 I am very happy to introduce this year's update on the state of the onion. This is a talk with about five speakers, so let's introduce them one by one. First Roger, he did the last talk, he is the founder of the TOA project, MIT graduate, and top 100 global thinkers. Then we have Jake, a humble PhD math student, that is in my opinion not a national security threat, but a post national security promise. We have Mike Perry, and I think it is enough to say about him that the NSA calls him a worthy adversary. He is also the lead dev of the TOA browser. And then we have Allison Macrina, a radical militant librarian. And last but not least, Sherry Steele, the new executive director of the TOA project. So without further ado, this year's state of the onion. Well it's a great honor to be back here again, and we're really happy to be able to introduce so many more faces. It's no longer the Roger and Jake show, and that's very important to us. Hopefully next year we won't be here, but we'll still be alive. So 2015, if I were to express it in a hand gesture or with a facial expression, it would look something like, oh, it was a year of big changes, not all of them were really good changes, and there were a lot of heavy things that happened throughout the year. And we won't even be able to cover all of them because we only have an hour. So we want to focus on the positive things. And I would say that probably the nicest thing is that we're growing. We're really, really growing. Not only growing the network, but we're growing the community. And in some sense, we're expanding throughout the whole world in terms of users who are using Tor, what Tor users are using Tor for, which is of course extremely important, that there is more and more people just doing regular things with Tor, protecting themselves. But then we have, of course, lots of specialized things that happen with the Tor network as well. We have things like Onion Balance and Ricochet, really exciting developments, and we'll talk a bit about all of those things. And one of the most unlikely things, at least when I imagine working on Tor, say, 10 years ago versus now, is that we've worked with some really unlikely partners. Some of you know that I'm not really a big fan of Silicon Valley, even though I'm from there. And so I sometimes call Facebook not-so-nice-names, like Stasi Book, and part of the reason for that is because I think it's a little bit weird that you report on all your friends in order to go to parties. And previously it was to get into the party, and now it's to go to parties. And yet we worked with them on something, because it turns out that sometimes you have unlikely temporary alliances. And it turns out that, well, I personally may think that they are evil incarnate in some sense. It is the case that there is at least one good guy there. And Alec worked on this fantastic RFC, 7686, that actually allowed us to help all Facebook users mitigate some harm, which is that if they want to be able to visit Facebook, and I guess the reality is that not using Facebook for a lot of people is sort of like the Kill Your Television bumper sticker of the 90s, for those of you that ever visited rural America, you know that that wasn't like a really successful campaign. A lot of people have TVs these days as well. So it's a little bit like that. Only here we actually built an alternative, where we can mitigate harm. And that's really incredibly important, because it mitigates harm in all sorts of different pieces of software. It makes it possible for us to talk to browser vendors, to DNS resolvers. And part of this was motivated by some investigative journalism that I actually did, where I revealed X key score rules, where the US government's national security agency was sifting through all of the internet traffic to look for dot onion addresses. So when they saw DNS requests for dot onion, they were actually learning dot onions by harvesting traffic. And that really motivated me to want to make it so that DNS resolvers didn't do that anymore. It was very important, because I mean, one of my core missions with Tor is to make that kind of stuff a lot harder for the spies to do, and protecting everyday users, even users who aren't Tor users yet. And that's very important. And so working with Alec on this has been great, because the IETF actually supports this, and now I can will not sell dot onion to anyone. It's a special used reserve name, and that's incredible. Okay, so is this thing on? Yes, it is, great. So there are a couple of interesting graphs that we're gonna give you of usage scenarios, usage instances over the past year. So pretty recently, we were looking at the number of people in Russia using Tor, Russia's been talking about censoring, talking about all sorts of oppression steps. And at the beginning of November, we moved from, I don't know, 180,000 people in Russia each day using Tor up to almost 400,000 people. And this is probably a low estimate. So many hundreds of thousands of people for that two week period, which started with a Russian bomber getting shot down. We're trying to get news from the rest of the world, rather than news as Russia wanted to show it to them. So that's kind of a cool event. Another interesting event, Bangladesh ended up censoring Facebook and some other websites and a whole lot of people switched to using Tor. I was actually talking to one of the Facebook people and they have their own internal statistics about number of people connecting over to the Tor network to Facebook. And it would be super cool to superimpose these two graphs. Our data is public and open and we like sharing it. They don't actually share their data, but one day it would be really cool to be able to see both of these graphs at once, to see users shifting from reaching Facebook directly to going over Tor. The other interesting thing from the Bangladesh side, I was looking at the Alexa top websites around the world and Torproject.org is like 8,000th in the global rankings. But at least for the past couple of weeks, Torproject.org has been 300th in Bangladesh. So there are a whole heck of a lot of people there learning about these privacy things that can get around local censorship. Okay, and then an exciting other story that we're going to touch on briefly, but it's an entire talk on its own. So let me give you a couple of facts and we'll go from there. Last, so January of 2014, 100 relays showed up in the Tor network and we weren't sure who was running them, but they weren't exit relays so they didn't seem like they were such a threat at the time. And fast forward a while later, CMU, the cert organization inside CMU submitted a presentation to Black Hat on how cool they were for being able to attack Tor users and they talked about how they were going to talk about individual users that they'd de-anonymized and how cool they were for that. And I spent a while trying to extract details from them and eventually I learned what their attack was and then Nick Mathewson, one of the other Tor developers, decided to check the Tor network to see if anybody was actually doing that attack. I mean, it's cert, they're the folks who publicize the phrase responsible disclosure. Surely they're not actually undermining the Tor network and attacking Tor users but then it turns out somebody was doing the attack and it was these 100 relays that looked kind of ordinary and innocuous before that. And then I sent mail to the cert people saying, hey, are those relays yours? And they went silent. They've never answered any of my mails since then. So that's what we know. It doesn't look good. One of the key things that we Tor have done from here is we've been working on strengthening the Tor network and getting better at recognizing these things. So the core of the attack was that they did what's called a Sible attack where you sign up a lot of relays and you become too large a fraction of the Tor network. So we've been working on a lot of ways to recognize that an attack like that is happening and mitigate it and get rid of it early. So for example, Philip Winter has a bunch of interesting research areas on recognizing similarity between relays. So you can automatically start detecting, wait a minute, this event happened where a lot of relays are more similar than they should be. Another example there is we used to say, well, I don't know who's running them, but they don't seem that dangerous. So, okay, it's good to grow the Tor network. Now we're taking the other approach of, gosh, that's weird. Let's get rid of them and then we'll ask questions after that. So we're trying to be more aggressive, more conservative at keeping the Tor network safe from large adversaries, whether they're government organizations or corporations or individuals, whoever might be attacking it. So we have had a few really big changes in the Tor community. One of them is that we had an interim executive director come on in a sort of quick moment, and that's Roger Dingledine. Some of you probably always thought he was the executive director the whole time, and that's because for a while he was and then he wasn't, and then he was back again. And that change was quite a huge change in that instead of working on a lot of anonymity stuff, Roger was doing a lot of bureaucratic paperwork, which was actually quite sad for the anonymity world, I think. He probably reviewed fewer papers and did fewer anonymity things this year than ever before, which is really, really sad, but that really lit a fire under us to make sure that we would actually change that, to make sure that it was possible to get someone else who was really good at being an executive director of the Tor project to really lead so that we could have Roger return to not only being an anonymity researcher, but also the true spirit animal of the Tor project. He doesn't look like an onion, but in spirit. Another really... So another really big thing that happened is working with Laura Poitras over the last many years, we, I mean, she's followed the Tor project, you know, lots of people like to follow people in the Tor project, but she, we consented to her following us, and she made a film, Citizen Four, I think some of you have any of you seen this film? Right. So quite amazingly, she won an Oscar. Actually, she basically won every film prize. One of the key things is that people in this room that work on free software were explicitly thanked. If you work on Tails, if you work on GNU PG, if you work on SecureTrop, OTR, Tor, she specifically said in the credits of the film, this film wouldn't have been possible without that free software, actually making her job and the jobs of her source and other people involved making it possible. And so her winning that Oscar in some sense, it feels like closing a really big loop that had been open for a very long time, and it's really great. And so she, I think, really wishes she could be here today. Again, she sends her regards, and she's really, really thankful for everybody here that writes free software for freedom. So another exciting event that happened in 2015 is that Reddit gave us $83,000. They had some extra profit, and they decided that they would give it to ten nonprofits chosen from among the Redditor community. And there were people who came to me and said, hey, Roger, you really have to start advocating and start teaching everybody why TOR should be one of them. And I said, oh, I'm busy, those things never work. They'll choose somebody else. And so it turns out that we were the tenth out of ten without doing any advocacy work whatsoever to the Reddit community, which is super cool that they care about us so much. Also, Reddit divided the ten equally. So even though we were the tenth out of ten, we got ten percent of the donations that they were giving out. One of the really, I would say, one of the oddest things about working at the TOR project for me is that TOR really... TOR has supported me through really crazy times. So when I was being detained by the U.S. government for having my property stolen by fascist pigs in the United States government's border checkpoints, TOR didn't fire me. TOR always backed me and always kept me safe. Many people often look like they wanted to kill me from stress, but often they didn't, which was nice, or they didn't get close enough and I could move fast enough. But they were always very helpful and they've really helped me to go and do things to speak for anonymous users who can't go other places. One of the places which I was most honored to go in the last year was actually scheduled to go there with Kasper Bowden, but unfortunately he was ill at the time and, as you know, Kasper has since passed away. But we were scheduled to go together and TOR was supporting us, both actually to go to this. And it resulted, I believe, in a very amazing meeting in Geneva at the United Nations where the special repertor actually endorsed TOR and off-the-record messaging and encryption programs and privacy and free software, saying that they are absolutely essential and, in fact, their use should be encouraged from a human rights perspective. And, in fact, the really amazing part about it is that you didn't do it only from the perspective of free speech. And this is important because actually there are other rights and we should think about them. So, for example, the right to form and to hold an idea is a right that cannot be abridged. The right to free speech can be abridged in many free societies. But what is in your head and how you form it is something where that is not a right that can be abridged. And he wrote this in the report. And he, when writing this report with many other people, made it very clear that this is something we need to keep in mind, that when we talk about private spaces online where groups may collaborate to form ideas, to be able to create a political platform, for example, to be able to make democratic change, they need to be able to use the Internet to freely exchange those ideas in a secure and anonymized encrypted fashion. And that helps them to form and to hold ideas. And obviously that helps them later to express free speech ideas. And that's a huge thing to have the United Nations endorse. Basically what many of us in this room have been saying for, well, decades. So the UN thing is really cool. We've also been doing some other policy angles. So Stephen Murdoch, who's a professor in England and also part of the tour community, is really hard at teaching the British folks that their new backdoor laws and their new terrible laws are actually not what any reasonable country wants. So he's put a huge amount of energy into basically advocating for freedom for them. And similarly, Paul Siverson, part of the tour community, basically ended up writing a post note for the UK about how the dark web is misunderstood, see previous talk. So we've been doing quite a bit of education at the policy level to try to teach the world that encryption is good and safe and worthwhile and should be the default around the world. And there's a kind of interesting thing here. Maybe a little contentious with some people in the tour community, but I just wanted to make it really clear. We have the tour project, which is a nonprofit in the United States. And we have a much wider tour community all around the world. And in Berlin, we have a really, really like an incredible tour community. We have people like Donica working on onion balance. We have people like Leap Rigi working on banana phone. We have all these different people working on all sorts of free software. And many of those people don't actually work for the tour project. There are community members, there are volunteers, there are some of privacy students. And so the Renewable Freedom Foundation actually funded the creation of a sort of separate space in Berlin where people work on these kinds of things, which is not affiliated with U.S. government money. It's not affiliated with the tour project or any sort of corporate thing. It's not a multinational thing. It's really the peer-to-peer version in some sense of what we've already had in other places. And it's really great. And I wanted to just thank Moritz who made that happen and to all the people like Aaron Gibson and Juris who actually put that space together and made it possible. So in Berlin there is a space, not just sea base, not just CCCB, but actually a place which is about anonymity. It's called Zwiebelraum. It's a space in which people are working on this free software and they're doing it in an independent manner. And we hope actually that people will come together and to support that because we need more spaces like that that are not directly affiliated with the tour project necessarily, but where we have an aligned mission about reproducible builds and free software and also about anonymity and actually about caring about free speech and actually making it happen and really building spaces like that all around the world. So we hope that you will work on those things. We really hope that you will work on building that. I called it General Cypher Punkery. I feel like that's a good description. There's lots of stuff to be done. And now for a Marxist joke, so we discovered the division of labor which was a really important discovery. We're about 180 years too late, but we started to split up. That didn't go very well. The Marxists, why? But cheers, cheers. So the Vegas teams are really simple. We have a bunch of people that previously they did everything. And this really doesn't work. It's very stressful and it's very frustrating and it leads to people doing lots and lots of things in a very unfocused way. And so we split it up. And it actually happened naturally. It was emergent. So for example, Mike Perry, who's going to talk about the applications teams work in a second here, he was already leading this. He was really making this happen. This made it more explicit. And in fact, we created a way of communicating and reporting back so that you don't have to drink from the fire hose about absolutely everything that's happening everywhere but you can sort of tune into those things which means we get higher level understandings and that is a really incredibly useful thing that has made us much more productive. And that was part of the growing pains of the last year actually was figuring out how to make that work because we're a pretty flat group in terms of a community and a pretty flat group writing free software and advocating. And so that's a really incredibly good thing which will come up all the time. You'll hear people talking about the metrics team or the network team or the application team or the community team and that's what we're talking about in that sense. So we tried to formalize it and in some ways we may be moving in a sort of Debian model a little bit and we'll see how that actually goes. So we have a really great person here to explain the work of the metrics team. Okay, so I'm going to tell you a little bit about what the metrics team has been working on lately to give you a sense of some of the components of the Torque community. So there are five or ten people who work on the metrics team. We actually only pay one ish of them so most of them are volunteers and on the one hand that's great. It's wonderful that there are researchers all around the world who are contributing and helping to visualize and helping to do analysis on the data. On the other hand it's sort of sad that we don't have a full team of full time people who are working on this all the time so it would be great to have your assistance working on this. So actually metrics has been accumulating all sorts of analysis tools over the past five years so they're up to 30 different little tools. There's Atlas and Globe and STEM and 20 something more which is a challenge to keep coordinated and a challenge to keep maintained so they've been working on how to integrate these things and make them more usable and maintainable and extensible. So one example that they so they wrote some slides for me to present here one example that they were looking at to give you an example of how this analysis works is bad relays in the Tor network. So maybe that's an exit relay that runs but it modifies traffic or it watches traffic or something maybe it's a relay that signs up as a hidden service directory and then when you publish your onion address to it it goes to visit it or it puts it on a big list or something like that or maybe bad relays are symbols we were talking earlier about the 2014 attack where 100 relays showed up at once and we the directory authorities have a couple of ways of addressing bad relays. One of them is each of the directory authorities can say that relay needs to get out of the network we just cut it out of the network we can also say bad exit we can also say that relay is no longer going to be used as an exit. So even though it advertises that it can reach blockchain and other websites clients choose not to do it that way. So that's the background one of the tools that Damien wrote a while ago is called Tor consensus health and it looks every hour at the new list of relays in the network and it tries to figure out is there something suspicious that just happened at this point and in this case it looks for a bunch of new relays showing up all at the same time with similar characteristics and it sends email to a list so that's useful the second piece of the analysis is okay what do you do when that happens so we get an email saying hey 40 new relays showed up what's up with that so there's a real challenge there to decide do we allow the Tor network to grow sounds good or do we wonder who these people are and try to contact them or cut them out of the network or constrain what fraction of the network they can become so Philip Winter also has a visualization in this case of basically which relays were around on a given month so the the x-axis is all the different relays in the month and the y-axis is each hour during that month and they've sorted the relays here by how much they were present in the given month and you'll notice the red blocks over there are relays that showed up at the same time and they've been consistently present at the same time since then so that's kind of suspicious that's hey wait a minute what's that pattern going on there so this is a cool way of visualizing and being able to drill down and say wait a minute that pattern right there something weird just happened so part of the challenge in general for the x-team is they have a terabyte of interesting data of what the network has looked like over the years how do you turn that into wait a minute that right there is something mysterious that just happened let's look at it more so you can look at it from the visualization side but you can also there's a tool called Onionew where you can basically query it all sorts of queries and it dumps the data back on to you so we've got a terabyte of interesting data out there on the network what sort of statistics they've been reporting when they're up when they're down whether they change keys a lot whether they change IP addresses a lot so we encourage you to investigate and look at these tools and so on so there's a new website we set up this year called Collector Collector.torproject.org that has all of these different data sets and pointers to all these different libraries and tools and so on that you too can use to investigate graph, visualize and so on so here's another example at this point we're looking at the nine directory authorities in the network each of them votes its opinion about each relay so whether the relay is fast or stable or looks like a good exit or or maybe we should vote about bad exit for it so the gray lines are all of the directory authorities thought that it didn't deserve the flag and it's very clear the green lines are enough of the directory authorities said that the relay should get the flag also very clear and all the brown and light green and so on in the middle are contradictions that's where some of the directory authorities said yes it's fast and some of them said no it's not fast and this gives us a visualization a way to see whether most of the directory authorities are agreeing with each other we should look at this over time and if suddenly there's a huge brown area then we can say wait a minute something's going on where maybe a set of relays are trying to look good to these directory authorities and trying not to look good to these so basically it helps us to recognize patterns of weird things going on so on Collector you can find all sorts of data sets and you can fetch them and do your analysis of them and metrics.choreproject.org has a bunch of examples of this analysis where you can look at graphs of number of people connecting from different countries, number of relays over time, number of new relays, number of bridges, users connecting to bridges and so on there are three different libraries that help you to parse these various data sets so there's one in Python, one in Java, one in Go so whichever one of those you enjoy most you can grab and start doing analysis they do weekly or so IRC meetings so the tour metrics team invites you to show up on January 7 and they would love to have your help they have a bunch of really interesting data they have a bunch of really interesting analysis tools and they're missing curious people so show up, start asking questions about the data, try to learn what's going on and you can learn more about them on the metrics team there and I'm going to pass it on to Mike. Okay, so hello everyone so I'll be talking about the applications team part of the Vegas plan that Jake introduced. Basically the applications team was created to bring together all the aspects of Tor and the extended community that are working on anything that's user facing so anything with a user interface that the user will directly interact with that's an application on either mobile or desktop so to to start obviously we had the Tor browser that's sort of like our flagship application that most people are familiar with when they think of Tor recently we've added Orfox which is a project by the Guardian project to port the Tor browser patches to Android and that's currently in alpha status but it's available in the Guardian projects after I'd repo we also have two chat clients Tor messenger and ricochet both with different security properties that we'll be getting to later so I guess first off let's talk about what happened in the Tor browser world in 2015 basically most of the our a good deal of our work is spent keeping up with the Firefox release treadmill that includes responding to emergency releases auditing changes in the Firefox code base making sure that their features adhere to our privacy model and making sure that our releases come out the same day as the official Firefox releases so that there's no vulnerability exposure to known vulnerabilities after they're disclosed that has been a bit rough over 2015 I believe there was a solid three to four months where it felt like we were doing a release every two weeks due to either log jam or random NSS vulnerability or any arbitrary security issue with Firefox but we did despite treading all that water we did manage to get quite a bit of work done as always our work on the browser focuses in three main areas typically privacy security and usability our privacy work is primarily focused around making sure that any new browser feature doesn't enable new vectors for third party tracking so no ways for a third party content resource to store state or cookies or blob URLs or some of the newer features there's a new cache API these sorts of things need to all be isolated to the URL bar domain to prevent third parties from being able to track you from being able to recognize it's the same you when you log into Facebook and when you visit CNN and CNN loads the Facebook like buttons for example additionally we have done a lot of work on finger printing defenses the alpha release ships a set of fonts for the Linux users so that font fingerprinting can be normalized since a lot of Linux users will tend to have different fonts installed on their systems as well as tries to normalize the font lists that are allowed for Windows and Mac users where they often get additional fonts from third party applications that install them on the security front the major exciting piece is the security slider so with ISAC partners help we did a review of all the Firefox vulnerabilities and categorize them based on the component that they were in as well as their prevalence on the web and came up with four positions that allow you to choose a state off functionality for vulnerability surface reduction and this was actually quite successful it turned out that all of the prone to own exploits against Firefox were actually blocked again for non htps sites at medium high and if you enable the high security level they were blocked for everything we additionally released add or sanitize or harden builds these are basically should especially the higher security levels of the security slider should protect against various memory safety issues in the browser and also help us diagnose issues very rapidly and of course we now sign our Windows packages using an off a hardware security module from Digisert the usability improvements were primarily focused around this UI this new onion menu as you can see if you remember the old menu there was quite a lot more options there we sort of condensed and consolidated options and eliminated and combined as much as we could and additionally displayed the circuit for the current URL bar domain in 2016 we'll be focusing mostly on again same three areas our main goal for privacy is to try and convince Mozilla that they want to adopt the idea of isolating third party identifiers at least to the point of if the user goes into the preferences and tries to disable third party cookies well that should do the same thing for DOM storage cache blob URLs worker threads and all these other sources of shared state we're very excited about their work on the multiprocess sandbox additionally even application level sandboxing it should be without Mozilla's sandbox we should still be able to prevent the browser from bypassing Tor using sec comp or app armor or seat belt or one of these other sandboxing technologies so we're looking forward to trying to get that rolled out we'll be doing exploit bounties we'll be partnering with hacker one we'll be announcing this shortly the program will start out invite only and then just so we can get used to the flow and scale up and then we will make it public later in the year to basically provide people with incentive to review our code to look for vulnerabilities that might be specific to our applications and of course the usual usability improving security improving installation and we'd like to improve the censorship and bridge usability flow as well hoping to automate the discovery of bridges and inform you if your bridges become unreachable so Tor messenger is one of our two chat clients also part of the applications team basically the goal there was to minimize the amount of configuration that the user had to do if they wanted to use one of their existing chat clients with Tor and OTR now this is based on another Mozilla platform Instant Bird which is based on Thunderbird this allows us to share the a lot of the Tor browser configuration codes and also managing the Tor process and configuring bridges so the user has a very similar configuration experience to the browser when they first started up it also has some additional memory safety advantages that all the protocol parsers are written in JavaScript this basically one of the major things when we were looking at candidates for this for a messaging client there are problems of live purple in the past where there's been a lot of remote code execution vulnerabilities with protocol parsing now there are some tradeoffs here obviously when you're dealing with a browser product you still have an HTML window rendering the messages but it is XSS filtered and even if an XSS exploit were to get through to run JavaScript in your messaging window that JavaScript would still be managed so they'd need an additional browser style exploit and that filter has been reviewed by Mozilla and additionally we're looking into removing JavaScript from that messaging window it should be completely possible to just display a reduced slightly less sexy version of the same window at perhaps another higher security level without JavaScript involved at all in that window so I believe I'll hand out some of the security properties and differences between Tor Messenger and Ricochet just to be clear about this we wanted to sort of echo what Phil Ragaway has recently said he wrote a really wonderful paper quite recently about the moral character of cryptographic work and Phil Ragaway for those of you that don't know is one of the sort of amazing cryptographers very humble, really wonderful man who was really a little bit sad that cryptographers and people working on security software don't take the adversary seriously so they use Alice and Bob and Malory and they have cutesy icons and they look very happy we wanted to make it clear what we thought the adversary was which is definitely not a cutesy adversary when anonymity fails for Muslims that live in Pakistan or for example the guys that are giving a talk later today the cage guys when anonymity fails for them they get detained or they get murdered they end up in Guantanamo Bay or other things like that so it's a serious thing and we wanted to talk about what that looks like so for example a lot of you use jabber.ccc.de don't raise your hands you should decentralize stop using jabber.ccc.de because we should decentralize but that said if you do this is sort of what it looks like there's the possibility for targeted attacks when you connect there's the possibility that the social graph that would be on the server it would be possible that there's a bug on any jabber server anywhere so of course you know that if you're using Gmail with jabber you know that they're a prism provider so you've got a pretty big problem there and the attacker again is not a cutesy attacker I like the Grim Reaper that Mike chose I feel like that's accurate and now if you see one of the protections you'll have for communicating with your peers is off the record messaging that's basically the thing but that's a very slap together protocol in a sense because it's hacks on top of hacks where you compose Tor with jabber and TLS and maybe you still have a certificate authority in there somewhere or maybe you have a Tor hidden service but then your status updates they don't have any encryption at all for example or again your roster is an actual thing that someone can see including every time you send a message to those people the server sees that so that said it creates users where they already are so for example actually one other point here is if you use a piece of software like adium there's actually a bug filed against adium where someone said please disable logging by default because Chelsea Manning went to prison because of your logging policy and the people working on adium in this bug report basically said good that's horrifying so what if we made it as reasonable as possible as configuration free as possible using Tor, using OTR trying to remove lib purple like it's a flock of zero days flying in formation so we wanted to kill the bird in a sense but also not we want to help provide an incentive for improving and so that's where Tor Messenger fits but we also want to experiment with next generation stuff and one of those things is written by a really great guy in our community almost single handedly without any funding at all and his name is special that's actually his name he's also special but it's really nice because actually if you solve the problem of telling your friend your name if you're familiar with the properties of hidden services where you have a self authenticating name you know that you're talking to the person that you think you are because you've already done a key exchange it's an important part of the key exchange and so one of the things that you'll see very clearly is that there is no more server right so there's no more jabber.ccc.de in this picture so this is a really good example of how we might decentralize actually it's an experiment right now but it means no more servers it uses the Tor Network's Tor Hidden Service protocol and everybody actually becomes a Tor Hidden Service and it's end to end encrypted and it's anonymized and of course this means that your social graph is a traffic analysis problem it's no longer a list on a server and it means your metadata is as protected as we currently know how to do in a low latency anonymity network and in the future one of the really nice things about this is that it'll be possible we think it'll be possible to even make it better for example multiple chats while sending pictures in other words it'll everything becomes instead of a certainty we move it towards probability and the probability is in your favor yes additionally I will be working on various forms of padding for cases like this to basically increase this high the probability that there will be concurrent traffic at the same time from multiple Tor clients which will further frustrate the network based on simple traffic analysis especially for low traffic cases such as ricochet so the just to wrap up that Tor applications piece in 2016 and beyond we're going to try and focus heavily on usability and getting more people to be able to use Tor eliminating the barriers to finding Tor, downloading Tor especially for censored users and being able to install Tor there's still some snags we're aware of various difficulties that cause people to stop at various stages of that process and we want to try and work for to eliminate them we also of course want to increase coordination share graphics, visual aesthetics and coordinate the ability to share the Tor process and we also want to create a space for more experimentation for more things like ricochet there's probably a lot more ideas like ricochet out there leverage the Tor protocol and especially hidden services in creative ways so we're looking to create an official sanction space as part of Tor to give them a home and so look for that in the coming months on the Tor blog I just wanted to put in a picture of a guy wearing a Slayer t-shirt so there it is, that's Trevor Paglin some of you may remember him from such things as helping to film Citizen 4 building satellites that burn up in space or that are actually currently on other satellites and on the left is Leaf Riggy, he's sort of the person that taught me how to use computers and he is an incredible free software developer Trevor Paglin myself and this is a cube, the autonomy cube which we talked about last year because we think that culture is very important and we think that it's important to actually get people to understand the struggle that exists right now so this is installed in a museum right now in Germany in the city of Oldenburg and it actually opened several months ago it's filled with classified documents it has really interesting things to go and read I highly encourage you to go and read we build a reading room about anonymity papers about things that are happening about how corporations track you and then the entire museum is an open Wi-Fi network that routes you transparently through Tor so in Germany a free open Wi-Fi network that isn't run by Fryfunk much respect to them we wanted to make it possible for you to just go and have the ability to bootstrap yourself anonymously if you needed to and also these four boards are Novena boards and these Novena boards are free and open hardware devices made by Bunny and Sean in Singapore where you could if you wanted to download the schematics and fab it yourself and it's running the Debian GNU Linux universal operating system and it's an actual Tor exit node with absolutely every port allowed the museum's infrastructure itself on the city's internet connection actually is a Tor exit node for the whole world to be able to use the internet anonymously the museum's infrastructure the museum's infrastructure is not just helping people in Oldenburg it's helping people all around the world to be able to communicate anonymously and it's quite amazing actually because when cultural institutions stand up for this we recognize it's not just a problem over there a stand right we have mass surveillance and corporate surveillance in the west and we need to deal with that here by creating spaces like this but that said we also need to make sure that we create spaces in people's minds all around the world and I want to introduce to you someone who's incredibly awesome the most badass radical librarian around this is Allison Allison is going to talk about a library freedom project I'm so excited to be here it's my first CCC and I'm on stage and it's very exciting so I'm going to talk to you a little bit about my organization library freedom project I'm the director and what we do we have a partnership with Tor project to do community outreach around Tor and other privacy enhancing technologies making Tor network more strong and making tools like Tor browser more ubiquitous and mainstream with the help of a coalition of radical militant librarians so we introduced you to the library freedom project back in February we told you a little bit about the kind of work that we do mostly in US libraries increasingly internationally where essentially we teach them about tools like Tor browser how to install it on their local computers how to teach it into computer classes that they offer for free in the library one-on-one technology sessions for their community and we've had a really amazing year since then in addition to working with the Tor project we're really fortunate to work with the American civil liberties union if you're not familiar with them they're basically yeah they're the bad asses who have been suing the US intelligence agencies and police for about a hundred years that is me with two people from the ACLU of Massachusetts Jesse Rossman who's a surveillance law expert and Kate Crockford who is an activist with the ACLU and they're here if you see that human buy them a drink and ask them about the surveillance capabilities of the US police so it's pretty cool it's a great partnership with ACLU because basically they can teach why we need to use tools like Tor browser so how to use them is super super important but you need to know about the authorizations the programs all the bad laws and the uses of them against ordinary people so why do we teach this stuff to librarians it's basically for two big reasons one of them is that libraries and librarians have an amazing history of activism around privacy fighting surveillance and fighting censorship in the US where I live librarians were some of the staunchest opponents of the USA patriot act from the beginning when it was codified back in 2002 they made t-shirts that said another hysterical librarian for privacy because of the attorney general at the time called them hysterical for the fact that they didn't want this awful authorization to go through and of course then after Snowden we learned many more things about just how bad the patriot act was so librarians were some of the first people to oppose that they also have fought back against national security letters which are the US government information request that sometimes go to software providers and other internet services that have an attached gag order that basically say you have to give this information about your users and you can't tell anyone that you got it well libraries got one of these and fought back against it in one they also all the way back in the 1950s even at the height of anti-communist fervor and fud around the time of the house on American activities committee librarians came out with this amazing statement called the freedom to read statement that I think really is the it's a beautiful text it's got two pages long and it is the their commitment to privacy and democratic ideals made manifest and I have a little excerpt from it here I'm not going to read the whole thing to you because I understand I'm a little pressed for time but the last line is my favorite it says freedom itself is a dangerous way of life but it is ours so everybody go get that tattooed you know on your forehead or whatever so the history of activism is one of the big things the second part is more practical libraries have an amazing relationship to their local communities that doesn't really exist anywhere else especially in this era of privatization and the destruction of public commons libraries have already free computer classes in many places sometimes the only free computer help that you can get anywhere they offer free computer terminals to many people who don't have any other computer access their trusted community and they don't have any other internet access to any of these spaces they already teach about a whole number of things so we think they're really the ideal location for people to learn about things like tour browser so it's been going really well this year we have visited hundreds of different locations we've trained about 2300 librarians in the US and Canada and a few other countries Australia we've had an amazing conference you might recognize this as noise bridge any noise bridge fans here come on there's gotta be more noise bridge fans than that we had an amazing conference in noise bridge and actually my co-organizer is also here April Glazer so you can buy her a drink just right over there there has been a huge response from the library community they want to learn about tour browser they're so excited that finally there is a practical way for them to help protect their patrons privacy it's been an incredible standpoint for a really long time and now they know that there are tools that they can actually use and implement in their libraries and teach their community to help them take back their privacy we're really lucky that not only do we get to teach librarians but occasionally we get invited to visit the local communities themselves so we teach how to teach privacy classes with tour as a big focus but sometimes we get to meet the local community members themselves this is a great picture of a recent visit that I made to Yonkers New York it was a class just for teens they're all holding tour stickers if you can see that and library freedom project stickers this is a great picture that is emblematic of the kind of communities that we get to visit Yonkers is one of the poorest cities in the US these kids are many of them are immigrants their parents are immigrants they face surveillance and state violence as a matter of their regular everyday lives and privacy is not just a human right but it's sometimes a matter of life and death and these kids are just some of the amazing people that we get to see also just to give you an idea of how the public perception around privacy is shifting in my anecdotal experience we had 65 teenagers come to this class if you have a teenager or if you've been a teenager teenagers don't show up for stuff they don't do that 65 kids came to this and they were so excited they left over at the end that had so many questions and wanted more stickers to bring back to their friends so it's pretty cool stuff recently we embarked on a new project bringing tour relays into libraries this is Neema Fatemi with me when we set up our pilot at a library in New Hampshire which is the state just above where I live in the United States and we basically decided to do this project because we thought it was a really great continuation of the work that we were already doing teaching and training librarians around using tour we wanted to take it a step further and take the infrastructure that libraries already have many of them are moving to really fast internet they can donate an IP address and some bandwidth many of them want to do the next thing to help protect privacy and not just in their local communities as well they want to help protect internet freedom everywhere it was a really great sort of next step to go so we set up our pilot project in New Hampshire it went pretty well we got a lot of great press attention a lot of really great local and global community support we also got the attention of the Department of Home and Security basically they contacted the local police in this town in New Hampshire and they said this is stupid and bad and criminal and you should shut this down and the library was understandably shaken by this and temporarily suspended the operation of the relay so we responded by writing a letter an open letter from library freedom project from tour project from ACLU and a broad coalition of public interest groups and luminary individuals including the electronic frontier foundation the freedom of the press foundation the free software foundation and all of our other friends many of whom are in this audience today we wrote this letter to the library basically affirming our commitment to them how much we are proud of them for participating in this project and how much we wanted them to continue we put a lot of nice, you know, ideological why this is important warm fuzzy stuff we also got EFF to start a petition for us and over a weekend we got about 4500 signatures from all over the world the library was flooded with emails calls only one negative one just one out of hundreds and that person was a little confused so I'm not even counting that necessarily it was like a conspiracy type thing so we we got this amazing support and this was all in anticipation of their board meeting that was going to happen a few days later where the board was going to decide what to do about the relay so Nima and I show up to New Hampshire on a Tuesday night you might imagine what a library board meeting in rural New Hampshire is typically like it was nothing like that so we get outside and there's a protest happening already many people holding pro tour signs this was just a glimpse of it and the look on my face is because someone pointed to a very small child and said Allison look at that child over there this tiny little girl was holding a sign that said down with a big brother and I was like I'm done that's it, I gotta go home so we went into the board meeting and we were met with about four dozen people and media and a huge amount of support many of the community members expressed how much they love tour that this whole incident made them download tour and check it out for themselves basically it galvanized this community into a greater level of support than we even had when we initially set it up about a month earlier people who had no idea that the library was doing this heard about it because it got a huge amount of media attention thanks to a story by Julie Angwin in ProPublica that broke the news to everybody and then it just went like wildfire so as you might imagine the relay went back online that night we were super successful everybody in the community was incredibly excited about it and supportive and what has happened now is that this community has sort of like I said they've been galvanized to support tour even more the library has now allotted some of their staff time and travel budget to help other libraries in the area set up tour relays they're speaking about tour thank you they're speaking about tour at conferences and this has really caught on in the greater library community as well so I mentioned already the kind of success that we've had a library freedom project in teaching tools like tour browser and getting folks to bring us in for trainings this is even bigger than that libraries are now organizing their staff training days around should we participate in the tour relay project how can we do this best what's the best angle for us so we're really excited to announce that we're going to be continuing the relay project at scale Nima Fatemi who is now also in this picture again I'm really sad that he can't be here he's wonderful and essential to this project but he will now be able to travel across the US and we hope to go a little further opening up more relays in libraries we're going to continue teaching of course about tour browser and other privacy enhancing free software we're now going to incorporate some other tour services so we're really excited to bring let's encrypt into libraries and while we're there why not run a hidden service on the libraries web server among many other things the other goals for library freedom project are to take this to a much more international level so if you want to do this in your country you know your librarian put them in touch with us you can follow our progress on libraryfreedomproject.org on Twitter and we're always sort of posting on tour blog about stuff that's going on with us so thank you so much for letting me tell you about it it's really a pleasure to be here so that's a really tough act to follow but we we're very pressed for time now we want to make sure that we can tell you two big things one of them is that as you know we were looking for an executive director because our spirit animal Roger slide he he couldn't do it all and in fact we needed someone to help us and we needed someone to help us who has the respect not only of the community here but the community basically all around the world and we couldn't think of a better person in fact when we came up with a list of people the person that we ended up with was the dream candidate for a number of the people in the tour project and around the world and so I mean I have to say that I'm so excited I'm so excited that we have her as our executive director I used to think that our ship was going to sink that we would all go to prison and that may still happen the second part but the first part the first part for sure is not going to happen we found someone who I believe will keep the tour project going long after all of us are dead and buried hopefully not in shallow graves so this is Shari Steele thanks it's actually so fun to be back in this community and I wasn't gone for very long I had so much for retirement it didn't work out for me but that's okay I'm really excited we're so tight on time so I want to just tell you there were two big mandates that I was given when I first was hired on one is help build a great infrastructure so that tour project is sustainable working on that the other thing is money we need to diversify our funding sources as everybody knows here the government funding has been really difficult specifically because it's all restricted and so it limits the kinds of things we want to do when you get the developers in a room blue-skying about the things that they want to do it's incredible really brilliant people who want to do great things but they're really limited when the funding says they have to do particular things so we happen to be doing our very first ever crowdfunding campaign right now I want to give a shout out to Katina Bishop who is here somewhere and who is running the campaign for us and is just doing an amazing job as of last count which is a couple of days ago we had over 3,000 individual donors and over $120,000 which is incredible for a very first time when we didn't even really have a mechanism in place to be collecting this money even so it's really great and I want to also say that we have a limited number of these t-shirts that I brought in a suitcase from Seattle and they are going to be available if you come down to the Well Holland booth at the noisy square come talk with us give a donation, we're doing a special it's normally $100 donation to get a shirt but for the conference we'll do for 60 euro you can get a shirt and it would be great you'd be able to show your support and you can also donate online if you don't want to do that here and that's the URL and to end we'd like to have a word from Down Under of Humanity when I last appeared to you I warned you noobs you must not lose the internet now before I proceed let us clarify one crucial thing the internet is not virtual reality it is actual reality are you still with me? good, now ask yourselves would you let some fascist dictate with whom you can and cannot communicate? because that's what happens every time a government blacklists a website domain would you let anyone force you to get all your information from cable TV? that's effectively the case if you allow corporations to kill net neutrality would you let the ball piece install telescreens in your house monitor and record everything you do every time you move every word you've read your private nook of all your head if you answered no to all those questions then we can safely deduce that terms like online, IRL and in cyberspace are newspeak they confuse the truth there is no cybersphere, there is only life here it follows that if you have an oppressive internet you too remember, online is real life your digital rights are no different from everyday human rights and don't give me that BS that you don't care about privacy because you have nothing to hide that's pure double thinking as comrade snowden clearly explained that's like saying you don't care about free speech because you have nothing to say stick that up your memory holes and smash it the portal is closing I'll leave you with a new tool to use I assume you've all been fitted with one of these spying devices well, here's an app you can use in spite of this it's called signal and yes, it's free and simple install it and tell all your contacts to menu then all your calls and texts will be encrypted so even if big brother sees them they couldn't be able to read them and mission, heed the words of George Orwell or should I say George Torwell the fascists, you can come to onion land now and fight big brother's filthy tactics if you're a pro, run a node and strengthen the cone or if you're in the outer party and can afford it send or some of your dough special salute to all my comrades the state of the onion daisys mother f***ing f***ing bastard son of a corporate b*** I think that's all the time that we have thank you very much for coming and thank you all for your material support unfortunately we won't have time for a Q&A but I heard that some of the crew will now go to the Waohalan booth at Moises square down in the Foyi and might be ready to answer questions there if you have any