
Tor’s Branding Pivot Is Going to Get Someone Killed - tshtf
https://medium.com/@virgilgr/tors-branding-pivot-is-going-to-get-someone-killed-6ee45313b559#.z1vs8xyjz
======
trendia
Tor is no longer secure; the U.S. government paid Carnegie Mellon (CMU) to
research ways of de-anonymizing users by inserting specially designed packets
into Tor user data at controlled nodes. [1]

Nearly a year-and-a-half after CMU canceled a Black Hat presentation, hints
were dropped that CMU's Tor-related efforts may not have been for research
purposes only. An anonymous tipster claimed the FBI had paid CMU $1 million to
unmask Tor users. A quasi-confirmation popped up during the DOJ's prosecution
of Brian Ferrell, who was allegedly assisting Blake Benthall in running Silk
Road 2.0. Ferrell and Benthall were both swept up in the wake of a Tor-related
FBI raid known as "Operation Onymous," which began a few months after the
hastily-cancelled Black Hat talk.

Included in the information handed over to Farrell's legal representative was
the following:

On October 13, 2015, the government provided defense counsel a letter
indicating that Mr. Farrell’s involvement with Silk Road 2.0 was identified
based on information obtained by a “university-based research institute” that
operated its own computers on the anonymous network used by Silk Road 2.0.

[1]
[https://www.techdirt.com/articles/20160225/07295633707/silk-...](https://www.techdirt.com/articles/20160225/07295633707/silk-
road-20-court-docs-show-us-government-paid-carnegie-mellon-researchers-to-
unmask-tor-users.shtml)

~~~
atdt
This was covered by Motherboard[1]. The Tor Project put out the following
statement in response: "the Tor network is secure and has only rarely been
compromised. The Software Engineering Institute ("SEI") of Carnegie Mellon
University (CMU) compromised the network in early 2014 by operating relays and
tampering with user traffic. That vulnerability, like all other
vulnerabilities, was patched as soon as we learned about it. The Tor network
remains the best way for users to protect their privacy and security when
communicating online."

[1] [http://motherboard.vice.com/en_au/read/carnegie-mellon-
unive...](http://motherboard.vice.com/en_au/read/carnegie-mellon-university-
attacked-tor-was-subpoenaed-by-feds)

~~~
trendia
I think that Tor, like Bitcoin, will always be vulnerable if a particularly
powerful entity is able to obtain a majority of nodes. (Or, in the case of
Bitcoin, a majority of hashing power).

And the more troubling aspect is that the courts have accepted the
government's arguments that no warrant is required to disclose IP addresses:

> ... Tor users clearly lack a reasonable expectation of privacy in their IP
> addresses while using the Tor network. In other words, they are taking a
> significant gamble on any real expectation of privacy under those
> circumstances.

If both of these statements are true (that the government could easily run a
majority of Tor relays, and that the government does not need a subpoena),
then any particular vulnerability being patched is irrelevant to the inherent
insecurity of the network.

~~~
cjbprime
Though note that Tor is _also_ vulnerable to someone who doesn't control a
majority of nodes, but can monitor the traffic of a majority of nodes from
upstream. This is probably easier to achieve for a global adversary than
actual control of the nodes' computation.

This doesn't make it bad software; it's the best we have, and being able to
monitor traffic across the entire Internet is a huge ask of an attacker.

~~~
nbraud
Also, remember that the NSA has had that kind of capabilities for a while, yet
what came out of the Snowden leaks was “Tor stinks” (read: “We don't know how
to break it in any practical sense”).

~~~
WilliamDhalgren
yup. Though apparently they could deanonymize some folks, but couldn't target
the users they wanted.

But I'd expect that to change, a low-latency network like tor that also
doesn't create cover traffic just architecturally isn't equipped to deal with
something approaching a global passive adversary. Though networks for even
that can be built..

~~~
nbraud
The takeaway was indeed that they could deanonymise individual users, but they
couldn't target it and it required significant amounts of human effort (i.e.
it did not scale).

AFAIK, Tor developers are willing to implement cover traffic; the main reason
it hasn't happened so far is that there is no known way to do this that
clearly helps against that kind of threat. Until we have this (either from
academic research, the Tor Project's own efforts or something else), it would
be at best a placebo.

------
Freak_NL
From the article:

> You propose running a Tor node or using Tor internally. Before, this was
> just something you could do. After Tor’s pivot, you now have to justify why
> the company should explicitly associate itself with banned HR activism and
> draw the government’s ire. Using Tor is now an additional mild liability for
> all of its non-HR users.

Using Tor already marks you as suspicious depending on who's looking,
regardless of why you use it. The ideals or mission statement of the Tor
project don't change this.

Tor suffers from the same impediment as the Bittorrent protocol; it is used a
lot for illegal purposes, so a stigma of illegality surrounds the tool itself.
By focusing on the legitimate use of Tor (e.g., as a human rights facilitating
tool) the Tor project might actually improve adoption rather than frustrate
it.

~~~
subway
Sure, Tor traffic has always been suspicious, but that suspicious traffic has
traditionally been without an attached political label. By branding Tor as a
tool specifically for HR campaigns, you risk drawing additional ire from
regimes considered to have a poor HR record.

~~~
ramblenode
Governments that have a reason to be concerned about Tor are already concerned
about Tor. And governments that are concerned about Tor won't be more or less
concerned because of its mission statement.

~~~
1ris
I don't think so. You are probably from the west. Image what your government
would do against tor if tor changed it's missions statement to be about
circumventing drug laws. I'm very sure serveral liberal democracies where
hell-bend to ban tor.

/edit: We had a massshooting in germany recently. We currently have a debate
about police tool against the "dark web" as a source of firearms. Before that
the goverment was not concerned about tor at all. After that it was very. The
narrative about tor changed only slightly, and the governments stance changed
rapidly. And the missions statment is a very strong source of narrative.

Goverments are not either good (supporting Freedom) or evil (supressing it's
people), but do both things to some extend. It's not like Singapore wants a
little freedom as possible for it's citizens. It just has very un-western
values. If it though that tor does not get to much in the way it won't do
much. OTOH German goverment might attac tor.

~~~
romanpoet
Thank you 1ris! Yes, that is _exactly_ the point.

------
ajamesm
> Imagine Tor published a policy document stating: “The Tor Project proudly
> advances drug-use by creating and deploying usable anonymity and privacy
> technologies so people around the world can circumvent local drug laws.”

"Imagine"? If you think this is hypothetical, bub, I have some bad news for
you about the current perception of Tor.

When I think "Tor user" I think of illicit pornography, black market drugs,
and human rights activists. Those are pretty much your options. What nation is
okay with the first two, but not the third?

"Oh shit, we knew he was moving $2m USD in heroin, but we had no idea he was
documenting human rights abuses! Apprehend him!" Please.

~~~
timmytokyo
That may indeed be the public perception of Tor, but the project never
publicly aligned itself with the distribution of child porn or illicit drugs.
The author's point is that the explicit public alignment with Western notions
of human rights is likely to harm the Tor project in countries where "human
rights" are perceived as Western imperialism. The extent to which Tor's
adoption of the human rights marquee might make a difference in the way these
countries treat Tor is unclear, but it is at least a valid concern.

Frankly, there are a lot of better reasons -- mostly technical -- to doubt the
efficacy and long-term future of Tor. But the recent politicization and drama
certainly doesn't help it.

~~~
mikeash
Those countries aren't stupid. Surely they already know of Tor's applications
here. Certainly China puts significant effort into blocking it, for one
example I'm familiar with.

~~~
timmytokyo
I agree with you. But I was surprised that the author was able to run a Tor
relay in Singapore without significant interference. That tells me that at
least one authoritarian country was willing to turn a blind eye on Tor and
some of its shadier uses. Will the new greater emphasis on human rights cause
Singapore's authorities to give it greater scrutiny? Maybe, maybe not. But it
certainly won't help.

~~~
romanpoet
You can run relays in Singapore. But you'll first want to leave your cellphone
number with the police so they give you a call before visiting you at home.

After the pivot there remain two Singapore relays run by brave operators.

[https://atlas.torproject.org/#search/SG](https://atlas.torproject.org/#search/SG)

> Will the new greater emphasis on human rights cause Singapore's authorities
> to give it greater scrutiny? Maybe, maybe not. But it certainly won't help.

Yep. That's the argument. Their pivot is not the _end of the world_ , but it
definitely hurts.

~~~
romanpoet
relays:

* [https://atlas.torproject.org/#details/46022AFBB0B1A771EE3CB3...](https://atlas.torproject.org/#details/46022AFBB0B1A771EE3CB35AD337543A63210467)

* [https://atlas.torproject.org/#details/AD00FAC2AB97E310ECAB25...](https://atlas.torproject.org/#details/AD00FAC2AB97E310ECAB25E6A154FAEED345922E)

------
aw3c2
I long for the good old, tech-first days of Tor. This invasion of talkers and
lobbyists (even if for the good cause) is ruining it.

~~~
mintplant
Jacob Appelbaum, the guy they kicked out, was already more a talker than a
technologist.

~~~
syshum
They kicked or forced out more than Jacob Appelbaum.

~~~
mintplant
Who else was kicked or forced out?

~~~
syshum
The entire governing board.

Multiple Major Exit Node operators

The old bridge node operator

Those are just the people that have spoken publicly about their exit. Many
others (given the nature of Tor) are not going to come forward publicly. They
simply stop contributing and disappear.

Jacob was a distraction and excuse.

A Distraction so people would focus on that instead of what was happening with
the project

A excuse to implement massive Social Justice and what I believe to be long
term Pro Government reforms/policies within the project.

------
yuja_wang
These types of issues come up a lot in well-meaning organizations. What they
don't realize is: "You an include the most people by having the narrowest
platform."

So if you're a "privacy technology" group, anything not related to privacy
technology should not be part of your focus.

Ever Civil War, for example, has two (or more sides). Now the Tor group has to
pick one. If they were simply interested in privacy technology, they wouldn't
have to.

You see a similar thing with Codes of Conduct, or "inclusiveness" initiatives.
Why can't a Python conference be about Python and only about Python?

~~~
dleslie
Because human beings write Python code and attend Python conferences.

------
syshum
It is sad to watch the Tor Project implode. While it in no way impacts the
project as I was a very very very very minor user of Tor in the first place, I
have removed any and all installations of Tor from my systems, and will no
longer donate to or support them in any way

Tor has lost their mission, which should have been Privacy above all else.

Today they seem to be more focused on Social Justice, and less about privacy.

~~~
micaksica
> It is sad to watch the Tor Project implode.

I don't see this as an implosion. I am not fond of the majority of SJW
rhetoric as a lot of the defenses seen in those circles seem to be constructed
as thought-terminating cliché.

I have much respect for Virgil, but I also think Tor is in need of a rebrand
at home.

Ancap/cypherpunk messages are not agreeable to the mainstream, and they do not
maintain a project when it becomes this close to mainstream. The common
Western observer begins to equate the network with the abusive practices
inherent in anonymous communication. The average user sees "Tor" and thinks
"child porn" or "drug dealers", or "Mr. Robot" hacker types. These are things
that economic resources that have to answer to Western political authorities
will run from, and if the project needs funding, it needs to have a feel-good
message that supporters can parrot to politicians and others that _actually
have power_.

I, too, am an anarchocapitalist cypherpunk type. But I'm realistic enough to
recognize you can only push that platform so far as an organization scales.
Most people still won't care.

Full disclosure: I am not affiliated with Tor, but I have run relays in the
past and will likely run more in the future.

~~~
romanpoet
> I have much respect for Virgil, but I also think Tor is in need of a rebrand
> at home.

Thanks! I love you too.

> These are things that economic resources that have to answer to Western
> political authorities will run from, and if the project needs funding, it
> needs to have a feel-good message that supporters can parrot to politicians
> and others that actually have power.

This is a totally reasonable response. I would be delighted if Tor Project
could make a pronouncement like this.

As a reply, I saw no indication they were having trouble appeasing western
authorities---e.g., they had no trouble getting DARPA money for the big MEMEX
project. They are voluntarily cutting themselves off from defense because they
dislike the politics of the funders. Instead, they are piloting themselves
into a position where they are forced to take money from human-rights funders
just to stay afloat. And becoming "Human Rights Watch for Nerds", makes Tor
work vastly more difficult in the Asia Pacific.

I agree with you that Tor could use a rebrand, but this is a poor choice of
one.

------
iuguy
I hope Tor Project Inc can resolve the issues it faces.

After a bumpy start, Rotorproject[1] is starting to iron out a plan. It's my
hope that Rotorproject can help Tor Inc resolve it's issues while
simultaneously providing alternatives to the current (technical) monoculture
in terms of easily usable anonymity.

I think advancing human rights are a reasonable goal, but when I've seen
political activism as a specific project goal, I've yet to see long term
success.

[1] -
[https://phab.rotorproject.org/w/general_project_information/](https://phab.rotorproject.org/w/general_project_information/)

~~~
timmytokyo
It's also managed by someone who thinks RC4 is a reasonable choice for a
modern crypto application. No thanks.

~~~
urgerestraint
May as well be using ROT13...

------
ramblenode
This is an interesting point I hadn't considered but I'm skeptical the
rebranding will substantially change anything for people living in repressive
countries. Governments that flag someone as suspicious or arrest someone for
using Tor would have done so before the rebranding. These governments don't
need to convince a jury or an impartial judge that Tor is a dissident network.
They are already well aware of how Tor is used to circumvent the government
firewall both by commoners who just want to watch YouTube videos and by
activists to communicate.

~~~
JumpCrisscross
I've been advised to cease using Tor when travelling to certain places.

Previously, I could have a reasonable conversation around "securing sensitive
but non-threatening communications". The rebrand makes the tool dangerous to
be caught using. The OP's comparison between Western treatment of anything
drug related and certain cultures' reactions to the term "human rights" is
spot on.

------
cclements
There may be good arguments why not to use Tor, but this doesn't seem to be
one of them.

~~~
criddell
I'd never thought of it in the terms that the article author presents, but I
think he has a point.

If you are a reporter, you have a very good reason to use Tor. When searched
at a border or by some police force, having tools made for privacy and
security is going to be expected. Having tools for human rights activists is
going to cause trouble.

------
sschueller
I keep saying this but we need a working implementation of riffle sooner than
later. From what I understand it solves some of the shortcomings of tor.

[http://news.mit.edu/2016/stay-anonymous-
online-0711](http://news.mit.edu/2016/stay-anonymous-online-0711)

------
jbmorgado
There is something that baffles me in these kind of posts.

Why do you act like it's the west obligation to solve your social problems?

TOR was created in the west, its main contributors are from the west and now -
and very rightly so - the people in front of TOR identified the eroding of
personal privacy as an eroding of our human rights in the west and they want
to change that.

It's good for the west, is good for the TOR creators and main contributors. If
it's not good in the Orient or middle East, then instead of complaining you
should be creating and contributing to projects that help your purposes and
your social advancement.

~~~
romanpoet
That's a perfectly fine response, and it's completely logical.

However, Tor self-righteously insists it is improving human rights,
_especially_ for improving human rights outside the west.

------
vacri
> _For example, say you’re a sysadmin at a local business wishing to further
> secure its comms. You propose running a Tor node or using Tor internally._

I had to stifle a giggle at this 'example'. I have to wonder how many 'local
businesses' so value their comms that they want to hide their origin at the
expense of significantly downgrading their bandwidth... and what do these
'local businesses' look like?

------
tptacek
Potentially getting people killed shouldn't be news to anyone who's been
involved with Tor over the past decade.

------
zmanian
Virgil seems to be willfully ignorant. Tor needs greater political support in
the West because of second crypto wars. Tor also needs more funding that is
available for work on privacy and anonymity to support use cases like
Securedrop. Too much of Tor's current funding is tied to censorship resistance
applications of Tor.

~~~
Sniffnoy
People can be wrong without being willfully ignorant. There's no reason to
assume bad faith. You could make a perfectly good argument along the lines of
what you say without that accusation. Why add it in?

(Note that you haven't actually fully _made_ that argument. We have multiple
competing concerns here (as we always do[0]). Virgil has made an argument
based on one; you are trying to make an argument based on another. The
question then is, which one outweighs the other? Since neither of you are
actually responding to the other's arguments, merely expressing different
concerns, it is impossible to tell from your arguments alone. (To put it
another way, in pg's "Hierarchy of Disagreement"[1], you're purely
counterarguing with no attempt at refutation.) Calling Virgil "willfully
ignorant" makes it sound like his argument carries no weight or has already
been refuted, but this is not the case.)

[0]
[http://lesswrong.com/lw/gz/policy_debates_should_not_appear_...](http://lesswrong.com/lw/gz/policy_debates_should_not_appear_onesided/)
[1] [http://paulgraham.com/disagree.html](http://paulgraham.com/disagree.html)

------
bahjoite
The author's argument that the Tor Project is throwing its users under a bus
isn't convincing. The Tor tools and the reasons to use them haven't changed
with the introduction of the Tor Project's new mission statement and social
contract. The profile of a Tor user hasn't changed and nor has the meaning of
Tor's traffic on the network. A Tor user confronted by the Authorities is
still able to give "privacy" as their reason for its use. An at risk Tor user
is still at risk and it is far from clear that the Tor Project's stated
mission increases their risk.

I think the author conflates the risk to Tor users with the risk to Tor
Project members and volunteers. It may well be true that the latter groups are
at greater risk.

~~~
tankenmate
And yet some mid level autocratic bureaucrats in various totalitarian
countries will now label Tor as a threat to state control and hence will treat
any users with suspicion regardless of what said users claim to be using Tor
for. Mid level bureaucrats largely don't understand the nuances of technology
and cryptography but they certainly understand a political statement when they
see one.

And so while it might be click bait to say that this will wind up killing
someone but at the same time you can say that it is far from impossible.

------
shiven
Anyone trusting Tor for anything anymore is asking for trouble. Their new
branding and associated bravado is just weak-sauce attempts at projecting
technical soundness in the face of getting their tech butt-torn by the CMU
hack. You can google the details of the hack yourself.

Anyone, with even an iota of self-preservation in them, is best served staying
away from this identity-leaking crapware. There is no gentle way of putting
it. Tor is fundamentally and practically compromisable, do not trust it for
guarding your anonymity against a determined adversary.

No. I don't have any suggestions for alternatives either.

------
ryanlol
[https://lists.torproject.org/pipermail/tor-
project/2016-July...](https://lists.torproject.org/pipermail/tor-
project/2016-July/000582.html)

This attitude from someone representing the Tor project is, to put it mildly,
terrifying.

But I guess fundraising matters more than lives of actual real human
beings.[1]

[1] I'm inclined to believe the author slightly exaggerates the risk, but the
reply completely neglects to address that issue. Trying to shift blame on
local governments is hardly an option when those are the ones you're trying to
defy.

------
nstj
I missed the part in the article where it describes how the change in branding
will result in someone's death?

------
ashitlerferad
Tor's response:

[https://medium.com/@virgilgr/tors-branding-pivot-is-going-
to...](https://medium.com/@virgilgr/tors-branding-pivot-is-going-to-get-
someone-killed-6ee45313b559#.z1vs8xyjz)

------
nxzero
Quick review of weaknesses listed on the Wikipedia page for Tor make it pretty
obvious that Tor is a threat to majority of users that if discovered be face
serious, if not life threatening, responses.

Why do people continue to use it?

[https://en.wikipedia.org/wiki/Tor_(anonymity_network)](https://en.wikipedia.org/wiki/Tor_\(anonymity_network\))

~~~
htns
It's common for people to have too much trust in technical solutions, even
when the solution includes stark warnings on its download page. It's even
worse with VPNs and 'secure' email providers.

Tor can still be useful as a building block of the next thing, but people
should start demanding something better than Tor.

~~~
zipwitch
How terrifying would status quo power holders find a free, universally
available and readily usable software tool that provided real and uncrackable
anonymity for anyone?

