(apart from Formless Networking, but that one is a bit more well known)
Not that it's not nice of them, but it seems a bit out of place.
No, really it was a genuinely thoughtful and respectful description of the person. I only hope that at my own level, and at some point in life, people I am associated with think of me in (somewhat) similar terms ;-)
Knowingly or not, anyone running OpenSSH is already trusting the work
of the people at Conformal.
we have 3 nodes running up to 4 processes on each node. each node is capable of pushing out up to ~600 Mbps with 4 processes on it. the nodes run bitrig, a fork of openbsd that several of our developers hack on.
EDIT: i just read the linked article and i see why we are listed - we have our own ASN and run openbgpd from our colo space.
Seems to me like it fits in with what else they do.
They do some very impressive cryptographic deduplication. Essentially
it's a method to deduplicate already encrypted data reliably. If you
don't realize how amazingly cool that is, you need to do some reading.
It's a really tough problem, and it solves a major pain point for anyone
with large volumes of encrypted data (i.e. governments).
How is that even possible? Surely a custom crypto scheme is needed?
Example 1 - user1 uploads file1, then at a later time user1 tries to upload file1 again. the 2nd occurrence of the data in file1 is recognized as a duplicate of what has already been stored, so the service does not re-upload the bulk data of file1. this saves bandwidth, time, cpu cycles etc.
Example 2 - user1 uploads file1, then at a later time user2 uploads file1. in a private (per-user) deduplication pool, both user1 and user2 would need to separately upload a copy of file1, but in a global deduplication pool, user2 would not need to actually upload the bulk file data since it can reference data that user1 uploaded earlier.
the upshot here is that each user has their own separate crypto keys that are used client-side, similar to spideroak, tarsnap, etc.
i could get into the details here, but it's pretty well summarized in our infographic and crypto whitepaper
It is also worth pointing out that systems supported restricted classes of functions preceded Gentry's work. If you are willing to limit yourself to NC1 functions (i.e. those that can be represented as boolean circuits with depth that is the logarithm of the input size), you can use oblivious transfer or the SYY construction (cannot recall their names off the top of my head). If you only need products in certain groups, you can use ElGamal. If you only need an XOR, you can use the Goldwasser-Micali system.
Also, there are garbled circuits, which date back to the 1980s. That is a somewhat different notion of computing on encrypted data, since it requires messages to be sent every time the computation is performed. Garbled circuits are substantially faster than FHE right now, although that may change due to FHE's low communication overhead and the rate at which FHE speeds have been improving. Also in this category are multiparty protocols that use arithmetic circuits, which have seen at least one major real-world use:
I'll go to the top of the building and light up the tptacek bat signal.
We changed our logo.
It no longer looks like a vagina
That was an hilarious blog title I've encountered for a long time.
What information do you have that they are government contractors?
(Obviously the US has many draconian laws regarding cyber-anything, but I'm curious what specific lines we cross with Tor Exit Node operation. Does it include something like ownership and responsibility of the data that passes through a node that we operate?)
Unfortunately, since we're often a single guy with no legal entity, we are not afforded such protections by default. I've been running an exit node since 2005, and I've had to switch ISPs numerous times because of abuse coming out of the node. I've even had my hardware physically confiscated when network administrators couldn't figure out what kind of traffic was coming out of it.
While I believe in the goals of the Tor project, I am not really interested in being the guy who has to set the precedent here, so I don't run my exit node in the US any more. If history is any indication it would be a long legal battle to set such a precedent.
See https://www.torproject.org/eff/tor-legal-faq.html.en for more discussion on the topic.
Your ISP is obviously an ISP, and most law enforcement agencies understand that and that it means that if something dirty comes through there, then an employee of the ISP most likely didn't do it. But if you're using your home PC as an exit node... most agencies probably have no idea what Tor is, and would assume that you personally were doing whatever came through it, and would commence with the whole search, seizure, and media circus before they figured it out.
"Geolocation was performed against the IP addresses using the Free GeoIP API"
That quote even contained a hyperlink to Free GeoIP's website.
If its also not obvious, most large TOR exit nodes are in datacenters and not in people's houses, for a variety of reasons.
Bravo for the data center mention as well.
As someone who lives in a rural area, without access to high-speed connections, the idea of running a home based server just doesn't make sense.
To take your pedant to its extreme, though, using Tor Hidden Services entirely inside the Tor network is more secure than using a Tor exit node to access web sites outside of Tor.
If you hear about sites like the Silk Road, those exist only inside the Tor network, you can't (directly) reach them the 'actual internet' / the Web.
edit now that I think about it, placing Tor exits in a hospital area might be a clever tactic to avoid them being raided (e.g. to freeze memory and attempt to extract some data about other nodes etc)..
Ashburn, United States
So, not a coincidence, but also not suspicious - it's just Amazon's data center.