This is What a Tor Supporter Looks Like: Shari Steele


Shari Steele and Her Daughter Hanna

I first heard of what was to become the Tor Project around 2002. At that time, I don't think any of us realized how essential Tor was going to be to the Internet freedom movement.

Back in the 1990s, I had been a staff attorney at the Electronic Frontier Foundation (EFF) and was part of the legal team that sued the government on behalf of mathematician Dan Bernstein to make the use of encryption legal for non-military purposes like privacy protection. At that time, releasing encryption on the Internet required a license to be an arms dealer. The government claimed that its classification of encryption as a munition--right alongside B-1 bombers and flamethrowers--was a national security decision, making it difficult to challenge in court. EFF challenged the classification on First Amendment grounds, resulting in a court ultimately ruling that cryptographic source code was protected speech and making the use of encryption legal. This paved the way for electronic commerce, because now credit cards could be used on the Internet, with credit card numbers encrypted as part of the transactions. It also paved the way for individuals to use encryption to protect their private communications.

However, in reality, early attempts at widespread encryption were clunky and hard to use, and very few individuals were actually using encryption to protect their own privacy. Roger Dingledine began work on The Onion Router, or Tor, in 2002. Nick Mathewson was soon to follow (since he wanted it to work on his laptop). Many EFF staffers were familiar with Tor from the outset, and they believed it was one of the most promising tools being developed with the potential for widespread deployment of encryption for individual privacy protection.

In 2004, Nick and Roger approached EFF to see if we could help them find funding. EFF staffers were concerned that the Tor Project would fail if we didn't help. By this time I was EFF's executive director, and in October I asked the EFF board to amend our budget to allow for EFF to fund Tor ourselves. The board voted unanimously on the budget change, and tor.eff.org was born. EFF attorneys helped to write Tor's original FAQ; one of EFF's technologists helped to design the original Tor onion logo; and Tor was generally considered an EFF project at that time. When Nick and Roger were ready to go out on their own, I continued to help as best as I could, having EFF serve as Tor's fiscal sponsor, which enabled them to receive funding with nonprofit status until their own 501(c)(3) determination came through.

I've always been immensely proud of the Tor Project. What started as a proof of concept became what is today the strongest, most censorship-resistant privacy network in the world. Tor is an essential part of the Internet freedom infrastructure. And now I'm back working with Nick and Roger, this time building out Tor's operational side to complement its amazing technology. But building out the organization requires funding that is not restricted. That's why this end-of-year crowdfunding campaign is so important. We need your support to help Tor become sustainable over the long term. We have raised $75,000 since kicking it off, and need your help to break the $100K mark! Please give what you can to The Tor Project today. Don't forget: for a limited time, donations will be matched thanks to the generous contributions of Rabbi Rob and Lauren Thomas!

Yeah, so many sites and services blocking Tor, Cloudflare being the largest and most toxic to Tor.
I've noticed a considerable increase in Cloudflare captcha's lately... it's reaaly frustrating.

It appears so, but maybe not intentionally. Their IT crew are a bit of a shower.

Meanwhile, Ars Tech UK works with Tor and fills much the same role.

Are you having trouble using Tor in an unfriendly nation? If so, it's possible that people here can help you solve the issue if you provide more information about what happens when you try to use Tor Browser.

Anonymous

December 17, 2015

Permalink

@ Shari

I would like to ask how you can know that you have raised $75,000 so far? Does this include all ways to donate?

Anonymous

December 17, 2015

Permalink

What she means by censorship resistant, is that Tor browsing is used for national firewall circumvention all over the world. Places where you are not intended to be able to get to the open internet, you can reach it because of Tor.

Likewise, sites such as Wikileaks which host information which would otherwise be subject to censorship by one authority, set up repositories as .onion sites as Tor hidden services.

Respectfully, it isn't a lie. It's used by hundreds of thousands of people as we speak.

Anonymous

December 22, 2015

Permalink

YOU ALL ROCK .......NEW TO SERIOUS CONSIDERATIONS AND use of Tor and Onion.Will be fun and interesting and will seek a place I may possibly help. Not a coder damned it. Happy 2015 holidays and stunning life events changing NewYear.James Smallwood of Idaho.

Anonymous

December 23, 2015

Permalink

As far as i can tell Paypal objects to tor used to donate to tor. I just tried it!
They also seem to be discriminating against tor users for trying to pay torproject. I don't get it! Why? They claim it has something to do with the ip address having 1600 people on it.
I also did not see where i could choose the tee-shirt size.

Nor matching.

Thanks.

Is it too soon to dream about a post-Tor world which has *not* turned into some kind of techno-fascist neo-Orwellian nightmare?

Imagine thousands of citizens in each US city who support privacy-enabling technology. Who wear anti-surveillance clothing with a Pi-sized device which functions as an uncensorable node for a strongly end-to-end encrypted citywide citizen messaging network which bypasses the Internet entirely.

hmm...i saw yet hundreds of citizens wearing anti-surveillance clothing (anonymous party) and they went in jail ... or almost ...
this 'surveillance' state will continue as long as usa will go outside their frontiers so ... us go home !
the future is dark, you will not have enough citizens for 'bypassing the internet entirely'

> this 'surveillance' state will continue as long as usa will go outside their frontiers so ... us go home !

Many people in the US strongly disagree with the worst of the US government's foreign policies. But foreign wars do not explain the rise of the surveillance state in the US (or anywhere else). The dragnet is in all times and places primarily intended to suppress domestic political opposition. Because as public anger mounts against misgovernment, minority rule, and brutal oppression, all the world's ruling elites fear losing their wealth and prerogatives through revolution.

In other words: I agree that the USG has been rather effective in the last few decades at destroying other nations, but this should not obscure the fact that it is also hard at work destroying the USA itself. And that will ultimately be bad for the entire world.

It's all of them against all of us.

Anonymous

January 10, 2016

Permalink

Terrific interview of Shari by Cyrus Farivar in Ars Technica:

http://arstechnica.com/security/2016/01/going-forward-the-tor-project-w…
Two months after FBI debacle, Tor Project still can’t get an answer from CMU
Ars Q&A: We sit down with Tor Project's new executive director, Shari Steele.
Cyrus Farivar
10 Jan 2016

> The two biggest things I want to work on: First is to build up an infrastructure and second is to build up the reputation of the organization and bring in money from alternative sources. A significant amount of the money right now is coming from various US government grants. That's great that there's money coming in, but most of that is restricted money, and you have to work on the specific things that are talked about in the proposal and the grant issuance. So we're looking to find some additional funding sources. There's a big crowdfunding going on right now to get individual donations.

Totally agree. I greatly hope that the funding drive is a big success.

> As someone who has observed Tor for years and years from the outside, it's actually kind of mind-blowing, the difference between what the project is actually about, the service, and how essential it is to the infrastructure of freedom versus the public's reaction to it is and how it has been received in papers. That really is one of the things that I'm hoping to change.

Hear! Hear!

> There's a sort of fantasy—how will Tor grow, what would that look like if we had unlimited resources, and how would we make that more accessible—and the fantasy is that maybe someday it's built-in to a privacy option on regular apps that you use. You wouldn't normally have it turned on, and instead when you do your Google search, you would click a switch and say “I would like to browse privately now”—that would be Tor. That's kind of the way we're thinking about it.

Excellent. Sometimes when big positive changes happen, they happens very quickly.

> CMU isn't talking to Tor. Tor isn't getting the actual facts of what happened... Clearly CMU takes federal money in order to do research that is attacking Tor, and Tor knows about that. So how deeply was CMU involved? Whether CMU actually did the searches for the FBI, or provided the FBI with the vulnerability, we don't know the details.... [CMU and Tor Project] always used to talk to each other. With this particular event, CMU is not talking to Tor. Tor has tried on multiple occasions, particularly when the abstract for the paper first got published, to find out, 'what's the vulnerability, let's get it plugged!' But CMU, they are not talking. Obviously there are individuals at CMU who are friends of ours that we still talk to, but the researchers who are involved in this have not been returning our phone calls.... And this is a little bit of a concern that this is going to affect CERT, because that comes out of CMU... It's very frustrating because CMU is a friend, they should be a friend, we're all working in the same space and we should be all working together. It's very frustrating that our friends are actually attacking the network.

With friends like that, who needs enemies?

> But we now have some serious things in place to pay attention to when a bunch of new nodes are all showing up from the same location or from something similar. It could be disguised if we didn't identify when all the new nodes are coming from the same place, but there are alarms now that go off. In fact, the CMU stuff, they saw the new nodes coming on and it didn't see it as a threat at the time. Now it gets elevated to threat level. So today, hopefully we'll be able to catch at least that vulnerability. It's a cat and mouse game where we're constantly going to have to be vigilant about that.

Exactly. It's an arms race. It is actually a huge positive step that the Project has recognized (thanks to people like Jacob Appelbaum, who published a snippet of NSA source code proving that the agency is attacking Directory Authorities) that the USG, or at least parts of the USG, cannot possibly be regarded as a friend of Tor, or indeed as a friend of freedom.

> the State Department wants Tor for activists and people living in repressive regimes. And then you have another arm of the US government that's actively trying to break it, actively trying to surveil it, actively trying to infiltrate it, and do all kinds of nefarious things. So you have different arms of the government fighting each other. Not even necessarily different arms, but within the State Department there is offensive and defensive. The same branch of the government can be both trying to defend the network and trying to go out there and attack other people. Yeah, it's pretty psychotic, actually.

One recalls the curious case of a US arson investigator who had won numerous awards for his investigations of numerous arsons. It turned out that the arsonist was the investigator himself. One recalls also the case of a forensic science consultant who had won high praise for her role in convicting many persons in high profile murder cases. It turned out she had been faking all the evidence, which led to an enormously expensive [but cooked] review of all those convictions, because the verdicts had been based upon false evidence. One recalls the case of the highly regarded DEA agent who arrested a money laundering suspect who had been using Bitcoin for shady transactions. It later turned out that agent (and a Secret Service colleague) had been themselves using Bitcoin for illegal transactions, and had even tipped off their main suspect.

One recalls the case of the highly regarded FBI cybersecurity expert who had stoutly defended FBI against those who insisted the agency had a "mole" who was tipping off foreign espionage agencies to FBI investigations. It turned out the mole was the highly regarded FBI agent. One recalls the case of the highly regarded CIA analyst...

But you get the idea: a large portion of the US federal government has broken bad.

The default in the Tor Project (and indeed in US academia) has been that US government agencies (and their employees) are trustworthy until proven otherwise. I believe it is a very good thing that the default is becoming: these people must be regarded as untrustworthy, even as adversaries, until they prove otherwise. (For example by risking their careers/freedom by helping us to make Tor better by informing us about USG zerodays affecting Tor-using products.)

Anonymous

January 15, 2016

Permalink

Something which might be useful should some politician or reporter challenge a TP spokesperson with the claim that "most US persons don't care about privacy" [sic]:

http://thehill.com/policy/technology/265851-poll-most-dont-find-privacy…
Poll: Most don’t find privacy trade-off of social media acceptable
Mario Trujillo
14 Jan 2016

> a majority of people, 51 percent, said they do not see it as an acceptable trade-off to get free access to a social media service in exchange for that company using their information to deliver targeted ads.
> ...
> The social media scenario was one of two in which a majority of people said the privacy trade-off would be unacceptable.
>
> The other, which 55 percent found unacceptable, dealt with a “smart thermostat” in the home that could save energy but would also gather some information about when you are home and moving from room to room.

I wonder what they'd think of MIT CSAIL's $300 consumer device which allows your neighbors-- and the cops--- to image your body as you move around your apartment, right through the walls. (The device uses radio waves, and has already been promoted in cop news letters as a "must have" COTS surveillance device. Roger, please tell them where they can stick their device. Please.)

Something which might be useful if a Republican lawmaker challenges a Tor spokesperson about encryption: as an illustration of the facts that

o encryption is everywhere

o politicians have no idea what they are talking about, in matters of cybersecurity

see this amusing incident which shows that this exemplar of what passes for the "main line" GOP not only wears a product which (I guess) uses encryption to make and recieve calls, but has no idea how "wearables" work:

http://thehill.com/blogs/blog-briefing-room/news/265782-bushs-editorial…
Bush newspaper interview interrupted by Apple Watch
Jesse Byrnes
13 Jan 2016

> "My watch can't be talking," the former Florida governor said, before tapping at the device. A voice was heard on the other end. "Is it my watch?" a bemused Bush asks.
>
> "I'll call you back," Bush quips to the voice on the line. "That's the coolest thing in the world."

Really? It was probably a robocall from Rightscorp.

> Bush has sported the smartwatch on the campaign trail for months, though confessed last month that "it's not as intuitive" as other Apple products.

That's really the problem, inn't? Politicians have no "intuition" for technology. Certainly they hardly ever have the slightest idea how encryption works or why we all very badly need it to work. Despite all those "summits" with techco CEOs, they just can't seem to understand the facts of modern life.