Tor Summer of Privacy--Apply Now!
The Tor Project is launching our first Tor Summer of Privacy! This is a pilot program for students who want to collaborate to develop privacy tools. We participated in Google's groundbreaking Summer of Code from 2007-2014, but we weren't renewed this year (Google is rightly offering new groups this opportunity) so we've decided to start our own program. Many thanks to Tor's individual donors who decided to sponsor the Summer of Privacy. Students only have 10 days to apply--so spread the word!
We feel that working on Tor is rewarding because:
• You will work with a world-class team of developers on an anonymity network that is already protecting millions of people daily--or work on your own, new project.
• We only write free (open source) software. The tools you make won't be locked down or rot on a shelf.
• The work you do could contribute to academic publications — Tor development raises many open questions and interesting problems in the field of anonymity systems http://freehaven.net/anonbib/.
• You can work your own hours wherever you like.
• We are friendly and collaborative.
We are looking for people with great code samples who are self-motivated and able to work independently. We have a thriving and diverse community of interested developers on the IRC channel and mailing lists, and we're eager to work with you, brainstorm about design, and so on, but you need to be able to manage your own time, and you need to already be somewhat familiar with how free software development on the Internet works.
We invite and welcome applications from many different kinds of students who come from many different backgrounds. Don't be shy--apply!
Tor will provide a total stipend of USD $5,500 per accepted student developer.
DEADLINE FOR APPLICATION: We are accepting applications now through April 17th, 2015. Apply soon!
We're always happy to have new contributors, so if you are still planning your summer, please consider spending some time working with us to make Tor better!
I wish all the best to everyone who will participate in the Summer of Privacy, and I hope applicants are so eager to get started that they will be willing to spend some time before summer arrives in a course of background reading. May I recommend two Great Books which I believe will help you think like an attacker?
How often does it happen that an "unauthorized history" of some arcane field inspires an epochal contribution to that very same field? One of the few examples known to me: Kahn's book directly inspired Whitfield Diffie's work on what is now known as public-key cryptography.
One of the Snowden leaks so far published by The Intercept is the official NSA account of how NSA raided the home of W. F. Friedman, the legendary cryptographer for whom the Friedman auditorium at NSA/Washington is named.
Working on behalf of the USG in the years before World War Two, WFF had masterminded MAGIC, and after that war he briefly worked for the then new agency, NSA, but by the time of the raid on his home he had become an (internally) outspoken critic, on the grounds that NSA was continuing to carry on widespread violations of privacy of ordinary people around the world, which WFF felt was inappropriate in peace time. Were he alive today, I have no doubt that WFF would be writing editorials supporting the views of William Binney, not those of Admiral Rogers.
The NSA agents who raided Friedman's home were looking for unclassified papers which Friedman had published prior to World War One while working at Riverbank Laboratories for an eccentric millionaire on the authorship of the plays of the author generally known as "Shakespeare". (Who may well have been the historical actor/producer William Shakespeare, putting aside that controversy, I should point out that the analogies between the Elizabethan secret police, Stasi, KGB, NSA, and the creative responses of the targeted intelligentsia, are extensive and thought-provoking.) The leaked NSA memo notes that during the raid, Friedman quietly smoked a pipe and appeared oddly unperturbed. The reason was that WF had previously given a complete set of the legendary Riverbank papers to a bright neighbor boy, an aspiring reporter named, you guessed it, David Kahn!
Friedman met his wife Elizebeth at Riverbank. She was herself an accomplished cryptanalyst who worked for the USCG decrypting the communications of rumrunners during the Prohibition era (as did WFF, briefly). The similarities with the war of the modern FBI on the so-called Darknet are hard to miss, and instructive.
Bruce Schneier is not only a skilled cryptanalyst but also one of the world's most accomplished nonfiction authors. All his books are well worth reading, but Applied Cryptography is the one every cryptanalyst studies.
There is a huge unmet need for a third great book, on modern cryptanalysis, which is not the same thing as techniques for black hat hacking, which is SOP for NSA nowadays. (You can learn all about cryptanalysis up to Friedman's Riverbank papers from Kahn, and contrary to what some modern cryptanalysts state, I think those methods remain relevant today.) The best standin, I think, are the blogs of another skilled cryptanalyst who is also a gifted writer, Matthew Green. Since his blog is in constant danger of being censored/removed by our enemies at FBI/NSA, grab these while you can:
In defense of Applied Cryptography
7 Nov 2011
A diversion: BEAST Attack on TLS/SSL Encryption
20 Sep 2011
Non-governmental crypto attacks
28 Nov 2011
OpenSSL and NSS are FIPS 140 certified. Is the Internet safe now?
2 Jan 2012
Trustwave issued a man-in-the-middle certificate
7 Feb 2012
Attack of the week: RC4 is kind of broken in TLS
12 Mar 2013
The Ideal Cipher Model (wonky)
11 Apr 2013
On cellular encryption
14 May 2013
How to 'backdoor' an encryption app
17 Jun 2013
On the NSA
6 Sep 2013
The Many Flaws of Dual_EC_DRBG
18 Sep 2013
How does the NSA break SSL?
2 Dec 2013
How do you know if an RNG is working?
19 Mar 2014
Attack of the week: OpenSSL Heartbleed
8 Apr 2014
Attack of the Week: Triple Handshakes (3Shake)
24 Apr 2014
Noodling about IM protocols
26 July 2014
Attack of the week: POODLE
14 Oct 2014
Attack of the week: FREAK (or 'factoring the NSA for fun and profit')
3 Mar 2015
Please note that many of these blog posts offer detailed studies of practical attacks on TLS, which should help to explain why I hope Tor coders will read them, if they have not already done so. If one had to pick just a few of Green's posts, I'd pick the one on RNGs (both Snowden and Green have stated that attacking the RNG is much easier for NSA than full-on cryptanalysis of a modern block cipher).
To repeat, I am suggesting that students who have applied to the Summer of Tor read as much of these as practical over the next few months, not that anyone try to read them all in a day. One day-planning warning: once you pick up Kahn's rather long book, I can almost guarantee that you will be unwilling to stop reading until you've finished the book, and then you'll want to immediately read it all over again. It's that good.