The Tor Social Contract

At The Tor Project, we make tools that help promote and protect the essential human rights of people everywhere. We have a set of guiding principles that make that possible, but for a long time, those principles were more or less unspoken. In order to ensure that project members build a Tor that reflects the commitment to our ideals, we've taken a cue from our friends at Debian and written the Tor Social Contract -- the set of principles that show who we are and why we make Tor.

Our social contract is a set of behaviors and goals: not just the promised results we want for our community, but the ways we seek to achieve them. We want to grow Tor by supporting and advancing these guidelines in the time we are working on Tor, while taking care not to undermine them in the rest of our time.

The principles can also be used to help recognize when people's actions or intents are hurting Tor. Some of these principles are established norms; things we've been doing every day for a long time; while others are more aspirational -- but all of them are values we want to live in public, and we hope they will make our future choices easier and more open. This social contract is one of several documents that define our community standards, so if you're looking for things that aren't here (e.g. something that might be in a code of conduct) bear in mind that they might exist, in a different document.

Social goals can be complex. If there is ever tension in the application of the following principles, we will always strive to place highest priority on the safety and freedom of any who would use the fruits of our endeavors. The social contract can also help us work through such tensions -- for example, there are times when we might have a need to use tools that are not completely open (contradicting point 2) but opening them would undermine our users' safety (contradicting point 6). Using such a tool should be weighed against how much it's needed to make our technologies usable (point 1). And if we do use such a tool, we must be honest about its capabilities and limits (point 5).

Tor is not just software, but a labor of love produced by an international community of people devoted to human rights. This social contract is a promise from our internal community to the rest of the world, affirming our commitment to our beliefs. We are excited to present it to you.

1. We advance human rights by creating and deploying usable anonymity and privacy technologies.

We believe that privacy, the free exchange of ideas, and access to information are essential to free societies. Through our community standards and the code we write, we provide tools that help all people protect and advance these rights.

2. Open and transparent research and tools are key to our success.

We are committed to transparency; therefore, everything we release is open and our development happens in the open. Whenever feasible, we will continue to make our source code, binaries, and claims about them open to independent verification. In the extremely rare cases where open development would undermine the security of our users, we will be especially vigilant in our peer review by project members.

3. Our tools are free to access, use, adapt, and distribute.

The more diverse our users, the less is implied about any person by simply being a Tor user. This diversity is a fundamental goal and we aim to create tools and services anyone can access and use. Someone's ability to pay for these tools or services should not be a determining factor in their ability to access and use them. Moreover, we do not restrict access to our tools unless access is superceded by our intent to make users more secure.

We expect the code and research we publish will be reviewed and improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute this information. We also design, build, and deploy our tools without collecting identifiable information about our users.

4. We make Tor and related technologies ubiquitous through advocacy and education.

We are not just people who build software, but ambassadors for online freedom. We want everybody in the world to understand that their human rights -- particularly their rights to free speech, freedom to access information, and privacy -- can be preserved when they use the Internet. We teach people how and why to use Tor and we are always working to make our tools both more secure and more usable, which is why we use our own tools and listen to user feedback. Our vision of a more free society will not be accomplished simply behind a computer screen, and so in addition to writing good code, we also prioritize community outreach and advocacy.

5. We are honest about the capabilities and limits of Tor and related technologies.

We never intentionally mislead our users nor misrepresent the capabilities of the tools, nor the potential risks associated with using them. Every user should be free to make an informed decision about whether they should use a particular tool and how they should use it. We are responsible for accurately reporting the state of our software, and we work diligently to keep our community informed through our various communication channels.

6. We will never intentionally harm our users.

We take seriously the trust our users have placed in us. Not only will we always do our best to write good code, but it is imperative that we resist any pressure from adversaries who want to harm our users. We will never implement front doors or back doors into our projects. In our commitment to transparency, we are honest when we make errors, and we communicate with our users about our plans to improve.

hunter2

August 10, 2016

Permalink

"We are honest about the capabilities and limits of Tor and related technologies."

A+ it's fantastic to see this in the social contract!!

I look forward to it being implemented.

Your snark isn't very useful. Mostly because it's misplaced.

In actual fact and practice, that contract statement is a reflection of long-standing insistence on accuracy by Tor folks about what Tor can and cannot do.

This fits into the overall umbrella of teaching opsec, and how to use Tor safely. It's always been a big part of the project.

A better way to put your statement, without the snark, but constructively, might be "I want to go beyond that, helping find new ways to educate users about how to safely use Tor and related technologies."

Tor folks rarely say much about Tor exit node risks. Actually, Tor cannot help domestic abuse victims. It's better to use a portable browser on a USB in a "private" or "incognito" window.

We have a warning about exit node risks on the download page (see d.), and we added more explainations in the upcoming Tor Browser user manual.

I would be happy to see more user studies and help from UX experts on how best to explain these risks to users, but I don't think it's accurate to say that we don't talk about them.

I must admit I fail to understand why you think Tor cannot help victims of domestic abuse. Tor Browser is a portable application and can be used from a USB stick.

If I read between the lines on the bottom of the page, I should use HTTPS. What are the consequences of HTTP? Does the average Tor user understand the difference between HTTP and HTTPS? Meaning server side daemons listening in on requests for HTTP?

You imply that you shouldn't use HTTP.

Domestic abuse victim uses Tor thinking it's a panacea.

Is man-in-the-middled.

Maybe have personal details or even dirty pictures stolen?

Seems traumatic to experience.

The price of using people as disposable shields for cover traffic.

- "What are the consequences of HTTP?"

The EFF answers this here: https://www.eff.org/pages/tor-and-https, showing the effect of introducing HTTPS, even before introducing Tor, on what eavesdroppers can see.

- "Does the average Tor user understand the difference between HTTP and HTTPS?"

Sadly, the average internet user still doesn't understand the need for HTTPS. Most just think it's about a padlock symbol for when you log into something like online banking. Many won't know how to check a certificate. Few understand the role of root certificate authorities.

- "Meaning server side daemons listening in on requests for HTTP?"

This shows you aren't on top of what HTTPS does for you yet. Of course server side daemons listen for HTTP and HTTPS requests, otherwise how does the website server know which webpage to serve you? The difference is that only the server side daemons can know the contents of HTTPS traffic addressed to them. That's in the EFF explainer above.

- "Domestic abuse victim uses Tor thinking it's a panacea."

A sad but possible outcome, yes. But would you suppose a domesic abuse victim is then safer from further abuse if they use conventional means, or do nothing?

Good technology comes with manuals. Anyone who uses technology without reading the manuals risks their own ruin. I read recently a comment from a security researcher who wrote that most consumers just want a magical box to plug into their computer and then the computer is perfectly safe to use. What these consumers don't think about is this: if someone offers or sells you some black box and tells you "this will make all your internet browsing safe", how can you tell that's true (because of the sheer technical difficulty)?

It's not just Tor that has this problem of how it can be used safely, requiring actual research by the user. I read that safe houses for abused women in the US have strict rules about 'no cell 'phones!'. Sometimes the abuser has connections to LEAs, and carrying in a cell 'phone switched on can give away the safe house location. I doubt they give up running safe houses because of naive visitors hiding cell 'phones in their pockets, because "surely this can't do any harm?"

Meanwhile, Tor does hide the actual IP of the safe house for IRC and e-mail.

Usage and UX feedback:

1) When not using the tor-browser for a long time, it will display a _Firefox_ warning, asking the user if it should clean all its settings. Responding positively results in an unusable tor-browser.

2) Installation: The tor-browser is very easy to install but verifying its integrity is not documented for non-tech users.

Fixed(?) Issue:
3) I saw a user not understanding that the tor-browser needed to be updated despite having its homepage display a huge arrow asking the user to update it.
Unity(Ubuntu) also had too much pinned application, making the computer look messy. This probably didn't help the user notice the difference.
Nowadays the tor-browser is supposed to auto-update itself, so it's probably considered as fixed.
I wonder if the auto-update also works when the tor-browser is several updates behind.
It probably does work.

4) A user misunderstood the direction of the tor circuit, wondering why the "exit IP" never changed. This could either be due to the fact that "This browser" And "Internet" text weren't present when the user first looked at it, and the user kept remembering the direction wrongly even after having such text, or to the fact that end users don't tend to read such text at all.

"John Doe 2QevpZ4AGQ".

Thanks for this feedback!

Re 1) Does this still happen with an up-to-date Tor Browser? We had this issue (or a strikingly similar one?) in the past (https://bugs.torproject.org/16441) but that got solved a while ago.

Re 2) How do you think we should improve https://www.torproject.org/docs/verifying-signatures.html.en?

Re 3) Yes, the auto-updater works in this case as well. A user won't get an incremental update then but the full one.

Re 4) We had this discussion in the past (see: https://bugs.torproject.org/15979. We still think the design we implemented is better than reversing the order. That said I guess we can do things to make it even more clear to users how to parse the information (Maybe https://bugs.torproject.org/16665 could help here).

"had better know" is not a good answer given that users have to download Tor Browser at least once from somewhere getting it manually installed. Yes, the updater takes care of this once Tor Browser is running.

more user studies and help from UX experts
Yes, because users learn as much about complex technology as their background knowledge allows, but then eventually "just dive into" using complex technology.

August 15th, 2016 lunar said: how best to explain these risks to users
Historically. contextual interactive alerts and help provide better "hand holding", but I'm convinced that coding and maintaining is significant additional workload.

"Tor folks rarely say much about Tor exit node risks. Actually, Tor cannot help domestic abuse victims. It's better to use a portable browser on a USB in a "private" or "incognito" window."

I think this is a good example of having the wrong threat model. You're only thinking of traces left on the used PC itself. Your solution does not stop the local broadband router nor your ISP logging what websites were visited, and if the abuser has access to that, well, Game Over. HTTPS does not stop this logging completely either. Tor does.

We've had a similar argument before here: "Using Tor flags you for monitoring by FVEYs, so I'm just going to stick to using MS Windows with Internet Explorer and blend in with the crowd. It's safer!"

hunter2

August 10, 2016

Permalink

useful

hunter2

August 10, 2016

Permalink

"We are honest"

No human in the history of human civilization has ever been 100% completely honest.

Please don't lie to us like this. We're only humans after all.

Wait, what? Did you understand what you read? Do you understand what you wrote?

"We are honest ..." is a goal of the social contract, not some claim of fact. Even so, when you ask "please don't lie to us like this", you demand honesty as fact. Yet when someone writes, "we are being honest" (or rather "we strive to be honest" as I think Alison meant in the contract), you object that this must be a lie!

Well, with that kind of tautological skepticism, we might as well all go home!

No, read the numbered items as the social contract goals they are, not claims of fact, then all becomes clear.

Isn't that a favorite saying in certain Russian agencies?

The question of whether or not individual humans are invariably truthful is irrelevant to whether or not an NGO is sufficiently transparent.

I am concerned that TP has not given any official statement on the scandal surrounding the hiring and firing of CIA agent Chasteen, and I am concerned by some other curious omissions or consistent careful phrasing which seems to suggest that TP has documentary evidence of being attacked by USG spooks for dragnet or targeted attacks on users. But I don't agree that Tor is useless or that you can't trust anything TP says in this blog, if that's what your brief comment was intended to suggest.

You can search for potential attacks on Tor from the inside by USG spooks: our code is public, you can attest that the software we ship is built from the released source code via reproducible builds, the design is discussed in the open and publicly available

I acknowledge it does require expertise to analyze all these documents and code, but they are available, concrete evidence. That spooks from many different countries are trying to attack Tor without interfering directly with the Tor Project, this should be taken for granted.

Regarding Chasteen, lawyers got involved. I hope the recently appointed board will be able to release more information to the public—now that some is out anyway—but having to deal with a lawsuit would really not be in Tor Project's best interests.

> You can search for potential attacks on Tor from the inside by USG spooks: our code is public, you can attest that the software we ship is built from the released source code via reproducible builds, the design is discussed in the open...

That is all true, and good stuff, but in truth only an expert coder can independently audit code. Very few Tor users qualify, so we must rely on trusted third parties.

> I hope the recently appointed board will be able to release more information to the public—now that some is out anyway—but having to deal with a lawsuit would really not be in Tor Project's best interests.

Agree with all that.

One reason why I am so frustrated by the Chasteen scandal is that some of us explicitly warned TP to be ready for USIC to psychologically profile key employees and try to exploit "soft spots" to insert a mole, which is exactly what seems to have happened in the Chasteen case. Furthermore, we tried to warn TP that the Project needed to become much more politically savvy. I quickly add that Shari appears to have made *enormous* progress in fixing these and other deficiencies , which I applaud.

But everyone should recognize that CIA appears to have artfully exploited US workplace law to ensure that even if their mole were exposed (thank you, Jacob, for raising suspicions!), maximal damage to TP would ensue. Because if TP tells users what it knows, it gets sued. And if you don't, users are upset that you are hiding something.... possibly something more awful than what we suspect so far. Revelations from the HBGary Federal leaks, and some of the Snowden leaks, all showed very clearly that identifying and exploiting psychological and organizational weaknesses plays a big role in FVEY "disruption" campaigns, and there is every reason to believe this is still the case.

So I hope that even if Shari concludes she cannot speak up about what TP knows about how the Chasteen fiasco came about, she will do everything possible (within the bounds of legality and reason) to ensure that TP becomes a much harder target for USIC infiltrators and manipulators. And I hope she will at least assure us that all Chasteen-written code has been rigorously extirpated or audited.

Also, thanks lunar, and please keep up all your good work on Tor!

From the "leaked" IRC logs it seemed fairly clear how Chasteen got hired and that there were failures in timely communication among the core project members and that he never wrote any code.
As far as writing code, the NSA and/or KGB and/or you! can submit patches under pseudonym "cypherpunks" anytime and have them accepted. The questions would be how much review actually goes on and does anyone on the newly hired staff have ability to check in code without review?

hunter2

August 10, 2016

Permalink

... reading that is nice ... using tor , i met few problems when i post on a blog or mailing-list like the lack of free e-mail adress (of course, i do not write mine) ... so i take one here, one in another place ... could tor propose a list of temporary fake e-mail adress like a "generic adress " ? it could be like a tolerant agreement and provide a level of anonymity with tor posting on a blog e.g.

hunter2

August 10, 2016

Permalink

Glad to see this information posted. I am curious about Tor developers who speak to law enforcement about Tor. I seem to recall reading, I believe from a blog post here some time ago, that developers inform law enforcement about weaknesses that Tor does not protect well against. I am fine with Tor devs talking to law enforcement about Tor, but why not inform the community at large about the specific weaknesses you point law enforcement to? Why not provide everyone with whatever specifics you tell law enforcement? That would be really beneficial to anyone concerned about the personal security of their own system. I know the Tor project website lists weaknesses of Tor and anonymity issues in general. I just would like to see the same level of details provided to everyone that Tor devs provide to law enforcement in the spirit of being open and in not harming users. Maybe you do, but I have never seen any details provided about talks Tor devs give to law enforcement.

If only you could link to the blog post you meant, and point out the part where the extra specific weaknesses were conveyed, then we could be sure that you aren't just supposing it.

Could that blog post be any of these?:

"Trip report: Tor trainings for the Dutch and Belgian police" of 5 Feb 2013. https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-be…

"Meeting With SOCA in London" of 4 Feb 2013.
https://blog.torproject.org/blog/meeting-soca-london

"Trip report, October FBI conference" of 16 Dec 2012.*
https://blog.torproject.org/blog/trip-report-october-fbi-conference

"A visit to NCFTA" of 14 Jul 2009.
https://blog.torproject.org/blog/visit-ncfta

"Talking to German police in Stuttgart" of 26 Mar 2008.
https://blog.torproject.org/blog/talking-german-police-stuttgart

I couldn't find any admission to giving extra or specific information to LE in those. You write:

"I seem to recall reading ... that developers inform law enforcement about weaknesses that Tor does not protect well against."

but then write:

"... why not inform the community at large about the specific weaknesses you point law enforcement to?"

Where does 'specific' come from? Can you list these from that blog post? Or is everything in those blog posts equally available to all Tor users after all?

* I like this bit:
Roger Dingledine: "At the end of the conference, one of the FBI agents took me aside and asked "surely you have *some* sort of way of tracking your users?" When I pointed at various of his FBI colleagues in the room who had told me they use Tor every day for their work, and asked if he'd be comfortable if we had a way of tracing *them*, I think he got it." Sounds like Roger won't give specific helpers to LE after all?

I had the same thoughts--- thanks for saving me the trouble of finding those links!

I am rather upset with Roger over his role (yes?) in hiring D. Chasteen, but to his credit, he has never tried to hide his youthful indiscretion: working one summer for a few months as a summer intern at NSA. Given the extent to which USIC's tentacles have infiltrated every corner of US academia (Roger's natural haunt), I don't consider this awkward line in his resume quite as disturbing as some might. But it does add to my concern about the Chasteen fiasco, and about TP or close associates of Tor people accepting grants from DARPA. It all adds up to multiple ties to the dark side of the USG, and that worries many Tor users.

If I mention names, the censor will never pass this post, but I repeat my appeal to an un-named associate to explain the status and motivations of her DARPA funded research on stylometric deanonymization attacks. It seems to me that it would be very easy to code something which help to obscure personal stylometric features. Not enough to fix the problem, but enough to get a ball rolling in a helpful direction. The hypothetical application I have in mind (the associate probably knows what I am talking about) would unfortunately need to access a lot of memory, but so does selfrando, eh?

I read through the chat log on Pastebin when it came to light: http://pastebin.com/wpamqkw8. (Search that link in Startpage and use its proxy service, because Pastebin blocks Tor.)

At the end, I was satisfied it was just a blunder: RD didn't ask, and DC didn't say - until after the employment contract was offered, at which point the chat log ensued. It was DC who revealed his former employment.*

Note two things in the log:

1. Jacob Appelbaum states he is logging the channel at the end ("00:38 < ioerror> ok, i am logging this channel now"). I haven't seen any claims that these lines have been added to the pastebin version, instead I think there's a general suspicion that as JA logged the channel, he's the one who posted it to pastebin, and that was in response to his dismissal from Tor project and other hacker collectives. I suppose it also served the

2. Meanwhile, mrphs really had a hard time learning what just happened. Now that chat log was from 10 Nov 2014, and it's disclosure was late June this year. I was worried that would cause more distress, but mrphs is still with the Tor Project, having posted on 3 Aug on this blog. If mrphs satified, can we be satisfied too?

Some other things.

I saw Paul Syverson posting to the Tor Project devlist with his e-mail address from the .mil domain. You know who Paul Syverson is, right?

I guess to best defend against something, one has to reseach how one would best attack, otherwise one probably has the wrong defence. Of course someone's going to research stylometric deanonymization attacks. Meanwhile, I think Isis Lovecruft has been looking at the defence side recently.

So long as there's better thinking than "384kB should be enough for anybody."

I think one has to keep a cool head over these things and get to their proper context.

* Yes, I'm aware of the "but you can never really leave" concept, but I think it's more to do with keeping classified classified.

Given the extent to which USIC's tentacles have infiltrated every corner of US academia (Roger's natural haunt),
and Edward Snowden worked for a NSA contractor!!

Ironic: another website which blocks Tor using cloudflare:

https://policy.m4bl.org/platform/

Can TP contact them and let them know why Tor is perfect for BLM supporters?

Not so ironic: fbi.gov blocks Tor using cloudflare, which owns the https cert you see if you try to connect to FBI (because they publish public data which is highly relevant to BLM issues, as not even James Comey can easily deny).

Wonder what would happen if TP suggested that fbi.gov should be more Tor friendly? Would they even bother to reply?

So you can easily see nsi/xxx friends. What's the trouble - don't visit it there is nothing unique on the web just go to another site.
If you must then try to search for addon which scans reply for clown's signature and reconnects. Eventually it will drill the hole and connect.
It will be better for the society to make replica of interesting/unique sites blocking tor access and publish them on the onion web.
Btw does anybody have (official) onion mirror site for tor torproject.org/dist ?

Problem re: would FBI want TP able to trace FBI agents? It isnt a level playing field - TP people are in USA, subject to US law, largely funded by USGov, and the time delay factor.

(Paranoid scenario) FBI could sponsor exploit development under NDA and/or use NSL to prevent revealing of an exploit, or develop it under contract with a private for-profit corporation, not subject to FOIA, but having same staff as TP (similar to Tor Solutions Corp). Then use exploit for a few months before it got "reported" by developers or found by external people.
(Speculation: Carnegie Mellon FBI TBB sting.)

Maybe the Tor Social Contract prevents such scenarios. Anyway my guess is, like the Lavabit guy, TP staff wouldnt stand for it regardless of legal pressure.

The verifiable design and open source coding of Tor is to not allow anyone to trace anyone else. I quoted Roger to show that he was getting the FBI agent to confirm that the FBI would not use Tor for their own investigations if they knew it had a backdoor, so the speculation that Roger was giving LEAs extra help with tracing is somewhat absurd.

Still, James Comey, FBI Director, seems to believe in the possibility of either secret backdoors in open source code or turnkey backdoors that can never be hijacked by someone else. Some people here seem to believe they might already exist.

The real risk of tracing comes from exploiting design flaws and coding errors, and for avoiding that we need much review and testing. The Carnegie Mellon affair was such a thing, read: https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users.

Two Tor developers have already moved to Europe. One sped up her move to escape the possibility of being served a NSL by the FBI. She has a canary on her website. It's due for renewal in four days time. (Someone remind her, she forget to renew for two months last time!)

> She has a canary on her website. It's due for renewal in four days time. (Someone remind her, she forget to renew for two months last time!)

Canaries are not without weaknesses and are certainly painful to maintain, but TP is one organization which really really really needs to maintain one (and never forget to renew it).

Unless of course the problem is that TP is already being served with a flurry of NSLs accompanied by gag orders.

Someone should be careful they are contacting the real Isis: unknown actors (FBI mebbe?) have targeted her with a cryptophishing attack (create a PGP/GPG key purporting to be hers with same short identifier as her genuine key):

http://www.theregister.co.uk/2016/08/17/pgp_admins_kill_short_keys_now_…
PGP admins: Kill short keys now, or Alice will become Chuck
Someone's impersonating the likes of Linus Torvalds with attacks via keyservers
shutterstock_287971118--snake-hero
Richard Chirgwin
17 Aug 2016

> The issue of short PGP IDs is back on the agenda, with unknown scammers spoofing identities like Linus Torvalds and Tor core developer Isis Agora Lovecruft. Short keys are just what the name describes: instead of someone passing their whole PGP key to someone else to get a message going, people would memorise the last eight hex characters of their full fingerprint. Hence, as explained back in March by Debian dev Gunner Wolf, Alice might give Bob the short key ID (Wolf's is C1DB 921F), and Bob would search a key repository to find Alice's full fingerprint. The problem: we've known for about five years that short keys are prone to collisions; and in 2012, the Evil32 project published a 32-bit colliding key for the whole PGP Web of Trust.

> develop it under contract with a private for-profit corporation, not subject to FOIA, but having same staff as TP (similar to Tor Solutions Corp)

As you probably are aware, TP has a rather murky legal structure and obscured legal status. Tor Project, Tor Foundation, "the company"... If I correctly understood something Roger once wrote in this blog, he cannot figure it out any more than we users can, which is worrisome.

I hope Shari is trying to find ways to restructure TP to avoid murkiness and to transform TP into a user-supported NGO, preferably one incorporated under the laws of a country which is not ruled by some USG puppet government. Moving TP outside the USA would probably mean that many key employees would also have to move, which is, I admit, a lot to ask of hard working TP employees whose family and friends mostly live in the USA.

"As you probably are aware, TP has a rather murky legal structure and obscured legal status."

I'm not aware of it, could explain more about this, please?

TP (like a lot of groups) wish to be sponsored by or from a great organization like a foundation, unknown enterprises, private funds, donations etc.Legally, life & taxes are more easily managed. it sounds like they wish today to be in a real universal status and not like a dirty hidden trash tramp lol ... is it a serious world ?

So, the explanation to the claim about TP's "rather murky legal structure and obscured legal status" is "like a dirty hidden trash tramp"? I find myself none the wiser from that. Any better explanations?

"(Paranoid scenario) FBI could sponsor exploit development under NDA and/or use NSL to prevent revealing of an exploit, or develop it under contract with a private for-profit corporation, not subject to FOIA, but having same staff as TP (similar to Tor Solutions Corp). Then use exploit for a few months before it got "reported" by developers or found by external people.
(Speculation: Carnegie Mellon FBI TBB sting.)"

So, how does this work? Thinking this through: the exploit code can't be inside the Tor software itself, because:
- if it was published inside the open source code, that might give the game away and/or breach the NDA, right?
- if it was hidden inside the binaries, they would mismatch with the source code via reproducible builds.

So, the exploit would have to be in a separate project (like the CMU FBI TTB sting, as you cite).

What's then to stop another TP coder (or even the same one!) modifying the Tor source code to counter the exploit right away, just saying openly "but this exploit could hypothetically exist, and this is good design!"

Would this strategy of feet dragging be enough to render the NDA impotent?

hunter2

August 10, 2016

Permalink

Very good. I am a online security expert that uses and recommends TOR all the time. I for one appreciate your candor and genuine interest in the security of the Internet.

hunter2

August 11, 2016

Permalink

HI, since few hours I become a Message when I started Tor, that FF are outdated.
Why?
There is the newest Tor in use...
Greetings from Germany

me too,try Help>Troubleshooting Information>Give Tor Browser a tune up> Refresh Tor Browser and re-install,useful.