Transparency, Openness, and our 2014 Financials

by arma | January 14, 2016

After completing the standard audit, our 2014 state and federal tax filings are available. We publish all of our related tax documents because we believe in transparency.

Tor's annual revenue in 2014 held steady at about $2.5 million. Tor's budget is modest considering the number of people involved and the impact we have. And it is dwarfed by the budgets that our adversaries are spending to make the world a more dangerous and less free place.

To achieve our goals, which include scaling our user base, we fund about 20 contractors and staff members (some part time, some full time) and rely on thousands of volunteers to do everything from systems administration to outreach. Our relay operators are also volunteers, and in 2014 we grew their number to almost 7,000 — helped along by the Electronic Frontier Foundation's wonderful Tor Challenge, which netted 1,635 relays. Our user base is up to several million people each day.

Transparency doesn't just mean that we show you our source code (though of course we do). The second layer to transparency is publishing specifications to explain what we thought we implemented in the source code. And the layer above that is publishing design documents and research papers to explain why we chose to build it that way, including analyzing the security implications and the tradeoffs of alternate designs. The reason for all these layers is to help people evaluate every level of our system: whether we chose the right design, whether we turned that design into a concrete plan that will keep people safe, and whether we correctly implemented this plan. Tor gets a huge amount of analysis and attention from professors and university research groups down to individual programmers around the world, and this consistent peer review is one of our core strengths over the past decade.

As we look toward the future, we are grateful for our institutional funding, but we want to expand and diversify our funding too. The recent donations campaign is a great example of our vision for future fundraising. We are excited about the future, and we invite you to join us: donate, volunteer, and run a Tor relay.


Please note that the comment area below has been archived.

January 14, 2016


If you really want to be transparent, then stop blocking every negative comment in your public blogs.

Yeah, we're still working on the right balance here.

The underlying issue is that we don't want to farm out comments to third-parties (whose business model is to spy on everything), and the captchas aren't really workable, so we end up assessing everything by hand and throwing out a huge amount of spam. And by 'we', we don't have anybody whose job includes doing this, so we get sporadic help from various developers / volunteers. But at the same time, I don't want to shut down the blog comments entirely, since they're one of the ways that people can reach us, over Tor, most safely.

We do indeed throw out, along with all the spam, the comments that call various Tor developers stinkypants. Those comments aren't productive to the conversation -- that is, they don't actually help in doing the "people can reach us, over Tor, mostly safely" part.

January 14, 2016

In reply to arma


i am satisfied about that ( and i do understand the reasons why some of my comments here were not accepted) : thx for working on the right balance here.

January 14, 2016

In reply to arma


arma wrote:

> But at the same time, I don't want to shut down the blog comments entirely, since they're one of the ways that people can reach us, over Tor, most safely.

Exactly, this is terribly important. Very few blogs on the (open) Internet allow anonymous posting, which means that they exclude the views of anyone concerned about government/corporate surveillance dragnets, and how various entities abuse the acquired data exhaust to harm individuals, particularly those with a point of view which diverges widely from government and corporate definitions of the political views of "compliant" citizens/employees/customers.

(The mailing lists are non-anonymous by default, and this is too difficult and dangerous to circumvent, and the Tails pre-configured OFTC chat accounts have all been blocked by OFTC chat servers, so until Tor Messenger development is further along, other modes of electronic communication are too difficult for almost every at risk person to attempt to use.)

> We do indeed throw out, along with all the spam, the comments that call various Tor developers stinkypants. Those comments aren't productive to the conversation -- that is, they don't actually help in doing the "people can reach us, over Tor, mostly safely" part.

I don't know what kind of critical comments the OP wanted to express, so the following comment on negative commentary does not necessarily apply to him/her:

One of the points about the "mainstream" mass media which progressives have made repeatedly is that the mainstream media pretends to "balance" debates by presenting very extreme views, rather than seeking to use limited air time to discover what large fractions of actual people believe. The same applies in blogs like this one: one can permit critical comments, but it is entirely appropriate to exclude posts which do not present coherent, reasoned arguments backed by links to evidence.

There are plenty of other places where people who want to say/read ill-informed criticism of Tor can go to vent their incoherent anger. And because this kind of post is "compliant" with USG-approved views of Tor (with some exceptions in entities such as certain units associated with the State Department), people who want to post criticisms of Tor--- presumably not while using Tor Browser!--- are unlikely to face reprisals. That is not likely to be true for people who post supportive views, as time marches on as the USG becomes ever more authoritarian, perhaps even fascist.

"One of the points about the 'mainstream' mass media which progressives have made repeatedly is that the mainstream media pretends to 'balance' debates by presenting very extreme views, rather than seeking to use limited air time to discover what large fractions of actual people believe."

It's more like they present two views within a fairly narrow range of acceptable opinion as "the two sides". Extreme views are used to polarize the masses against themselves, or to make acceptable opinion appear moderate by comparison.

January 14, 2016

In reply to arma


Completely dishonest. IOW, the other poster was right. You're deleting everything that is critical or that doesn't kiss up.

No one is fooled by your cutsy PC terms. When you call users stupid nerd terms like "stinkypants" you are demonstrating the true problem, which is (unwarranted) arrogance that pervades all of Tor, especially it's volunteers, and, alienates tons of people. People can barely even log into the OFTC channels anymore, because of all of this laughable smarm.

If you are serious about becoming hip, mainstream and popular, then you're going to do more than offer teeshirts with mostly your own people wearing them. You're going to have to get rid of those snotty little attitude problems. That highhanded mediocrity that runs throughout the ranks is a joke.

Most of your people can't answer even the most basic questions of how to use TBB, or other software - or even refer the right URL. So, they pick fights with the users, on a hair trigger basis, by getting testy with everyone and challenging the users' intelligence. Otherwise, their own ridiculously inflated egos might go down to their true merited levels - which, is that of your average customer service rep reading off of scripts. That kind of look-out-for-each-other culture is one that has killed many organizations, and, the very fact that you're peddling teeshirts and soliciting private donations should be the writing on the wall for you.

Now. Was this a "stinkypants" comment, in your eyes? Another, that you're going to hide from public view..?

The *truth* is that The Tor Project doesn't have *any* problem with stinky pants users. What it has, is a *huge* problems with snotty punks who are addicted to government grant money. And, they bring a "let 'em eat cake" attitude to their jobs.

Enjoy making people hop for your entertainment, while it lasts. After you guys and your new director are done running Tor into the ground you will finally lose your public funding. (Probably, when some private company buys you and cleans house - that's where they get rid of all of the slooow, sendentary niche dwellers and other sociopaths). Then, you can have fun settling for $9.50/hour coding jobs. Or, you can be smart and make changes.

> Completely dishonest. IOW, the other poster was right. You're deleting everything that is critical or that doesn't kiss up.

I assume you are addressing arma (Roger), but I'd just like to say that I frequently post comments which urge TP to stop doing A and start doing B, and these have almost always been accepted, perhaps because I

o am polite (I hope)

o am (clearly?) not hostile to the very existence of Tor

o express well-reasoned arguments (I hope) and links to back them up.

> When you call users stupid nerd terms like "stinkypants" you are demonstrating the true problem,

Now I am confused: arma didn't call anyone "stinkypants", he said that some deleted comments have called names.

> which is (unwarranted) arrogance that pervades all of Tor, especially it's volunteers, and, alienates tons of people.

As a long-time Tor user, I have no idea what you are talking about.

> People can barely even log into the OFTC channels anymore, because of all of this laughable smarm.

Clearly TP cannot be held responsible for the fact that OFTC admins have largely chosen to blog connections from Tor exit nodes.

> You're going to have to get rid of those snotty little attitude problems. That highhanded mediocrity that runs throughout the ranks is a joke.

Oh wait... are you referring to some bad experience with a Tor volunteer (or someone else) answering a technical question over at Stackoverflow?

> Most of your people can't answer even the most basic questions of how to use TBB, or other software - or even refer the right URL. So, they pick fights with the users, on a hair trigger basis, by getting testy with everyone and challenging the users' intelligence.

My word, who have you been talking to? Random people at Stackoverflow? Tor volunteers? TP employees?

I get the strong impression that you had some terrible times interacting with some people on line, but it's not clear to me why you appear to blame TP, or whether you even use Tor yourself.

To prevent possible misunderstanding, I am not a TP employee or even a volunteer as Roger and Shari probably use that word, I am an ordinary Tor user.

> So, they pick fights with the users, on a hair trigger basis, by getting testy with everyone and challenging the users' intelligence. Otherwise, their own ridiculously inflated egos might go down to their true merited levels - which, is that of your average customer service rep reading off of scripts.
> ...
> After you guys and your new director are done running Tor into the ground you will finally lose your public funding. (Probably, when some private company buys you and cleans house - that's where they get rid of all of the slooow, sendentary niche dwellers and other sociopaths). Then, you can have fun settling for $9.50/hour coding jobs.

I don't know who you were talking to, or even what you were talking about, but it might not matter. Is it possible that the problem is not that these people were "getting testy" with you, but that *you* were getting testy with them?

You appear to try to raise the spectre of a "hostile takeover", Tor is a nonprofit, not a corporation, so despite what the US Chamber of Commerce might desire, I don't think it is susceptible to this alleged existential threat.

(A Tor user)

> (unwarranted) arrogance ...snotty little attitude problems.... highhanded mediocrity that runs throughout the ranks...
> ...
> faceless rejects at the bottom levels ... ridiculously inflated egos ... their true merited levels ... is that of your average customer service rep reading off of scripts... stinky pants... slooow, sendentary niche dwellers and other sociopaths ... can have fun settling for $9.50/hour coding jobs.

You know, I was chatting with a resident of Moscow who sometimes encounters an unhappy passel of underpaid drones leaving 55 Savushkina Street. Apparently they adopt the same tone when complaining about their working conditions.

Maybe this poster has found an ingenious method of criticizing his own employer while appearing to be performing his job?

January 15, 2016

In reply to arma


I think you're doing a good job with comments, but I personally wouldn't mind less moderation, to get a better sense of what people think, even if they have a particularly rude way of expressing themselves.

There's a difference between being blunt/rude when criticizing ideas, and trashing on the appearance of people that were featured in the donation drive. Things that get moderated tend to fall into the latter.

January 15, 2016

In reply to yawning


@ yawning:

Many thanks to you and the other TP staff who help moderate the blog!

I urge you all to keep up the good work here, and my sympathies, since I can easily imagine how degrading many submitted comments must be.

One of the things I like about this blog is that the tone is generally higher than at most blogs. Sad comment on human nature, I suppose--- or the nature of Our Time--- that there seem to be so many chronically enraged people on the Internet...

> I think you're doing a good job with comments,

Agree, especially since TP is short-handed, and doesn't even have anyone whose job description involves moderating this blog (as I understand it).

> but I personally wouldn't mind less moderation, to get a better sense of what people think, even if they have a particularly rude way of expressing themselves.

Disagree. We don't want to make it even easier for the trolls to mess with us. Gosh knows there are plenty of places you can go if you want to read posts ranting against Tor. Or for that matter, editorials from USG officials ranting against Tor.

@ arma:

I urge you not to even consider the absurd premise of the US mainstream media that a "balanced" discussion means you need to give equal time to those who present well-reasoned points of view backed up with links to verifiable evidence and those who want to make rude comments which lower the tone for the entire blog.


January 15, 2016

In reply to arma


So for what it's worth, as one of the people that does delete comments (only obvious spam, I leave judging if non-spam comments should be published or not to other people).

The blog comments are about 95% spam by bots. The things that get deleted from what I can tell are random personal attacks/insults, and not criticism of the project itself. That said, I would probably opt to keep more of the tiny fraction of comments that do get thrown out, but it's a blurry line, and it's not something I personally want to get involved in.

January 15, 2016

In reply to arma


Setup a filter that filters out messages with the word "stinkypants."

Setup a message system that allows people to flag messages.

Setup a message system that only allows Tor users to access this message system to view it without registration or logging in. Only using Tor. That way you have to use Tor, which means you support Tor use!

Many ideas here. It is mostly common sense.

> Setup a message system that only allows Tor users to access this message system to view it without registration or logging in. Only using Tor. That way you have to use Tor, which means you support Tor use!

The problem there is that USIC operatives (and other bad guys) sometimes *use* Tor but certainly do not *support* Tor Project.

Moderation is a tough slog, but it has to be done in order to keep this blog useful. Currently it is the only usable way for the user base to express how they hope the Project will evolve and what dangers to its continued existence are most urgent (on any given day, since this can change rapidly).

January 19, 2016

In reply to arma


creative regular expressions to match s.t_33ng kee p4nzzz, then replace that word with asterisks, but have replacement function also replace the 3 preceding and 3 following words (or 20 characters, which ever is smaller) with asterisks.
Partial "censorship" that allows more comments while discouraging z.teee.nqui33 talk.

January 20, 2016

In reply to arma


So let me get this straight: authors of the world's greatest tool for bypassing censorship, suppress comments when they call them "stinkypants"?
Seriously, aren't you supposed to be an example?
You of all people?

January 21, 2016

In reply to arma


The "don't like it, don't use it".
Where would you draw the line?
Is a country preventing its population from accessing questionable internet services over the country's infrastructure justified?
Is an ISP exercising the same right justified?
Would censorship by Facebook or Twitter on users/views of their choosing present no problem for you?
Your view on "ordinary sites" is rather clear (although personally I did see as more than just "an ordinary site")

The main purpose of Tor, as I see it, runs contrary to the "don't like it, don't use it" argument.
(it's designed to curtail legitimate(?) tracking done by private websites)
Instead what it seems to propose is a sort of "don't like it, trick it" mindset.

That is the source of dissonance for me.

"On January 14th, 2016 Anonymous said:

If you really want to be transparent, then stop blocking every negative comment in your public blogs. "

Agreed, and the whole reason we've been seeing all of these feel good changes is that Tor was exposed as a government run and funded program - the very machine that they had been saying was trying to hack and crack them on a monthly basis. It is simply an extension of the Patriot Act - or, it became one.

Turning the whole issue into one of there not being enough women hired at Tor, and what kind of public face these sapiosexual virgins present, is just a diversion - done in a style pretty reminiscent of Google and it's own public deceptions.

This is a point that the legitimate privacy community needs to keep driving home. So, don't trust this filthy little Mosad program to so much as air one comment to the contrary. The faceless rejects at the bottom levels will intercept every communication to the higher ups, anyway. Each of Tor's good faith gestures are insults to every thinking person. True privacy advocates need to use alternatives for getting the message out that Tor is not to be trusted.

Oh, and the next time one of these ugly freaks refers to one of you as "stinkypants", take a good hard look at a picture of their new Director...

> the whole reason we've been seeing all of these feel good changes is that Tor was exposed as a government run and funded program -

Speaking as a long-time TB/Tails user--- who is not a TP employee or volunteer staffer--- that is completely counter-factual.

I have been one of those who in the past tried to "out" the letter donors, and who posted comments urging TP to try to dramatically change its funding to greatly reduce the reliance on USG grants. But the fact that Tor was (and still is, unfortunately) mostly funded by USG grants has never been a secret, just not something TP could talk about freely. That is because--- at least until fairly recently (arma can correct me if I am wrong)--- some of the USG support comes/came from semi-clandestine USG-tied vestiges of the Cold War, and is/was contingent upon TP not openly disclosing the source of the funding. I hate that, but at least I recognize that TP cannot be blamed for it, and now TP is trying hard to change its funding structure, and I think it will succeed, because it must.

> the very machine that they had been saying was trying to hack and crack them on a monthly basis.

Two points:

First, assuming you are referring to NSA/TAO and their FVEY counterparts in UK, Canada, Australia, and New Zealand, these agencies have been exposed by reporting at The Guardian and The Intercept (based mostly but not entirely on Snowden's leaks) as having for decades extensively intruded into private, corporate, and government networks in dozens of countries (including their own). Some of the leaked documents show quite explicitly that as recently as a few months before the leaks, NSA was trying to break into the Tor network in very specific ways. Jacob Appelbaum even published some of the source code of "intrusion tools" used by NSA/GCHQ to attack Tor. So the fact that FVEY intelligence agencies attack Tor is not fantasy, but documented fact.

If you were referring to FBI or SCO, your comment seems even stranger, since these organizations have "leaked" countless stories to friendly reporters bragging of their exploits in intruding into Hidden Services.

Second, NSA/FBI are far too influential components of the USG, and far too much beyond even the President's control, but USG is a big big entity, and by no means entirely evil. There are problems with just about every department in the US federal government, but many of these harbor people who are conscientious and trying hard to prevent USG from being "all evil all the time".

> [Tor Project?] is simply an extension of the Patriot Act - or, it became one.

Nothing could be further from the truth, and I think almost all regular Tor users appreciate this. (If not, one would have to wonder why they are using Tor.)

> what kind of public face these sapiosexual virgins present

I have no idea what you mean by "sapiosexual virgins", but in case you did not catch your tone, this mystery term does sound as if it might be intended as somehow derogatory.

> So, don't trust this filthy little Mosad program to so much as air one comment to the contrary.

I'm confused: are you talking about Tor Project?

I like to think I follow Israeli politics sufficiently closely to be able to say with some confidence that TP does not appear at all likely to be some kind of Mossad project. Until now I've never even heard that suggested, so points for originality.

> The faceless rejects at the bottom levels will intercept every communication to the higher ups, anyway.

Well, I happen to know that is simply not true.

> Each of Tor's good faith gestures are insults to every thinking person.

Please don't take this the wrong way, but if I were asked to characterize your post in one word, I'd say "angry", not "thinking". The strangest thing is, you haven';t explained *why* you are so angry, or even whether you are a Tor user, and if not, what relation you have to TP, and if not, why you are here.

> True privacy advocates need to use alternatives

I don't think anyone is going to accept your apparent attempt to define "true privacy advocate" as someone who doesn't use Tor.

> for getting the message out that Tor is not to be trusted.

I haven't seen you present any reasoned arguments, much less arguments supported by any actual evidence, for why you think "Tor cannot be trusted". I *have* seen you (in the quoted post) engage in gratuitous and childish ad hominem insults of TP employees.

If this is an example of the kind of post you want to see appear in this blog more often, I must disagree.

Big thanks to the posters for their input.

I see the same kind of sophomoric smarm employed by moderators all of the time on atheist forums. Those debates, likewise, constantly demonstrate the true ugliness of human beings who acquire too much power. Especially when they do not possess even one quarter of the education - or the sophistication that they place so much stock in, amidst their endless posturing. It not only gets in the way, but their egos influence policy in ways that they should not.

If Tor were more open - or "transparent" - then these comment sections could be convenient places for collecting and trading feedback. Like the poster might have said, in the OFTC areas, the mods and volunteers are all trolls who never impart even the tiny nuggets of useful information in their exceedingly limited repertoire, without first being paid toll in the form of some truly demeaning groveling from everyone. They are only there to look for fights with those who refuse to suck up and kiss their asses. They are endlessly sarcastic and insufferable to everyone who tries to keep some self respect, before calling in their admin buddies to back them. They are cowards.

What then appears to follow is that a war takes place. A barrage of retaliatory flooding attacks hit the channels, followed by bans of Tor IP addresses. The ban gets lifted after about a week. The cycle repeats. For the last few months, it has been very difficult to connect, using Tor. But this has happened frequently over the last couple of years. What I don't get is why Tor doesn't just run its own IRC servers, instead of being in the silly position of blocking itself.

Oh, wait. I do get that: It's because, Why bother when all of the fighting is being caused by Tor's own out-of-control staff, power-tripping and pissing off everyone that they can.

...Yeah, that would be a little counterproductive.

> Tor's own out-of-control staff, power-tripping and pissing off everyone that they can.

It seems you are complaining about bad experiences in OFTC chat rooms, but you don't seem to know (or care) that OFTC is not part of TP, or that the OFTC moderators you so dislike have nothing to do with the TP staffers who take some of their invaluable time to moderate this blog!

> What I don't get is why Tor doesn't just run its own IRC servers, instead of being in the silly position of blocking itself.

The answer should be obvious: lack of funding and insufficient staffing. If you want Tor to fund/maintain/room-moderate its own chat servers, you should contribute generously to the funding drive and mention your desire for a practical solution to the lack of anonymity-friendly chat servers.

Some potential alternatives to OFTC chat rooms have been mentioned in thie blog, and I view the advent of Tor Messenger as a very important, long overdue, and promising innovation.

I am a Tor user, not a staffer or volunteer, who has donated to TP and hopes to continue doing so.

January 14, 2016


Thank you again for your commitment to transparency and openness. From the auditor's report, it looks like the organization will benefit tremendously from Shari's financial management skills.

Yes, that's certainly one of the many reasons I am excited to have Shari on-board!

That said, I think we haven't been doing *too* badly in terms of financial management lately. :) Certainly for the second half of 2015, the focus was on keeping everything up and working ("keeping the lights on"), while we also searched for a new execdir. (Speaking of which, I'm sorry that these financials came out so late. But better late than never.)

January 14, 2016

In reply to arma


Roger, as someone who follows the organization pretty closely, I'm also glad that you were at the helm during that period. Your personal commitment to transparency & openness - inclusive of the organization's finances - is one of the things that makes the organization great.

Plus one. I'm glad you are staying on--- continuity at a time when TP is dealing with exponentially increased threats (including political threats) and unavoidable growth is really essential.

At times I've expressed frustration with various presumed TP policies, but despite what the angry poster above appears to believe, my comments were not only accepted by the moderators (with a few exceptions which I don't understand), but the most important changes I've urged for years have been adopted by the new Executive Director. Which is very gratifying of course, but now that I know (from the Guardian interview) that my views are consistent with those of TP employees, I'm even happier!

Also, I think Shari Steele is just about the perfect choice for the new ED, so very happy about the outcome of your ED search too.

Threats abound, but I also see many very encouraging signs.

January 14, 2016


I already feel in debt just by using Tor(contributing). I'd wish I'd just contact my ISP one day and ask what they'd think about me running a Tor relay, I'll probably ask first about a middle relay. Maybe you already have templates on how to contact ISPs, also its in Sweden so if it was in Swedish that would be great. Despite my searches I don't seem to find any reference at all about this, which is sad :(

> I'd wish I'd just contact my ISP one day and ask what they'd think about me running a Tor relay, I'll probably ask first about a middle relay.

For bridges and non-exit nodes, I expect most people just run them without asking. Certainly I never asked, and nobody's ever bothered me about my middle relay.

January 14, 2016


> I'm sorry that these financials came out so late

TP should try to ensure that future financials are not late, and come with some more explanation, since few prospective "private citizen small donors" are experts in US tax law or 501(c) accounting.

I think TP still needs to be more forthright about the nature of the USG entities which provided most of your funding in the 2014 fiscal year. I hope more transparency will *encourage* more small donations by highlighting why the Project badly needs funding diversification.

Can you briefly explain the acronyms in the section naming funding received from grants? Please correct the following guesses as necessary (amount in thousands of USD):

RFA 733 (Radio Free Asia, a USG agency?)
SRI 638 (Stanford Research Institute, a USIC contractor)
DRL 635 (US State Department?)
SRI 159 (Stanford Research Institute)
NSF 100 (National Science Foundation, a USG agency)

Can you provide a pie chart showing how these revenues compared to private donations in 2014 fiscal year?

Regarding the 0.89 million USD in contracts: is that more than one contract? The one I know about (yes?) is to develop security toolkits for journalists.

Yes, your acronyms look right:

The numbers are a bit tricky for me, since I know it in terms of how much the funding is for, and these documents show it as how much actual money came in during the fiscal year, which is a function of when we did billing, when our invoices got paid, etc etc. Some of our funding is "fixed-cost", meaning when we do the deliverable we get paid the agreed amount for it; others of our funding is "cost-reimbursement", meaning the only way to get paid for it is to show that we already spent the money. So all of that complexity causes the cash flow to get complicated. Aren't you glad you know these details now. :)

For the 0.89 million in contracts, I think you're reading that wrong. Or rather, that is not a separate pile of money from the numbers that you quoted above. Some of our funders are phrased as contracts, and some of them are phrased as grants. So your numbers above total $2265k, and add to that $288k in donations-or-equivalent, and there we are at $2.5M. There, now you can make our pie chart for us too.

Speaking of the pie chart, I answered a similar question for the folks writing up the donor faq:
(see question 11, "Where does the Tor Project's money come from?")

I think the 'security toolkits for journalists' project is long over. That looks like Sponsor I:
which I think was the Knight Foundation grant, if I remember correctly.

The reason why SRI shows up twice in the list is because SponsorF ended in 2014, and SponsorR started in 2014:

And the OTF (RFA) funding is a combination of their earlier funding of Tor Browser:
and their newer funding of both Tor Browser and core Tor:

And lastly, for those who are wondering about the mysterious $427k in income that sometimes shows up in the numbers and sometimes doesn't, it is "donated services". That is, the accountants asked us to put a value on the time and energy and so on that volunteers gave to Tor in 2014. It looks from page 67 that we tried to quantify "donated" software development, donated website hosting, and donated translations in this number. There were plenty of other activities (like advocacy, relay operation, etc etc) that we might have included but didn't. I don't know the details on why we chose the set of services that we chose, but I assume it's aiming to strike a balance between counting everything and only counting the ones that we can for-sure justify to the IRS if they ask.

Hope this helps!

January 16, 2016

In reply to arma


@arma just wanted to say thanks for this very insightful comment. I had been unclear on some of the same issues when reading through the document, and found this quite helpful. Thank you for taking the time.

January 18, 2016

In reply to arma


@ Roger:

> Some of our funding is "fixed-cost", meaning when we do the deliverable we get paid the agreed amount for it; others of our funding is "cost-reimbursement", meaning the only way to get paid for it is to show that we already spent the money. So all of that complexity causes the cash flow to get complicated. Aren't you glad you know these details now. :)

Actually yes, this explanation is very helpful, and in future, instead of simply posting the document, I urge you to post an explanation including such comments (updated as needed).

> now you can make our pie chart for us too.

Actually, I was suggesting that TP make a modest attempt to make the situations quickly comprehensible. Pie charts are notorious (among statisticians) but they have their uses.

Point taken about the raw figures in the document being potentially misleading, but in the proposed explanatory blog you could suggest alternative ways of breaking it down which might be more relevant to the questions the user base is most interested in. One of which, I think, is: how much of Tor's funding comes from USG sources? USIC-tied sources such as SRI? I hope the discussion here will uncover other potential sources of confusion for ordinary Tor users who take the time to read the latest tax filing documents.

Better understanding of how the funding has been done in the past will also, presumably, help us users to help TP decide how to try to do it in future.

One suggestion I have seen several times was also mentioned by Shari in her interview with The Guardian: corporate funding. I think that's worth exploring, with caution, but suggest asking TP staff (employees and volunteers) and also tracking blog comments (other than trolls, obviously) for concerns about possible dangers of corporate funding coming with hidden strings or undue influence.

Another suggestion: TP could explore seeking funding from wealthy billionaire-founded-NGOs such as the Gates Foundation. Here I think caution is even more necessary--- see the report:

Philanthropic Power and Development: Who shapes the agenda?
Jens Martens and Karolin Seitz
Global Policy Forum

In all cases. the guiding principle is that funding from "tainted" sources (governments, corporates, billionaires) must not be allowed to dominate total revenue the way USG funding has so far dominated TP funding.

In the end, I think there is no way around the conclusion that ASAP TP *must* get more than 50% of its funding from ordinary users.

I contribute to several NGOs whose humanitarian mission I strongly support intellectually and emotionally, and in their fundraising letters they constantly urge people to make smaller regular contributions rather than occasional larger contributions. The problem here is of course that--- particularly in the US--- few ordinary people have any savings or reliable sources of income any more, which makes it impossible (or at least irresponsible) to commit to making regular monthly contributions.

The only real solution here, I fear, is the kind of bloodless revolution in which US voters elect a socialist who is truly committed to combating income inequality and reversing the decimation of savings. As you know, this appears not entirely impossible in various countries including the US, but in all cases, the established power structure is clearly determined to deploy against ordinary citizens intelligence/suasion techniques which I think it is fair to characterize as atrocious.

To mention just one example:…
Woman who was engaged to police spy sues Met over 'psychological torture'
Carlo Neri
18 Jan 2016

> The woman, known only as Andrea, had a two-year relationship with the officer, during which time the spy told her that he wanted a baby with her but did not tell her that he already had a wife and child and was an undercover cop [using a false name, and married to another woman]. The policeman, who operated under the fake name of Carlo Neri between 2001 and 2005, has been unmasked after investigations by campaigners, the Guardian and the BBC’s Newsnight programme.
> ...
> [Andrea] has only recently discovered that Neri was an undercover officer. Anti-racist campaigners and members of the Socialist party say Neri took part in their political activities in the early part of the last decade.
> ...
> Neri was deployed to infiltrate anti-racism groups and the Socialist party [in the UK].
> ...
> [The civil lawsuit] is the latest legal action against the Met police over the conduct of undercover spies who infiltrated hundreds of political groups from 1968 onwards. A number of them entered into relationships with the women they spied on. In November the force unreservedly apologised and paid compensation to seven women who had been deceived into forming “abusive and manipulative” long-term relationships with undercover officers. On another occasion, the Met paid more than £400,000 to a woman who had discovered by chance that the father of her son was an undercover officer.

The abuses described in the story just cited (and dozens of previous exposes published by The Guardian, which has done a superb job in exposing UK police on political surveillance) also raise the question of whether TP should do more to suggest better OpSec for activists and other political/religious dissidents who use Tor. I feel that--- especially in "Western democracies" [sic]--- a large fraction of the "targets" of large scale intelligence operations such as those described in The Guardian series do not fully appreciate what kinds of groups are targeted for nasty intelligence/suasion operations. In the UK, these groups have included groups opposed to airport runway expansions and windfarms. In both the UK and US, other targeted groups have included political parties, human rights groups (including Amnesty International and Human Rights Watch), ecological groups (including Greenpeace), animal rights groups, social justice groups (including Black Lives Matter and many much smaller and less well known groups), among others. In the US, another targeted NGO is a TP partner, the popular collective Riseup Networks, which has been targeted by Hacking Team (and probably other malware-as-a-service companies) on behalf of its ugly clientele.

Clearly "popular election" [sic] outcomes in FVEY/EU are beyond the brief of TP, but this does raise the question of whether TP should consider:

o occasionally asking supporters in various nations to ask their political representatives to support or oppose specific bills,

o endorsing specific candidates.

I think this is worth considering but again urge TP to seek the opinions of your staff and to be very cautious. My own sense is that the first is probably worth trying, in some very clear cases where TP faces a potential existential threat, for example proposed bill in the US federal and state legislatures which would mandate backdoors in software products and hardware devices (including phones, tablets, and laptops), but that the second might be going a bit too far right now, since

o none of the US Presidential candidates who stand any chance of victory seem terribly concerned with Crypto War II

o as seen above, humanitarians drawn to Tor as an essential tool to support human rights/civil rights activism/research are likely to find the social views of Tea Party candidates very attractive

o in general, US/EU/Latin-American elections tend to become rather embittered and divisive.

You wrote:

> the accountants asked us to put a value on the time and energy and so on that volunteers gave to Tor in 2014. It looks from page 67 that we tried to quantify "donated" software development, donated website hosting, and donated translations in this number.

That is what I guessed, but it is good to have confirmation. This is the kind of explanation which should be included in the proposed explanatory blog.

I have one other suggestion: I hope that it might help the fund drive to post a pie chart showing the breakdown from the 2014 sources compared to the most recent tally from the fund drive. My impression is that we (the user community) have quite some way to go before the user contributions are of the same order of magnitude as the USG funding.

Last, thanks for replying--- I confess I wasn't sure that you would, so I really appreciate the fact that you did, and I hope this helps persuade others to contribute and to keep contributing in future to TP!

> humanitarians drawn to Tor as an essential tool to support human rights/civil rights activism/research are likely to find the social views of Tea Party candidates very attractive

For "likely" please read "unlikely"!

January 14, 2016


In the near term, the USG funding for Tor Project, and the Project's shallow pockets, should help to prevent Tor from being targeted from something like this:…
Lawsuit accuses Twitter of providing material support to ISIS
Katie Bo Williams
14 Jan 2016

Not that anyone should use that as an excuse to continue the status quo. I hope other Tor users will join me in donating to the Project!

That may carry risks, which unfortunately can probably only increase over time. As another poster recently mentioned in this blog, privacy advocates need to worry about "future-proofing" communications and other actions, since things US persons do today, which are not currently illegal under US law, might easily be held against us in coming years. In particular, NCTC is likely to decrease the citizenship scores of citizens who donate to Tor, despite the absurdity of discouraging individuals from doing exactly the same thing the US State Department has been doing, on a much larger scale.

January 15, 2016


I'm not a great fan of expansion. I've seen lots of NGOs expanding and sometimes resisting the temptation and sticking to the basics is better.

Agree that growth can be risky, but I think growth is unavoidable because:

o TP needs to step in to fill gaps in consumer tools, such as a truly anonymized chat client that is as easy to use as TB; I am talking about TM, which I think is very promising)--- this is one of many longstanding gaps that independent developers just have not been able to fill despite years of effort, so TM is really needed,

o TP is facing an ever growing variety of threats to the core software, and needs to continually improve the "hardening" of iceweasel code in TB, which means hiring more developers, commissioning high-quality audits, etc,

o TP needs to ensure that mass media coverage of Tor is factually accurate and balanced--- there's been a lot of progress here just in the past month, but more needs to be done

o TP needs to continue to build closer ties with other essential elements of the privacy infrastructure such as Citizen Labs--- it really helps here that Shari has close ties to EFF,

o TP needs to try to ensure that USG/EU call TP when they call other privacy advocacy groups for comments on upcoming legislation affecting internet privacy/anonymity; in other words, TP needs to be seen as a legitimate and core element of the Internet environment.

Shari has a lot of executive experience, and I think that she is well qualified to mitigate some of the dangers associated with rapid growth.

January 15, 2016


The Guardian just published an interview with Shari in which she made some interesting comments on Tor funding:…
Shari Steele on online anonymity: Tor staff are 'freedom fighters'
Bethany Horne
11 Jan 2016

> [A] survey [of Tor Project employees and volunteers] also found that Tor’s funding model was a big point of concern for staff, with many concerned that a single funding source from the US government makes Tor’s future vulnerable and damages its credibility. “A third [of those surveyed are] saying the Tor Project should probably aim to entirely stop taking US government money. People internal to Tor are likelier than external people to say they don’t like the US government funding model.”

I am really glad to hear that the views of this long-time Tor user are reflective of the staff!

> Steele agrees that Tor’s funding model so far has been unusual. For a tool that advertises itself as capable of government circumvention, the appearance of funding itself mostly with US government grants is bad. Tor advertises on its homepage that Edward Snowden used Tor to protect himself from the most technically proficient adversary on the planet – the US National Security Agency. Steele says there are many other funding models to explore for Tor.
> ...
> Despite being a registered non-profit organization, Tor hasn’t been getting as much money from individuals, foundations, from corporate donors, from running events, or other schemes. “There is a whole world of funding opportunities that they haven’t even explored. And I agree – it actually makes Tor very vulnerable.”

Especially if a cryptofascist is elected President of the USA. (The only candidate who is clearly not in that category is Bernie Sanders. But not even Sanders has come out strongly against the NSA dragnet, and I don't think he's said anything at all about the encryption backdoor demands from FBI. I hope EFF, ACLU, TP will try to ask his campaign for clarification.)

> “They have built the organization around a university research model where they fund specific projects and have to have separate budgets for each of the projects they’re working on … It’s not by any remote stretch of the imagination the way a traditional non-profit is funded,” she said.

This is an important point.

> Steele spoke modestly and only briefly during Tor’s keynote speech to the 3,500 people at the event, acknowledging that her priority would be to diversify its funding sources. “Government funding has been really difficult for us, specifically because it’s all restricted and so it limits the kinds of things we want to do. When you get the developers in a room blue-skying about the things that they want to do, it’s incredible – these are really brilliant people who want to do great things. But they’re really limited when the funding says they have to do particular things.”

No strings funding, from reputable sources, that's what is needed! Also a bigger budget. We all need to make it happen.

From previous comments it is clear that Roger and Shari understand this, but to prevent possible misunderstanding: the goal is not necessarily to eliminate *all* government tied funding, but to ensure that such funding is a small portion of total funding, and that TP can reject objectionable "puppet grants" (the kind which come with strings). I do think it should be a goal to try to eventually eliminate funding tied to USIC (e.g. SRI is a public-private partnership with longstanding ties to CIA) and to USG-foreign-policy-pushing entities (State Department, Radio Free Asia), in favor of funding from human rights groups which criticize the USG when warranted, not just the Chinese and Russian governments.

> Steele introduced a funding drive that has raised $170,000 so far, including the obligatory slogan T-shirt: “This is what a Tor supporter looks like,” it says.

I have been impressed by how badly people want that T-shirt! Another idea would be a Tor sticker resembling the one picture on Edward Snowden's famous laptops. Or maybe stickers reproducing some of the "This is what" portraits, so enthusiasts can collect them like sports cards. Bonus points for anyone who manages to surreptitiously attach a Snowden sticker to James Comey's personal computer.

Shari made several other interesting comments in this interview, but I won't try to address them in this thread.

January 15, 2016


What I wish is to see more development news here on the blog. I know you like to parade your supporters, etc. but I am more interested in the latest upgrades to the Tor Browser Bundle, especially when the hardened version will be ready for Win32.

Alas, I recommend following the tor-dev list, the #tor-dev irc channel, etc for those. The developers in that area are all full up on actually developing, so they haven't been making time for explaining and summarizing. To me this is a reasonable tradeoff for the short-term and medium-term, but it would be nice to be able to Do All The Things in the long-term.

We used to have weekly summaries in Tor Weekly News, but we lost the person who was leading that, and haven't found a suitable replacement yet.

January 18, 2016

In reply to arma


Many people concerned about making it too easy for "security police" to deanonymize them will not wish to sign up for email lists. However, it is possible to read (not post to) the mailing lists by using Tor Browser to read the web archives--- follow the link at the bottom of the Tor Project home page.

January 25, 2016

In reply to arma


> We used to have weekly summaries in Tor Weekly News, but we lost the person who was leading that, and haven't found a suitable replacement yet.

I wanted to get involved in TWN, but there was no suitably anonymous/secure avenue which I could figure out how to use in a reasonable amount of time.

(I recognize that this was probably due to the fact that creating suitably anonymous ways to volunteer for TP has so far not been possible in a reasonable amount of time.)

The video is a person from the Internet pointing out that Tor doesn't provide 100% foolproof anonymity, especially against large adversaries like intelligence agencies. He cites browser vulnerabilities and traffic correlation attacks as concrete examples.

On the one hand, he is totally right: the number of ways that things can go wrong against a big adversary is very high. Using a web browser is crazy-talk against a determined and well-funded adversary. And indeed, an adversary who watches a lot of the Internet is in a good position to start doing traffic analysis. So "if your adversary is the NSA, maybe you should consider not using the Internet" would be very valid advice.

On the other hand, this person seems to think that these problems are specific to Tor. I wonder what he suggests one should do instead of using a web browser and instead of using a network of decentralized proxies? In particular, (centralized) VPNs and other proxies are much more vulnerable to exactly these traffic correlation attacks.

So to flip it around, Tor is the best we've got in a crummy situation. It's not useless -- it's better than the other options. If you instead wanted to ask "Why do people still use the Internet? It's useless anyway." then I would still want to argue with you, but I would also endorse your point. :)

All of this said, it's true that Firefox (and thus Tor Browser) could do with some more hardening. See these two links for some progress:…
And systems like Qubes, Whonix, and Tails all have some steps that improve the situation (but more steps remain!).

January 18, 2016

In reply to arma


Great rebuttal! Thanks for taking the time to write it.

I'd like to add one comment: it may be true that an activist who uses just about any web browser is essentially certain to eventually be unmasked by FVEY (or similar bad actors funded by their allies/adversaries). More generally, no matter where one lives, opposing bad governmental policies or the oppressive power of Big Money is increasingly likely to shorten your expected lifespan, sometimes quite dramatically. But given the magnitude of the humanitarian/ecological crises facing humanity in our time, no-one should let such dangers dissuade them from fighting for the human and civil rights of all persons everywhere.

Some things to think about:

o the expected lifespan of ordinary people is or soon will be shrinking all over the world, due to global health effects of air pollution, more frequent superstorms, governments less able/willing to respond effectively to natural disasters (Haiti today, LA tomorrow), famines (Sudan), or war (Syria, Sudan),

o as all the worlds governments increasingly deploy surveillance dragnets and techno-Stasi suasion/oppression programs, more and more entirely innocent citizens ("collateral damage") will fall victim to government oppression,

o the long-term social effects of income inequality around the world will only get worse as the disparities grow; US/EU persons should take a hard look at the history of Latin America for many frightening examples of why it is in everyone's interests to oppose income inequality, even at the risk of life and limb.

Basically, Nature, Wall Street etrading-- or your own government--- are going to get you and your family if you do nothing, so it makes sense to act, even though this exposes you and your family to more hazard from your government (or even other governments) in the short term.

January 18, 2016

In reply to arma


The real shame here is that Tor's design is like 90% to complete anonymity, the only thing that this global adversary has on us is tracing packetflow signatures, its a timing issue. Without this last bit of info there is absolutely nothing left to trace, but this remains the hardest problem of them all to solve, even in high latency designs.

Other than that, and this risk is shared in all anonymity networks, is that it entirely rests on having an honest guard node, and to this problem no one has really figured out how to determine if a guard is honest.

While i cant speak for the latter, the has been a signficant step in progress to produce a low latency low bandwidth mixnet in a MIT paper that was just released called "riffle", but the author concludes that without some way to sycronize the flow of packets across clients the system falls apart. So its not that a perfect system cant exist, its that it cant exist in a heavily variable environment.

Thanks for the pointer! For others reading, the paper is here:

(Gosh, there sure are a lot of great looking papers scheduled for the upcoming PETS conference. Our move to a 4-deadlines-per-year journal model has been a big success.)

(I am also sad that I haven't read most of these papers. It is still too early to tell the long term damage to Tor (and to the anonymity world in general) from pulling me out of research for a year to wear the executive director hat. Hopefully it won't be that bad. Sometimes I think I should quit six of my jobs so I can get back to research, but then I realize that too many other things would still catch fire. The real answer of course is to make me less of a bottleneck for every one of these things. We're making progress at some of that!)

January 20, 2016

In reply to arma


@ arma:

Can you please ask your MIT CSAIL colleagues to abandon their plans to sell a commercialized "spy on your neighbors through the walls" thing using radio waves for $300? Don't they have *any* respect for privacy?

You probably need no explanation from me of why I see here a weird conflict between this COTS device and apparently beneficial things CSAIL does, like hosting a major Debian repository mirror and various apparently beneficial research projects.

Something CSAIL should think about: all too often university researchers create some technology as a "solution", then look around for some supposed "problem" they can claim it "solves". This approach is guaranteed to produce bad engineering and abuse of technology. Cops are already being urged by their tech-savvy peers (on cop forums) to buy the CSAIL device for surveillance of "troublemakers" in their own homes.

Another reason why TP *must* act urgently to move away from the DARPA/SRI university research funding model is that this model is about to vanish. World Economic Forum's billionaires are mobilizing the US Chamber of Commerce and other enemies of intellectuals to lobby governments to destroy the "Cold War" model of colleges and universities entirely. So the writing is on the wall for CSAIL and maybe even for MIT:…
Report: Robots, other advances will cost humans 5.1 million jobs by 2020
Hiring gains in engineering, math; blunt advice for businesses, schools.
Sam Machkovech
18 Jan 2016

> [A recent WEF report] also encourages businesses to engage with governments and educational providers in updating high school and college systems for a new economy. "Two legacy issues burdening formal education systems worldwide are the dichotomy between humanities and sciences and applied and pure training, on the one hand, and the prestige premium attached to tertiary-certified forms of education—rather than the actual content of learning—on the other hand. Put bluntly, there is simply no good reason to indefinitely maintain either of these in today’s world," the report says.

The irony here is that the WEF report described in the article warns that millions of highly paid white collar office jobs will be lost by 2020 to commercialized AI. So CSAIL and the other AI people have made humans redundant. And now that the algorithms rule, if "there is simply no good reason to indefinitely maintain either of these in today’s world" ...

Thanks a bunch, CSAIL.

January 16, 2016


I like to read a good combination of both the people and new developements. A steady equilibrium.

January 17, 2016


If you are that fussy about getting TOR security checked by others, why is it you still retain google in many of the about:config settings?

I can understand it is not easy getting the balance right of usability versus security, but if people are stupid enough to use google services then let them type the urls in. That does not then affect those of us who know what a trawler and storer of peoples information that google is, or people who do not understand their vulnerability who use their services.

More specifics?

I see some safebrowsing stuff (which is part of Firefox, and it looks disabled). And I see a search box option (but it's not the default). I don't see much else of note.

January 17, 2016


You just can't win, can you?

I'm continually amazed at the level of patience by some in this blog's comments and on the mailing lists by some of the Tor devs.

I have watched some of the most stinky-panted trolls ramble on just to have people like arma@ reply as if s/he's patiently explaining to a three-year old that Earth revolves around the Sun, and not vice-versa. That patience is certainly necessary for an open source project that enables millions of users, not to mention the possibly thousands of other players with an active role in running relays and conducting trainings.

I do think the funding question, in particular, is a fundamental question that the TP has to continue to address. It's outright disturbing in many ways, and I think that is recognized. Frankly, it could ultimately be the downfall of the project in a way it couldn't have maybe ten years ago. I don't believe the most disconnected poster should hesitate to raise it as an issue. It reflects a smart insight.

My point? Criticisms are good, and should be expected, but think out your point and imagine it playing a productive, insightful role. In the meantime, lighten up. You can be brutal in your comments without being an asshole.

Not in Munchen

January 17, 2016


Hi this goes to any Tor developers and other clever minds out there that happens to read this!

A new protocol called IPFS is coming together and it is supposed to become a supplement for todays HTTP-protocol and eventually replace it all together.

Some URLs detailing the subject:


The project sounds quite interesting to me, but im no expert on any of it. Whats even more interesting to people around here I guess is what this could mean for the Tor network and the privacy Tor serves. From my understanding IPFS relies on technologies better known from torrenting, something the Tor community repeatedly have adviced people not to do over Tor. If this project do get sold in, so to speak, and do become a replacement for HTTP the Tor Project would have to make the Tor browser work with the new protocol. Would IPFS possibly affect Tor and privacy in a negative or positive way?
What do you think?

The IPFS design is currently quite bad for privacy because every node needs to announce to a DHT which pieces of data it has.

So, if there are a bunch of websites hosted on IPFS and you've browsed some of them (running your own IPFS client/node/whatever on your computer) you're effectively broadcasting your browsing history to the world. If you aren't using tor, you're associating your history/profile with your current location (IP address)! If you are using tor, at least your location wouldn't be known, but your browsing history being linkable is still quite a bummer.

There is some work being done to make IPFS have native tor support, and there has even been talk about advertising onion addresses on the DHT etc etc... but at the end of the day anonymous IPFS users would need to be "leeches" (not announcing that they have any pieces) which means privacy-and-participation cannot be the default... unless/until there is some other data distribution algorithm.

I and other anonymous cypherpunks are working on these things and I don't expect that IPFS will be the basis for the happy shiny privacy-friendly content-addressable p2p solution of the future because its developers don't currently seem to consider privacy a priority at all, but maybe they'll come around.

Implementing something that bills itself as "The Permanent Web" would be disastrous for user privacy, but they may have interesting methods of censorship resistance and "swarming" for better performance.

January 18, 2016


Again, for all Tor users...








January 19, 2016

In reply to arma




A very alarmed or absently minded poster (did you accidentally press the caps lock key?), or possibly someone writing a humorous parody of a troll post, wrote:


Not sure what you are talking about, but those who follow the uncensored news are aware of continuing developments in places like Russia, China, FVEY, to which you may or may not be referring.


Same comment.


Becoming non-open source? Haven't you got it backwards? Software generally has long been dominated by closed source proprietary code, while open source code was initially rare. In the past decade, open source code such as Linux distributions and Firefox web-browser have become much more widely used, which has led "the authorities" to attack open source projects with an increasing urgency.


Old news. Progressive websites like and have long discussed this, and maintains a collection of published FVEY documents from the trove provided by Edward Snowden which provide ample details on FVEY disinformation programs.


Same comment, with one quibble: the governments which do this say they have "legal authority" but this is questionable; the courts around the world have generally refused to address the issue.


The internet is probably not doomed in the sense of being about to vanish. But you are correct that we all need to be aware of OpSec concerns, and in our own defense we need to try to follow the networking-security news (and to try to ensure that the journalists who write the stories continue to have jobs).


Old news. Internet users everywhere should follow if they want to be aware of novel threats (fingerprinting has extensively discussed in Deeplinks for years--- see also EFF's panopticlick site).

January 18, 2016


They have technology beyond your wildest imaginations...

Tor is nothing. They have technology that can break Tor. What you are hearing from the NSA is just the tip of the iceberg. The real people behind decryption are able to breakup Tor data. What needs to be done is to improve the Tor's encryption methods to be more complex. This means to double or triple the encryption values or codes.

Actually, doubling or tripling "the encryption values or codes" won't even do it, if there are big enough breakthroughs in e.g. factoring.

That's why we've moved a lot of the core crypto in Tor over to ED25519:

since moving from e.g. RSA 1024 to RSA 2048 would not give us good enough security, *and* it would screw up performance too much.

Ultimately we also need to consider quantum-safe key exchange for the circuit level inside Tor. There is a proposal for it:…
But it's my understanding that right now for quantum-safe we have a choice between "practical but perhaps not actually secure", and "secure but definitely not practical". I'm hoping the crypto people continue to make good progress on the area -- we (the world) needs it.

(Oh, and if you have actual details to back up your "they have technology" statements, we are all ears.)

I endorse Roger's comments, and add some of my own:

> Tor is nothing. They have technology that can break Tor.

If you haven't read the FVEY documents leaked by Snowden which describe attacks on the Tor software/network in some detail, you should read and try to understand them. See

Note that this compendium includes links to news stories from sources like The Intercept, The Guardian, WaPo, which can help you to understand the technical details or to place the document in a wider social/legal context.

> The real people behind decryption are able to breakup Tor data.

I don't know who you mean by "the real people behind decryption" or "breakup Tor data", but it is essential to try to have an adequate understanding of the technological details. Unfortunately this will be very difficult for most users.

@ kids:

In your own defense as an ordinary internet user, you really, really need to understand modern encryption and cryptanalysis. Which means you need to pay attention in math class. Ask your teacher about finite fields, for example. It's not easy, but even in high school a good teacher will be able to lay a foundation which can help you to potentially learn more in college.

@ all:

I think there is a long-standing need to revive "civics courses" as part of a standard K12 education in the USA and other "Western democracies" [sic]. Updated to focus on staying safe online. Covering topics such as

o non-bowdlerized history of social movements, exemplified by books such as these:

+ Howard Zinn, A People's History of the United States, Harper, 1999

+ Ray Raphael, A People's History of the American Revolution, New Press, 2001

+ Jay Winik, The Great Upheaval, Harper, 2007

o dangers of sexting and sting operations (in the US, teens are often targeted by FBI in CVE stings),

o dangers/ineffectiveness (and ultimate absurdity) of dragnet surveillance:…
Spy Camp: Photos From East Germany's Secret Intelligence Files
Jeremy Lybarger
7 Dec 2013

o dangers of using employer or school provided equipment,

o dangers of citizenship scores produced by companies which sell their products to police and other governmental agencies
The new way police are surveilling you: Calculating your threat ‘score’
Justin Jouvenal
10 Jan 2016

o dangers of dragnet surveillance being used to degrade your citizenship score,

o dangers of technologically enabled "redlining" (by electoral commissions, banks, grocery chains),

o dangers of "black-box algorithms" (neural nets, we are looking at you and yours):…
Jan. 14 2015 2:03 PM
The Code We Can’t Control
David Auerbach
14 Jan 2015

o dangers of IoT, Smart Grid, Smart Homes:…
Comcast security flaw could help burglars break into homes undetected
Jon Brodkin
5 Jan 2016

o dangers of poorly secured by design home devices such as broadband modem/routers
Juniper drops NSA-developed code following new backdoor revelations
Dan Goodin
10 Jan 2016
Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears
Dan Goodin
12 Jan 2016

o danger of state-sponsored theft:
Under civil forfeiture, Americans who haven’t been charged with wrongdoing can be stripped of their cash, cars, and even homes. Is that all we’re losing?
Sarah Stillman
12 August 2013

o dangers of talking to a doctor:…
Small-Scale Violations of Medical Privacy Often Cause the Most Harm
Charles Ornstein
10 Dec 2015

o potential dangers of talking to teachers, guidance counselors, or the school nurse:…
How U.S. Schools Can Avoid Britain’s Problems with Radicalization Screening
Murtaza Hussain

o dangers of talking on the school bus, or in your own home:
The Internet of Things that Talk About You Behind Your Back
Bruce Schneier

o dangers posed to children by corrupt/inept government:…
Arrest of Michigan Gov. Rick Snyder Urged After Contaminated-Water Scandal Implicates Top Staffers
Sarah Lazare
7 Jan 2016

o dangers of ignoring history:
“Delusional and reflexive invocations of American exceptionalism”
Robin Lindley, History News Network
2 Jan 2016

o importance of risk analysis, e.g. compare risk of experiencing a school shooting viz. being struck by a car or smoking:…
No, There Has Not Been a Mass Shooting Every Day This Year
Mark Follman
18 Dec 2015

o importance of anonymity, e.g. in discussing online sensitive topics such as sexuality, medical problems, "recreational" drug use, or school policies:…
Protecting the Choice to Speak Anonymously Is Key to Fighting Online Harassment
January 13, 2016

o importance of "future proofing" communications public or private, e.g. potential consequences of ill-advised non-anonymized posts/images for your future employment opportunities and your citizenship score,

o the critical role played by encryption in the internet,

o how "Western" based companies assist oppressive governments:
EFF Wants Cisco Held Responsible For Helping China Track, Torture Falun Gong Members
15 Jan 2016

> What needs to be done is to improve the Tor's encryption methods to be more complex.

o preparing for police assualts, interrogation, torture, and solitary confinement:…
Terrorizing School Children in the American Police State
Henry A. Giroux
6 Nov 2015…
Nebraska routinely holds children in solitary confinement, report finds
Mahita Gajanan
6 Jan 2016

Because these are all things future voters/citizens need to know.

Returning to the importance of understanding the technology of modern cryptosystems and how our enemies target them:

It is important (but maybe too hard for most) to try to understand the disparate known or potential technical threats against various kinds of encryption used in various ways by the Tor network, but it is *essential* to understand that encryption protocols are rarely the weakest link in our attempts to maintain/enhance online security/anonymity.

As an example, a recent news story not up the standards we should expect from Motherboard failed to adequately stress that the described attacks almost certainly do *not* involve cryptanalysis of the cryptological algorithms (a public-key encryption algorithm and a symmetric encryption algorithm) which protect PGP/GPG-encrypted communications, or any other kind of "passive cryptanalysis":…
Cops Say They Can Access Encrypted Emails on So-Called PGP BlackBerrys
Joseph Cox
11 Jan 2016

> Dutch investigators have confirmed to Motherboard that they are able to read encrypted messages sent on PGP BlackBerry phones—custom, security-focused BlackBerry devices that come complete with an encrypted email feature, and which reportedly may be used by organized criminal groups. “We are capable of obtaining encrypted data from BlackBerry PGP devices,” Tuscha Essed, a press officer from the Netherlands Forensic Institute (NFI), told Motherboard in an email.

This story was refactored by many "mainstream" news sites and became even more misleading in the re-telling, further encouraging readers to believe the content of the story is that "PGP/GPG has been broken", which is almost certainly not at all true.

The true facts as they are known: NFI was apparently bragging about one or more commercial devices (hardware plus software) such as Cellebrite's UFED 4PC (Universal Forensic Extraction Device for PCs), which are widely used by LEAs in many nations including USA/EU.

Cellebrite was founded in Israel by former members of a secretive agency which is Israel's nearest equivalent to NSA. To market to USG, they needed to relocate their corporate HQ to the US (they are now in NJ), but the technical development of Cellebrite products has always been done almost entirely in Israel. Cellebrite has about 300 employees there, far outnumbering the number of TP employees. But this comparison should be understood in the context of the huge variety of hardware devices, software, and encryption protocols which these companies attack on a daily basis--- long story short, they have severe problems of their own, so there is actually some hope for the consumer here.

Quite a bit is known about Cellebrite devices (and similar devices sold by their competitors) because brave journalists have risked arrest/beatings by infiltrating international Surveillance Industry trade fairs and have published technical documents describing how these work. In addition, there are several "surveillance journals" which publish technical articles on "forensic extraction" from devices such as encrypted cell phones.

Long story short: companies like Cellebrite can generally only obtain readable decryptions of stored messages from an encrypted consumer device, such as an encrypted Blackberry, if the attackers has physical possession of the consumer device. The attack device, such as UFED 4PC, generally does not attempt direct cryptanalysis, but rather attempts to evade the cryptography used to protect the device itself, by "imaging" (copying) the contents of the memory of the running device to searching for raw encryption data which must typically be kept in memory in order to use the device. It's an attack on "data at rest", not "data in motion" (the kind which PGP/GPG tries to protect).

If you use GPG you should read the documentation, in particular the warning that the weakest point of PGP/GPG is your keyring (data at rest). The heroic developer who provides GPG (only recently has he gotten serious help from some other devs) warns users to keep their key rings off line, perhaps in an encrypted USB stick, to avoid making it too easy for devices like UFED 4PC to try to use their trickery to decrypt the long-term storage of your PC, tablet, laptop, or smart phone. Unfortunately, this can be hard to do if you use most smart phones, but at risk users should explore their options.

> The attack device, such as UFED 4PC, generally does not attempt direct cryptanalysis, but rather attempts to evade the cryptography used to protect the device itself, by "imaging" (copying) the contents of the memory of the running device to searching for raw encryption data which must typically be kept in memory in order to use the device.

A similar problem affecting recent Linux kernels, which may be remotely exploitable:…
Linux bug imperils tens of millions of PCs, servers, and Android phones
Vulnerability allows restricted users and apps to gain unfettered root access.
Dan Goodin
19 Jan 2016

> The bug is indexed as CVE-2016-0728. Major Linux distributions are expected to make fixes available as early as Tuesday.
> ...
> [It] was introduced into the Linux kernel in version 3.8 released in early 2013, resides in the OS keyring. The facility allows apps to store encryption keys, authentication tokens, and other sensitive security data inside the kernel while remaining in a form that can't be accessed by other apps.
> ...
> To demonstrate the risk the bug posed, the researchers also developed a proof-of-concept exploit that replaces a keyring object stored in memory with code that's executed by the kernel. The vulnerability is notable because it's exploitable in a wide array of settings.

Not sure whether this could be a problem for Tails users.

Scary bug in the keyring facilty in recent Linux kernels, but probably not remotely exploitable, so hopefully not a huge concern for Tails users?

> CVE-2016-0728
> The Perception Point research team discovered a use-after-free vulnerability in the keyring facility, possibly leading to local privilege escalation.

> What needs to be done is to improve the Tor's encryption methods to be more complex.

Actually, a basic maxim of communications security holds that complexity is the enemy of security.

Modern encryption systems are, on the surface, quite different from those discussed in the classic book on cryptanalysis (the one which inspired Whitfield Diffie):

The Codebreakers
David Kahn
MacMillan, 1967

Nevertheless, the lessons of that book remain as relevant as ever, in my view, and every regular reader of this blog should probably study it.

Two reasons why good cryptography tries to conform to the KISS principle:

o simple systems are harder to mess up (whether deliberately or through ineptitude)

o serious bugs in simple systems are more likely to be caught sooner by the supposedly continuously staring gaze of millions of hypercritical open source coders

The latest example:…
Crypto flaw was so glaring it may be intentional eavesdropping backdoor
Network tool contained hard-coded prime number that wasn't prime after all.
Dan Goodin
2 Feb 2016

> An open source network utility used by administrators and security professionals contains a cryptographic weakness so severe that it may have been intentionally created to give attackers a surreptitious way to eavesdrop on protected communications, its developer warned Monday.

> They have technology beyond your wildest imaginations...

You mean those nanospybots inside our brains which make WiFi connections to send incriminating data to thought police servers?…
In a brain, dissolvable electronics monitor health and then vanish
Beth Mole
19 Jan 2016

Actually, as the article explains, current models can only connect to wearable repeaters, so currently this technology can probably not be deployed without the knowledge of the surveillance victim. But yes, over the next few years, we can expect to see the usual roster of oppressive governments (China, Russia, FVEY, Vietnam) mandate forcible implants of things like WiFi repeaters allowing "the authorities" to monitor the brains of political dissidents under house arrest.

A more credible *current* threat to US persons not under house arrest are the devices sold by NSA-tied companies (the hubbie of former NSA SIGINT Director Teresa Shea is an exectuve in a half dozen of these companies) which can remotely convert set-top cable boxes, "Smart Home" thermostats and other IoT devices, into audiovideo bugs.

Those devices are essentially purpose-built clandestine surveillance devices disguised as "testing devices". Silver Push is one company which is already doing in-home surveillance for "marketing", but such companies are sure to desire to "diversify" to providing in-home-surveillance-as-a-service for police and other government agencies. For example, city governments may want to know what voters are saying about the Mayor inside their own living rooms:
The Internet of Things that Talk About You Behind Your Back

> SilverPush is an Indian startup that's trying to figure out all the different computing devices you own. It embeds inaudible sounds into the webpages you read and the television commercials you watch. Software secretly embedded in your computers, tablets, and smartphones pick up the signals, and then use cookies to transmit that information back to SilverPush. The result is that the company can track you across your different devices. It can correlate the television commercials you watch with the web searches you make. It can link the things you do on your tablet with the things you do on your work computer.

> They have technology beyond your wildest imaginations...

You mean devices which can simultaneously bug the cell phones of everyone in an area of several square miles?
The Feds Are Now Using ‘Stingrays’ in Planes to Spy on Our Phone Calls
Kim Zetter
14 Nov 2014

> It’s bad enough the government has been skulking around in cars and vans with a little device that can impersonate a cell phone tower and track you. Now, in a move that should surprise no one, it’s taking to the skies to expand its tracking reach, in a move that would also allow it to collect data on more people at once.…
Stingrays: A Secret Catalogue of Government Gear for Spying on Your Cellphone
Jeremy Scahill, Margot Williams
17 Dec 2016

> The Intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies [and by local, state and federal US law enforcement agencies including but not limited to FBI, USMS, USSS, DEA]. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States.
> The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.
> The Intercept obtained the catalogue from a source within the intelligence community concerned about the militarization of domestic law enforcement. (The original is here.)…
Dirtbox Over Disneyland? New Docs Reveal Anaheim’s Cellular Surveillance Arsenal
Matt Cagle
27 Jan 2016

> Anaheim Police have spent almost a decade secretly building an inventory of powerful cell phone surveillance devices and making them available to neighboring cities in Orange County, documents obtained by the ACLU of California reveal.…
California Police Used Stingrays in Planes to Spy on Phones
Kim Zetter
27 Jan 2016

> The government’s use of a controversial invasive technology for tracking phones just got a little more controversial. The Anaheim Police Department has acknowledged in new documents that it uses surveillance devices known as Dirtboxes—plane-mounted stingrays—on aircraft flying above the Southern California city that is home to Disneyland, one of the most popular tourist destinations in the world.

The Anaheim PD's plane is a Cessna 208B, tail number N508BH, which Anaheim cops boasted some years ago, is "loaded with technology" and "dedicated to surveillance".

(FAA invites LEAs to choose their own tail number, and APD chose to honor a deceased pilot who died in an aircraft accident when the plane he was piloting crashed on takeoff following a long weekend, killing him and his passenger. Even if you don't fly in small planes, your chances of being killed in a small aircraft accident are greater than your chances of dying from an IS attack, according to FAA statistics, because some of the 50,000 who perish each year from this cause were sitting in their living rooms when their home was struck by a falling plane.)

Just imagine what FBI would have done with aerial "Dirtboxes" and handheld KeyW "cell site simulators" in 1963.

Every last person among the 250 K who attended this protest would surely have been secret watchlisted, since the speaker who so eloquently addressed the crowd was being bugged by FBI, which suspected him of masterminding a "Communist takeover" of the USA (hard to believe, but very well documented):

Imagine what FBI would have done with hand held KeyW "cell site simulators" in 1970. Every last person among the 2000 survivors of this student protest would have been watchlisted:

And even decades later, every time they were pulled over for a routine traffic stop, they'd be subjected to extra harrassment or even (if black) subject to a heightened risk of becoming another unarmed person whose life ends as an "officer involved shooting" statistic, all because an elevated "threat score" popped up on the police cruiser laptop. Elevated on the grounds that (according to an untested bit of pseudoscientific lore enshrined in NCTC CVE doctrine) "past exposure to a mass shooting makes witnesses more likely to themselves commit a mass shooting" [sic].

Abuse of logic, like every other kind, flourishes in the secrecy with which NCTC and other post 9/11 agencies surround their mysterious aerial activity.

> devices which can simultaneously bug the cell phones of everyone in an area of several square miles... aerial "Dirtboxes"

The specific DRT device bought by Anaheim PD for use in their spy Cessna N508BH appears to be this model:
DRT 1201C
Survey Equipment
“Mount in an aircraft to fly over the crowd”
Review by Jennifer Lynch
Senior Staff Attorney, Electronic Frontier Foundation

> The DRT 1201C provides a compact, yet powerful, surveillance capability against a variety of analog and digital wireless standards. The DRT1201C can be configured to support DF, digital voice intercept/recording, supports target lists of up to 10,000 entries, and has a flexible tuner configuration which provides frequency coverage of all bands of interest. Up to four tuners can be incorporated in unit.
> - Monitors up to 544+ half-duplex channels (32+ channels per WPM3).
> - Software configurable to process various wireless standards.
> - Processes multiple formats simultaneously.
> - DF [Direction Finding] option available.
> - Flexible tuner configuration provides frequency coverage of all bands of interest.
> - RFT3: Dual channel transceiver VHF/UHF coverage from 2-3000MHz; HF from 0.5 - 32 MHz
> - HFT1: High performance HF receiver from 0.2-30 MHz
> - MUT1: Microwave receiver from 0.2-8.5 GHz
> - FPGA based Wireless Processor, WPM3, enables wideband signal processing. Can also generate 32+ narrowband signals.

If you didn't catch that, should a drone carrying a 1201c fly along a microwave relay link, it can intercept and record all the phone calls (including land line) carried by that link.

The capability to intercept 10,000 voice calls simultaneously would enable APD or other agencies to spy on everyone attending a major public event, or maybe even a large fraction of people visiting Disneyworld.

DHS helicopters have been observed hovering for extended periods at about 8000 feet while electronic evidence suggests "cell site simulators" were in use. At that altitude DHS can probably spy on all WiFi transmissions from an entire city, in real time. The high altitude hovering behavior may also be associated with Wide Area Surveillance using high definition multispectal zoom cameras which are carried in a black turret under the belly (not in the nose; compare FBI's Bell Jetranger spycopters).

> handheld KeyW "cell site simulators"

Correction, a sophisicated DF (Direction Finding) gear. Perfect for the Gestapo:
Direction Finding Systems

> - 6 band GSM, CDMA and UMTS receiver capable of detecting and measuring RSSI
> - Uses either internal antenna or external antenna
> - Audible alert via Bluetooth or wired ear piece
> - Channel scan feature stops at GSM TCH detect - High and low gain selectable
> - COTS - releasable to conventional forces
> - Dense environments increase difficulty of DF operation
> - Utilized for close in DF operations; difficult to identify targets from distance
> - 3-4 hours of operation

January 18, 2016


reading so many provocations - from noobs, drugged, drunk, volunteers, us users or elected people - especially about this campaign & nsa/fbi ; i wonder the reason why this blog stays opened for the user 's comments ....... ridiculous .....

> volunteers

This is the TP blog, so of course Tor employees and volunteers post here.

> especially about [the funding] campaign

Where else would TP announce it but the Tor blog?

> nsa

NSA is the universal enemy of all People everywhere, so of course users mention it frequently in the comments on the posts.

> noobs, drugged, drunk, volunteers, us users or elected people

Is there *any* category of living things which you do not dislike?

If this blog upsets you so much, and if you hate Tor and Tor users so much, why are you even here?

I think you're misunderstanding the original poster. I think he/she was lamenting the low signal-to-noise ratio in the comments here, and agreeing that keeping the comment section was not without its downsides.

January 23, 2016

In reply to arma


@ arma:

I still don't interpret the cited post the way you do.

> lamenting the low signal-to-noise ratio in the comments here.

I hope you don't mean to imply that *you* feel there is a low signal- to-noise ratio in the published blog comments (not the namecalling kind).

Freedom of speech/expression is also idle gossip and / or disrupting creating an unpleasant background noise by preventing saturation open to good and productive directions.

Never. Nobody ever had any plans to actually build them. They were research papers, written by researchers with the goal of furthering the science and understanding of anonymity. You were unfortunately misled by journalists whose incentives are to write inflammatory and misleading articles.

On the plus side, we talk to these researchers often, as part of the larger community of people who attend the PETS conference:
The next PETS will be outside Frankfurt in July. You could attend!

January 20, 2016


Problem is ISIS use your anonymous browser too. So you need the ability to track down the ISIS users. Or else they will abuse Tor Network that all of us the whistle blower use to save our neck. I think the TOR network must increase their security so Tor can't be misused by the ISIS and the like.

> Problem is ISIS use your anonymous browser too.

IS is a problem for some people, but clearly it is not a "problem" created by Tor, nor is it a problem which TP can "solve".

Islamic State (IS) was created by a combination of

o atrocious abuses by the Assad family,

o the cynical, cruel and short-sighted/desperate foreign policies of US and its principle allies in the region (Saudi Arabia),

o cynical and cruel foreign policies of adversary nations of the US (Iran).

Or perhaps one should say: if particular people had not created a particular movement in response to the conditions created by those three blocks, someone else would have created a similar movement.

See the journal Foreign Affairs for many many opinion pieces expressing very similar views.

> So you need the ability to track down the ISIS users.

You who?

IS may be an existential threat to the Assad regime, but it is certainly not an existential threat to FVEY nations, despite all the media hype.

In any case, FVEY claim they have no problems tracking IS fighters and leaders using other means.

> Or else they will abuse Tor Network that all of us the whistle blower use to save our neck.

The problem with your notion is that if TP somehow enabled some government (US? Saudi? Assad?) to track some category of persons suspected of involvement in something said government dislikes (IS? Black Lives Matter? Human Rights Watch?), the same mechanism could be abused by other governments (Vietnam? Thailand? Canada) to track some other category of persons (antimonarchist bloggers? opponents of arctic oil drilling?), and indeed by corporations (Monsanto? US Bank?) to track other categories of "suspects" (chemical plant safety inspector whistleblowers? insider trading whistleblowers?).

January 20, 2016


How to scramble the Tor Browser fingerprint strings? Browser site tests still identify tor users with unique fingerprints. The major factor is the font lists. This is what identifies you uniquely.

The goal of Tor Browser is not to make all the Tor Browser users blend in with Chrome, IE, etc users. It's to make all the Tor Browser users blend with each other.

So scrambling the user-agent isn't going to move you closer to this goal.

I agree that font enumeration attacks are a thing:…
Tor Browser has some partial fix for this issue. There's a usability tradeoff -- if we restrict the font lists too far, then reading pages becomes so hard that reasonable people give up.

For current work, see this parent ticket:

February 02, 2016

In reply to arma


So it is advisible to set useragent as "TorBrowser"? When it is going to be realized? Will it be in Tor Browser 6.1?

January 21, 2016


Zionism is a very real threat. It is no longer a tin-hat conspiracy. The evidence has become overwhelming.

Tor needs to give serious consideration to emerging threats that transcend both technical, political, and geographical barriers. Yes, everyone is complaining about the Muslim threat, but there is always two sides to a coin and Tor should be prepared.

Watch your back Tor, the media can sick the dogs on you with the snap of their finger. Your recent inclusion of heavy Judaic-influence (as seen in your advertising campaign and new roster) does work in your favor, but how long can that possibly last when being non-biased and "free" as your project claims to be?

Long live Tor.

I don't follow your reasoning, but you might be interested in this:

Muslim refugees in Wales were, until very recently required to wear very visible red armbands in order to obtain food, and they are being housed in homes with bright red doors. This has led to them being singled out for some nasty abuse from unwelcoming members of the public:…
Wristbands and red doors for refugees: history is not repeating itself, but it is rhyming
Giles Fraser
25 Jan 2016

It's all of them (bad governments) against all of us (suffering innocent ordinary people).

This may interest you:

The Intercept has just published a new tranche of documents from the Snowden trove, which prove that NSA/GCHQ have been intercepting (and in some cases decrypting) live imagery feeds from Israeli, Syrian, and Iranian government drones. Further, the US President was personally interested in obtaining evidence which he could use to deflect criticism of "collateral damage" in his own drone strikes by leaking evidence that Israel, Syria, Iran (and in recent months, Saudi Arabia) are all executing their own drone strikes in neighboring nations.…
Spies in the Sky
Israeli Drone Feeds Hacked By British and American Intelligence
Cora Currier, Henrik Moltke
29 Jan 2016…
Anarchist Snapshots
Hacked Images From Israel’s Drone Fleet
Cora Currier, Henrik Moltke
29 Jan 2016…
NSA, GCHQ used open source software to spy on Israeli, Syrian drones
Image tools unscrambled encrypted analog video feeds, documents reveal.
Sean Gallagher
29 Jan 2016

Even well-educated people in "the West" seemingly still tend to assume that drones are somehow a FVEY (read "white person") monopoly. But in fact, sophisticated surveillance drones (some of them armed with assassination missiles) are deployed by a rapidly growing number of nations, including China, Pakistan, India, the Koreas, Singapore, Malaysia, etc. Further, Chinese surveillance/strike drones in particular are in some cases more advanced than US drones.…
Asian region UAV capability on the rise
The Unmanned Aerial Vehicle (UAV) industry is one of the fastest growing military aviation markets.
19 Dec 2012
Martin / Johannesburg

Iranian TV recently aired a video from an Iranian drone which flew right over the flight deck of a nuke armed/powered US supercarrier in the Persian gulf, possibly in an attempt to collect ELINT about its sensors, or possibly in a bit of grandstanding for the home audience. (The USN huffed that flying a drone over its warships is "unprofessional". Apparently the admirals think there is a Code of Conduct for drone operation which precludes flying near a potential adversaries' military assets. If so, they must also believe that the supposed Code exempts all US military drone flights from such limitations.) However, it is important to remember that the most dangerous use of Iranian government drones is not spying on US supercarriers (too large to shoot?) but spying on its own citizens, especially any who dare to participate in street protests.

IAI, the maker of the Heron TP drone, the largest and most sophisticated spy/strike drone in the Israeli pantheon, is busy selling its drones all over the world, and is trying to sell them to US megacorps (mainly banks and oil companies--- the oil companies say they need to protect their facilities from environmentalists and terrorists using surveillance platforms rather more sophisticated than anything yet available to most local police forces; the banks typically feel no need to explain why they are buying military gear from overseas companies.) IAI drones are already familiar sights in certain parts of the US, where IAI (and other foreign companies) have been invited by the USG to "test" their spy/strike drones on the American public.

It is also notable that most of the 300000 privately owned drones which have thus far been registered by the FAA are Chinese made models. In an even more worrisome trend, many US local and state police agencies are using Chinese made "forensics" devices which extract information from seized electronic devices. One reason for the concern is that these devices typically share the extracted information with their manufacturer back in China, so if your phone or laptop is seized (or handled) by a US cop or security guard for any reason, there is a good chance your information is also in Chinese government databases. On cop forums, some articles lauding the latest Chinese forensic devices (cheaper and more flexible than comparable American made devices) mention this issue, but only as something which could land a cop in hot water with NSA (apparently a merely theoretical concern so far, since I have not yet heard of a single case of NSA screaming to DOJ that a police agency is sharing sensitive information about US persons with Chinese servers).

It's all of them against all of us.

You may be interested in this:…
Don’t blacklist me: Banning the boycott of U.S. allies would keep us from using a powerful tool to fight for justice for Palestinians
Rebecca Vilkomerson
2 Feb 2016

> The State of New York may blacklist me for working for justice for Palestinians.
> I am the executive director of Jewish Voice for Peace, an organization inspired by Jewish tradition to work for the full freedom and equality of all the people in Israel/Palestine. A part of our work includes campaigns boycotting specific companies to create pressure to cease contributing to Israel’s oppression of Palestinians.
> On Jan. 20, the New York state Senate passed a bill that would make boycotting countries allied with the United States illegal. The bill requires the state to create a blacklist of “persons” (individuals and companies) that boycott or encourage others to boycott U.S. allies. While the bill references other countries as well, its supporters have made clear their main motivation is to protect Israel from censure. This bill comes in the wake of similar legislative efforts in Congress and in state legislatures around the country, including Illinois, Florida, California and Pennsylvania.

A growing student movement on US college campuses, the BDS (Boycott, Divestment, Sanctions) movement, seeks to force the Israeli government to end its occupation in Palestine:,_Divestment_and_Sanctions

BDS is modeled on the highly successful Apartheid era divestment movement (which also originated on US college campuses) which many credit as ultimately leading to the end of Apartheid system in South Africa. No surprise then that the Israeli government is treating it as a very serious threat, and spying intensely on student activists involved in it. No surprise certain elements of the US political elite are also reacting strongly against BDS, as it reacted strongly against the Antiwar movement during the US war on Vietnam:…
Florida Legislators Quietly Vote to Strip State Funding From Groups Associated With BDS
Christine Baniewicz
16 Feb 2016

> This bill poses a direct threat to the position that universities have traditionally upheld in relation to dialogue on politically contentious subjects. From the US civil rights movement, to the boycotts and protests against South African apartheid in the 1980s, up to the modern-day push to divest from fossil fuels, universities have provided a space for voicing political dissent and challenging destructive ideologies. They are the nexus and incubators of grassroots movements that have without a doubt improved our country.
> ...
> The bill, should it become law, would set a grim precedent by allowing Florida to compile a list of organizations associated with the BDS movement, which promotes the boycott, divestment and sanctioning of Israel. According to the language of the bill, any group that lands on this list would be ineligible to bid on government contracts or receive state funds.
> ...
> This bill - and the others like it currently making their way through California and Illinois legislatures - threatens that legacy by financially muzzling one side of a growing conversation on the United States' role in the Israeli-Palestinian conflict.

Other bills seek to insert language into trade agreements such as TTIP which will prohibit the US Congress from passing boycotts and would prohibit the US State Department from imposing economic sanctions.

This may interest you:

Not everyone appreciates that among those who harbor a decades-old deep down burning unquenchable hatred for IDF are.... veteran employees of NSA. In fact, IDF and NSA virtually have been nursing a blood feud, although it is of course a Top Secret blood feud.

Why? No, not because Israeli spooks are even more of a headache for NSA than Chinese or Russian spooks. Although that doesn't help.

No, the reason for the blood feud is that IDF once shot up an NSA spy ship, and NSA people got killed. Israel claimed it was all an awful mistake and NSA shouldn't have been sailing into a Middle Eastern war zone the way they did (and they have a point there, as even NSA veterans now agree), but no-one believes this. It was obviously a deliberate decision taken to keep NSA from collecting hard evidence of a genocide being conducted by a future head of state a few miles inshore. For more information, see The Puzzle Palace, by James Bamford.

To prevent possible misunderstanding: yes, decades ago, NSA wanted to catch IDF in a genocide. But nowadays, NSA is deeply committed to a much larger genocide of its very own. So perdition to both their houses.

This may interest you:…
Greatest Threat to Free Speech in the West: Criminalizing Activism Against Israeli Occupation
Glenn Greenwald, Andrew Fishman
16 Feb 2016

> THE U.K. GOVERNMENT today announced that it is now illegal for “local [city] councils, public bodies, and even some university student unions … to refuse to buy goods and services from companies involved in the arms trade, fossil fuels, tobacco products, or Israeli settlements in the occupied West Bank.” Thus, any entities that support or participate in the global boycott of Israeli settlements will face “severe penalties” under the criminal law.

(Glenn Greenwald happens to be Jewish, but has never hesitated to criticize the Israeli government, or any other, when it acts in an inhumane manner. Many Israel activists also oppose their government's policies in the Occupied Territories.)

Similar laws are apparently under consideration in some US states, and may be introduced in the US federal congress.

Appears to be true:…
But it's not a new thing. It's talking about an event from 11 months ago.

I also haven't figured out what sort of browser payload was involved. Some of the articles seem to imply that it was flash, meaning they would only have gotten to people who decided to use something other than Tor Browser.

January 23, 2016

In reply to arma


How will it work on mobile users? I'm sure atleast a tiny percentage of those 1300 people used mobile phones.

You may be interested in this:…
Appeals court: Evidence stands against man who used Tor-enabled child porn site
Cyrus Farivar
26 Jan 2016

> The NIT, as Ars has reported previously, is a type of malware designed to unmask Tor users by using a Flash-based exploit. When deployed, it reveals a Tor users' true IP, which through a subpoena can be used to identify a particular person. (This particular Tor vulnerability that allowed the NIT to operate was fixed in 2013.) The FBI is known to have deployed its NIT after seizing and continuing to operate at least two different Tor-based child porn sites, Playpen and PedoBook. It was also used to reveal users of Freedom Hosting, which hosted some legal websites, like TorMail.

Please let us know if you learn more details on exactly what browser attack they used for this one. For example, was it something that worked against Tor Browser, or was it something (perhaps flash-based) that worked on Tor users who were doing it wrong?

January 29, 2016

In reply to arma


I only know what I read in the news. I certainly hope Citizen Lab or other researchers will be able to come up with more useful information for defenders.

January 22, 2016


Thanks Tor for censoring my perfectly legitimate comment regarding the historical power constructs behind arma's previous comment. There was no name calling, there was no malice involved, there was no spam, there was no harm to anyone: you simply censored my words for no legitimate reason.

arma and Tor: you are proving this organization to be terribly hypocritical. Simply providing numbers in an attempt to prove who your real backers are only proves that you are subservient to your own Government and want to keep up appearances. If you want true transparency, make your private correspondence public.

Shame on you all for censoring. Long live I2P.

I'm guessing you're the zionism person?

No conspiracy, just a period of several hours where we happened to not be sitting at the blog comment approval screen, leading you to jump to conclusions. Sorry.

January 23, 2016

In reply to arma


Apology accepted and I apologize for jumping to conclusions, but that was more than several hours (almost a day had passed) and I claimed no conspiracy, just censorship.

I cant believe arma actually reads these posts. What a trooper!

January 28, 2016

In reply to arma


My contributions here are routinely censored. When someone volunteers to remove spam, is it simply erased or is there a way for other volunteers to review what's been hidden from view? If the censored posts are in fact still there but hidden, I would request an occasional second opinion.

> Simply providing numbers in an attempt to prove who your real backers are only proves that you are subservient to your own Government and want to keep up appearances.

I think you are badly misreading the situation, possibly owing to a lack of familiarity the Cold War style USG funding models for academic research (MIT) and research labs tied more or less closely to the US military (Lincoln Labs, NRL, old style SRI).

I hope Roger will correct me if I get anything wrong, but my guess for why TP adopted the funding model we all now agree was flawed runs like this:

Because the founders of TP were accustomed to obtaining grants under this model, it was natural for them to obtain the initial funding for Tor using such research grants from already familiar granting agencies like DARPA. As time went on, they kept doing things this way because they were busy, and didn't have the time to learn other funding models.

Fortunately, the new Executive Director has a lot of experience with more appropriate funding models, and I am very optmistic that over the next few years, TP will come to look less and less like a USG created/supported creature. That will be good for everyone who loves Tor.

> If you want true transparency, make your private correspondence public.

Private correspondence with who?

I don't think you've really thought this through.

January 26, 2016


Conspiracy theory is still in its infancy, but might nonetheless be helpful here in teaching mathematically able readers how to assess the plausibility of a claim that an organized (governmental, corporate) conspiracy has succeeded in convincing everyone of something which is not true, or covered up something shocking which is true.


On the Viability of Conspiratorial Beliefs
David Robert Grimes
26 Jan 2016

the author proposes a simple hierarchical model (Poisson, binomial) of an organized conspiracy which he uses to estimate how likely it is that the conspiracy been unmasked (whether by deliberate leak or accidental screwup) after a given amount of time has passed. The formula he comes up with is

L = 1-exp(-t(1-(1-p)^N))


p = specific rate of exposure (per person per year)

t = duration in years

N(t) = number of conspirators as a function of time

For p very small (say p < 1/N/t) this is about

L ~ p t N(t)

but this approximation is only valid in the uninteresting regime where the conspiracy has almost certainly not yet been revealed.

Grimes considers a number of simple models for N(t). For example, he suggests a Gompertz survival function in the case of a coverup of a single embarrassing incident known to a fixed number of people, who either go to their deathbed without talking, or eventually reveal what they know to a reporter. Given the many questionable assumptions in his model, I think this may be the scenario in which is formula may be of real use in making a back-of-the-envelope estimate of how long conspirators can reasonably expect to keep the secret--- with "forever" unfortunately being a very real possibility, since the L curve rises to a maximum and then decays as the people with knowledge of the secret gradually die without revealing it. He also discusses the cases of exponential decaying N and constant N.

Grimes's principal aim is to provide a plausibility argument that claims of some very large conspiracy (for example, a systematic coverup by corporate and government officials of the putative fact that a cure for cancer is already known in secret to the healthcare industry) are implausible.

Grimes uses three genuine conspiracies to estimate order of magnitude guesses for what might be a reasonable assumption for the specific leak rate p in the case of very large conspiracies:

o NSA's PRISM program,

o the Tuskegee syphilis experiment,

o the FBI "forensic science" [sic] scandal (specifically the one involving hair samples, but he could have used bite mark analysis or a number of other debunked methods),

Interestingly, all of these real conspiracies have been mentioned in this blog at least once during the past year.

The estimate of p which he comes up with for these three conspiracies are in the range of 10^-4 to 10^-6 (i.e. there was a one in a million chance that any given NSA employee would leak the existence of PRISM some time in the next 12 months, until Jun 2013 when Snowden revealed the ugly truth).

Grimes does discuss some of the limitations of his model, and he attempts to overcome these by lowballing his estimates of p and highballing his estimates of N. (As he notes, very few NSA employees had direct knowledge of the true scope of PRISM, but he chooses to assume N = 30000, the approximate number of NSA employees during the period in question.)

One of the features of the three real conspiracies used by Grimes which he entirely neglects to model is the interesting fact that all three conspiracies were in fact known to many people outside the circle of conspirators for many years, but their warnings were repeatedly dismissed or suppressed by vilification campaigns.

In the PRISM case, it is important to recognize, I think, that even when Snowden defected to the people and presented a huge trove of authentic documents proving in detail the accuracy of every claim the whistleblowers had been making for years, had he not shown these to three of the few reporters with the courage to publish them (fortunately their editors backed them up in face of considerable intimidation from NSA), our claims about dragnet surveillance would very likely have been considered "insane" even decades hence.

One of the features of NSA's behavior in recent decades which always amazes me every time I think about it is the fact that agency leadership paid so little attention to the question: how likely is it that this stuff will be exposed after t years? Contrast this with the interesting factoid that decades ago, some NSA employees were quite conscious of the agency's interest in debunking conspiracy theories generally, on the principle that anything which helped to persuade the majority of people that "all conspiracy theorists are nuts" would help the USG to keep its real secrets, which in so many cases turn out to be far more terrifying than any concern a self-respecting schizophrenic might concoct.

(Search for "Broken Arrow" and "Bent Spear" for some really scary secrets which were successfully covered up for many many decades by the USG--- the kind for which a Gompertz survival curve model is arguably appropriate.)

So can Grimes's formula help TP debunk the claims of the form "TP is aware of hidden flaws which NSA uses to track everything Tor users do on-line"? It's intended for massive conspiracies, but suppose on the order of 100 people (5 key TP employees and 95 NSA employees) know of the alleged secret unfixed flaw. Suppose the specific leak rate is 0.0001. (To use the formula as given by Grimes we must assume NSA and TP employees are equally likely to blab, a suggestion which NSA spooks are likely to consider insulting, and I want to make sure they notice the insult!) Then the probability that the alleged awful truth will have leaked after ten years is about 0.005. Not very helpful for the purpose of debunking, but increasing p to 0.001 increases the probability to about 0.6.

Some interesting feedback on what I wrote above. Paraphrasing:

CIA: Three groups within the agency perennially at odds: operational, analysts, and leadership. First group sees opportunities for high-risk high-payoff operations and wants to immediately execute, but frustrated by directives to do something else entirely which is often even more risky, with no obvious payoff, so they drag their feet and don't commit to operations they are sure will only expose them to pointless risks in the field. Also frustrated by lack of credit for claimed successes when they are allowed to do their thing. Second group frustrated by lack of recognition of the agency's repeated operational failures, wishes agency took fewer risks and focused on gathering information rather than influencing events. The analysts have used sophisticated risk analysis for decades, even creating sophisticated models of specific people and their interactions, but leadership never really uses the results of this risk analysis, rather makes decisions based on short term personal career gain for whoever makes a given go-no-go decision. Third group is distrusted by all (including themselves). The only thing the three groups have in common: deeply entrenched and corrosive cynicism.

NSA: Conspiracy theory is hardly in its infancy. Some elementary results carry over with minimal modification from survival theory. More advanced viewpoint: conspiracy theory is part of systems theory, and the central problem (what is the likelihood that a proposed conspiracy will be revealed in some time range?) is essentially the same as the problem: what is the likelihood that the system will fail in some time range? More recent work uses complicated models organized via Bayesian networks. After Snowden, leadership became very concerned with preventing further leaks. Different people probably can indeed be characterized by different "intrinsic leak rates" p, and this can be modeled using Poisson mixtures. The overall probability of exposure is then dominated by the weakest link, so there is some mathematical justification for the agency's current obsession with "insider threat programs". But these will ultimately fail to prevent future leaks, and will weed out the creative thinkers who are precisely the employees needed to force the agency to reform itself from within. A nihilistic sense of futility is endemic within the agency.

Underground: revolutionaries should certainly explore conspiracy theory, with the twin goals of exposing our enemies and baffling them about our own future operations. Parallel designs (avoid system failure when weakest link fails) may hold some promise here. Our much smaller numbers and flexibility give us critical inherent advantages over enormous buracracies, which conspiracy theory can perhaps quantify.

USG geophysicist: reading Newton on math or physics, after deciphering archaic notation, scientists are always impressed with the modernity of his thinking. But isn't that simply a reflection of the extent to which modern physicists and mathematicians are intellectually virtual clones of Newton? Reading Newton on God's well-known predilection for moving in conspiratorial ways, a scientist is always impressed by his unexpected affinity with modern mystics. Could that be a reflection of the fact that Newton's influence extends well beyond modern science to modern pseudoscience?

I don't buy the Newton-is-in-all-our-heads conspiracy theory, but it certainly is provocative!

Regarding the perpetual failings of NSA/CIA: these agencies were born of the Cold War. The modern US military was born in WII. All grew to maturity with the military industrial complex. Despite much lip service paid to "adapting" to the reality of contemporary national security threats, in the end all of these entities are primarily concerned with preserving the enormous budgets of the complex, which entails terrifying the political leadership with enormously exaggerated warnings of existential threats, which just happen to demand big ticket moonshot program type responses which only established defense contractors are capable of implementing. According the military/spook leadership and their favorite defense contractors.

Why anyone would think that CIA/NSA, which history has proven were very ineffective even in their Cold War roles, could somehow become more effective in a new world disorder for which they are clearly even less suitable, is beyond me. One can only conclude that the political leadership tolerates their continued existence only because they fear the economic effect of shrinking the budget of the complex. And because the corporate leaders who pay for the election campaigns of the politicians benefit financially from the enormously wasteful cost of maintaining the status quo.

It's all of them against all of us.

Public Intelligence has just published two more documents which validate the point that the USG has long employed conspiracy theory to enhance its own "strategic messaging" (USG propaganda designed to look like something else). One of the documents even cites USG interest in opposing conspiracy theories generally, on the theory that this helps them oppose specific "conspiracy theories", such as, well pretty much everything found in the Snowden leaks (and thus confirmed fact, not a "conspiracy theory" at all).

Since the possibility of USG or Gamergate trolling frequently comes up in this blog, all regular readers should probably take some time to try to better understand the "academic background" for FVEY troll campaigns and current proposals to institute on-line vigilantes, political re-education camps, snitch campaigns, and other techniques adapted from the original Stasi to current "Western societies", especially on-line.

Here are some links to official government documents from US/EU, published by sources ranging from central political leadership through various "security authorities", police agencies, and "academic think tanks":……………………………

A few noteworthy points:

o contrary to fear-mongering hysteria from US/UK politicians, the headshrinkers want intelligence analysts to understand that joining IS is a perfectly normal human reaction to US drone strikes; IS adherents are by no means psychotic or deranged, they are just acting rationally in self defense; most striking of all, not all authors who stress this point hint that drone strikes are "counterproductive"; rather they claim to enable USG to have its cake (kill overseas opponents to US and allied governmental policies) and eat it too (derail the ensuing aid to IS recruitment and other "radicalization"),

o hardnosed tech savvy readers will find these documents heavy going, due to many unexplained references to arcana from semiotics and psychology, and I guess they are likely to react by concluding that the headshrinkers are feeding the USG a steady diet of well-remunerated cock and bull; there's considerable truth to that (look for how these people dress up such overeducated insights as "prediction error", which means "IS cannily exploits shock value"--- duh!),

o nevertheless, the psychobabble found in these documents should not obscure the fact that all this "academic theorizing" is heavily based upon decades of US Chamber of Commerce sponsored interest in what we now call behavioral advertising; further as The Guardian article on Putin's trolls noted, former professional trolls stated that they were depressed to find that their work was actually having an impact on the Russian mind, despite the absurdity of the views their masters wanted them to promote in blog comments,

o the individual "threat scores" and "citizenship scores" which are now secretly computed by so many US local police agencies, as well as federal agencies such as Dpt of Education, HHS, and NCTC, are firmly based upon credit scores and Chinese government citizenship scores; the latter are overtly influenced by such factors as a critical blog post by a neighbor, or the arrest at a street protest of a relative, with the aim of encouraging family and neighbors to take matters into their own hands when confronted with someone they know who is "agitating" against some Chinese government policy,

o there is a huge internal struggle in USG between those who stress putative threats from "domestic actors" (Occupy, BLM, the Bundys) v. "IS actors",

o the USG's neurocognitive, evo-devo, and social/cognitive psychology based models of IS are actually more easily applied to Occupy, BLM, and the Tor community (because the theorists are immersed "Western society" and struggle to understand culture norms in the Middle East, Africa, and Asia),

o add "NEURINT" (neurocognitive intelligence) to "love int" and "hate int" as real terms inside the USG; this is described as a subset of SIGNINT ("signals intelligence"), but see "semiotics" for how the headshrinker class understands the meaning of "signal",

o FVEY governments are very anxious to ensure that their domestic population consists of "compliant" citizens who know their place and don't question authority; keeping the masses on the verge of pauperism is only one of the strategies they are employing to this end,

o government enforced pauperism for the masses dovetails neatly with dragnet surveillance, since most "means tested" aid programs include enforced submission to intrusive government inspection of personal finances, family problems, weight problems, workplace dissatisfaction, mental health issues, etc,

o USIC believes the target age for "molding" the personality of future voters is 3-7 years old; hence the intense interest in mobilizing kindergarten teachers and welfare agents to report instances of "suspected radicalization" in parents or older siblings, with the consequence of removing very young children from their homes,

o HHS, CDC are among the USG agencies involved in CVE targeting Black Lives Matter and other domestic grassroots mass protest movements,

o the most recent documents reveal considerable hand-wringing in US political elite: "we spent all that money on 'Madam Secretary', and what did we get? Not [Hillary] Clinton, not [Jeb] Bush, but Sanders and Trump" [sic],

o bizarre factoid: according to the USG headshrinkers, who is more likely to become a suicide bomber, a Shia or a Sunni Muslim? (I'll let readers find the supposed answer for themselves),

o the documents also reveal an enduring fascination with the idea that terrorism is somehow related to sexuality probably gives more insight into USIC psychology than into the sexuality of young Arab men and women.

As a trivial but allegedly effective example of neurocognitive manipulation adapted from advertising: pro-Clinton sites not only choose (and re-colorize and digitally airbrush) flattering photographs of the candidate, but subtly meld her features with those of the female lead of `Madame Secretary'; coming soon are billboards which image the face of the beholder and meld the candidate's features with the viewer's own face--- this is subtle, a slight and hard to notice effect, but the marketeers believe it is highly effective. And on the other side, anti-Clinton sites choose unflattering photographs and meld her features with other icons their target audience already hate.

I study Chinese government propaganda aimed at the US business community; the US Chamber of Commerce just laps this stuff up, and it amazes me how little the US political elite care that so many business leaders view Chinese government policies as better aligned with their personal interests than USG fragmentation and ineptitude. (This overlooks the fact that China's government is riddled with corruption, and is in many ways no more effective than USG.) I am continually impressed by how intelligent, subtle, and determined this propaganda is, especially compared to FVEY propaganda, which is far more crude and indeed often inadvertently insults the intelligence of its target audience.

Chinese espionage also appears to be far more sophisticated and daring that the FVEY programs revealed by the Snowden leaks. Recent examples include

o Chinese made "fitness headsets" which communicate with Chinese servers, and when the operators suspect that the wearer works in Northern Virginia, initiates trans-cranial stimulation of the dACC, a neurocognitive direct action which allegedly causes "subjects" to become more likely to "break bad"; the nature of the breakage is unpredictable in advance, but the idea seems to be that anything which undermines the loyalty and judgment of USG operatives will benefit China,

o bugs disguised as "baby cockroaches" which ride on the trouser cuffs of the officer class into the Pentagon and other secure facilities (no idea how effective they are, but it's certainly imaginative).

Here are some examples of USG studies of the psychology of their most feared adversary, the mass movement USG calls ISIL:

Cockroach bugs are "sophisticated"? Not according to Ars:…
Make your own cyborg cockroach for under $30
Warning: this DIY hack requires surgery. And an Arduino.
Cassandra Khaw (UK)
2 Feb 2016

> Every few years, cockroaches find themselves conscripted into humanity’s ongoing endeavours to build proper cyborgs—and this example from Instructables may be the cheapest venture yet. A user calling themselves bravoechonovember1 recently released guidelines on how to control a roach with an Arduino for under £30 ($30), a figure that doesn’t appear to include the cost of acquiring said insects first.

The cockroaches really should have known this was coming. This is what happens to you when you have no lobbyist representing your interests in the halls of the US Capitol.

Humans of the European variety have also been endangered this way. Privacy advocate Max Schrems has been involved in advocating for them in the US/EU fight over the US Commerce Department's Safe Harbor program, which places (too few) restriction on how US entities may (ab)use the personal information of persons gathered during business operations in EU and then transmitted to corporate databases in US.…
Why Safe Harbor 2.0 will lose again
Jennifer Baker
2 Feb 2016

> The whole world knows only too well about the whistleblowing exploits of Snowden, who infamously exposed the US National Security Agency's PRISM spying operation. What Austrian privacy campaigner Schrems went on to do with that information, once it became public in 2013, is logical but impressive in its scale. Schrems—then a law student in his mid-20s—looked at the companies accused of leaking personal information to the NSA and decided to file an official complaint about the misuse of his personal data by Facebook.

The latest word appears to be that at the eleventh hour plus 70 minutes (the data agreement was set to expire on Monday with no replacement in place, after the ECJ ruled NSA dragnet surveillance is illegal) the negotiators have agreed upon a "framework" to negotiate a deal, but the distance between EU (which wants to ensure that NSA disrespects the privacy rights of its citizens no worse than those of US citizens) and US (which wants to pretend that Edward Snowden never existed) remain very wide.

One NSA tactic has been to offer to set up a US court where in theory European citizens whose rights have been violated can seek redress. The problem there is of course that NSA never informs either US or EU citizens when it decides that their rights have been violated according to the secret standards written by NSA itself, so the whole thing reduces to an absurdity.

NSA is the univeral enemy of all peoples everywhere. It must be eradicated entirely. Next up: RSA and all other intelligence agencies which foster government oppression of their own citizens.

Its all of them against all of us.

February 03, 2016


We must not be 'selling' ideas to potential funders that we are not willing to sell to the community as a whole. Grant applications should be published at the same time as they are submitted to potential funders. This would keep those in a position of management accountable. It would reduce the risk of unpleasant surprises down the road. The community would also be aware of what has been promised to those who are funding us. Best practice would be to take this a step further by discussing what kind of grants we should accept.

This sounds like a good idea to me. Also, if TP inquires about possible funding from deep pockets corporations, billionaire-founded philanthropies, superPACs, whatever, it would be wise to keep in mind the principle that TP should avoid taking any action it could not defend to the user community if problems arose.

I think there is now a general consensus that more transparency (especially about funding), more engagement with users, and a funding model which avoids taking too large a percentage of total funding from any one "block" (such as USG agencies and their allies, or Comcast, or Gates Foundation, or...), are all badly needed, and I am glad to see evidence that TP is working to realize these goals.

At the same time, in certain areas, I think TP and open source generally should probably be less transparent. For example, bug reports often contain sensitive data about the reporter's system, and we know from the Snowden leaks that FVEY agencies use this kind of data to attack specific users of open source software, such as telecom engineers, journalists, bloggers, and academic scientists. Therefore these reports should be regarded as sensitive, and TP can provide a great service to the larger OS community by working to strongly anonymize/encrypt bug reports. Similarly, I hope TP will work with Debian Project to make official torified Debian repositories, to prevent our enemies from too easily observing vulnerabilities in systems used by potential targets of evil governments and surveillance-as-a-service corporations, such as Tunisian bloggers or US security researchers who may be targeted by GCHQ (or Hacking Team).

As another example of something which TP might considering doing without fanfare, would be turning the tables on the nasty habit of our enemies who try to engineer dubious "sting operations" targeting vulnerable people (e.g. mentally disabled persons and troubled teenagers), by setting up honeypot HS sites which attempt to capture evidence of things like Hacking Team malware.

Further, I hope TP will explore opening avenues for encrypted anonymous communications with users who have a legitimate need to discuss sensitive topics. That said, secrecy always potentially enables abuse, sometimes in a manner no-one could have anticipated, so secrecy should be considered only when there is a clear rationale for not freely providing specific sensitive information to our many enemies (along with everyone else).

One truly invaluable small organization which I hope TP will work with even more closely is Citizen Lab.

February 18, 2016


About transparency:

I was recently a fly on the wall here

and am very happy to see TP is serious about post-quantum crypto, exploring NTRU, advanced onion research, etc. Makes fascinating reading, but I worry that TP may be giving away much too much to our enemies. About TP plans and dev decisions/problems, I mean, not this:

14:20:50 athena: in 2012, jake dumped his fosdem talk on me with two days notice, no slides, no advice, and "forgot" to mention that it was in the main hall with ~3000 people
14:21:42 isis: I have a recurring nightmare that starts outsimilarly to that
14:21:46 also i asked for no photography because i was about to fly to china for the first time, and some asshole reporter put a picture of my face in linux magazine
14:22:01 fuck fosdem
14:22:16 then the audience sprouts orfices, tentacles, and pseudopods from locations commononly thought to be unnatural, and tries to kill me
14:22:19 as I give my talk
14:23:46 isis: let me know when i should merge your guardsim
14:23:49 also, at the fosdem speakers' dinner, "saint peter" (bro dude who invented XMPP) was like "oh you're isis from the tor project, do you know who i am?" and i said nope and then basically this ended in this dude screaming at me over the table "WE FUCKING WON!! YOU HEAR ME? WE, XMPP, WE FUCKING WON!! YOU!! YOU PRIVACY PEOPLE, YOU FUCKING LOST!!" and banging on the table


February 25, 2016

In reply to arma


Thanks for replying. Not sure I agree with your claim, but it is good to know this is something you have thought about.