
Tor hires former EFF chief as executive director - serengeti
http://www.pcworld.com/article/3014505/tor-hires-former-eff-chief-as-executive-director.html
======
adrtessier
It is hard for me to come up with a better strategy for a Tor executive
director, than to hire someone who is both a proven electronic civil liberties
activist _and_ a competent attorney to lead a project that has already been
feeling the heat. Unfortunately, Tor likely will be publicly thrown to the
angry mob by an ignorant representative the moment it is politically expedient
and be seared on the grill of neocon pundits, all while the USG continues to
push it covertly in places where American influence cannot as easily penetrate
due to network censorship.

Steele has a long road in front of her, but she seems to be a great person to
lead this project to success. Congrats to everyone working on the project; it
is truly necessary in places like Iran to see a neutral Internet.

~~~
dguido
> already been feeling the heat

I think you're misdiagnosing where Tor is "feeling the heat" from. From an
engineering perspective, it's been oversold as solving problems it can never
hope to.

People who route their traffic through Tor are nearly guaranteed to get
malware back [1]. Hidden Services are a hack that don't adequately protect
your privacy [2]. And several who have staked their livelihood on being
anonymous with Tor have been easily identified by law enforcement [3].

Tor is not a "cause" worth the this level of continued support. It is a
research project, for a tightly scoped set of a research problems. In
practice, it has several unintended and dangerous caveats that few are aware
of. No amount of litigation is going to change those problems.

[1] [http://www.leviathansecurity.com/blog/the-case-of-the-
modifi...](http://www.leviathansecurity.com/blog/the-case-of-the-modified-
binaries/)

[2] [http://www.ieee-
security.org/TC/SP2013/papers/4977a080.pdf](http://www.ieee-
security.org/TC/SP2013/papers/4977a080.pdf)

[3] [https://blog.torproject.org/blog/tor-security-advisory-
relay...](https://blog.torproject.org/blog/tor-security-advisory-relay-early-
traffic-confirmation-attack)

~~~
idamateur
One exit node out of 1110 is hardly a "guarantee", and I wonder what
percentage of binary downloads are actually done over plaintext HTTP. "Out of
over 1110 exit nodes on the Tor network, this is the only node that I found
patching binaries, ... This does not mean that other nodes on the Tor network
are not patching binaries;"

~~~
r721
There's also a danger of MitM:

"In 32 days I've found 15 instances where a node is sniffing and using my
credentials and over 650 uniqe pagevisits which means that others also
sniffs."

[https://chloe.re/2015/06/20/a-month-with-
badonions/](https://chloe.re/2015/06/20/a-month-with-badonions/)

~~~
idamateur
Again though, how many sites do you use that have login forms that don't use
SSL.

I don't know the actual numbers and it might be very high, but I suspect many
people do not use any, which makes this point not very important (unlike the
one about hidden services)

------
okasaki
Why does tor need an executive director?

