 So the first rule of onion club is you, oh shit, wrong talk. Okay. So I'm going to tell you a little bit about Tor onion services and the sort of things that we've been doing lately. I'm going to try to do a bunch of different topics at once. How many people here know about Tor or how it works? Something awesome. Okay. So I'm going to skip over most of the how it works and so on. We finally made the projector work which is awesome. I can't see what I'm seeing so I'll be looking to the sides every so often. So Tor is a nonprofit. Tor is software. Tor is a privacy tool. Tor is a lot of different things. It's a network of volunteers around the world. It's a group of researchers who try to study how to make privacy better. The Tor network has something like two million users every day using it. So it's a lot of different people all around the world. We've got a lot of people in the Middle East. We've got a lot of people in Europe. We've got a lot of people in North America. And each of those are for a lot of different reasons that I can get into. So what's the situation here? We've got Alice over here. She's trying to browse the web to some bob and she wants to keep some security properties. She wants to stay safe. She wants to make it so that somebody watching her doesn't know where she's going. She wants to make it so that somebody at the destination can't figure out where she's coming from. And she wants to make it so no single like tier one ISPs like AT&T, which I guess means NSA, get to track where she's coming from to where she's going. So anonymity is more than just encryption. More than just crypto. I talk to a lot of corporations who say, well, yeah, I don't need Tor because I use a VPN. I don't need Tor because I've got encryption. I use something else. And encryption is good. You should use encryption. But even when you're using encryption, people watching you get to learn who you're talking to, when you're talking to them, how much you're talking. And that's what the intelligence agencies use these days. It's not about let's try to break the crypto. It's about let's build a social graph of who's talking to who, find out who's in the middle of that, and then go break into their house and change their laptop or steal their hardware or stuff like that. So the goal of Tor is to protect the metadata. I'm sure you've all heard the phrase we kill people based on metadata from our fine government. Okay. So I actually only use the word anonymity when I'm talking to other researchers. When I'm talking to my parents and ordinary people, I tell them I'm working on a privacy system. Because anonymity, maybe it's a bit scary, but privacy is a good value that the whole world should have. And when I'm talking to companies, Google and Walmart and so on, I tell them I'm working on communication security. Because privacy is dead and anonymity is scary, but security, yeah, yeah, I need some security. And then when I'm talking to governments and militaries, I tell them I'm working on traffic analysis resistant communication networks. And again, it's the same system, it's the same network, it's the same set of users, it's the same security properties. But the goal is to blend all of these different groups together. Because when you go to the government and you say, I've got a security tool, they're like, yeah, I've heard that one before, we bought 50 security tools. We're all set or we don't like security or whatever their answer is. But traffic analysis resistance, oh yeah, I do want to send the diplomat into Israel and not have people learn what her affiliation is. And then there's the fourth category, which is the reachability or the censorship side. So all of these are different talks, I'm going to skip over most of them. I should be around for the rest of the weekend in a bright green shirt, so if you want to ask me more questions about Tor, I should be around. Okay, so how do you build one of these? The easy answer is you have a single hot proxy, all of the users show up and they each request whatever website they're going to. And this is bad news for a couple of reasons. The main reason is that big juicy center target. So I was actually talking to the CTO of one of these companies years ago, I think it was anonymizer.com and he said, yeah, we never answer subpoenas. If we ever answer subpoena, nobody would trust us again. So of course we never answer them. And then I was doing a talk for the US Department of Justice like six months later and one of them interrupted me and said, why can't you be like anonymizer? It's easy. We send them a subpoena. They send us an answer. It's easy. Why can't you be like that? So I don't say that to pick on anonymizer in particular. The problem is the architecture. The problem is the centralized system where they have all of your metadata. They know exactly what you're doing and they promise not to screw you. They could screw you. They've got everything. They promise not to. I want a system that's based on privacy by design, based on distributed trust, rather than there's a centralized system and they make some promises and there's no way for you to tell whether they're following through. Okay, and it's actually worse than that because if it's a centralized system, there's one cable going into the computer, same cable coming out and if you can tap that cable or the upstream or the upstream's upstream, then you get to do pretty simple traffic analysis and say this flow came in and a very similar looking flow went out. So I'm pretty sure that this user is talking to that destination. So the goal of Tor is to distribute the trust over multiple relays. So there's no single point the guest to learn about Alice and Bob in the same circuit. Okay, so far so good? Great. So that's actually only half of what Tor is. The first part I was telling you was the location privacy or network metadata or something like that. The other half is the browser side, the application level privacy. So in your browser there are so many different ways. Awesome. I hope my slides continue to survive as people mess with them. So in your browser there are so many different ways to screw up from the privacy side. Cookies, HTTP headers. I hear Flash is finally dead. That's awesome. So one of the things that we do is we've got a fork of Firefox called Tor browser that tries to keep all of those other things from messing you up. So it tries to isolate all of your state. When you close Tor browser it all gets thrown away. So that's a second thing that we work on and I'm not going to talk about that one here except to mention that it's an important piece of things. Okay, so here's a graph of the performance of the scalability, the bandwidth of the Tor network over the past seven years or so. So the green line is the capacity of relays in the network. We're up to about 8,000 relays and the purple line is the load on the network which is the people who are using it for going to Facebook or going to CNN or going to WikiLeaks or whatever they're doing with Tor. So there are a couple of interesting things here. One of them is the more the gap is between the green line and the purple line, the faster Tor can be. So we were discovering this long ago. In fact my last talk at DEF CON was eight years ago and it was entitled Why Tor is Slow and What We're Going to Do About It. And you can see on this graph where that talk was given. So that was at the zero, zero point in this graph. And since then we've moved up to something like 100 gigabits of actual traffic and maybe two or three times that of capacity. So there are a lot of relays out there in the world including run by a lot of people here. You should all run relays in order to make the Tor network be able to handle more traffic. And it's not just that. It's also the diversity side of things. It's not just about being able to handle bandwidth. We need to have a lot of different relays in a lot of different places around the world so that a single attacker, maybe French intelligence or something like that, won't be able to see enough places on the internet in order to be able to map this user is going into the Tor network and this flow is coming out and I can see them both so I can match them up. So one piece of the diversity is the diversity of relays where they are. The other piece is the diversity of users. So if we had an anonymity system for cancer survivors and everybody on it was using it to talk about how they survived cancer, then the fact that you had Tor installed would give people a really good hint about why you have Tor installed. So one of the really important pieces of the security is having a lot of different types of users. So we need Egyptian activists and cancer survivors and feds and Russian feds or whatever the equivalent is all in the same system so that you can't guess what's going on just from the fact that they're using Tor. And another piece of that is imagine there are 50,000 people in Iran using Tor right now. The average person in Iran using Tor is using it because somebody blocked their web comics, somebody blocked Facebook and they want to be able to look at their cute cats or something like that. It's not that there are 50,000 dissidents in Iran all trying to take down their government using Tor. They're all trying to be ordinary people on the internet and their country is censoring them. So the fact that most of them are ordinary is a key piece of the strength of Tor. You can't have an anonymity system that is full of dissidents. You need a lot of other cover traffic and a lot of other people blending. Okay another key point transparency for Tor, the Tor project is a key property. So one piece of that is it needs to be open source, it needs to be free software. Another piece is we need to actually give you the design documents and the specifications and say this is what we meant to build, this is how we thought we built it. Here's the source code, here's the design document, please look at whichever of those you're most comfortable with and try to find bugs and mistakes and so on. Another piece is publicly identified developers. So here we are up here saying hi I work on Tor. There are, raise your hand if you're a Tor developer or a Tor researcher or something like that in here. We see a couple of hands awesome. So there are quite a few people here who are part of the group of people building Tor. And another piece of this, I get a lot of people who say oh ha ha the anonymity people are identifying themselves ha ha they're so stupid. Privacy is about choice. Privacy is about giving people the ability to choose am I going to publish this information about me or not. And we believe that the best way to build a strong global anonymity system with a community around it is we choose to identify ourselves and we choose to describe who we are and what we're doing in order for you to be able to trust us. Okay and yes there are bad people in the world and some of them use Tor but at this point with millions of people using Tor every day the average Tor user is the average internet user. These are people around the world who read about NSA or their country blocked Facebook and they just want to be able to be internet users just like everybody else. So yeah you could look at it as a two-edged sword, you could say you know you got to take the good with the bad or something like that. But really so imagine two scenarios. Scenario one I want to build a tool that works for millions of people I want to tell you all about it so you can help me analyze it and I want it to work for the next year or two. So that's the Tor problem. Scenario two I want to build a tool that works for the next two weeks only ten people will use it and I'm never going to tell you about it. That's the the terrorist the bad guy problem. So the bad guys have so many more options it doesn't have to scale, doesn't have to have peer review, doesn't have to to be sustainable. Whereas the Tor goal is to build something that works for everybody and can continue to work and can push forward understanding how to build privacy tools in the world because there are a lot of really big well-funded adversaries out there and we the security community need to learn how to build things that can defend against them. Okay so another piece I wanted to talk about there are if you only learned about Tor from slash dot or some crappy newspaper article there are a lot of people who've been spreading memes over the past while and I wanted to tackle a couple of them here not to try to like change your mind about something but many of you are Tor activists so hopefully this will help you when you go talk to your parents or your cousins or something and they say well I heard that Tor so hopefully this will give you some ammunition back. So one of the exciting things I hear I heard the Navy wrote Tor so how can we trust it? The very short answer to that is I wrote Tor, not the Navy. So here I am. And the other piece of that so years ago I was at a hacker conference in the Netherlands called What the Hack and I did three talks in three days and I got a lot of people coming up to me saying how can we know that we can trust this thing and I got to try two different answers on them. The first answer was it's open source, it's free software, you can look at it, you don't have to trust me, you can decide for yourself if it's safe and they actually didn't like that one because I think some of them heard it's bad news, you should look at it, I can't tell you. The other answer that I tried was no dude, don't worry about it, it's fine. And that worked great. Which it shouldn't have worked, it should be that we should teach people about free software and open source so we've got some more work to do in that world. Okay so myth number two, I heard the NSA runs half the relays. First of all Ed Snowden's documents showed us that GCHQ ran like five relays for a week on Amazon EC2 some years ago. So indeed some intelligence agencies have run relays every so often. But I actually know the people who run like two thirds of the relays by capacity. So I know that the NSA does not run half the relays because I know the people who run the relays. So that's one answer. Another answer is it doesn't make any sense for the NSA to run the relays. This is maybe sort of a bad news answer but they shouldn't run the relays, they should continue to monitor the internet and they should let excited enthusiastic people run relays and then they're already watching AT&T and Deutsche Telekom and the cables underneath the oceans. So they don't have to run the relays to attack the Tor network. They're already investing in surveilling the internet. So it makes no sense for them to try to go through the red tape and so on of getting some feds to approve running relays in the network. So that one's kind of complicated but I don't think there are many actual intelligence agencies running relays because they don't have to. Okay. So myth number three, I heard Tor is slow. If you use Tor 15 years ago it actually was kind of slow. But because we've got a lot more capacity in the network these days it's become a lot faster than it used to be. So I talked to a lot of people who last used Tor 10 years ago or something. Try it out if you haven't tried it lately. And I heard Tor gets a lot of its money from the U.S. government. This one is alas true. We get something like 80% of our funding from the U.S. State Department or the National Science Foundation or the Open Technology Fund which is part of Radio Free Asia. So there are a bunch of different groups. We're diversified inside the U.S. government. That's not as much as I'd like to be. So we have something like 15% of our funding coming from donations and things like that. And we'd love to grow that so we're more sustainable and we don't have to keep coming up with shiny things to try to convince some funder that they want to pay for us to build. Okay. Another exciting one. A few years ago there was some researcher who came up with some bad methodology to measure how much of Tor is bad people and then some journalist misunderstood it and like wrote a bad article about it. And before we knew it there was a U.S. like Department of Justice high muckity muck who was saying in front of Congress 80% of Tor users are doing bad things. And every step of that chain was bad news. Another I guess another way of looking at that. Akamai wrote a report a while ago looking at the people who were going to Macy's or whatever companies that Akamai hosts. And they found that the number of people buying things over Tor successfully and being ordinary people was the same rate as the people buying stuff over not Tor. So that was the argument that they were using to tell all their customers yeah you shouldn't be scared of this Tor thing now that it has millions of people it is a cross section of the internet. It looks like everybody else. And then myth number six I shouldn't use Tor because if I do that the NSA is going to watch me. So on the one hand a few years ago we actually found some X key score rules that the NSA might be operating where they were spying on my computer at MIT and tracking all the connections that came to it. On the other hand so imagine your friend comes to you and says I heard that when I use HTTPS the NSA is watching me. So I'm not going to use encryption anymore and now I'm going to be safe. That's crazy talk. The same things happening here the NSA is watching everything they're already building databases of everything going on. And if you say well I'm not going to use any security tools because then I'll be safe somehow we have to get to the world where Tor is normalized enough that people think that it's totally crazy to say I'm not going to protect my metadata because if I protect my metadata then they'll be watching me. They're watching everybody. Okay and then myth seven a lot of people look at Tor and they say well I read an article four years ago that said there was an attack so I'm scared I'm going to use this crappy single hop VPN instead. So part of the challenge here is teaching people about the security system ecosystem. So you build a tool somebody else figures out how to attack it you build a defense for that attack you go back and forth and that's how systems become stronger. That's how systems become safe to use. If you design a thing and anytime it's broken you throw it out and you start with a new one you're never going to get anywhere. So part of what we need to do is help the world understand how the security ecosystem works. Okay so I'm going to talk here about onion services and what they are so far and what we are doing to make them stronger and change them. So here's a screenshot of using Tor browser to go to blah blah blah dot onion which is one of the onion services that RiseUp uses. So that blah blah blah is the hash of the public key for the onion service. So every onion service is its own public private key pair and you address them using the public key. So what do you get out of this? One of the really cool things is they're self authenticated. If I go to that public key address my Tor client makes sure that I'm really talking to the Tor on the other side that's running that address. So there's no man in the middle. There's no certificate authority mafia that's telling us who can have encryption and who can't have encryption. It's all built into the system. You get end to end encryption out of that. Built in not punching is awesome. There are a lot of people who run onion services behind their firewall. No packets are allowed through the firewall at all. It's just you can go in through the onion service which build a connection out and that way your surface area is really limited. For example there are a lot of people who run onion addresses for their SSH server and that way they can connect back to their computer but nobody else can connect. You can't send you know standard IP packets. You can't send weird IP packets. You can only talk to the computer through the onion channel and that gives you authentication and encryption and a lot of other good stuff. So that's one of the neat things that onion services can provide. We looked a while ago at the same time the journalist was saying the bad like 80% thing. We were thinking let's actually try to figure out what fraction of traffic in the tour network has to do with onion services. Because if you read the BBC articles about Silk Road you would think that tour is only Silk Road. So let's actually measure tour and try to figure out what's going on and how much traffic there is. So we instrumented the tour relays in a way that is privacy preserving and safe to try to figure out how much total traffic each relay kept or handled that was related to onion services. And here's a graph over the past two and a half years or so and it's about a gigabit per second of onion traffic. So that's something like 1% of the traffic that I was showing you before. But actually the math is a bit more complicated because we were just measuring in the middle and that means three hops. So the very short version is something like 3% of tour traffic has to do with onion services at all. So the other 97% of the traffic is people going to ordinary websites like CNN and WikiLeaks and cute cat pictures and so on. Whatever people do on the internet. So that's a really important point because it means, so I wrote onion services back in like 2004 or something. I wrote them as a toy to show that once you had tour you could build building blocks on top of it. And they basically still are a toy. They've got a couple of early adopters. A lot of people who are early adopters for any technology tend to be bad guys in one form or another. But part of what we need to do here is get a lot more users and a lot more people thinking about it because the broader it gets the more ordinary it becomes. So whenever you see journalists and so on trying to show you the picture of the deep web, I have to wave my hands whenever I say deep web or dark web. Think about what they're trying to sell you because there's basically no dark web. It basically doesn't exist. There's a company out there called terbium labs that found like 7000 websites on the dark web total compared to the billions of web pages out there and other places. So whenever somebody shows you the picture of the iceberg try to figure out what their incentives are. What are their motivations? Okay. So what are some cool use cases for onion services in terms of other things people have done with them? One of the really cool ones is secure drop. This is basically a way of interacting in a back and forth way with journalists where let's say you've got some story about some terrible thing the government did and you want to get it in the hands of the New York Times or the Washington Post or the intercept and so that they can write a good article about it but you want to stay anonymous. So there are actually like all those places that I just named are actually running secure drop instances. The New York Times has one. The Guardian has one. There are like 30 different major newspapers that have these whistle blowing platforms as ways that you can reach them safely with built in encryption and built in authentication in a way that nobody's going to be able to man in the middle of it. So that's an awesome first step. Another out of the box approach is a tool called ricochet. So how many people here use Jabber or XMPP or Google talk or some words like that? I see far fewer hands than I expected. You're probably all Skype users. Okay. So one of the really cool things, one of the really sad things about the centralized tools like Jabber is there's a central server where all of the traffic goes through that central server and if you're in the middle you get to learn all the friends lists and who's talking to who and so on. So one of the cool things about ricochet is every user is their own onion service. So there's no middle. I can talk to somebody else's onion service. I don't have to know who they are or where they are. I just need their onion address. And now there's nothing to tap if you want to do European style data retention there's no place to go to. If you want to do like American style I'm going to just you know break in and take all the data. There's nothing to break in to. So there's no middle which is a an awesome metadata security for chat. There are a lot of the I mean signal, yay signal but there's still like a computer in Europe that Moxie gets to look at and it's probably not just Moxie. So we really need to think about metadata security for our communications apps. Okay another cool one is onion share. This is actually written by journalists for journalists at the intercept. And so let's imagine you have a two gigabyte file and you got it from some guy named Ed at the NSA and you want to give it to the journalist next to you. Do you use Dropbox? Do you use a USB key? Do you email it to them? Do you set up an FTP server? All of those are crappy answers. So onion share is a way to use onion services where the website spins up for just that one download. You fetch the file over the onion address. The website goes away. So it's up for just the transfer and then it's gone and there's nothing left over afterwards. So that's a really important way of more safely sharing files when you need to share important files. And there are a bunch of other websites out there that have set up their own onion addresses in order to let their users choose what sort of security they get. One of the ones that I think is especially awesome is the Debian packaging system. When you do an apt-get update or apt-get upgrade, they have onion addresses for their package servers. So that means that you can get end-to-end encryption and authentication when you're fetching your updates. And anonymous updates is an awesome concept. So imagine right now you go to get your next Debian update and they're looking at you and they're like, oh, him. Yeah, I want to give him the exploit. Imagine you're going through a tour, they don't know it's you. It's a bunch of anonymous people doing updates. They can't target particular people because they can't, there's nothing recognizable about them. It's all just a mass of anonymous people fetching their updates and if they want to target somebody, they have to target a lot of them, making it much more likely that somebody is going to notice that they're being sent a bad package or an exploit or something like that. So I think we, the security community, really need to think more about anonymous updates in general because the targeting problem seems like a really big one. Okay, so what do you think the biggest website on the dark web is? If you've been reading like BBC or something, it's probably, you know, Silk Road. Turns out that the largest website that you can reach with an onion address is Facebook. Facebook set up an onion address in order to let their users choose, do I use the normal HTTPS mafia, do I use the onion address so that I don't have to deal with that? Imagine you're in Turkey and you're trying to go to Facebook but the Turkish government is actually attacking you and Turkish Telecom owns a certificate authority so they actually do target people by signing SSL certificates. So Facebook wanted to give users around the world the choice of what sort of security they're getting. And the Facebook people, this is actually a post from Facebook on their blog saying last April, I guess two April's ago now, a million people logged into Facebook over Tor in that month. So a million people was a lot but they have, I don't know, a billion users or something. So 0.1% of Facebook's user base logged in over Tor last April. That's huge. That's a lot more people than we were thinking we were using Tor. That's a lot more ordinary people than we were thinking. So part of the thing to realize here is this is a cross section of the world that's using Tor at this point. Okay, so how do these things actually work? So imagine I'm Bob, I want to run some service, some website or something and I want people to be able to reach it as an onion address. So the first thing I do is I generate my key pair and I establish circuits out into the Tor network so that, and then I hold them open and those are my introduction points. And at that point, I'm going to publish a descriptor into the database in the sky. I'll talk about that in a bit. And the goal of that is I want to put my introduction points, all three of them, and I want to put the public key for my service. And then Alice is going to learn blah blah blah dot onion somehow and she's going to pull that down from the directory and now she knows the introduction points and she knows the public key so she can verify that she's really reaching the right place. And at that point she's going to establish her own circuit into the Tor network to what we call the rendezvous point and then she's going to send an introduction to the introduction point saying hey I want to talk to Bob and it will get passed through to Bob and then Bob will receive a message saying somebody wants to talk to you and they're waiting over at this rendezvous point and here's a cookie for how you can recognize each other. So then Bob is going to connect to the rendezvous point also and at that point they do the handshake so they get end to end encryption and authentication and in the last step they just talk to each other through the rendezvous point. So there are a bunch of cool things here. One of the really important ones is that rendezvous point doesn't know who Alice is, doesn't know who Bob is, it's being used once for this transaction and then it gets thrown away. So it doesn't basically it knows nothing about what's going on for that individual transaction. Okay so I talked about the database in the sky, how does that actually work? Each onion service publish picks six of the tour relays each day and it publishes its descriptors to those six. So it uses this hash function to try to map to which ones. The reason it needs to use the hash function is the tour hidden service, the tour onion service needs to be able to predict where to publish it so that the clients can do the same calculation and fetch it from the same place. So the service publishes to these six places, the client fetches from one of the six and then it can go do that dance that I was talking about before. So far so good? Okay. So what are some problems with the old design? One of the really big problems is those old addresses are too short and they're built with bad news keys. So the simple phrase is it's the first 80 bits of the SHA-1 of the 1024 bit RSA. Every single word in that sentence is bad news. So in fact there's a talk in here in this room next about finding a collision with SHA-1. So we need to fix most of those pieces. And the very short answer is the new ED25519 keys are stronger, safer, they're based on elliptic curves but they're not based on the NIST curves. So things are a lot better in that shape. One of the downsides though, it used to be that the onion address is a really short and simple and the new ones are 56 characters long. But the plus side is you actually get the key, the whole key, it's not the hash of anything. That's actually the ED25519 key in that lower onion address. So that lets us do some cool stuff with crypto that I'll talk about in a bit. Okay. So what are some other problems? I talked earlier about how each onion service picks six relays to publish to. That hash function that I was talking about is predictable into the future. So I can say I want to target this particular onion address so I'm going to spin up six relays that have just the right identity keys so that next Tuesday I'm the six that it's going to choose. And at that point I can censor connections to it because when somebody tries to fetch a descriptor I say oh no I've never heard of it. It's down, it's gone. Or I can measure popularity where people are going to have to go through me in order to fetch the descriptor so I can just count how many people do that. I can't de-anonymize it. I can't attack it in that way but it's still kind of bad news. And in fact there was like a researcher at I think it was Black Hat Amsterdam or something who made six relays that were going to be the six relays for Facebook like a month or so after that. So people have been doing this in practice. We've been noticing that relays pop up that have really close together identity key hashes for reasons that I mean maybe it's this attack, maybe it's something else. So so far we've been kicking those relays out but that's a crappy arms race. So the better way is to, I'll take your question at the end I hope. So the better way is to be able to change it and the way to change that is to add another input into that hash function which changes every day. So it needs to be a global, a globally agreed shared random value. It needs to be, everybody needs to agree on it but nobody should be able to predict it beforehand. And basically we're doing that every day there's a new shared random value and the toward directory authorities work that into their consensus process and so that's a key piece and hopefully we've finally destroyed the bad people want to run relays in order to attack toward like this arms race. Okay so there's another problem. Those six relays when I publish my onion descriptor to them they get to learn my onion address. So maybe I didn't put it on, you know, an index, I didn't publish it, I didn't send it to all my friends, I didn't tell anybody except the one person that I wanted to know my onion address. But if you run a bunch of relays and you're one of those six and I publish to you, you get to see the onion descriptor and you get to learn my address. So in fact there are thread intelligence, I have to wave my hands when I say that phrase too, there are thread intelligence companies who have been running relays in the Tor network with the goal of discovering onion addresses that aren't published any other way. And then they go to like Fortune 500 companies and blackmail them and scare them with phrases like dark web and pictures of icebergs and so on. And apparently that's an actual business where you scare people with bullshit internet stuff. So we'd like to stop that particular arms race also and the way to do that is because of the new crypto system that we're using, the new keys allow us to create sub keys and you can sign the descriptor with the sub key in a way that everybody can check the signature without anybody being able to learn the primary key, the main key from that. So it's cool crypto magic that we get from the particular crypto system that we picked for the new keys. So hopefully that will destroy the arms race with those fucking thread intelligence companies who are trying to, because the problem is I don't want people running relays who aren't trying to protect everybody. If you want to run a relay because somebody in America might be unsafe or somebody in Egypt might be unsafe, that's awesome, please do. If you want to run a relay because you're trying to make money off of something unrelated, you're not helping Tor. So I want to make it so that the Tor network is made more of safe relays. Okay. So something else that is exciting that's going on are called rendezvous single onion services. So in the old design, Alice makes three hops into the Tor network, Bob makes three hops into the Tor network, and then you've got a six hop circuit that they go over. In the new design, if you want, you, the onion service, can just make a one hop circuit into the Tor network. So now it's a four hop circuit and you get the end to end encryption and authentication and so on, but you've got a lot better performance. So Facebook did this, Debian's main page did this. So if you're not trying to hide the location of your onion service, but you want all the other security properties for your users, then it makes a lot of sense to do this. And there's even a cooler step than that. There's a guy in Europe named Donica who has a tool called onion balance and this allows you to run a bunch of different versions of your onion service and it aggregates them all into one place. So for example Debian does this, they've got like six backup onion services for their package service and they, they can restart any of them whenever they want to, they can take them down for a while because there's this meta service that aggregates all the introduction points they have. So it makes things scale better, it makes performance better, it makes it easier to manage. Okay, so there's another challenge. So how many people here know the phrase entry guard or guard relay or, okay, not very many, awesome. So there are a bunch of attacks that I don't have time to get into, but the fix for many of them is you pick one relay as your first hop and you stick with that for weeks or months and the fact that you don't change it means that you don't have a much surface area against bad guys who are trying to run a bunch of relays and hope to be that first hop. So this is great except there are still a bunch of attacks to discover what your first hop is, what your guard relay is and these guard discovery attacks are, are pretty easy and then once you do them it's pretty bad because you know the guard relay and you've got a while to break in, you've got, you know, some weeks and maybe it's in Malaysia and you'll never be able to break in but maybe it's in Ohio and you just call up the cops in Ohio and there you are. So there are a bunch of different fixes we're looking at, it's still an open research area but one of the key things is that we need more layers of guards that don't change as often, some of them change more often, I'd be happy to chat about that one afterwards. So you can learn more about the vanguard design into our proposal 271. Okay, so the hidden service side of the new next generation onion service stuff is in, the relay side is in, the client side and the service side are not in Get Master right now but if you get cloned that branch you can build it, it works, I just used it this morning so I'm running an onion service, here's a screenshot of my new style onion service and you can grab that address and go to it, you can set up your own. Over the next couple of weeks we're gonna clean it up more, merge it into master, do an actual release that includes it but you can use it right now if you want to. Okay, so a couple of other things to keep in mind before we finish up, one of the important things, tour is not perfect, there are very few, there's no such thing as a perfect privacy tool out there especially in the face of billion dollar adversaries, so one of the big things we hear about over and over is, oops I wrote my name on my blog post, I was using tour but shit, and I mean it's really hard to be perfect in the OPSEC world but that's a thing that if you're trying to remain safe is something to really pay attention to. Another piece is the browser metadata side, we just started a bug bounty program for tour browser and some nice person gave us a proxy bypass bug yesterday and we put out a new version of tour browser yesterday that patches it, so yay for bug bounties but there's, I mean browsers are terrible things, so somehow we need to find a way to have a secure tour browser and maybe that involves more sandboxing, maybe it involves trying to find all the other problems that we can patch, Chrome is especially bad news here because it basically has some built in proxy bypasses that are part of the design so it's really hard to turn it into a tour browser and then another piece, browser exploits, I mean Java's bad news and flash is finally dying but JavaScript is not so great, image handling is not so great, there are all sorts of pieces of browsers and every so often we hear about some government that bought another Firefox zero day and used it against some people in the world, so that's certainly a thing that we need to keep working at and then there's traffic analysis, imagine you're a large intelligence agency and you want to be able to monitor as much of the internet as you can in order to be able to see a lot of the tour relays, in order to be able to match up this user's go into that place. Okay, so how can you help? There are a bunch of different answers there, how many people here run relays or bridges or something like that? I see a very tiny number of hands more than before, please run relays, make the tour network stronger and safer, each relay has an exit policy that lets you decide whether you want to be the third hop in the circuit, whether you want to be the person who goes to the website, so running non-exit relays is also really useful, you can set them up at your university or your work or whatever, you're not going to be that last hop in the circuit so it will be reasonably safe, nobody's probably ever going to care except for the bandwidth use, so please help us make the tour network stronger and safer. Another piece of that is teach your friends about privacy, teach your friends about tour, there are a lot of, I mean every time I turn around some fed somewhere is lying to us about how the internet works and we need to try to help the world understand how security works, why privacy is important and we this community are the ones who are going to do that, because who else is going to do that. Help find and fix bugs, I talked about the bug bounty thing, I was talking to Tom earlier who wanted me to remind everybody, we especially need Windows developers, most of our users are on Windows, most of the tour developers are on Linux or BSD or Mac or something, so if you're a Windows developer we'd especially love to hear from you and we need a lot of help there and so PetSymposium.org is a conference that happens every year, the next one's in Spain, the last one was in Minnesota a couple of weeks ago and that's basically where the academics and researchers all get together to think about new attacks and new defenses and new designs on being able to keep people safe and of course there's Donate.TourProject.org, we're a non-profit that's relatively small compared to the size of the billion dollar intelligence agencies out there so we'd love to have your help there as well and I will end with an amazing endorsement from, I'm not sure if it's NSA or GCHQ because they didn't actually sign the slides that Ed Snowden walked out with but it's still the king of high secure low latency internet anonymity so says NSA or GCHQ and with that so rather than trying to do the Q and A thing in here because I've got like 60 seconds left or something I'm going to go outside of that area and I'm going to be the guy in the bright green shirt I'm happy to chat with you and answer your questions and give you a card with the tour PGP key on it or a sticker or stuff like that and I'm also going to be around for the rest of the weekend so love to talk to you. Thank you.