks his readers,

> are we, the American public, not indeed complicit in what we demonize? We are the consumers [of illicit narcotics], and as such, we are complicit in every murder, and in every corruption of an institution's ability to protect the quality of life for citizens of Mexico and the United States that comes as a result of our insatiable appetite for illicit narcotics.
> As much as anything, it's a question of relative morality. What of the tens of thousands of sick and suffering chemically addicted Americans, barbarically imprisoned for the crime of their illness? Locked down in facilities where unspeakable acts of dehumanization and violence are inescapable, and murder a looming threat. Are we saying that what's systemic in our culture, and out of our direct hands and view, shares no moral equivalency to those abominations that may rival narco assassinations in Juarez?
> ...
> There is little dispute that the War on Drugs has failed...

If only more US reporters took this muckraking attitude:

> As an American citizen, I'm drawn to explore what may be inconsistent with the portrayals our government and media brand upon their declared enemies.

> [Kate del Castillo's] courage is further demonstrated in her willingness to be named in this article. There are both brutal and corrupt forces within the Mexican government who oppose her (and indeed, according to Kate, high-ranking officials have responded to her public statement with private intimidations), and hence, a responsibility of the greater public to shepherd those who make their voices heard.

Totally agree. As the Penn points out, the official government too often appears uninterested in even the goal of providing effective government. Too often the Mexican government appears to have only one goal: preserving its own existence.

Penn didn't mention the recent case of corrupt US agents Force and Bridges, or the fact that the rival Los Zetas cartel originated as a Mexican government special forces outfit, which later went rogue. But these are important reminders that the US government enjoys no magical immunity from becoming as ineradicably corrupt as the Mexican government. Several landmark SCOTUS decisions and deepening corruption in the US Congress have helped speed to pace of the increasingly endemic corruption of US political/legal institutions.

US politicians do not, of course, wish to discuss the drug cartels in such terms. They prefer to talk about the relationship between extreme poverty and drug trafficking in racially charged terms such as these words from a US governor:…
Maine Governor's Racist Rant: Drug Traffickers Impregnating 'Young, White' Girls
Tim Dickinson
8 Jan 2016

"The traffickers — these aren't people who take drugs. These are guys with names like D-Money, Smoothy, Shifty — these type of guys — that come come from Connecticut and New York. They come up here, they sell their heroin, then they go back home.... Incidentally, half the time they impregnate a young, white girl before they leave. Which is a real sad thing, because now we have another thing we have to deal with down the road."

January 23, 2016


There has been a major development in CryptoWars II: current NSA Director Admiral Michael S. Rogers (not to be confused with former FBI agent, former congressman, fervent dragnet surveillance proponent, and rabid encryption foe Mike Rogers) has now followed the lead of former NSA/CIA Director Michael Hayden and former NSA Director Mike McConnell in coming out in favor of strong encryption:…
NSA Chief Stakes Out Pro-Encryption Position, in Contrast to FBI
Jenna McLaughlin
21 Jan 2016

> the cybersecurity battles the U.S. is destined to fight call for more widespread use of encryption, not less. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack of the Office of Personnel Management involving the personal data about 20 million people who have gotten background checks.

Heh, nothing like having your very own three hundred page USG dossier stolen by presumed foreign intelligence actors to make the NSA leadership sit up and take notice.

And it wasn't just the OPM breach which got their attention--- a previous and even larger breach reported some years ago by HHS, in which unknown actors took some electronic media from a vehicle owned by a SAIC (now known as Leidos) employee who was, ironically, delivering them for "secure off-site storage", apparently included the dossiers of US military members working at NSA facilities in Texas, including TAO. (Leidos, by the way, is the same company which has been hired by the USG and many private companies to protect most of the Health Information Exchanges where the aggregated personal electronic medical records of all US persons must be kept. Better known in the intelligence trade as "watering hole sites".)

As a privacy advocate I have to extend my sympathies to the victims (which included not just the military employees but their families), but it is impossible to miss the huge irony of someone stealing reams of detailed information on the private lives of people who are employed by USG to steal reams of information on the private lives of people.

> The White House has decided not to pursue legislation to outlaw unbreakable end-to-end encryption, following pressure from privacy advocates and scientists. But the intelligence community’s top lawyer, Bob Litt, privately advised the administration that a major terrorist attack could be an opportune moment to do so.

It would be all too easy for any moderately sophisticated government unhappy with the USG to provide the cyberattack which Litt so eagerly anticipates, unfortunately.

TP needs to try to ensure that some critical mass of reporters promises to call Roger or Shari for comment if such an "opportune moment" is provided by some unknown actor. (No matter whom turns out to be behind the anticipated attack, it seems safe to assume the media whores will initially rush to blame IS. But those people aren't truly journalists at all and they aren't worth our time.)

> Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.

Left unsaid to the general public, maybe, but in conversations with tech people, NSA has consistently been blunt: you can weaken your encryption enough that we can easily read everything, but at least you'll know what we have seen, or we'll just break into everyone's networks and personal devices and take whatever we want, and then you will never know what we have seen. But this is disingenuous, because as the Snowden leaks clearly show, NSA is determined to break into everyone's networks and personal devices anyway.

The world needs much more and much strong encryption, but also much stronger network/device security. The former is probably easier to achieve that the latter, but it's encouraging that a clear split has emerged between FBI and NSA on the issue of strong encryption.

January 23, 2016


A major endorsement of Tor Messenger from Julia Angwin of ProPublica (author of Dragnet Nation):…
4 simple ways to radically improve your Internet security
Time to update your software and that password you've been using forever. Your personal privacy could be at stake
Julia Angwin, ProPublica
23 Jan 2016

> Everyone — journalists or not — faces an increasing array of attacks on our security and privacy.
> ...
> I decided to ditch my instant messaging client Adium. I was using it to enable encrypted chats. But like many cash-strapped open source projects, it is rarely updated and has been linked to many security vulnerabilities.
> Instead, I switched to Tor Messenger, an encrypted messaging program that is run by theTor Project, a nonprofit that makes the anonymous Web browser that I already use. By the sad standards of underfunded open source security tools, Tor is relatively well-financed and so I have some hope that its tools will continue to be updated.
> Tor Messenger links up with my existing Gmail and Jabber chat accounts, and is encrypted and anonymous by default.

Outline of her very sensible New Year housecleaning procedure:

1. upgrade all software she will still use

2. stop using all software not well maintained and adopt safer equivalents (this is where TM came in)

3. generate new long passphrases using Diceware (I suggest eight word passphrases)

4 generate new GPG keys:

This process is undeniably a bit complicated, but not as hard as it sounds once you have worked through it; see
Creating the perfect GPG keypair
Alex Cabal
13 Mar 2013

Well, not perfect, but a lot better than what most people are probably doing...

January 26, 2016


@ Shari, Roger:

TP has for years tried to "educate" national police agencies, but as far as I can see has not even attempted to "educate" judges, and that is a serious mistake. Specific example:…
Appeals court: Evidence stands against man who used Tor-enabled child porn site
Cyrus Farivar
26 Jan 2016

> Chris Soghoian, a technologist with the American Civil Liberties Union, who recently testified in another child porn case that also involves the use of a NIT, is concerned that the court fundamentally did not understand precisely how and where such a search is executed—it takes place in a person's browser, not on the server itself.

This particular ArsTechnica story concerns a child porn case, but please note that at least one Czech official is known to have attacked the email server of TP partner Riseup Networks using a custom built exploit from Hacking Team, and at least one Spanish judge described Riseup as a "terrorist" network, which could not be further from the truth, it is a tech collective which assists human rights, social justice, and anti-corruption activists all over the world, including Mexico and Spain. So the fact that TP is apparently not trying to correct the lies told by LEAs when they argue before judges is hurting people who are trying to make a positive difference.

February 01, 2016


Let me suggest two more ambitious projects which I feel could help keep users safer while also helping enormously to persuade more people to use Tor on a daily basis:

1. Work with major Linux distros (starting with Debian of course) to set up torified time servers. Tor users need to use computers with an accurate clock, but contacting time servers is known to attract vulnerability scans and targeted attacks from intelligence agencies and other state-sponsored criminal gangs.

2. Work with trustworthy security researchers to set up torified vulnerability scanners, because why should Google be the only ones (other than spooks and other crooks) who know what known vulnerabilities lurk in our personal networks?

(Not a coder, so I hope I am not asking for unicorns here.)

For a recent article on bad guys (and Shodan) exploiting NTP to scan "hidden" Linux devices using IPv6 addresses, see:…
Using IPv6 with Linux? You’ve likely been visited by Shodan and other scanners
Shodan caught using time-keeping servers to quietly harvest IP addresses.
Dan Goodin
1 Feb 2016