Tor’s Branding Pivot is Going to Get Someone Killed
September 4, 2016 11:56 AM   Subscribe

Recently The Tor Project changed their mission statement and social contract, including language about explicitly supporting human rights. Virgil Griffith argues that this is dangerous for exactly those users whose human rights are threatened: “the ‘Human Rights Watch for Nerds’ branding gives decidedly-unfriendly-and-opportunistic-authorities full license to do as they please with Tor operators or anyone who uses Tor.”

Virgil suggests that the human rights rebranding will be more successful at fundraising in Western countries. Coming after developer Jacob Applebaum left Tor due to allegations of sexual assault (previously on MeFi) and the pioneering contributor Lucky Green left along with major nodes in the Tor network, funding may be more of a concern for the Tor Project.
posted by Rangi (18 comments total) 8 users marked this as a favorite
 
I can't imagine that it's worse than its current de facto branding as "the internet for terrorists and child molestors". The author's argument seems to hinge on the idea that the powerful in authoritarian societies are too stupid to make a connection between activity-hiding software and carrying out prohibited activities.
posted by indubitable at 12:26 PM on September 4, 2016 [20 favorites]


His argument is a bit more subtle than "calling it an HR tool will get individuals in trouble for using it, with authoritarian regimes" (for which the kneejerk response is that authoritarian regimes typically don't care about having a good reason to give individuals trouble). He makes a good point about how use of Tor is organizationally unproblematic in Singapore, where he lives, but the change in branding may make that less tenable. Having Tor blessed at the organizational level transitively benefits individuals who would use it, so this is a net loss for individuals in authoritarian regimes.

I'm sympathetic to that point, but at the same time, his argument still feels very 'just so': an individual needing to use it + an authoritarian regime + a bureaucrat paying attention to the branding + something bringing those three together = yes, more trouble for the individual. But this seems like a fairly narrow slice of use cases and he correctly discusses that this is beneficial for fundraising in a western context when they're trying to shed dependence on U.S. military funding.

When you're sitting across the desk from some mid-level mandarin in a authoritarian bureaucracy who wants to discuss your use of Tor, will you be more worried about Tor's manifesto or its being directly paid for by the U.S. gov't? It's probably quite contextual, actually, which makes this scenario feel like special pleading.
posted by fatbird at 12:28 PM on September 4, 2016 [13 favorites]


the kneejerk response is that authoritarian regimes typically don't care about having a good reason to give individuals trouble

I read the article and was unconvinced by Griffith's argument, precisely because I was left holding my knee in this kneejerk position. I don't imagine that authoritarian governments care about branding. Security services that find certain kinds of encrypted data and tool kits on and going through your computer will probably hold suspicions about you, regardless.
posted by a lungful of dragon at 12:53 PM on September 4, 2016 [1 favorite]


OP, please let's not talk like Jake leaving Tor means Tor will get less funding. My understanding is that Jake did little to bring in funds and alienated a big funder on at least one occasion.
posted by gusandrews at 2:01 PM on September 4, 2016 [4 favorites]


(I'm a security analyst married to someone in the publishing industry. I really wish one Tor or the other would change their name...)
posted by XtinaS at 3:46 PM on September 4, 2016 [20 favorites]


Meh, 2/3 of TOR money comes from the US government, and the NSA will give you special attention using the exit nodes they run. I'm fine with fewer TOR users, less traffic to camouflage the intelligence agents.
posted by anthill at 4:11 PM on September 4, 2016


My issue is that at work an overwhelmingly large percentage of what is coming off the TOR exit nodes at the sites I'm in charge of securing is the worst of the Internet crap that I have to block. I could allow TOR exit nodes at layer 3-4, but that adds a not insignificant load to my layer 7 security engines that then have to scan the data payloads (and de-encrypt and re-encrypt). By blocking the TOR exit nodes at layer 3 I reduce my resource consumption on my network security gear by...at some points of the day about 20-30%. And considering that a single network security gateway on my production perimeter costs my company about 240 thousand bucks, saving 20% of my CPU to block a traffic class that is 99% pure nasty shit is a total no-brainer. That's just the place I work, our revenue model and online presence though. Other places may have a reason to allow it.
posted by Annika Cicada at 4:24 PM on September 4, 2016 [11 favorites]


Cross-posting from another board's thread on this article:
...that’s a rather ironic headline given the author used their privileged position as a major Tor2Web node operator to harvest logs on users and tried to sell them to the Singaporean government. I’d posit that them losing all their credibility in the Tor community has more to do with them leaving than some words on a webpage.
posted by Spinda at 5:48 PM on September 4, 2016 [9 favorites]


Wow, that's a deep dark hole, spinda. I followed it back to the original emails. Here's the one accusing him of trying to sell logs to the Singapore government; here's a long response by him discussing the sustainability of the initiative that he and Aaron Schwartz launched (seriously, he namedrops Schwartz a lot in his response) leading him to try to sell "minimized" logs.

Read them both. Fascinating rabbithole.
posted by fatbird at 6:00 PM on September 4, 2016 [7 favorites]


Tor’s Branding Pivot is Going to Get Someone Killed

When I saw the headline I supposed it was talking about the publisher. Having read the article, the headline makes a lot more sense.
posted by Joe in Australia at 6:07 PM on September 4, 2016 [6 favorites]


(I'm a security analyst married to someone in the publishing industry. I really wish one Tor or the other would change their name...)

I vote for Tor books keeping its name, and rebranding the other as Anonymous.Online.Assholes.com.
posted by happyroach at 9:26 PM on September 4, 2016 [3 favorites]


Meh. Tor was always a human rights organization. If this "branding" means anything beyond recognizing they obvious, then it's simply to help Tor raise more U.S. State Dept funding.

I'm a-okay with Tor taking government money too. If they did not, the government would give it to shitty little VPN providers instead.

We focus on connecting dissidents in regimes the U.S. dislikes, but I think that reasoning is passe now. Instead, I think customer product access is now the larger reason behind the U.S. funding Tor.

Imagine you run a news, social media, etc. site that blocks Tor. All those Chinese users who might install Tor for access must now find another site. You might not care because you cannot monetize them now, but that's short term thinking.

In fact, I expect that, if you block Tor users, then Chinese protectionism will ensure that their sites do eventually compete with you from an unassailable market position.

Tor attracts developers skilled enough to build strong pluggable transports. Academically, I'd maybe prefer that money went into developing stronger anonymity properties, improving onion services, etc., but that'll never happen.

At least those pluggable transports let me run ssh from airport wifi with one-ish click. I'd need to find another solution if each one were some shitty little VPN.

I'm also happy that Chinese Facebook users can reach m.facebookcorewwwi.onion without worrying so much that China is secretly tapping the network inside the U.S. to do correlation attacks on facebook.com.
posted by jeffburdges at 5:12 AM on September 5, 2016 [3 favorites]


Also, any smaller authoritarian regimes should worry less about Tor facilitating their dissidents complaining on American social media outlets. Instead, they should worrying that their "safe" domestic social media outlets might be coopted :

US secretly created 'Cuban Twitter' to stir unrest and undermine government
posted by jeffburdges at 5:39 AM on September 5, 2016 [1 favorite]


Anyone running Tor with cloud service providers, which includes many pluggable transports, might be interested to know that RowHammer attacks just got better. I think Tor's migration to ECC over RSA and modular DH helps enormously though.
posted by jeffburdges at 8:30 AM on September 5, 2016 [1 favorite]


The ECC that mitigates row hammer is not eliptic curve cryptography...
posted by rr at 11:18 AM on September 5, 2016 [2 favorites]


I think eliptic curve cryptography ECC should be less vulnerable than RSA. RSA-CRT signatures do separate computations modulo p and q, so Rowhammer compounds with Lenstra's attack, i.e. if you can corrupt p or q, then you get a composite that's close by.

I know less about modular DH but I'd imagine that ,if you could corrupt either the key or the non-secret modulus, then you gain an attack on the private key. I know nothing about attacks on ECC using Rowhammer, but I'd expect you'd gain fewer bits about the private exponent, although the key is smaller too.

There are randomized key splitting tricks that superficially look effective against Rowhammer in all cases. You could do one with the Edwards form of the curve in many ECC libraries, but not sure if I've ever seen an optimized key splitting trick for ECC.

In fact, one might argue the algorithm in A new CRT-RSA algorithm resistant to powerful fault attacks is not more complex than a hand optimized key splitting defense for ECC.
posted by jeffburdges at 6:28 PM on September 5, 2016


For people thinking of blocking Tor, just make sure you really are just blocking exit nodes and not also the intermediate relays. Relays can only talk to other Tor nodes, so they're as harmless to your website as someone running Photoshop. There are also about 6 times as many, and unlike exits they may be run from home computers.

I ran an intermediate relay for a few years and my home address was blocked by random websites, including the state tax website. I had to file my taxes from the library. (Many blocklists and IP reputation sites *cough-Neustar-cough* don't distinguish, and then other people build on top of that. It's really unpleasant because I basically don't have recourse, and the block can persist indefinitely.)

I wish there was a better way to block just the abusive traffic people send through Tor, but the technology for detecting abuse in traffic and site usage patterns is uncomfortably close to surveillance and profiling tech, so I really don't know what to say.
posted by Belostomatidae at 7:57 PM on September 5, 2016


Some back story, just for the record.

Perhaps, more explicitly, what we'd like to eliminate is people like you,
Virgil. You've admitted publicly, in person, to several of our developers
that you harvested HSDir data and then further attempted (unsuccessfully) to
sell said data on users to INTERPOL and the Singaporean government.

We do not tolerate people within our community cooperating with any parties,
including law enforcement and government agencies, to deanonymise real world
users of the Tor network. Full stop.

posted by zabuni at 4:34 PM on September 11, 2016


« Older ♫ We're drinking male tears/we're bathing in their...   |   Steve Buscemi and Elliott Sharp ... If you know... Newer »


This thread has been archived and is closed to new comments