This is What a Tor Supporter Looks Like: Cory Doctorow


Cory Doctorow and family

I've been using Tor for more than a decade. I travel all the time, and often find myself connected to manifestly untrustworthy networks -- from the nets at hacker conferences to the one the Chinese government provided for our use at a World Economic Forum event in Dalian. Tor is my assurance that I'm browsing safely, privately and anonymously. When I do investigative journalism work on national security subjects, my go-to first line of defense is Torbrowser.

That why we at Boing Boing operate a high speed, high quality exit node. By the way, just this year we received two law enforcement requests for records relating to that node, and despite all the doomsaying about how the cops would punish you for operating an anonymizing tool, in both cases, we sent polite letters explaining that we don't keep logs, and in both cases, the cops returned a polite thanks and went away.

I donate to Tor, and I trust Tor, but even if I didn't trust 'em, I'd still use it. The great thing about free/open projects like Tor is that they're designed to work even if the people who make them don't agree with you or want what's best for you.

Make a donation today!

Anonymous

December 18, 2015

Permalink

@ Cory:

Thank you for calling attention to the danger that algorithmic governance will evolve into an inhuman system of state-sponsored discrimination against anyone who "doesn't fit in":

https://boingboing.net/2015/05/01/algorithmic-guilty-using-secr.html
Algorithmic guilt: using secret algorithms to kick people off welfare
Cory Doctorow
1 May 2015

> The essay ... describes the drive to outsource management of critical state services to private firms that control costs by using proprietary, secret algorithms to ascribe suspicion and guilt to members of the public.

@ Shari:

You probably recall the notorious comment by former NSA/CIA Director Michael Hayden, "we kill people using metadata". He might more truthfully have said "we kill people using predictive analysis algorithms".

Given that such algorithms are being applied on a more and more intrusive dragnet basis to social media posts, especially by people who use technology tools like Tor, and especially if said posts mark one as an opponent of the adoption of authoritarian notions of governance by the USG, I hope you can find time to read in full the essay cited by Cory:

http://www.slate.com/articles/technology/future_tense/2015/04/the_dange…
The Policy Machine
The dangers of letting algorithms make decisions in law enforcement, welfare, and child protection.
Virginia Eubanks
Apr 2015

> An algorithm is a set of instructions designed to produce an output: a recipe for decision-making, for finding solutions. In computerized form, algorithms are increasingly important to our political lives. According to legal scholar Danielle Keats Citron, automated decision-making systems like predictive policing or remote welfare eligibility no longer simply help humans in government agencies apply procedural rules; instead, they have become primary decision-makers in public policy. These abstract formulas have real, material impacts: One branded Robert McDaniel a likely criminal, while the other left Sheila Perdue without access to life-sustaining nutritional and health benefits.
>
> Decision-making algorithms are politics played out> at a distance, generating a troubling amount of emotional remove.
> ...
> The algorithms that dominate policymaking — particularly in public services such as law enforcement, welfare, and child protection — act less like data sifters and more like gatekeepers, mediating access to public resources, assessing risks, and sorting groups of people into “deserving” and “undeserving” and “suspicious” and “unsuspicious” categories.

Needless to say, anyone who uses Tor falls in the "suspicious" category.

Thank you, CISA, for protecting society from we dangerously different Tor users

We need to change entrenched, ignorant, and highly derogatory USG biases against Tor users and others who in some way don't fit officially sanctioned norms, but this will require a long and determined uphill political battle.

Example of someone who "doesn't fit in": Steve Jobs, were he still alive.

Reason: because his birth father was a Syrian citizen, Jobs would be regarded by Syria as a citizen of Syria. That would mean he might well be automatically denied reentry into the US, if he were alive and traveled abroad, because of this:

https://theintercept.com/2015/12/18/congress-just-put-iranian-americans…
Congress Just Put Iranian-Americans and Others At Risk for Becoming Second-Class Citizens
Murtaza Hussain
18 Dec 2015

> TODAY BOTH HOUSES OF CONGRESS approved a $1.1 trillion spending bill intended to keep government services funded through September 2016. Tucked into this omnibus legislation are provisions that could undermine, on the basis of personal heritage, the ability of many American citizens to travel visa-free to countries in Europe and east Asia.
> ...
> People coming from countries covered under the Visa Waiver Program, including people who are citizens of those countries, will now need to get a visa if they are determined to be nationals of Iran, Iraq, Sudan, and Syria, or if they have visited those countries since 2011.
> ...
> This is worse than it sounds, because at least two of those countries, Iran and Syria, deem people to be nationals, regardless of where they were born or live, if their fathers are citizens. So it’s possible that someone who is a citizen of one of the countries on the visa-free travel list — the United Kingdom, say — and who lives there and grew up there and has never visited another country, could end up denied entry to the U.S. because of a parent born in Iran or Syria.
>
> It gets even worse still, because there is a strong likelihood that countries party to the newly altered Visa Waiver Program, including European Union member states, will institute reciprocal restrictions on Americans, meaning that many Iranian-Americans, Syrian-Americans, and others in the U.S. would see their ability to travel the world seriously degraded based on ancestry or dual citizenship.

"We can do this the easy way, or we can do this the hard way".

It's a standard line in Hollywood cop dramas in which a detective threatens a suspect in the interrogation room. Or in which a mobster threatens a shopkeeper in an organized crime shakedown.

This strong-arm shakedown line was also used by NSA when it approached US tech companies with the proposal that they "volunteer" to participate in Prism. Specifically, they said: "either you can give us what we want, in which case you'll know what we got from you, or we can just break into your corporate network and take everything". Some of us warned Google that even if they "volunteered", NSA would break in anyway. And of course one thing proven by the Snowden leaks was that we were right: NSA and its sidekick GCHQ were tapping into dedicated data lines used by Google to transfer data across the Atlantic.

A minor variation on the shakedown is gaining currency in the CVE (Countering Violent Extremism) arena as well. The Trumpeteers have moved the norm so far to the right that the new "moderate" view is that:

1. USG can either sponsor state discrimination on the basis of religion (which is blatantly unconstitutional, but SCOTUS has validated so many other unconstitutional actions in the last decade that the Constitution seems increasingly irrelevant in policy debates), or

2. USG can sponsor state discrimination on the basis of

a. national origin (or your parent's national origin),

b. youth and physical health,

c. (male) sex,

d. whether or not you inform on your peers,

e. whom you associate with,

f. what you read on or off line (something to think about if you order books from Amazon: their biggest client is CIA),

g. whether you appear "nervous" around other people,

h. whether you smell (because sweating profusely is interpreted as a sign of nervousness, not a sign that you just went jogging),

etc.,

William Saletan, writing in Slate, thinks 2bcd is a good compromise:

http://www.slate.com/articles/news_and_politics/politics/2015/12/hillar…
Hillary Clinton’s Line of Attack
The Democratic front-runner is developing a smart political response to the danger of terrorism.
William Saletan
16 Dec 2015

> Clinton is proposing to counter regional or religious discrimination—against Arabs or Muslims—with discrimination based on age and sex.
> ...
> Muir pointed out that most Americans, in the wake of the Paris and San Bernardino attacks, oppose accepting Middle Eastern refugees. Clinton replied that refugees are extensively vetted and we shouldn’t abandon our country’s tradition of welcoming the world’s victims. But then she added: “I would prioritize widows and orphans and the elderly. … That would, I think, give the American public a bit more of a sense of security about who is being processed and who might end up coming as refugees.”
> ...
> [Clinton] called for a “coalition at home” against ISIS, similar to our coalition abroad. In the debate, she used this phrase three times. Our “first line of defense against radicalization,” she argued, is Muslim Americans:

In other words, Clinton is saying to Americans who happen to follow Islam: either you can voluntarily inform on your co-religionists, or we will surveil you in a way you won't like. Sound familiar? It should: "we can do this the easy way, or we can do this the hard way".

Is that government of the People, by the People, for the People? Really now?

American children are already being removed from their homes on the basis of predictive analysis that certain parents are too "mentally defective" to function as parents (remember the lovely but somewhat dim mother in "All in the Family"?--- well, she'd lose her daughter in modern America).

In the UK, the prediction that one or more parent is "susceptible" to "radicalization" is now sufficient to cause the government to remove children from their home:

https://www.techdirt.com
UK Goes Full Orwell: Government To Take Children Away From Parents If They Might Become Radicalized
Tim Geithner
13 Oct 2015

> What started as the British government's attempt to ban extremist thought from social media and television (under the notion that some thoughts are too dangerous to enjoy the freedom that other thoughts deserve) then devolved into the conscripting of teachers that were to be on the lookout for children that might become radicalized. To assist them with this, the government helpfully provided spy-software to use against students. Spy-software which itself was found to be exploitable in the most laughably easy of ways. This employed two of the most horrifying aspects of Orwell's Oceania: the concept of thought-crime and the employ of citizens to fearfully surveil one another.
>
> And now it seems the UK is going even further, adopting Oceania's reputation for the swallowing up of citizens should they be found suspect of thought-crime by those watchful citizens. Specifically, the Family Division of the Judiciary has put out a memo declaring exactly how it will remove children from the homes of anyone it suspects might radicalize those children.

Is this wise and humane governance? Or is it just the latest in a long string of policy decisions which could not be better calculated to thoroughly alienate and embitter millions of ordinary citizens who have done nothing wrong?

Anonymous

December 20, 2015

Permalink

I'm now having an issue with Mac TorBrowser version 5.0.6 (and 5.0.5 before that) on a particular website that checks what geographic region I'm in (Exit node) and uses Flash. Using the Atlas, I'm sure I'm not using an Exit node that this particular website doesn't like, yet it's still not working. I keep getting a "Media not supported on browser. Error Code: Source Media Support" message.

If I uninstall 5.0.6 & reinstall 5.0.4, that website works fine.

Another issue I'm having is that TorBrowser keeps updating itself, even though I've selected "Never Check for updates" in the preferences - completely baffling to me why it keeps updating itself.

I'd mention the particular website, but this is public, i.e., for that website to see too.

Thanks, I now realize I should've posted my 5.0.6/Flash woes on that page you gave, and now, after reading the various comments there about Flash & vulnerabilities, I'm going to change my behavior regarding Flash, it's simply too risky.

Anonymous

December 21, 2015

Permalink

Я рад что такое было придумано как средства анонимности.

Anonymous

December 21, 2015

Permalink

@ Cory:

Thank you for a spot of good news! And thanks also to Shari (for her work at EFF before coming to Tor Project):

https://boingboing.net/2015/12/14/eff-and-human-rights-watch-for.html
EFF and Human Rights Watch force DEA to destroy its mass surveillance database
Cory Doctorow
14 Dec 2015

> The EFF has just settled a case against the Drug Enforcement Agency on behalf of its client, Human Rights Watch, which sued the Agency over its decades-long program of illegal mass surveillance. The DEA has promised -- on penalty of perjury -- that it has ceased its bulk phone records collection, and that it will destroy the only database with records of phonecalls between US numbers and international numbers in hundreds of countries.This isn't the only illegal, secret mass surveillance program the US government runs, and EFF is planning to sue over each and every one of them, and kill 'em all.

One of the worst is the NSA/DEA program which records every phone call made or received in entire countries, such as Bahamas.

i am not certain that it should be a good thing to do : a lot of persons who are not us resident-citizens (and some of them are elected) need to go in jail especially those from (or tied with) eu/switzerland.
these nsa programs help the justice.

You seem to be implying (without presenting any evidence) that corrupt politicians use Tor to conceal their crimes. And according to you, it follows that... nobody should be allowed to use Tor? [sic]

Well, corrupt politicians and money launderers sometimes engage in sexual activity. So here is your complementary red Anti-Sex League sash, which I am sure you will wear with pride!

????

is it a troll or a mistake ?
it looks like your answer is not at the right place lol.
>nobody should be allowed to use Tor? [sic] _ [sic] = that exactly you said, you wrote.

sounds weird !

corrupt politicians > implying

corrupt politicians > (without presenting any evidence)

corrupt politicians > use Tor to conceal their crimes

corrupt politicians > nobody should be allowed to use Tor? [sic]

corrupt politicians > and money launderers

corrupt politicians > engage in sexual activity

corrupt politicians > Anti-Sex League

********************************************

Destroying the database (phonecall) is maybe NOT a good thing,

Of course, all clues, evidences, testimonies, files , data are yet recorded since at least 25 years so , yes , it is proven and some of them (corrupted politicians/gangsters;bankers/police/army/custom etc.) are yet in jail (but not so many lol).

It is the purpose of spying and recording data .

********************************************

off-topic ; corrupt politicians
The corrupted politicians are not especially the target _ it is everyone everywhere even outside the usa _ their privacy:civil liberties are in danger so EFF seems winning a battle but ... these information can help the justice BECAUSE they are not arrested since at least 25 years e.g. PANAMA _today ! e.g FIFA e.g. VOLVO etc. and these information are not about the us civil liberties so ; let's be prudent before "cleaning" the reputation of some 'unknown authority' by using the word 'privacy' ; sanctifying the worst trashes ... wearing them of a white jacket , they are dirty , very dirty and their 'females relatives-relations-contacts-connections' must also go in jail _ no sexism, justice.

off-topic ; money launderers
laundering is not done _ most of time _ by tor, phone call, or by an individual ... it is cash or from a bank to another , it is well organized and every one know how when who and where : there are no secret here only some privileges for happy few.

off-topic ; sexual activity
????

off-topic ; Anti-Sex League
????

For someone who is apparently claiming that alleged political corruption is "off topic" here, you certainly seem to have a lot to say about it. Unfortunately what you wrote is almost entirely incoherent--- the only argument I could extract from your post is the curious notion that the NSA dragnet (or SORM?) is "needed" [sic] to save the world from Sepp Blatter. Which is surely one of the zaniest pro-dragnet "arguments" I've yet seen.

>For someone ... I've yet seen.<
could you re-write that in your native language ?
it sounds so bad-educated, mental disorder, troll.
did you really read the topic and follow the posts ?

Anonymous

December 21, 2015

Permalink

why i dont donate. i have a bad feeling cause terrorists, childpron-people and other bad persons use tor.

> terrorists, childpron-people and other bad persons use tor.

Those people also use oxygen--- do you wish to renounce breathing?

Anonymous

December 23, 2015

In reply to by Anonymous (not verified)

Permalink

I'm always amazed at how some folks (like person you replied to) use that ridiculous simplistic argument, i.e., "the bad guys use it too, so it must be bad."

Hillary Clinton and Donald Trump both want to put in back-doors, side-doors, and who knows what other kinds of doors into encryption used by high tech companies in the U.S., which, not only defeats the purpose of having private communications for the overwhelming majority of law-abiding citizens everywhere, it weakens encryption tools and exposes information to folks who revel in trolling for such weaknesses; in addition, it exposes would-be private information to nefarious governments and their lackeys worldwide, the U.S. being at the top of that list.

Without projects like Tor, doubtful many of us would truly be able to speak our minds without fear of repression.

> Hillary Clinton and Donald Trump both want to put in back-doors, side-doors, and who knows what other kinds of doors into encryption used by high tech companies in the U.S.

Not just the self-appointed leaders of the Two Parties, but also

o James Comey and other top FBI officials: backdoors
o Sen Richard Burr (R, NC): backdoors
o Sen Dianne Feinstein (D, CA): backdoors
o Rep Michael McCaul (R, TX): backdoors
o Rep Jim Langevin (D, RI): Safe Harbor issue
o Rep. Steve Israel (D, NY): social media snitches
o others: social media snitches, further CISA-type bills

http://thehill.com/policy/cybersecurity/264118-six-cybersecurity-lawmak…
Six cybersecurity lawmakers to watch in 2016
Katie Bo Williams
28 Dec 2015

> In the wake of reports that the terrorists behind the deadly attacks in Paris and San Bernardino used encrypted technology to plot the shootings out of sight of law enforcement, several lawmakers have urged immediate action on legislation governing the technology.

http://thehill.com/blogs/pundits-blog/homeland-security/264167-social-m…
Social media, encryption debate much larger than ISIS
Nicholas A. Glavin
24 Dec 2015

> Reactionary measures by technology companies and law enforcement agencies to tackle on-line extremist content will set a dangerous precedent in the future. A bill introduced earlier this month by Sen. Dianne Feinstein (D-Calif.) requires for the reporting of terrorist content related to the "distribution of information relating to explosives, destructive devices, and weapons of mass destruction." The measure, in addition to a proposed congressional commission on encryption, is yet another attempt by Congress to bridge a thorny gap between the technology sector and the federal government following the attacks in San Bernardino, Calif. and Paris.

So for example, if a US citizen tries to convince a politician to oppose the multi-trillion dollar program to replace the dangerous Trident-II missiles (which are susceptible to accidental detonation), this would be reported to NSA and other enemies of freedom.

Read and vomit:

http://www.wsj.com
The Debate Over Encryption: Stopping Terrorists From ‘Going Dark’
Encrypted devices block law enforcement from collecting evidence. Period.
Richard Burr
23 Dec 2015

Yes, thank you for examples of other folks in our government who are creating a more autocratic plutocracy in the U.S. I only gave the two so-called "front-runners" in the current Presidential "race." I am ashamed to admit that Dianne Feinstein is my Senator, whom I did not support at the ballot box. She may have had good intentions at one point in her career, but, now, is wholly owned by the Military Industrial Complex, not her constituents.

These days, when I hear the term "bipartisan," it essentially means both major parties have agreed to overreact and benefit monetarily (and otherwise) while stifling freedom and security of the powerless average person.

At least we have tools such as Tor to create a more level communication platform. I plan to donate to the Tor project, as we all should, if able to do so.

Peace.

Anonymous

December 22, 2015

Permalink

hating the cloudflare blocking sites all over the web. sucks.

Anonymous

December 22, 2015

Permalink

Как пользоваться? Помогите

Anonymous

December 22, 2015

Permalink

The simplest form of mind control, is to control what a person is able to se & /hear. So to make everyone into politically reliable mind-slaves, controlled/approved media will generally force fed us a mental diet of government controlled lies. Controlled mass media is called "PROGRAMMING" for a reason.

Machines are "PROGRAMMED" : People must be 'educated'.

Long ago, I used to listen to shortwave broadcasts because they gave me news from outside of our controlled borders and by careful use, were untraceable. Today, the internet is far more useful than shortwave ever was, but unlike radio, "normal" internet is dangerously monitored and traceabl to the individual who visits prohibited or "questionable" websites.

Thank you so much for working to help so many people world wide to privately learn, communicate and to be informed, despite the increasingly oppressive and controlling governments found even in the so called 'free world'. For those who's homeland governments punish those who are not yet mentally under government control, TOR & TAILS can quite literally mean the difference between a free and informed life or imprisonment and death.

Ps. I love the 'What A TOR SUpporter Looks Like." campaign: a good education for the rest of us ;-)

> Ps. I love the 'What A TOR SUpporter Looks Like." campaign: a good education for the rest of us ;-)

Plus one (with one caveat: the interviews are an essential part of each photoessay).

Suggest possible photo-interviews for:

* leading crypto-security experts such as

o Matthew Green

o Bruce Schneier

* more journalists:

o Glenn Greenwald, Ryan Gallagher (The Intercept)

o Cyrus Farivar (Ars Technica)

o Julia Angwin (Pro Publica)

* more human rights organizations (speaking for their endangered field researchers)

o HRW

o RSF

o CPJ

Anonymous

December 23, 2015

Permalink

@ Cory:

Thanks so much for covering this extremely significant cybersecurity story!

https://boingboing.net/2015/12/21/juniper-networks-backdoor-conf.html
Juniper Networks backdoor confirmed, password revealed, NSA suspected
Cory Doctorow
21 Dec 2015

> [The first item of] "unauthorized code" [disclosed by Juniper] is a backdoor whose secret password enables the wielder to telnet or ssh into Juniper's appliances. The password is <<< %s(un='%s') = %u, "presumably chosen so that it would be mistaken for one of the many other debug format strings in the code." Rapid7 was able to easily locate 26,000 Juniper devices that are vulnerable to this attack.
>
> The next mystery to solve is where this unauthorized code comes from. Security advisories usually relate to vulnerabilities arising from defects -- mistakes programmers made. In this case, someone deliberately inserted a backdoor password into Juniper's devices. That's a huge deal. If it's the NSA (which looks possible, given one leak about a program called "FEEDTROUGH" that installs persistent backdoors in Juniper devices) then it will mean that the US government deliberately sabotaged tens, if not hundreds, of thousands of networks that were protected by products from a US company that is the second-largest provider of networking equipment in the world, after Cisco.

Anonymous

December 28, 2015

Permalink

@ Shari:

Micah Lee just wrote a nice article in The Intercept explaining why people who own Microsoft computers need to switch to using BitLocker to encrypt their hard drive:

https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-…
Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key
Micah Lee
28 Dec 2015

> One of the excellent features of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key – which can be used to unlock your encrypted disk – to Microsoft’s servers, probably without your knowledge and without an option to opt-out.

I suggest that you ask Micah Lee, Bruce Schneier, Christopher Soghoian, and Matthew Green to consider writing semi-regular posts in this blog, aimed specifically at security advice for non-coders who are at-risk Tor users, such as journalists, bloggers who write about the dragnet, etc.

One topic which has come up in the math underground is how best to use Arnold Reinhold's Diceware scheme for concocting high quality passphrases using dice rather than a computer. Micah Lee has recommended using Diceware in other writings.

Diceware provides a list of 6^5 = 7776 common English words, corresponding to "pentathrows" (throwing five dice). In years past, Reinhold suggested using passphrases containing a minimum of five words (so made with five pentathrows), but last year he increased this to six. Some are recommending eight as the new minimum:

o Snowden suggested NSA can perform 10^12 bruteforcing passphrase guesses per second
o Or 3 x 10^19 guesses per year
o Or 3 x 10^21 guesses per century (to "future safe" emails)
o Or with a 10^8 "NSA breakthrough factor", 3 x 10^29
o Eight pentathrows gives passphrases with almost 8 x 10^31 bits, which allows a "safety factor" of 100

And right on time, the feared breakthrough may have arrived:

http://arstechnica.com/information-technology/2015/12/google-nasa-our-q…
Google, NASA: Our quantum computer is 100 million times faster than normal PC
Sebastian Anthony (UK)
9 Dec 2015

> At an event yesterday at the NASA Ames Research Center, where the D-Wave computer is kept, Google and NASA announced their latest findings—and for highly specialised workloads, quantum annealing does appear to offer a truly sensational performance boost. For an optimisation problem involving 945 binary variables, the D-Wave X2 is up to 100 million times faster (108) than the same problem running on a single-core classical (conventional) computer. Google and NASA also compared the D-Wave X2's quantum annealing against Quantum Monte Carlo, an algorithm that emulates quantum tunnelling on a conventional computer. Again, a speed-up of up to 10^8 was seen in some cases.

Simulated annealing is a rather general scheme which does have cryptanalytic applications, so we should probably take this seriously, despite what Anthony says about "only for very specific optimization problems".

> Simulated annealing is a rather general scheme which does have cryptanalytic applications, so we should probably take this seriously, despite what Anthony says about "only for very specific optimization problems".

I'd love to hear some thoughts on this from people like Matthew Green, Micah Lee, Edward Snowden...