 Hi, I'm Roger and this is Jacob and we're going to talk to you about things that governments and corporations have done to try to censor the Tor network over the past couple of years. So we start out with sort of a very quick overview of what's going on and we're going to try to get directly to the more interesting material. So a brief background about Tor, we've got something like 500,000 or 400,000 people using Tor right now. Part of the goal is to have a diverse set of people so that we've got cancer of survivors and activists and militaries and corporations and everybody in between blending together on the same network. So this is a short overview of the anonymity side of Tor. We've got Alice, she's trying to browse the web to some website or destination Bob and the adversary could be somewhere watching Alice, watching Bob, watching the middle in between. So over the past couple of years we've had quite a bit of growth in the number of relays but this is actually not the right slide to look at. The right slide to look at is not the number of relays but the amount of capacity we have. So it's gone from a little under 500 megabytes per second of capacity to almost 2 gigabytes per second of capacity over the past couple of years. And the load on the network is also going up pretty much to keep pace with the capacity growth which is good news for the number of people who are being kept safe but bad news for performance because we need even more capacity. So I think that it's important to speak to the audience here about the context of the work that we do because depending on who we talk to we might have to explain Tor as if it is a privacy thing and often people they don't really understand contextualized privacy. So for example when I explain this to my grandmother or to my mother I had to explain that I work on technology that sort of functions like curtains function in her life or the way that clothes function in her life because that's the kind of privacy she understands. But here at the CCC I think we understand that we are driving technology. Some people in this room have worked on deep packet inspection machines that actually work on blocking Tor and some people are users of Tor and we really understand the ins and outs of this technology. And so this concept of behind enemy lines if you want to refer to the world in a way where we have enemies and we have lines often the deep packet inspection devices that people use to filter Tor people using Tor are behind those lines. So our users are actually behind the enemy lines in some sense and it is worth considering that maybe not the enemy part but it's worth considering they're behind the devices these security devices and they are the ones that are choosing in fact to do this. It's not us that choose we help build the capacity everyone in here that runs a relay helps build that capacity they make that choice and they're the ones that are behind filters they're the ones that are behind censorship and that context is very important to this work because the things that we're doing are you know it's not imperialism what we're doing what we're trying to create is an alternative and they're the ones that choose to embrace it. I remember several years ago I was being interviewed by a journalist who the first question they had was so how are you doing against China and I had to back up and say no no no I'm writing software there are people in China who are doing against China you should ask them how they are doing but it should not be up to me how China changes we write tools to let people all around the world change the world and the way that they think their world needs to be changed. Okay so our story starts in 2002 when we first did the release of Tor we wrote the design paper published it in 2004 at that point censorship wasn't even on the horizon we were thinking of this as an anonymity tool we need to be able to get lots of different users being using the same network of the same time we hadn't thought at all about what happens when corporations or governments or other tools try to prevent people from reaching the anonymity system so back in the early days of 2002 2004 there really wasn't much nobody was thinking about censorship and governments trying to block these sorts of things so the very first step was Thailand in April 2006 I got mail from some people in Thailand saying I live in a democratic country and they filter the internet and they just filtered your website this sucks I'm gonna sue there's a constitution that says they're not supposed to do that so they ended up doing it by DNS filtering only certain ISPs bought into this so only some people who are in Thailand got censored they ended up doing a redirection to a page that doesn't exist anymore the only certain ISPs bought into it reminds me of a bunch of other countries out there Sweden for example there are certain ISPs who are thinking about buying into the censorship list so that's a theme that we will see over and over you okay so the next step smart filter and websites so smart filter was the first corporation that started working on the censorship stuff and in late 2006 so once upon a time Tor spoke to protocols on the internet we spoke TLS SSL to do the encryption side and then we spoke HTTP to do the directory fetching to learn what the other relays were and that seemed like a good way of dividing things because you should use the appropriate protocol for the appropriate situation but the problem was smart filter said I'm gonna learn how to block Tor just by looking for HTTP fetches for slash Tor slash anything that any URL that people fetched that started with that they would just cut and not much of an arms race at that point they basically blocked Tor if anybody was using smart filter to censor their their network and pretty soon after that web sense decided that was a good thing to add and then Cisco and even today there are a bunch of products out there that claim to censor Tor and what they mean is they censor the Tor that we had deployed in 2006 they haven't updated at all but it works great on their marketing pitches to say and also we censor Tor even if it doesn't work and of course this is interesting because those versions of Tor some of the older versions of Tor in some cases are still in use and so it it creates a sort of false positive false negative situation however there's a funny thing that happens which is sometimes the filters get entirely replaced and as a result the old Tor's and the new Tor's actually both work again even though they've replaced it with a brand new filter which has happened in Iran and in some other places as well and so this is I think quite a fascinating problem which is that you can actually tell when censorship equipment has been switched out in a country right when Iran pulled essentially the Internet at a certain point they put it in one gigabit at a time because that was the capacity that the filters they had purchased with that was what they were able to filter in real time and so you can actually see a stair step of their bandwidth ramping back up because they were able to just plug in censorship devices at that rate that line speed and Iran is actually a pretty interesting case I mean everybody likes to beat up on Iran they're actually extremely interesting in the sense that they I think are the second largest group of Tor users at this point so recently they blocked I mean not too recently but a couple of years ago they basically looked at all SSL and they sort of treated it like a dial where they said okay this is SSL so we're going to turn down anything that's encrypted they're not going to block it but they're going to categorize and then they're going to just discriminate against that traffic and they in fact well we were RFC compliant we picked a particular prime for our Diffie Helman handshake and that P was in an RFC that P was filtered so we of course had to change it so that we looked a little bit more like Apache and Firefox and of course when they filtered SSL because the actual onion router connections from the client to the routers look like SSL TLS in this case like a Firefox and Apache without knowing that they were doing it to Tor necessarily they sort of got it for free. Okay so this year these are sort of the first success stories for Tor and censorship here's a graph from summer 2009 when a bunch of people in Iran were pretty upset that they'd elected somebody and that somebody didn't end up in power so we saw thousands of people every day using Tor to get around the censorship of Twitter and Facebook and stuff like that at the time I've got a graph of China up here where a little while after all the protests in Iran China said well crap I don't want to see that happening in our country let's do a show of force we're going to block Google search and Google groups and Google news and we're going to make sure that everybody knows that that we're still in charge. So that was a start you want to take the Tunisia one? Sure Tunisia has been a particularly egregious sensor in some senses we've actually recently been to Tunisia I try to make sure that I don't advocate the use of Tor in places I myself wouldn't be willing to use Tor and some people that build circumvention and you know so called anonymity systems don't take that approach and I think that's maybe not the most reasonable thing we had a number of people in Tunisia that were willing to take the risk were willing to go in and look at it and had like a pretty serious analysis that showed that they would specially tailor censorship on a DSL line by DSL line basis so it would be the case that you could only make outgoing TCP connections on port 80 and 443 and for DNS to certain DNS servers as I understand it and in some cases if they thought you were a really high-profile person that was worth targeting you would only get port 80 which is pretty it's pretty incredible and as a result we we realized that you could use a Tor bridge to connect to the Tor network but you couldn't really bootstrap very easily if you wanted to connect directly because none of the Tor directory authorities themselves were on port 80 and actually it was in this room a number of years ago that I was asked to set up a Tor directory authority or us and it's on port 80 and it was specifically chosen to be port 80 for this type of filtering that was occurring and we were lucky because it didn't appear that they were very good at filtering on port 80 so they sort of thought the port number was all you would need and then that would be that would be it you wouldn't be able to do anything except HTTP on port 80 well it turns out that's not actually true which was good good for us those were the days back when people didn't do DPI and it's important to note we say smart filter here because it is smart filter there's no mistake about this this is an American corporation which I think who owns this after the chain of acquisitions smart so we went to Tunisia in October and we talked to the fellow who runs the Tunisian Internet Agency and he said yes we did renew our smart filter license for another year so it's great that he actually explicitly is willing to tell people that his government purchased censorship and surveillance software from a Western corporation and they use it and he brought up the phrase national sovereignty because he said we don't censor anymore in our country except for the governments and the military and the schools but but but that's because they want it and that was a kind of a weird conversation and at that point we started to realize so you outsource your censorship and surveillance to some corporation maybe in France you won't tell us which one and then they manage smart filter so smart filter sold to secure computing a few years ago and secure computing sold to McAfee a few years ago and McAfee sold to Intel this year so Intel operates the surveillance and censorship system for the Tunisian military and they probably don't even know it that's fucked up okay so we move forward a little bit those were the good days when people censored by port number or something like that China's a little bit trickier so in September of 2009 right before the 60th anniversary of some guy becoming in charge in China they did a whole lot of blocking of lots of different circumvention tools and they started out by blocking all of the public relays all the public relays that were in the list how many people here know about bridges let's see how much of a okay I see some hands but plenty of hands not so I'm going to give you a brief overview of how bridges work so there Tor has a big list of relays that is published for everybody and there are actually two different pieces to Tor there's the relaying component which is given a set of relays how do I build a path through them how do I do the encryption how do I do the congestion control there's also the discovery component which is how do I learn what relays there are and the simple original design for Tor was a centralized directory system there are eight directory authorities each of them produce a consensus list once every hour of here are all the relays that you can use and it's critical for anonymity that every user has the same view of the network so that's good there's a big list everybody can get it the problem is there's a big list and everybody can get it and that means that bad guys are going to pull down the list and be able to censor it also so the fix for that is what we call bridge relays the idea is we've got hundreds of thousands of users or other volunteers let's let them set up a tour relay and the only difference between bridges and public relays is the bridges are not in the big list so we've changed the arms race from how do I give out three thousand IP addresses to the good guys without the bad guys learning them which is an impossible arms race to how do I take these five hundred or a thousand or twenty thousand bridge addresses and give them out one at a time to the people who need them but not letting the bad guys learn all of them so I did a talk a couple of years ago here in this room on the bridge design and you can find it on the web so if you need more bridge details so how do you find a bridge there are actually four ways that we distribute bridges right now the first one is you go to HTTPS bridges dot Tor project dot org and it looks at where on the internet you're coming from and gives you a different answer so that means everybody can get some answer but if you want all the answers for that bridge strategy you need to come from a lot of different places on the internet so China broke that one in September 2009 they learned the public relays and they also learned all the bridges that we were giving out through that strategy so the second strategy is you send email from Gmail to bridges at Tor project dot org and then we answer you a different answer depending on which Gmail account you have and that means that everybody can make a few Gmail accounts but hopefully the bad guys can't make thousands of Gmail accounts and we leave it to Google to do some sort of rate limiting mechanism or captures or phone numbers or whatever they want to do these days to slow down account creation and China broke number two in March 2010 so it took them a while I'm not sure if they didn't think about it if they did the first one and said oh good we've got all the bridges that actually happens a lot with researchers where they sit down to decide how safe our bridge distribution strategies are and they find all the bridges they can find and they say I have them all and in fact the goal is to separate the bridge list into different strategies so even if you totally beat one of them you haven't learned any of the other bridges so China learned one of them in September 09 they learned another one in March 2010 the ones that still work are social network based I know a nice guy in Shanghai and a nice guy in Beijing and every day I sent him an automated new list of bridges which we haven't given out to anybody else and he knows a lot of people and gives them out to people that he knows and those work the fourth approach is you can set up your own bridge you don't have to tell us we don't give it out if you know somebody who needs a bridge that works very well so we've talked for example to a bunch of human rights organizations in China who run their own bridges and then give them to people that they know need them so there are four overall ways of blocking the tour network the first one is those eight centralized directory authorities the ones that the tour clients bootstrapped from they're hard coded the IP addresses are in the tour source code you block them you're done China did that nobody else has done that that's kind of weird the second one is you pull down the whole list you block all of those you pull down the list every hour so you get updates China pulls down the list every so often but not every hour so there are certainly ways of sneaking by if you try hard enough the third approach we're gonna talk a lot more about today is DPI you look at the tour you look at traffic flows on your network and you say I don't know what that address or port is but boy that protocol looks like SSL but it's not I know that it's tour and there are a lot of variations on that and then the fourth one that works better than we expected is you block our website so back in the day Thailand redirected DNS requests for tour project org tour works fine the tour protocol the tour network everything was working fine but if you can't get to our website first of all you give up you figure hey this was nice but it's gone and second how are you gonna get the software and there are a few answers but the more they censor the messier it gets one interesting thing about number two up here is since we're in an arms race and we are trying to decide the pace of the arms race there are some pretty funny things we could do if we decided to take the arms race in a different direction so for example if they have an automated program that downloads the consensus and pulls every single IP address and port number and then blocks it imagine for a minute in the consensus and I'm not saying we should do this but just imagine here for a moment if they were to pull down that list and it included the IP address and port number of every website a Chinese person has to visit in order to get a visa for example their firewall would stop commerce in their country for a little while so there can be some really hilarious unintended consequences with these surveillance and censorship systems and that might happen accidentally in some cases if some of those people were to run tour relays or bridges so these attacks don't just hurt us we are playing nice right now in some cases and I think that that's important to note we actually we actually tried that particular attack that Jake was talking about where we put in the IP address for Baidu and they didn't block Baidu from inside China so as far as I can tell they actually have a whole heck of a lot of humans who go through every IP address and check it to figure out whether they should block it so trying to attack them in a way that makes them spend more manpower is not the way to attack China right this is an example of I think it's kind of fascinating I posted online that I was looking for people to tell us whether or not the tour project website was blocking our country so in the upper left the bomb site is not trusted and the upper right the I don't know coffee or lava lamp thing that's the United Arab Emirates in the in the back in the background we actually see a Kuwaiti on the left I think that that is also Kuwait in the middle that's the Sultanate of Amman and on the right I believe it's Saudi Arabia so you'll notice they're blocked this middle one is a form where you can fill it out so I asked a friend in the Sultanate of Amman to just put my email address in there and to request that our website would be unblocked a really interesting thing happened here which is that they sent me an email and I looked at the source of the email and it's actually base 64 encoded and the reason it's base 64 encoded is because they do the packet inspection on the flows that are leaving their country and so they encoded it in base 64 so they could say you have requested unblocking tour project org so base 64 is basically what it takes to get past the Omani deep packet inspection so well well China may have infinite manpower some people have automated these systems and another interesting point which is worth making more for you than for us is that those systems well you should just request that form you'll notice that the mail systems they used to send it are sent mail from 2003 this this this is another set in the I think in the bottom left and maybe that's Kuwait again I think that's Kuwait and the upper right is UAE the bottom right this is I think kind of an amazing thing here they're trying to tell you you know that this the site has been blocked this is in Qatar and they're trying to make it fun right and if you feel this is an error feel free to send them an email they're trying to contextualize this inherently fucked up thing that they're doing which is restricting the right to read to be clear and they're trying to make it fun they're trying to make it like oh yeah this is not a targeted sort of you know population control idea this is hilarious oops it's fascinating though because some places don't even do that right they have a very different relationship where they're trying you know to do some kinds of mind control essentially and in this case they at least are attending which is significantly different than some of these maybe although the top two from the UAE sure are cute this is another view on the time that China the very first time the 60th anniversary of some dude getting into power in China so this is a relay that I run in Amsterdam and it on basically it was one of the faster relays in the network for a time and one day we went from approximately 10,000 users connecting from China on a daily basis basically to zero and that little bump in the graph is either an error like an error in our data set or maybe it's when their censorship system wasn't quite working it's important to realize the censorship systems in some places are very centralized in the same way that the ITU is centralized you have a central telephone company and they have central filtering and that's sort of the edge of the country and you think about it like a perimeter security system so it doesn't work very well and China has that plus each ISP gets a phone call or an email saying don't embarrass us you know make sure you filter this stuff and so in some cases some ISPs have additional filtering or they are responsible for doing the filtering and then there's also the edges and so this might be a case where there was a I think the term they use is harmonization there was not harmonization between the filters in China and then they sort of iron that out and this is what happened the same time so just to show you that graph again it used to be that users would download a new circumvention system the whole binary the entire shebang whenever they got blocked and I went to Hong Kong and a couple of other places in Shenzhen and so into the mainland and I talked with people and I said hey you don't actually have to download a copy of Tor you can just plug in a bridge IP and one of the people I talked with was an extremely well-known blogger and he said hey Google and a bunch of places are about to get blocked install Tor today if it stops working use bridges here's how you use bridges so they blocked or and that's what happened right I mean to get kind of sentimental about it this is sort of the triumph of the human spirit over censorship here you got 10,000 and then you like peak like they realized that they were empowered to do something and then they did it now yeah how do you know oh that's a okay so part of the way that we know is that we have developed a metric system at the Tor project that in a privacy preserving manner does a pretty good approximation of the number of users that connects so if you run a relay you have a GUIP database someone connects you look at their IP address you do a look up and you put it into a bucket and every 24 hours you send just GUIP data into the metric system and it rounds up by about it's a bucket of eight so if there's only one Chinese user there's an error margin there but when you start to get into the tens of thousands of users the eight user bucket doesn't matter so much so that's how we actually generate if you go to metrics dot Tor project org we have graphs that show the number of directly connecting users and the number of users that use bridges and the way we know where users connect from is by storing that in a privacy preserving manner so no personally identifying information is ever sent anywhere except then the name of the country we don't do anything better than that and of course it's possible that a bridge or relay can lie about that information that's definitely the case the numbers I just showed you this one is from my relay I promise you I didn't lie you can run your own relay and you can find these numbers out for yourself and you don't have to trust us at all and the methodology for this metric system which is worked on by Carlson lozing he he has published papers on how to do this and we recommend for anybody that runs a privacy preserving service this is how you should do data on your users right there's no IP addresses of users to subpoena in our system these are approximate numbers and that's extremely important people say you need to track people extremely in detail in order to know what's going on and that's a lie and when people tell you that they're full of shit and so you can do this in a smart way so the other answer to follow up with that is the bridges are the first hop through the network so they get to see the user but they don't know what the user is doing because the user then builds more hops through the tour network so the goal here is the first hop maybe they learn about the user but they don't know what the user is doing the last hop they learned somebody went to Twitter but they don't know who so that means that this first hop can collect aggregate statistics and as long as they don't publish anything that can harm users or reveal details about users then it's useful for us to be able to learn which countries to focus on in a way that doesn't harm the users so what Jake was talking about the good was the good news with some users disappear from the direct relays and then lots of people use bridges the problem here is once China blocked the second strategy of bridges suddenly it was very hard to in an automated way if you don't know somebody get to learn about another bridge so there are two problems here the first problem is we don't have good bridge distribution strategies we don't have good ways to make sure that everybody who needs a bridge can get one but the bad guys can't learn all of them the second problem is we don't have enough bridge addresses when I first started out this arms race with bridges I was saying to myself we need to get lots of bridges so the bad guys can't block all of them that was actually the wrong statement to make the correct statement should have been we need the rate of change of our bridge addresses to exceed the rate of blocking that the adversary can sustain it's not about get a large pool and then you're done it's about continually churning through addresses in a way that's faster than the bad guys can keep up so our problem right now is we have six or seven hundred bridge addresses and they're basically static there are hundreds of volunteers who've donated their DSL per line or something like that so we'll talk a little bit towards the end of the talk about strategies for switching from hundreds of static bridges to millions of dynamic bridges but yeah this is bad news for tour in China right now basically China is kicking our ass at the arms race and we'll see some slides later on that show that it's even worse than this. Oh great I would say we might frame it sometimes as China is kicking our asses but really let's be honest here what is happening is that China is oppressing their citizens and restricting their right to read and their citizens have clearly got a desire here and it's important to note that we have been here before and since we're talking about timelines I would like to go back to approximately fifth century BC or whatever you want to call it so this is important because it turns out that sometimes there's a relationship between real truth like an objective thing and how people of the day see that truth so in this case there is a guy who showed that the square root of two was a different class of numbers than the Pythagoreans appreciated and they drowned him at sea right well it turns out that Iran is repeating this story and the reason that they are doing that is because as I said earlier they took the parameter P from our Diffie-Hellman handshake and they basically said if we see a TCP flow that includes this this number we're going to kill the TCP connection we are going to say that that is not all right so I was joking with Roger instead of irrational numbers we've created liberation numbers and these numbers are being drowned at sea by different governments and corporations all around the world so there's actually a number right now if you send that number after making an SSL connection in Iran your connections get killed which is also kind of funny if you think about what you could do with JavaScript and websites but ironically they very clearly were targeting us and if you look at things like the Diginotar Devakul or other cases where some Iranians have really owned up a bunch of certificate authorities that kind of deserved it they very clearly have people that are working on this ironically socks proxying as we note here it really wasn't so sometimes when things aren't blocked there's a reason for it and that largely comes from the fact that censorship of services is is an effect that happens as a result of other actions which is to say that censorship is a second order effect of a surveillance state right because they are watching then they tamper they tamper when watching is not enough so using a straight socks proxy is fine to let through in some cases because they believe that it doesn't harm things it doesn't harm their surveillance program so there's a lot of there's a lot of leeway here if you can camouflage your protocol to look like another protocol then it's very difficult for the classification systems to decide that it's a protocol that needs to be blocked and lucky for us the DH parameter P is a server side parameter so we just had a patch out in just a few hours and the relays upgraded and the whole tour network worked all over again and that's what it looked like each of these red dots here is a censorship event and so they actually did these censorship events you can see three here you can see that they did them at particular times of the year that are actually if we were to look at news stories we would see that there's important political things happening here so because we were able to get the patch out in a very quick amount of time we were able to essentially help people who wanted to continue to use tour right so I think the graph peaks at 12,000 so they went from making sure that zero of those 12,000 were able to securely communicate and then we got back up to 12,000 this is around the time and of course this is not to take credit in any way for this happening it's just to say that we're helping to create these alternative communications channels and in this case we see that they intentionally knew that something was sensitive so they went to the trouble of working on blocking tour and then in this case we were able to turn it around quickly enough that the demand was back during that particular time point because it was sensitive it was a time when people really thought about needing to be free from surveillance this is a country where when you log into your gmail account if they can do a man in the middle attack on you they will and when they do the man in the middle attack they will take your email address they will go to your house with the contents of your email they will grab you take you to the secret police office and they will beat the shit out of you and torture you and potentially even murder you for the contents of your email this is the same thing that's happening in Syria so they really want to be able to spy on people and then they prove to those people that they have this total view of your activity online and tour threatens that totalitarian control and that is why they are attacking these things because they are trying at the same time to attack their citizens specifically and this gives their citizens something that gives them some of their agency and some of their autonomy and it returns it so when you run a tour relay and you wish you could do something about this kind of stuff happening in the world this is the kind of graph that should really inspire you to know that when you make a choice to do something like this it actually does empower those people directly and immediately and that keeps them safe so one other point here I have a friend who's from Iran and does a bunch of trainings in Iran and he tries to teach people about a lot of different circumvention tools and a few years ago he told me a story that I'm still trying to wrap my head around which so he said I do trainings of lots of different tools I've taught a lot of different people lots of different tools everybody that I've taught anything other than tour to is now in jail so now I only teach tour which is a pretty scary statement because we're not perfect the other ones are not as good but holy crap we've got a lot of work to do so actually if you write free software could you raise your hand everybody here it would be totally awesome if everybody that rose if you're raising your hand right now you should really consider coming and volunteering to work on tour because you'll make a huge difference in the world when you do that I mean no pressure or anything but if you fuck it up you know we need we need good people to check our work so Egypt Egypt is a place that's very near and dear to my heart I I did some trainings in the Middle East I even studied Arabic very very badly and you know non-existence it's much worse than my German in 2009 and I went I went to Egypt I taught people about OTR I taught people about how to use Jabber I taught them about various different communication systems and how to use them safely and at the time I met some sensors and they told me oh yeah we use the Cisco gear we do deep packet inspection on enemies of the state and yeah well you know I don't think too much about it but obviously they're bad guys so this is a pretty serious problem but we we tried our best to tell people in Egypt look surveillance is a big deal you don't see it yet but when you see it it will be very bad because what someone can do is pretty serious and so what happened in Egypt of course everyone knows is that there was a revolution and in fact it's not that the revolution happened and it stopped on January 25th of this year rather it is the case that the revolution is continuing non-stop right so this January 25th revolution is still going on right now to here according to some of my friends that are in Cairo covered with snipers there are people that are being shot in the eyes I mean there's like a real serious thing going on in Egypt and in the case of Mubarak pulling the plug on the internet we saw that there was selected filtering so for example Twitter was filtered IP address by IP address and so there was a case where a couple of the IP addresses were not filtered and you could still sort of intermediate and you could you could sort of reach some of them from some ISPs and then sometimes you couldn't but on telecom Egypt data links there were two IP addresses which were never filtered but other ones on the same slash 24 that were so you could prove without without any question that they were filtering that right at the DSLAM for the DSL modem and that's a pretty interesting fact and in fact I went to Egypt after January 25th again and I was on a panel with someone from Nokia, Vodafone, Telecom Egypt, the head of the communications agency for Egypt and I sat on this panel with them which was a little bit awkward for them and I said you know now that the dictatorship is gone I have talked to many people in Egypt that wish to ensure that the Egyptian constitution is something that you respect so will you agree to never censor the internet again will you agree to never send propaganda for whichever regime tries to pop up next and Vodafone made the usual arguments about pornography and all the other nonsense things about terrorism and they don't talk about for example how they're spreading of propaganda is in fact propagating state-based terrorism against individuals that live in Egypt they just sort of gloss over that and that's something you can't just stand and listen to so I of course said well I have evidence that shows that you actively engaged in censorship and the telecom Egypt executive said that's not true you're wrong and I said no no I have the data and I'm be happy to provide it in a court of law I mean I'm not really a fan of law but in your case I'll make an exception and you know I'd be happy to provide it and he said I'm not saying you're lying but okay and he stopped arguing with me because he knew damn well that he had specifically and selectively targeted certain things for censorship and that they had collaborated with the regime and there would be a time of reckoning and when that time came it would not be pretty for him we got this on videotape by the way which is which is pretty great but of course unplugging the internet sort of changes everything and as we can see here there is a demand and then there was a drop and that's I mean that's pretty serious they basically promised they won't do it again however and if you have a Vodafone SIM you should consider contacting them about this Vodafone said we will do whatever the law says is whatever is legal they will do that so what they basically said is no matter what happens we will do what we are told regardless of the consequences it's not because we're afraid will be killed it is because the our corporate charter is perfectly aligned with the law right and wrong go with the law hand-in-hand and I confronted them repeatedly about this and they continue to say that that is not an acceptable standard of right and wrong actually and certainly not in a dictatorship where the rule of law is not controlled in any way through the consent of the people that are governed by this law and it is really important to drive that home these these laws are bullshit and we should disobey them and these corporations should be punished by everybody for doing that so that was January you'll notice that these slides are showing up more and more closely together at this point in March Libya they didn't cut off the internet in the same way that Egypt did but they might as well have so there are a bunch of people who were starting to use it and then they they throttled everything they didn't unplug it in a way that everybody in Egypt freaked out about they just basically turned down the bandwidth knob so there was nothing left and there are a few people back using it part of the challenge with Libya is they don't really have an internet there to begin with so you'll notice the numbers here are hundreds of people coming from the Libyan IP space another challenge is when you get a geo IP database it doesn't really care about Libya very much because the people who build geo IP databases are building them to sell them to corporations who sell televisions online and if the person is not going to buy a television from you who cares what country he's from so it's challenging from our perspective to figure out which country some of these users are coming from another issue here I was talking to somebody from Libya who said uh the reason why you don't have most of us here is because we use sat phones that pop out as if we're from Italy so hard to know how accurate the data is but I think the general trend of lots of people deciding the they need the internet the internet getting throttled and then slowly coming back exactly at the times of various political events is pretty interesting yeah so I think that Syria is a particularly egregious example of a fascist state when it comes to the internet and in fact you can look at an internet connection in a country and you can sort of tell in general how free the country might be in terms of how people who govern the telecom infrastructure think that people should be and and and effectively what regular people are free to do online and Syria is an example of a place that is so incredibly bad for so many reasons some of them are not public I'm happy to make some of them public right now one of them is that they actually record every single bite of traffic that goes in and out of the country which sounds crazy until you remember that not a lot of people have internet access and with deduplication it is certainly the case that you can run the tcp dump on those links and record them and it will not be a big deal and I actually received some information from some people that built these systems through a mixmaster relay and I mean I'd never received a serious email through an anonymous remailer before which is pretty incredible what they seriously do though is record everything so just imagine everything you are doing is recorded every phone call every transaction every email all this stuff one of the most critical components of a circumvention system then is forward secrecy does everybody understand forward secrecy? raise your hand if you don't understand it okay good enough people don't in Tor when you connect to a Tor relay you generate a session key that later if you were to steal the Tor relay if you were to take it offline you were to break into it it would not have that key anywhere anymore there's a long-term identity key and a short-term session key that is generated these are really really important that's a sort of oversimplification but the point is each connection has forward secrecy so when that connection is torn down it's gone that's a huge problem if you don't have forward secret senior protocol and they record everything because what it means is if you fucked up your protocol and there are lots of people that have and we'll talk about one of them in a second if you do that and they're recording this they can retroactively go back find people and kill them and in Syria at the Arab bloggers meeting in Tunisia we met a person who told us that they had friends who were cut up into little pieces and mailed to their families in boxes one guy who posted on Facebook about how he was sick of the revolution not a pro-revolutionary statement sick of the revolution and he didn't like the Assad government for the way they were handling it and a death squad came to his house and killed him who shot him to death that's what happens when you're not using these circumvention systems as they start to get more and more serious about counter-revolutionary things they will relate technical attacks to the social realities of those countries and they will murder them and that's a really serious problem and I personally won't stand by and let that happen if I can help it and so forward secrecy is a really important thing when you evaluate a protocol for use there another thing to consider is that America is actually as usual a big part of the problem and so in this case with blue coat we know that telecomics and a number of other people had access to some blue coat devices which should never have arrived in Syria but they did and we looked at the logs and we can actually see a very high level view of what blue coat can see and and to log and the stuff that they're logging is enough to be able to say to someone you posted this thing for sure we're going to just use grep as our counter-revolutionary tool that's a really serious problem and in the case of blue coat they could have done something about it and they really they really didn't do something about it in fact they denied it for a very long time which is of course nonsense because they know and we know and we showed proof of it and a lot of people had access to those logs and while I very much respect what telecomics did I think it's important to note that removing the logs and publishing them at the same time is a very dangerous thing to do specifically because they anonymize the logs supposedly by removing the user's IP addresses from the logs and nothing else which is very unsafe I mean I think that that kind of hacktivism is pretty awesome in some regards but in that case the actual content blue coat recorded included buddy lists of people that were using just HTTP right so removing the IP address doesn't matter because their real name may have come across in that HTTP transaction and it is logged in those log files so very seriously I have to consider instead if you're going to tamper with it consider just changing the data to make it less incriminating or maybe change it so all the IP addresses of all the users are only the Syrian government computers there are lots of cool things you can do in that case so just think think at a couple steps out and in the case of blue coat they have a forced magnification where they couldn't block Tor and then they shipped an update and all of a sudden their DPI engine was able to tell that it was a Tor connection no matter what port no matter if it was a bridge or relay and they were actually able to filter Tor so we see this and those red points there and so this is like I think maybe an important point I have a report that's coming out in the next probably in the next couple of months I actually wanted to present it at the congress but some people have been making the very bad mistake of trying to gag me and so I just have to update the report to include some information about that gag so hey guys if you're watching so UltraSurf is a system which the people that are involved in it they mean the best but in cryptography well-meaning intentions actually don't really matter very much what matters is whether or not you do it right and if you find out you don't do it right you fix it to do it right nobody's perfect we don't expect anyone to be perfect I certainly don't I'm far from perfect UltraSurf is an example of how instead of really designing for the real adversaries that exist they sort of have no way to close the feedback loop so to give you an idea about this Tor is trying to look like SSL and TLS because that's basically the only protocol we can realistically try to look like and get away with it if we do a good job and I'll show you how do you check that well here's an example these are the blue coat logs that are UltraSurf and we say worse and we say better for a reason which is that neither is perfect it would be so awesome if when blue coat looked at a Tor flow they just they didn't see anything that would be awesome that's very hard to do in this case what we see is a couple of things and so here's some ode for UltraSurf first of all we see it is bootstrapping so the bootstrapping process we talked about before this slash gwtn colon u equals and this url that url is in fact a cgi on a server it's being fetched through google so google gets a log of it blue coat gets a log of it and the data that's there it's actually encrypted with a static key that's encoded in their binary and it tells you some bootstrapping information so the thing is you can visit that url or at least at the time that we pulled those logs you could visit that and you could in fact get the bootstrapping information out of it I believe if you go to this it pretends to be an RSS atom feed where the payload of the RSS atom is a thing that says begin pgp document but it's not actually pgp which is another interesting thing there so they actually send the string pgp and it's not as strong as pgp so they attract the attention and then like assholes they don't follow up this is Tor it just shows that there's a connection at all it is the almost the absolute minimum thing you can hope for you can see the IP address of my Tor directory authority on the left the thing that ends in 34 and you can see to the right another IP address and actually in the very beginning of that you can see you can actually see that this is not one of the telecomics redacted log files and talk about it wrong okay so moving forward a few more months in September of this year Iran filtered the Tor filtered the Tor protocol again using DPI so before they used DPI to look for SSL flows and then they grept for our Diffie Helman prime at this point they did DPI for SSL flows and then they looked at our SSL certificate and like good computer security people we said you're supposed to rotate keys every so often so up until that point Tor rotated its SSL short-term session key certificate every two hours because you're supposed to keep changing it over time the problem is how many people out there right now run a website whose SSL certificate is within two hours of expiring not many it turns out so if you combine we do DPI for SSL with we look at the certificate that you send and it's suspiciously close to expiry then they killed it so at that point I mean it's an easy fix the fix is you can continue rotating your session certificate but you make it valid for a year even though you keep rotating it every two hours so it's not a perfect fix I mean the next thing they're going to do is they're going to say why do you have an SSL certificate that was born within two hours of now because how many people have that but they haven't blocked it so the bigger picture here there are 20 or 30 or 50 little tricks like this that you can use to distinguish the Tor protocol from an actual Firefox talking to Apache and we have an internal list we've got an idea of what they might do next in this case we had a list before and one of them was they're going to look at the expiration time on our session certificates and it looks a little bit weird so when they blocked us this time so in January they blocked us and we took a few weeks we were like oh my gosh they blocked us did they really block us let's get some people to do some tests okay now we need to do DPI let's do SSL checks and so on and we figured it out this time we figured out what the problem was and put out a fix on the same day because we'd already done the work in January to figure out how to do that so the big picture question here do we fix all of these things preemptively because we know that there are ways that they might censor us or do we leave all the low hanging fruit exactly where it is because the next time they choose to censor us they'll do something we've already thought of and there are a lot of conspiracy theory questions here part of what we need to learn is they're not trying as hard as they can to censor Tor they could go out and buy Cisco and Bluecode and all these other things and pay thousands of engineers in Sunnyvale to figure out how to do it they have a lot of different political motivations here their goal is to make a statement maybe there's a policy guy who calls up a technical guy and says hey can you censor Tor and the technical guy thinks about some options and chooses this one so we can learn a lot from the fact that Iran censor Tor once in January and once in September and they haven't done anything else in between so it's not huge multi-billion dollar government working night and day to do this there's a lot more to it in terms of how the arms race is going one also really important point here is we are extremely clear about the fact that Tor is not a steganographic transport where if you use Tor you are not ever going to be detected as using Tor we don't make that claim because people who make that claim are full of shit and it's important to know we say that very harshly because in the case of UltraSurf when we look at these things they claim they are totally invisible and leave no trace yet by design they use Google you cannot possibly consider having gained your user's informed consent when you lie to them so we know these are unsolved problems and we understand that these kinds of logs show up and so while there are some distinguishers one of the distinguishers is that you're using the internet at all and it is very difficult to change this and so we do not make the claim that no one knows that you're using the anonymity network and it may be the case that someday in the future with systems like TELIX that it will be hard for someone to know you've ever connected to anything related to Tor but it is super dangerous to make that claim and we would prefer to be very conservative so that when people use the system they know what we think they're getting honestly and truly and that is absolutely the only way that we think that we'll be able to ethically do this kind of a thing and so it's really important if you build or work on these systems to understand it is way better to over deliver than to over promise because when you make a mistake or when something goes wrong real people's lives are really on the line and we don't want to mislead them so here's the graph of people actually using Tor from Iran over the last year or so you can see in January the little blip at the bottom and that little dip towards the right the red one that is the 18 hour period in which they censor Tor after January so and another point here as of the past few months Iran has just passed Germany as the number two country using Tor in the world which is a pretty serious statement from a lot of people who are being seriously oppressed and so going back to what Jake was talking about in terms of what we should promise there are really two security properties that Tor provides in terms of anti-censorship in terms of circumvention because we want to provide not only you get to the website but we also want to provide you have some safety while you're doing it so there are two components to what we mean by safety and whenever you're looking at a circumvention tool you should be evaluating each of these components in the context of that tool the first one is how diverse is the network out there in the in the case of the Tor network we've got thousands of relays in a lot of different places and the more relays we have and the more dispersed they are the less chance there is for a given attacker to be in the right place to beat the anonymity and learn what the user is doing so that was the old approach for Tor the second approach that we've been trying to think a little bit more about in the research world is diversity of users so if I give you a circumvention tool and people can learn that you're using it but they can't learn what you're doing with it but the only people I give it to are high profile Iranian dissidents I screwed up I have killed them we need a diverse set of users we need a lot of people in Iran not being dissidents but you've filtered my web comics I don't know why but I'm going to use this tool to get around the censorship we need a lot of people in America and Germany and lots of other places all blending together in order to provide plausible deniability or whatever we might want to call it the corollary there is if there are 60,000 people in Iran right now using Tor there's a lot of different types of people using Tor there but if you're looking at Sudan and there are I don't know 20 people using Tor in Sudan right now we need more people there we meet we need more diversity there in order to be able to make it safe I think I should tell the FBI story now okay you know my lawyer's watching this video right now I'm sure don't worry not that FBI story so no 99% of the police make the rest of them look bad so they're not all bad that joke never gets bad because it never stops being true so it's interesting because I was once at an internet meeting where they were talking about denial of service attacks and about anonymity and you know problems on the internet and this FBI agent tells me we don't ever use Tor we have our own anonymity network and by the way criminals are so stupid you'll never believe how stupid criminals are and I said well that's really interesting maybe you only catch stupid criminals and he said that he didn't quite understand what I meant and I said that that makes sense and so and so I said let's consider your anonymity system here for a second so you're saying you have an anonymity system that's only used by the FBI and you only use it for investigation so I send you a link you click on the link I watch where you click what just happened that's not an anonymity network that's an FBI police surveillance and investigation network and his partner walks up and says yeah I use Tor all the time this guy just doesn't get it diversity of users is extremely important and and it's really important there may be legitimate things that those guys are doing they will actually have a different they will have a selection bias essentially in what they see on the internet because their anonymity system fails them and they don't have a way to close their feedback loop because they're arrogant and I would never want to be accused of arrogance so I think it's important to note that using something with the diversity of users might help fix that problem it might not fix the problem but probably it fixes that problem and they have no other answer to that yeah so we see the same story again and again when we go talk to law enforcement and try to teach them about how the internet actually works we were in Sweden a couple of months ago talking to the guy who was trying to push through the data retention law and another forensics guy who worked for the Swedish government and the forensics guy waited until halfway through when the first guy was yelling at us and explaining that it's our fault the internet is messed up to say oh yeah I use Tor every day for my job does and I use it at home too shouldn't everybody and the first guy was looking over saying I thought you were on my side I thought we were in this together so there have been a couple of other censorship things that we haven't really looked into as much as we could in October we started to get reports that Tor was not censored in Iran but squeezed down, throttled it wasn't working as quickly as it used to be and we haven't figured out for sure I think this one was a false alarm but what would happen if one of the next steps they take in the arms race they don't DPI and then find it and block it they DPI it and then they put it in a different bandwidth bucket so we don't get reports saying Tor doesn't work and when we start doing our own tests it works the only difference is if you're doing SSL that looks like Tor you get four kilobytes a second if you're doing SSL that doesn't look like Tor you get 20 kilobytes a second that would be a much more subtle way of doing the attack in a way that makes it a lot harder for us to verify and change things around and figure out how to get around it so I don't think Iran is doing that China is doing something much more messy and we were not expecting this step in the arms race for years so in October it started to be the case that you set up a bridge nobody's ever used the bridge before you tell somebody in China about it their Tor client makes a connection to the bridge between one and ten minutes later some other IP address in China makes its own connection to the bridge does an SSL handshake and starts talking the Tor protocol so they are doing active follow-up probing of every SSL connection they see through China that's a seriously huge next step in the arms race that we were hoping would not happen anytime soon so we've got packet traces on this URL if you want to start trying to investigate what's going on I think they're running a quite old vulnerable version of Tor to do their own tracing so and an interesting thing here is if you look at this bug bug 4185 you'll see the IP addresses of their probing systems so this is actually a pretty fascinating thing for a number of reasons not the least of which is that that's a lot like the FBI anonymity investigation network isn't it well it's good to know that the Chinese are tailing them so it's also the case that you can scan those IP addresses and look into them I mean they have an active probing system it is not just for Tor to be clear they are doing these probes on different protocols there was a Swedish guy who reported this was happening for SSH so it is certainly the case that if you want to look into it there is a way to trigger these these probes and then you have a client that is connecting to you and of course there is an IP address where they're connecting from so maybe you have a server that's worth probing and scanning we would love it if the CCC and the people attending the congress this year would visit this bug report and would really put some time into helping us to understand this and looking at these IP addresses and to triggering them and to help us because this is the future of many other countries when some American corporation decides to implement this and sell it to dictators we need to really think hard about how to solve this but we also need to understand the essence of the thing first so we really need your help with this because there's a limited number of us and there are many many more of you and we will all be much better if we work together on this so one other short thing that I'll I'm going to skip a few slides towards the end in order to summarize this more quickly there are fixes for this even when they're doing DPI for SSL and then they're connecting and they're talking the Tor protocol the fix for this Tor is developing what we call the modular transport system or pluggable transport system and the idea is you can ship your Tor client with all sorts of little transports that you attach to it and then your bridge can say I support the following ways of talking to me and one of the first ones that we're working on is just another layer of encryption on top where the protocol is Alice sends some bytes Bob sends some bytes you XOR them that's the session key and the goal of that is there are no recognizable bytes in the protocol so anybody who's doing DPI on content it doesn't work anymore they have to move to traffic timing and volume characteristics or something like that so that's the way forward in the arms race in China if this is in fact what they're doing we can't just try to look like SSL because then they're gonna start talking to us and we're gonna have to put passwords on our bridges you're gonna have to do the SSL handshake and secretly put in the password in order to prove that you really know about it that way lies madness we need to come up with better protocols that don't try to blend in with SSL but try to look like nothing at all so here's an example of the Tor projects website in Iran you'll note that this is not our website and this is actually I believe the second most popular website in Iran so if you wanted to help distribute if you wanted to help distribute things this like telecomics as you did in Syria consider this this is a DNS poisoning for some ISPs so you request the IP address or the name of the thing you try to connect you're either redirected by IP or you're redirected by DNS poisoning and you get here instead of to the website you thought you were going to get to and that's that's kind of an interesting thing also because that means that building something for a censorship probe to detect that is pretty straightforward right there's like fixed strings on this you can see that the server headers are different it's very clearly not an SSL webpage where you download Tor but this makes a really interesting point which is that could easily be a Tor website mirror but with Trojan binaries so it's extremely important to check signatures and in places like Iran maybe the way to get it is by sending get Tor at Torproject.org via Gmail where you have an SSL Gmail connection through a Chrome browser which uses certificate pinning so you know you're really talking to to Google as much as anyone could be talking to Google and you download Tor indirectly and then you get bridges and you add those bridges and you don't connect directly at all that would be a much better way to do it for example lots of US government computers are filtered by blue coat just like Syria turns out they have a lot of things in common and you know killing people without trials that kind of stuff so it's important to really look at these kinds of things as what the next steps will be for many countries and this is Iran as of just a couple days ago so what we're up against is I think I'll take the first half you take the second half but basically the really important thing to consider here is that it's not really countries it's networks and in some cases some networks are weighted in a more heavy sense than others so for example in countries with centralized telecommunications facilities such as Tunisia they had someone blocking Skype and they don't know who it was the Tunisian internet agency the guy that runs it he said to us we have smart filter it doesn't it doesn't block Skype but during the revolution someone was blocking Skype so the censorship agency themselves had to get the internet connection from the ITU body in that country and someone in that telecommunications center had a different layer of censorship that no one knows about they have never disclosed for example who the deep packet inspection vendor is we actually have like a pretty good map of the Tunisian internet because they showed us their network operation center and it's pretty fascinating actually to look at that and realize that there's this big black hole in their picture which is their uplink in between the rest of the countries in the world and the Tunisian internet agency it's their ITU body and that ITU body has some pretty scary stuff in it and that scary stuff can be bought from pretty much anywhere and installed and it has a force amplification effect that's pretty serious and so now one engineer in Sunnyvale, California like if you're a blue coat can make a really big difference where when you ship an update you are actually materially harming quite a lot of people all around the world all at once right and if you guys haven't read the book IBM in the Holocaust by Edwin Black I really you know I think it's a really good thing to talk about even though machines themselves are neutral you have to consider what it is that those machines are being used for and what it is that you are starting out to do in the beginning when you are building those machines and well it might be the case that you think that it's okay to censor for example people in a corporation where you're certain it's your property and it's your internet when that same equipment will end up in a dictatorship maybe you should consider the relationship between the capitalist employment system and dictatorships in regard to control of information and maybe it's ethical in one place and it's certainly not ethical in another and maybe it's actually not ethical in either place but you have to consider that Tunisia cannot afford to pay the R&D costs of a surveillance and censorship system for their entire country they pay $5 million a year or something to smart filter just to get a license to do it so the problem here is not Syria and Tunisia are funding the development of these things the problem is that Boeing goes to Cisco and says give us a tool to keep our employees from reading news at work and at that point Cisco says give us millions of dollars and we'll help build one for you and then once they've built it for Boeing then they might as well sell it to Tunisia and Burma and anybody else who wants to buy it because they've already got one so part of the huge problem here is that Western corporations are funding the development of these censorship and surveillance tools and then dictators get them for free so how do we solve that problem that's messy from a technical side from a policy side part of what I was thinking about this before so I was talking to Whit Diffie the crypto guy and he said ah this is easy you build a list of all the companies that are willing to sell to bad governments and you build a list of all the companies that are not willing to sell to bad governments and then you publicize both lists and then you let everybody decide to go to the second one the problem is there are no companies on that second list there are no companies that are not happy to sell to any dictator around the world so I'm not sure how to solve that problem but we need some sort of answer so I think you know I talked about this a bit in my recon 2011 talk which there may be there'll be a video online of it at some point and the slides are available but really what it comes down to is that corporations have the ability to effect change like even dictators cannot in their own country right so for example if you are really good with Bin Navi and Bin Diff and Ida Pro and all the rest of this reverse engineering software which is like incredibly important at this point in time getting the firmware images mirroring them for these different companies really understanding how their software works finding out what bugs there are that is great for example if there is a bug in a filter such as in Iran there was a bug where you could exploit the firmware where you would basically say G space E space T instead of a normal get request and it would bypass the filter now this doesn't really seem like it's very important but what matters is that when that bug goes away you know that they were patched and now you know that there is collusion now you understand that the deep packet inspection machines are not like a car or like a Kalishnikov what they are like is a guy with a Kalishnikov who hands it to the dictator and then when it jams he unjams it and when he says I need a bigger gun it hands him a bigger gun and he says I need a gun that only tailors and only hits bad people say well what does a bad person look like we'll design a rocket that specifically fits that this is exactly what Deutsche Homag did this is extremely important what IBM did during the Second World War is identical to what these companies are doing now and is extremely important to look at that so here's the question if you could all go back in time right now and do something about that would you? this is an honest question no no not clapping honestly if you could go back in time knowing what you know now would you go back in time and would you set things straight with IBM's punch card systems yes no okay what if you didn't have to go back in time you don't these are the people doing it now and they believe they're doing the right thing in some cases so sometimes just talking to them will change it but other times reverse engineering dropping bugs on them monitoring what they're doing monitoring the sales just like we monitor arms trades like Fefe said the other day it's extremely important to consider these things like landmines surveillance systems should not exist and we need to wipe them out we have to get rid of them and we have to do it by showing economically and from a human rights perspective that these things are not okay and we need to change them so these are the companies and there are more companies like them and you can find them and you should work on that if you have the time and if you have the inclination you don't have to go back in time we don't have to wait 50 years to fix these things we can do it now and that's what we're working on so please come join us in that so speaking of surveillance and censorship part of the challenge that we had when we were in Tunisia and Egypt and other countries trying to teach people about these things a lot of people say yes I need an anti-censorship system I need something to get around the censorship but they don't think if there is censorship that means there is surveillance if they are deciding which web page you get to see that means they know every page you're going to this is something that as technologists of course that makes sense but for the actual users out there the people who are risking their lives doing things on those networks they've never thought about it that way so part of our challenge in education is we need to get them to realize censorship yes you can see if there's censorship you know you want to do something about it surveillance you can't see and that's even worse so we need to give them some ways of not being watched while they're doing something we find a lot of people who say well yeah I couldn't get to Facebook so I used a circumvention tool but then they unblocked Facebook so I just went there directly that's exactly what Syria wanted them to do when they unblocked Facebook so part of our challenge is an education effort to teach them about how internet surveillance works okay so I'm going to skip through some of the technical stuff because we're over time I'll give you a brief taste of what's coming in future talks so we don't have to talk about it as vaporware but we'll actually be able to explain what we did and how it went so there are a couple of technical problems research problems we're working on one of them is how do we get a lot of different bridge addresses right now we've got six or seven hundred what we want to do instead is get a bunch of corporations or individuals who have hundreds of extra IP addresses leave them at the ISP that they're pointed at but either give them a little box to tunnel them to us or ask them to put a line in their Cisco router that redirects them to us and the goal there is to be able to hop around over millions of IP addresses and light up only the ones that we need when we need them and that way we'll be able to churn a lot faster with the bridge addresses it turns out there are millions of addresses out there that are not used right now the end game is to go to places like Comcast and say give us three or four out of every slash 24 you've got give us a couple of IP addresses that redirect to bridges and please change them around what they are from day to day so that's the first research thing another one how do we do traffic camouflaging better how do we end up with traffic obfuscation techniques that so the first step is the layer of encryption that I talked about before that will win the DPI arms race for now because the only thing the DPI people will have is they will be able to say that flow is HTTP that flow is SSL that flow is gosh I don't know and all the DPI boxes have a little box to censor gosh I don't know but that will drive up the false positives in a way that maybe they aren't comfortable with so China we've actually seen maybe this start to happen China DPI is for SSL and does the active follow-up probing in October they were doing the active follow-up probing and censoring the bridge and then they stopped now they do the active follow-up probing but they don't censor anything is that because they were recognizing too many things as Torah and censoring them and somebody got upset that their website or some other protocol got censored so part of the challenge here is to figure out what they are comfortable censoring and that's a bad arms race long-term because their goal is to go to large corporations like Huawei or Cisco or whoever and say give us a better DPI box that can distinguish these things even better and then the last piece we need more bridge distribution strategies we need better ways of making sure that the addresses that are up can go to the people who need them without letting the people who are trying to collect all of them and censor all of them learn about it so we can do better by having a lot more addresses and having them change a lot more often that means we can be much more aggressive with different strategies that we take but we'll talk about that one in a future talk so I think that it's extremely important this is our second slide second to last slide so I think it's important to understand there is a concept it is called so-called lawful intercept and I think that it is incredibly important to understand that we choose the world that we want to live in especially in the so-called free world surveillance builds a totally different world and one thing that we can consider is that we don't want to live in that world and we can consider it before we live in that world so when someone talks about lawful intercept or back doors or delivering the plain text or administrative subpoenas or any of that stuff what they are saying is they would like to expand the law enforcement capabilities the so-called lawful intercept and we must reject that like Evgeny talked about in his talk talking about these surveillance systems even though censorship is something we can identify with we can rile against it we must consider that surveillance a total surveillance state on the internet is a very serious problem indeed especially in places where the lawful intercept is put in by requests of say the American government when they make that request Iran gets it for free they would not be able to build it themselves it also means that it's possible for other people to use those systems for example I believe it was the SNMP bug where you could specify only one byte was necessary for authentication and I understand that that was actually possible to use against the lawful intercept SNMP interface for authentication so it's like these systems are designed specifically to spy so when they say so-called lawful intercept you should read it as spy and when they say we need this to do our job you need to see that they're saying we want to expand the job we do we want to make the Stasi look like they had nothing on humanity fuck that reject it reject it absolutely and wholly they don't need it we live for almost the entire history of humanity without a total surveillance state we don't need one now let me tell you something if if anyone wants to go now we're really over the time if anyone would like to stay and ask questions you have us for as long as you want us as long as we're free to go at the end officer so if anyone wants to go now's the time if you want to ask questions there are some microphones and I think that probably the order guy wants to say something yes exactly if you want to leave if you can leave now I think we have time for four questions one question first question is from the internet and he's ready to ask that question and then please line up at the microphone for further questions now the question from the internet what about ipv6 issues and tour ipv6 in tour so we have ipv6 bridges working right now as alphas thanks to the fellow sitting in the front here so he would be happy to chat more with anybody who wants to learn about ipv6 one of the fun things about all of these censorship and surveillance devices when bowing goes to sysco and says give us a tool to censor our corporate network bowing doesn't use ipv6 so none of these tools that sysco builds for bowing do anything about ipv6 so if you're in china or aran or lots of other countries right now and you can set up ipv6 you are a winner no censorship for you but still surveillance okay the microphone over there just want to thank the work you are doing to open our eyes to try to bring us the consciousness how things are working or not working i would like to ask if it's a chance to to share or to ask for a petition locally where the project is running at the lows that are not working are not defending the free of speech of people if it's possible to support a petition to ask for a law to protect the war and the free speech because if we fail as a system like the border that separates the countries where people don't have the chance to speak free let's try to make internet a tool that gives us the possibility to break borders and to have a voice together where we can find a space a place to give to everybody that needs to raise the voice to find it well thank you very much the microphone over there so say i have an idea what you could do to to improve the bridges where would i need to go to propose it so you have an idea for what to do with bridges where do you go to propose it tor has a proposals system sort of like python's proposals where you write up what you think the problem is and how to solve it and what the security implications are if you go to the tor documentation page you will find a pile of mailing lists and a pile of design documents and there's plenty to read there sign up for the tor dev mailing list and send your idea okay and last question from the internet up front here the signal angel how will the tor arms race be affected by us senators investigations of silk road and the current so-called tech attack on dns will the us government stop being a tor supporter i have no idea what you just said the question is will the us government stop being a tor supporter he asked whether or not sopa is that what you said sopa yes he was asking whether or not the us government will be will stop becoming a supporter of the tor project and specifically about sopa those are two separate questions i'll answer the first part okay you answer the sopa part great okay so the first part is that just like any place corporation country and sometimes even people the us government is not a monolith so at least in my experience we've got one group of assholes that detains me at the airport and another group of assholes that would love to detain me everywhere i go and then another group of people that actually really understand that anonymity is important and they should stop messing with me and there are a lot of people that are good and believe that it makes sense for people to have the right to read and to do so without surveillance sopa is pretty scary and roger will talk about why but it's important to just drive home the first part which is it's not a monolith so there are people that are both trying to help and trying to harm at the same time and they're under the same flag and we should not put those people together and say they're all bad because some of them don't have the foresight to realize that this is important so sopa is very dangerous for lots of different organizations in the us but there are a lot of people who are i think a little bit over hyping the immediate problems that it will introduce for tour there are a lot of people saying sopa will make tour illegal and as i understand it what it will allow is the head of the department of justice can tell tour to stop making tour nobody else can tell tour to do that and if they do then we know a whole lot of non-profit pro bono lawyers who will help us crush the law so what that means is surely they will not be so foolish as to attempt to use their law on a tool like tour that is useful for so many different things i don't know if we will have to turn it into a legal fight hopefully we will destroy the law before it even happens so thank you very much the best of luck to you to the tour project and thank you