 Okay, hi. I'm Roger, and I'm going to talk today about Russia and censorship and tour. I've got way too much to say and a lot of different topics, so I'll try to give everybody something interesting and fun that they haven't thought about before. So, we earlier asked how many people have heard of tour. That sounds great. How many people here have heard of tour bridges or pluggable transports or the censorship side? Awesome. Okay, I see some hands yes and some hands no. So, I'm going to go through a little bit of what tour is, how tour works. I'm going to try to go through that quickly. And from there, the same intro to tour and censorship. And then we'll talk more about the Russia side of things and what that means for the rest of the world. Okay, so tour is a non-profit organization. We're a 501C3. We provide tour browser as software a lot of people use to be safe on the internet. We're also a community of activists and developers and users and relay operators all around the world. How many people here run tour relays or bridges or snowflakes? I see a few hands but not as many as there should be. So, think about while I'm talking about this, think about running relays to help out other people. So, we also have some number of users, maybe 2 million daily users, maybe 8 million daily users. And we're part of a much broader ecosystem of internet freedom, anonymity research, censorship resistance, free software. So, there's a broad history of what the tour organization has done over the years. Happy to talk more about that afterwards. So, how do you actually build one of these? What is tour for? So, we've got Alice over here. She wants to browse the web to some website, Bob. Where can the attacker be? What sort of threat model are we worried about? One answer is maybe the attackers watching Alice, maybe they're watching the Starbucks connection or they are the local Tunisian ISP, or maybe they're watching some pieces of the backbone internet, maybe they're AT&T or Verizon or Deutsche Telecom or the NSA, or maybe they're watching Bob, maybe they're watching WikiLeaks to learn what users are connecting to them and who's trying to learn things. Or maybe the adversary is Bob, maybe it's CNN.com and they want to know who their users are so they can advertise to them better. And one of the other important pieces, anonymity is not encryption. You should use encryption. Encryption is good. But even when you're using encryption, somebody watching your network traffic learns who you're talking to, when you're talking to them, how much you're talking, and that traffic metadata is what all the agencies and organizations use to try to attack things these days. So, we've got Creepy NSA Dude. How many people here recognize Creepy NSA Dude? I'm hoping this is the correct audience. Okay, quite a few hints. I did this talk like a couple weeks ago to a different crowd and they're like, who is that? So, we should all remember statements from the NSA like we kill people based on metadata. Okay, so how do you actually build one of these? The easy answer is a single centralized single hop proxy like VPNs and anonymizers. So, all the users show up to that single relay. And there are some problems. The first problem is it's a centralized point of trust. So, what happens if that central point, that VPN decides to go bad? And it's worse than that because it's a central point. Even if the VPN itself is trying to be honest, you still, there's one wire in and it's the same wire out. So, if you are able to watch that, then you can match up timing and volume to understand who's talking to who. So, the goal of Tor is to distribute the trust so that there's no single point that gets to learn about this user goes to that destination. So, I'll skip over how the crypto works but basically you build a tunnel through three relays so no single relay knows what's going on. Okay, and we've got a network of about 7,000 volunteer relays around the world. Here's a graph of bandwidth load and bandwidth capacity over the past 10 years or so. The second half of what Tor is, I talked about Tor, the anonymity, the network layer, the hiding your IP address layer. The second half is the application level side where we have Tor browser based on Firefox that tries to fix all of the application level issues like cookies, used to be flash, fonts, all sorts of stuff in the browser that could be used to recognize you. Okay, another key point to realize, transparency is critical for Tor as an ecosystem and for people to be able to trust it. So, yes, that means it's open source, it's free software, it also means that we give you specifications and design documents to say this is what we meant to build, this is what we're trying to do, this is what the security goals are and also we are publicly identified people. Hi, I'm Roger, I built Tor, I'm happy to explain that to everybody and that level of transparency is critical for a privacy tool and I always have somebody come up afterwards and they're like, oh, haha, the anonymity people are talking about transparency, that's so stupid. No, actually the key is privacy is about choice and we choose to be transparent in order to build a stronger, safer, bigger ecosystem and community. Okay, so that was the crash course on Tor, so far so good. Now let me talk a little bit about the censorship side of things so you've got some context for what I'm going to talk about later. So the first arms race, the 7,000 public relays I was talking about, there's a list of them, you the censor grab those 7,000 IP addresses and block them and you're done. Now nobody can bootstrap into the Tor network, there's nothing to connect to. So the first step of the arms race is we have unlisted relays called bridges and the goal is the users who are in some censored situation can get some bridges in order to bridge into the Tor network but the adversary hopefully can't get all of them. Then the second arms race beyond IP addresses is based on deep packet inspection or DPI. So the goal is there are some protocols that the censor might try to block by looking at packet patterns or bytes in the packets. So the goal originally Tor tried to look like TLS because who would block TLS and then Syria blocked TLS and a bunch of other places started doing that. So we're not trying to exactly mimic Firefox talking to Apache, instead we have a more modular approach where Tor takes care of the privacy, the anonymity side of things and then you can plug in various transports and the goal of each transport is to transform the Tor traffic into some other protocol appearance that the censor is not willing to block. So there are a couple of popular ones of these that work well. The most popular is called OBS4 obfuscating proxy. Basically the idea is that it adds a layer of encryption on top of whatever the input is and that means there's no recognizable headers, there's no structure at the beginning that you can put your Zeke rules on and start recognizing the protocol. So the idea is there's a long tail of random stuff on the internet and if you have a protocol where the automated classifier says I don't know what that is then the censor has to choose do I block everything that my classifier can't classify because then there's going to be a long tail of random stuff and a bunch of angry people who call up the great firewalls help desk to complain or do I allow through everything that I can't classify and in that case protocols like OBS4 can go through also. There's another transport we've been working on more recently called Snowflake that basically does a webRTC connection so it looks like you're doing an online video call Skype, Zoom, Jitsy, BBB, all of these but the reality is that you're tunneling your tour traffic through that video call and one of the cool things about it is that you can install a browser extension to become one of these Snowflake volunteers. So you don't have to apt get install tour and know how to edit a text file and so on. You just volunteer your browser as one of the tens of thousands of volunteers that proxy through from their censored situation into your browser extension and from there to the rest of the tour network. So that means we've got a lot more volunteers and it's easy to have more and more dynamic volunteers and that means we can do more we've got more flexibility about how to use them. Okay and then the third pluggable transport that is important to learn about is called Meek. It's based on domain fronting so the the basic idea for domain fronting is I'm going to make a TLS connection to a popular cloud provider like Amazon or Fastly or Cloudflare if they still allowed it and the idea is from the outside it looks like you're connecting to a popular website that the sensor is not willing to block but once you've done the TLS connection and you've labeled in your server name indicator you've specified I'm trying to connect to this you know totally ordinary website inside the inside that connection then you provide a host header at the HTTP level to say what I really wanted to go to was this other server. So from the outside it looks like a totally ordinary connection to the right IP address to an acceptable server but on the inside you end up actually connecting to some other cloud provider that for example tunnels you into the Tor network. So one big downside of domain fronting is you have to pay the front domain whether that's Fastly or Cloudflare or Amazon or Azure or whoever it is so you can use it for signaling but you probably can't use it for actually proxying all of your flows. Okay and then the last key background thing to think about is we need smart algorithms for what we call bridge distribution to match up volunteers who are running bridges with people who are in censored areas and need to use them. So we have a couple of basically the idea is to take the bridges you've got and divide them into buckets where each bucket requires a different strategy for how you're going to give it out. So one of them is you email us from your Gmail account and we give the same answer to the same Gmail account and the goal there is if you have one Gmail account you can get a set of bridges but you need thousands of Gmail accounts to enumerate all of them in that bucket. There's another one that looks at what subnet on the internet you're coming from. There's another one that's based on a CAPTCHA so that's the basic idea. We've got something similar in snowflake land to match up volunteers with censored users so they can know who to make what looks like a phone call to. Okay sounds good we're still in time. Now let me talk more so that was the background. Now let me talk more about what we're talking about today what Russia did and then how we dealt with it. So in our story starts in December the beginning of December last year and at that point some ISPs in Russia it wasn't all of them but it was a third or half or something. They blocked the public IPs in the Tor network by IP address. They blocked the Meek Azure domain fronting plugable transport and we'll talk later about how they actually did that. They grabbed the IP addresses of the OBS four bridges that come with Tor browser the ones that are easy they're built in and they blocked those by IP addresses and they blocked the snowflake protocol by what turned out to be DPI. So in the same day or so they rolled out a bunch of these that I guess they'd been working on in parallel and decided that that was the day to roll out their Tor block. Right around then a little while later we got an official notice to one of our hosting providers Hetzner in Russian from the Russian censorship ministry saying that our website is bad and we need to stop having a bad website or they're going to block it and we don't really have a way to stop having a bad website so a few days later they blocked it and that was the official censorship side of that. So here's a graph of roughly the number of people who were using Tor to connect to the direct public relays so you see it starts at maybe 300,000 and we lost maybe a third of them and similarly a bunch of people switched over to using bridges during that month. So in some sense that's this one's sort of a sad graph, this one's sort of a happy graph, we'll talk more about the balance there. So this is the detail of how they did the snowflake DPI. Basically we try to look like WebRTC but specific implementations behave in certain ways and we had an extra extension on the server side that the Google Chrome WebRTC implementation doesn't have so that was the distinguisher that they used and we patched the WebRTC library that we use and put that out a few days later so the snowflake DPI block lasted for maybe 36 hours or something until we put out a new version of snowflake that got around the blocking that they did and they haven't really rolled out any other DPI based approaches to block snowflake since then so that was that was sort of the good news. So this is the Meek Azure detail and all these slides are online I know that the font is small so you don't have to worry about the details but I was looking at trying to figure out like how do they block the domain fronting thing because we're making a connection to the Azure site and the the the front domain that we're using is ajax.aspcdn net so it's like it's like a main web server that serves JavaScript to every other website on the planet so at first I was thinking oh my god they they blocked this JavaScript server the whole internet's going to be angry because Russia just blocked the the front domain that they never blocked turns out they blocked it by IP address turns that they blocked Azure by IP address so this is my no shit let me tell you that time that we got Russia to block all of Microsoft Azure story and that also lasted for a day or so and at some point I guess somebody at Microsoft noticed that nothing was working and they rotated to a new IP address so at that point you couldn't do Skype from Russia you couldn't do like whatever it is that Microsoft hosts on Azure because they do Geo DNS so it isn't that that they blocked there's a different IP address for where in the world you are and there's one IP address that everybody in Russia mapped to and and they blocked that IP address so I guess the other side of the question is was Russia willing to do that did they did they think it through and they said that collateral damage is acceptable we're gonna do it or was it just somebody who's like I saw them make a connection to this IP address so I'm gonna block that I don't know what it is and and then they blocked a whole lot of things including Skype it's hard to say okay so the the steady state ish that we're in right now is Russia is crawling various bridge addresses and trying to block them by IP address but it's still not instantaneous you still have days to weeks between when a new bridge shows up and we give it out to a lot of people and it gets blocked and other OBS4 bridges are working fine so they're definitely not blocking by protocol they're definitely blocking by IP address and snowflake and meek are still working fine but they're maybe a little less fun to use than the the main ones okay so what else happened around the same time we put up a forum post explaining to people in Russia what happened and how they can get around it and it turns out we had just set up the tour forum a couple of months before that and we were using discourse because we want you know a third party hosted thing and because we had a third party hosted thing we set it up on forum dot tour project net because we wanted to isolate the domains I don't want I don't want to know whether discourse is like faking cookies and making git lab dot tour project org cookies so we gave them a totally separate domain for that russia never blocked tour project net so that means our forum was reachable the entire time nobody's ever thought to block that and that means we've got a hundred seventy seven thousand views on this russian language post explaining what happened and how you can get around it because they never blocked this part of it I guess it's never occurred to them that that an organization could use more than one domain name so the longer term picture here we start with our 300 000 we lose the first 100 000 in a month and we lose the next 100 000 over the next couple of months so it's sort of a steady state now but but there are an uncomfortable uh uncomfortably large number of of places in russia that are working hard to to continue to try to block tour and there are quite a few people using bridges but not not quite as many as before so let me take a side note here and so I've got all these graphs with numbers on them but the numbers may or may not be accurate because we've been so one of the challenges we have in the tour world is how do we do safe enough metrics so the tour relays or bridges they don't know what you're doing with tour but they see you making a connection and they can publish an aggregated 24 hour summary of how many users they've seen from various countries the the challenge there is how do we extrapolate from what from the view of each individual relay how much total how many total users we have how much usage we have so the the numbers that we have here are assuming each of these users is leaving their tour browser on all day and I'm pretty sure that in some countries where it's an internet cafe and you go in and you use tour browser for an hour and you go away then we're we're we're off by an order of magnitude so uh one way of visualizing this I've been working with the metrics team to try to figure out how to visualize it so the green line up there is if every tour user runs their tour browser for only a couple of hours a day in that case we've got 20 million 25 million daily users the red line down there is if every tour user uses their tour has their tour running all day each day and the graphs that I've been showing you are that blue line right down there by the red line so this is a huge range of lower bound upper bound on how many tour users there are all day and we'll get back to the metric side of things but I wanted to let you start thinking about how do we actually accurately understand the graphs we're talking about okay and here here's a graph of the number of volunteers we have in snowflake land over the last couple of months you can see a bump in december of the standalone proxies the browser extension people but they're they're folks who actually install the go client on their linux machine they know how to do go get and it's a headless browser it's a headless snowflake proxy and then you see a much bigger jump in march when the actual invasion was happening of people installing the extension side of things and you can see the the growth in the number of users we have in snowflake we've been working on some scalability issues to try to be able to handle more and more users on the snowflake bridge happy to chat about that one later you can also see as we fix some of the scalability issues the throughput that we're handling gets a lot better so we're handling maybe 10 000 to 50 000 users of snowflake in russia each day at this point you can also see the the growth in the number of of bridges that we had we did a an advocacy campaign in december that's the first bump that you can see and then we did another advocacy campaign in march to be like hey everybody run a bridge help people in ukraine and russia get around the censorship that they are seeing or will be seeing soon okay so what are the other things that we did once the initial censorship rolling out one of them was we set up a telegram autoresponder and the idea is if you're a telegram user you can send us a telegram request and we'll send you a couple of bridges and that way there's another avenue for getting bridges so that you can imagine the sensors would block that pretty quickly because they can get a telegram account so they get one and they send us a request and we get we send them the bridges it turns out that telegram accounts are assigned numerically sequentially so when you send me a telegram message i can learn how old your account is so our secret sauce there it's not all that secret because i'm about to tell a group of thousands of people at defcon our secret sauce there is we look at how old your telegram account is and if you have a pretty established one we give you this set of bridges and if you have a new one we give you this other set of bridges and so far the sensors make new telegram accounts and then they then they get only the second set of bridges so there are a bunch of telegram based just distribution bridges that we've been using that end up with hundreds of users for a while until they get rotated out so that's a that telegram age-based trick is a fun example of another asymmetry that we need to to explore but it's also an example of a of an unstable one because once we explain it enough then the adversary is going to go out and be like yes i i do have a pile of old telegram accounts because i made them for this totally unrelated reason and i'll use them to try to learn a bunch of the the the bridges that those tour people are giving out okay another fun thing which i didn't put in the slides and i'm not going to present to the thousands of people at defcon we have some nice people inside the russian censorship ministry who work on censoring tour who reached out and wanted to explain what they do all day and how that works and how the censorship works and what they're focusing on so i am not going to read any quotes from them translated or otherwise because i don't know what their situation is but they were explaining that they it's not as automated as you might imagine their job is to actually download to our browser go through the same steps that users do get an ip address put it in a spreadsheet yes and email it to the censors who then add that ip address to the censorship infrastructure so that is the the feedback loop they were talking about and that explains why a new bridge will continue to work for days to weeks until that feedback loop has succeeded and and that particular ip address gets blocked okay so there are a bunch of other lessons i'm going to skip forward to to make sure we get to a lot of things at the same time in march uni the open observatory for network interference they do censorship measurement stuff they had just rolled out a snowflake test from around the world so the first thing i looked at was the china graph and it's pretty cool that snowflake was working is working in china in march and they there's a more a longer timescale version of this that shows mostly green so green is successful bootstraps from all around the world of uni clients connecting using snowflake but also at the very bottom of the of the green column you can see maybe five percent or ten percent is yellow so that's not censorship so much as being on crappy internet connections or being given a snowflake volunteer that doesn't have the throughput to let you bootstrap properly so we've got more work to do in terms of engineering to try to make every snowflake connection be fast fun and reliable rather than most of them which is what we've got going on right now and it would be even better if we could have snowflake auto recognize i get through this part of bootstrapping but not that part i'm trying to do the the introduction of the piece of web rtc and this is the one that i got through and this is the one that failed so that way we could have all of the users or all the uni probes auto diagnosing what's gone wrong and help us understand how the internet works around the world okay so that was the what russia did and responses now let's talk about some other stuff that that i either don't understand that happened around the time uh or that is sort of a bizarre side effect so one of them was uh when that blocking of our website like the legal request came into headsner there's a an NGO inside russia that said that's illegal that's unconstitutional the russian censorship ministry broke their own laws by blocking your website we want to fight them in court and and we were like yeah okay so there's a russian group that wants to go fight the russian judges and the russian court like that's gonna work but on the other hand i want to empower them to you know change their country from the inside i don't know what's going on in russia and they do and if we can let them fight the fight they want to fight inside then yeah for sure let's do it and it turns out uh that they they did go through the fight and they won they actually got a judge in the russian court to be like yes you're right that was unconstitutional that was illegal the process by which they decided to block your website did not involve you and therefore you must unblock tour in russia is what the judge said which was uh did not expect that and then of course the the follow-up question is okay what do you mean unblock and i i don't know whether that judge knows what they meant by unblock either we haven't seen much change in terms of the behavior of the censorship ministry trying to find bridge addresses and blocking unblocking them by ip address but i think our website has started working in more places in russia so that was a sort of a bizarre side effect that we hadn't been expecting where in this this this last part just came out a couple of weeks ago and there's a follow-up of course where i imagine they're just going to go through the process correctly and then they will have blocked us legally and that'll be that they're also taking the opportunity to pull google in and be like hey google you have to censor your app store you got to take that tour browser thing out of the android play store uh so we'll see we'll see where that goes another fun side effect that we were not expecting uh some nice person on the internet broke into the russian censorship ministry and took all their files and stuck them on the internet so if you are interested in reading through 360 thousand uh pdfs that came from the secret agency in russia on censorship uh the internet has them and it would be great if you could look through them and let us know what you find uh we have a couple of people who speak russian we haven't found anything tour specific uh i would caution you that it's conceivable that the russian uh misinformation ministry has put something in those pdfs that you might not want to load them on your computer directly so uh consider that as an as the defcon audience that you are and please let me know if you find anything in the in this data dump so thanks internet other stuff that happened so rt.com is censored in a lot of places in europe i'm gonna get back to to what was going on then but i i noticed that first because i heard somebody talking about censoring rt russia today in europe and because the tour network has a lot of exit relays in germany and france and so on suddenly it became harder for you to read rt.com over tour that's kind of fucked up that's not what i i want a tool that lets people reach whatever they want to reach on the internet uh the the other side of that is the way that the uh blocking happens by ip address is by by directional they black hole all traffic in either directions and that means that if you're a tour user trying to go to a russian website you connect out of a tour exit node and then your connection into russia fails because they're censoring the tour network so suddenly they've cut themselves off in a way that we didn't at first expect and another side of that we got a bunch of new relays in the north in the tour network yay more relays and they've got nicknames like fuck russia or support ukraine but we also have some organizations in russia who've been trying to sneak in some misbehaving relays and now they've got an excellent opportunity to sneak in a few more and if they name them support ukraine maybe we'll be happy and leave them there so that's an arms race that we can also chat about more afterwards okay so another surprise that i'm still working my my head around here's a sort of a heat map of where in the world our snowflake volunteers are so we've got a bunch in the u.s we've got a bunch in germany we've got a bunch in europe we have a bunch in russia and maybe these are people in the free part of russia who installed the snowflake extension to help people out around the world or maybe these are confused people the snowflake helps them get around censorship so they installed snowflake so that's that's bad that's not what we want so there's a lesson here about messaging or ux in terms of explaining which components you should install and why and how volunteer ecosystems work on the day of the invasion we had a huge spike in users of tour in ukraine what the heck i have no good explanation here if you have any good ideas of why suddenly a huge spike of people ended up using tour in ukraine maybe a goip mistake maybe maybe lots of things we can speculate all day long this is a another bizarre mystery in tourland but i guess the most important thing to think about here is the user impact on the censorship arms race so yeah we've got pluggable transports we've got domain fronting we've got all these tricks that we can do but every time the censorship arms race takes another step forward the users who don't care that much fall off so yeah we we saw a bunch of people switch from connecting to public relays over to using bridges but also we lost a bunch of people so i guess the the most important thing to think about here is we need a way to improve the usability of the arms race or not take so many steps forward because the censor is willing to keep taking the steps and some of the users are and some of the users aren't so make sure to think about the the user impact in terms of censorship that's that's something i mean i don't have a good fix but it's something that we all have to keep in mind okay so what's the what do we need to do next what what's going on and i guess the there are a bunch of building blocks that we have and i'll go through them and then i'll describe some of the the improvements and fixes so the first building block is a dpi resistant point-to-point channel so that's ops 4 but it's not just ops 4 there's vmess and a bunch of other protocols out there that try to look like nothing so they're unclassifiable so that that's building block one building block two we need some sort of civil resistance sign-up mechanism we need something that is going to let users get a bridge address and the censors can't get all of them so the telegram trick is is a fun example to get you thinking about them but we need more situations where we can exploit that asymmetry and it needs to be something where we can automate the verification side so think like twitter accounts friends on facebook something like that where users have demonstrated social connections that are hard for the censor to to scale up and imitate that but that are easy for us to verify like i don't know how to verify in an automated way how many facebook friends you have how many legit facebook friends you have maybe there's an api for that love to chat with you afterwards building block three we need some way to figure out which bridges are actually blocked in each place around the world so the easy answer is you get like a vantage point somewhere and you scan them but if they learn what that vantage point is then they just watch you scanning so that's a an arms race of itself there's a new tool called bridge strap and the idea is it you feed a pile of bridge lines and it connects to each of them and tells you whether it failed or whether it succeeded so here's a it's all public data you do it we publish it by the hash of the fingerprint so there's nothing here in this file that you can use to discover where the bridges are and block them but if you already know about the bridge then you can go to the bridge strap output and decide does it work in turkey does it not work in turkey so we've got vantage points right now in china turkey russia ukraine and we need to scale that up and we need to be smarter about how that works maybe we only test the ones that for metrics reasons it looks like they used to have a lot of users and now they don't because we don't want to have too much surface area exposing too much building block four we need a whole lot of addresses so we've got the nice volunteers who are setting up bridges one at a time we also have another person who's working on an automated framework for first spinning up cloud bridges and that way on hetzner or ovh or digital ocean uh you basically auto spin up a new bridge and then there's a a mechanism for scaling it down and putting up a new one next so the more automation we can have there the better and so this is actually happening right now where dynamic bridges are going up and down and they're easy to use the the next building block we need is some sort of signaling channel like domain fronting so there's a reliable way for tour browser to get around the firewall not for all of your traffic necessarily but something that they're unlikely to block so domain fronting is one example maybe we tunnel it through email through dns over hdps there are some examples there okay so milestone one in terms of what we're doing to fix this long term is we want tour browser to use that signaling so if you fail to bootstrap use domain fronting or something like it to pull down a list of uh recommendations for what your tour browser should automatically do depending on what what country you're in so there's a jason file that describes if you're in belarus then start with your built-in ops four bridges because those still work and then from there try other bridges if you're in china go straight to snowflake because the other ones are probably going to be a fail for you so building this map of what works in what country in what order and then the goal is that your tour browser says hey i failed i failed to bootstrap i think you're in brazil i think this should have worked are you in a different country like what help me help you bootstrap in an automatic way so the the goal of that is that you can you start off with the automatic approach where while it's doing the domain fronting connection it learns what your ip address is and turns that into a country doing this in a way that makes users comfortable with the automation is another another piece of that okay so milestone two that we haven't done yet but we need to do in order to to have a more robust system we need some sort of bridge subscription model so right now we have a bunch of volunteers who set up a bridge and then they get bored and they take it down so it isn't that the bridge got censored but the user found it they were happily using it and then the bridge went away and now the user is uh no longer has a bridge that works so we need some once we've got this automation we can use the domain fronting the signaling channel to learn i used to have this bridge can you give me a replacement and the trick there is you don't need the same level of proof of work or captcha or scarce resource proof because you already did that last time so you show up saying here is the bridge that i used to use can you automatically in the background give me the replacement and that subscription model where your tor browser seamlessly switches over to the new bridge is something that that we need to have as a building block here okay and the fun thing about that is the dynamic cloud bridges work really well with that subscription model where you spin up a bridge and then it goes away or it gets blocked and you spin up another one next door and then you tell all of the users through the signaling channel you used to use that one switch over to that one so if we can keep on ip address hopping like frequency hopping over the cloud provider ip space faster than the sensors can keep up then we've got something going on okay and then the third building block the third milestone that we need to hit is a reputation based bridge distribution idea so there are a bunch of research papers out there salmon locks hyphae and so on but basically the idea is when users once you've got the subscription model going on so users have some sort of long-term cryptographic identity keep track of when i give you a bridge does it get blocked or not and if it does get blocked then screw you i'm not going to give you more but if it doesn't get blocked then you're doing great we'll we'll keep on giving you more bridges will maybe put you own as the only set of users on a bridge that that that will long-term not get blocked because the ten of you have demonstrated that that you're not the sensor and you're not trying to learn bridges and block them so that's a there's a lot more going on on that there are a bunch of parameters we need to get right salmon actually has a design where once you have a high enough reputation you can invite your friends in at a similar reputation level and that makes the system scale a lot better but also there's a bunch of analysis in terms of if the adversary can get one high reputation person and then invite a bunch of fake people that are also high reputation so getting the parameters right is important here but this is where the arms race has to go we need this sort of asymmetry where users have social connections or we keep track of whether the user has behaved correctly or not and and reward the ones that are that are not ending up blocking their bridges okay we've got a little while more i'm going to talk about some other things that have been bugging me over the past couple of years so one of the big ones is when the when russia invaded ukraine a lot of western companies are like haha i'm gonna sanction them we heard about isps that are like i'm deep hearing from russia that'll show them and then we heard about western companies like facebook and google and so on saying i'm gonna stop allowing russians for to have like gmail accounts and and that'll show them we'll punish them we'll put pressure on them and the the key to realize a couple of years ago trump was trying to do something similar in iran it was called the maximum pressure or sanctions program and he would call up like netflix and google and facebook and be like i know the law doesn't require this but could you like everybody who speaks farce could you like turn off all their accounts thanks and the problem with that is uh iran periodically was trying to like isolate themselves from the internet their goal is they want their own halal internet they want their own like safe religiously okay facebook their own google their own gmail their own whatever and every time iran tried to cut themselves off from the internet everybody in the country is like fuck you you blocked google i don't like this i need you to stop stop the censorship whereas when trump said hey google can you like turn off all the accounts of all the people from iran now when they block google nobody cares because google is already screwed them google has demonstrated that it has no no interest in having them as users so that means that uh those sanctions cause the government of iran to be able to to block more things without any collateral because there's there's nobody who's left who's angry because uh the the western companies let them down anyway so we're going to see the same thing in russia where if like facebook decides to stop providing service to russia then nobody's going to get upset when russia blocks facebook i think actually russia did block facebook but next it's going to be you know linked in or whatever comes next so we're going to see the same isolation results from sanctioning something else that is also kind of bizarre the european union decided that they needed to block misinformation especially they needed to block rt so okay they unlisted the television channel sounds good but they also had an e u y mandate that every member country needs to build and deploy a censorship infrastructure in order to block the rt.com website so that is a fucked up thing that that europe has decided to do and i mean sure there's the slippery the slippery slope of you know once you build your internet censorship infrastructure then what else are you going to use it for and i guess the other side of that i mean i was actually i ended up arguing with a german guy who's part of the brussels uh group that decided to do this and i was like why why are you censoring the internet what's going on and he's he kept stopping me he's like no sanctions not censors sanctions and i'm like okay well that that's the word you're using but but the reality is that you're encouraging every country to buy and deploy a censorship infrastructure and while i was having that argument with him one of the uni people pointed out that romania interpreted that e u requirement as you got to block all misinformation so romania apparently has a multi megabyte list of urls that they decided to censor in their country because of this kind of vague poorly worded you better block rt requirement from the e u and they ended up blocking like software update sites and so on so that's uh yeah and he the the same brussels guy was explaining no this is a temporary six month sanction in six months we're gonna you know revisit it but the problem is these countries are going to roll out their censorship and they're not going to unroll it out in six months they're going to find something else to do with their censorship infrastructure so i guess the the big question is uh what the fuck europe why you like censoring so much and if you as the audience could keep on asking that question to the european union decision makers that would be awesome because this is a i mean they start off trying to argue that they need freedom of of information and freedom of speech and and then they end up using the same tactics to block more things and this is not where the world should go another kind of interesting lesson to learn here so our story started in december of last year but from the mainstream media side the story started in march of this year so tour blocking censorship blocking internet censorship is a an early warning system for there's about to be some fucked up stuff going on in that part of the world and watching the next political events gives you some early sense of of where important things are going to be and where where we as the world should put our resources and it's the story is not over there's more going on one of the things that's happening recently from the great firewall in china is they've been rolling out an entropy test where if you're connecting from china to a couple of cheapo providers like digital ocean alibaba hetzner ovh then they look at how many ones there are in your first couple of packets and how many zeros there are and if it's about even then they they cut that connection so that means that if you're in china trying to do an obspor connection to one of these ip spaces then it fails and maybe they're fine with that collateral damage i would argue that they they can't afford to roll out that out to the rest of china because there's too much just random protocols on the internet that they'd end up blocking i was talking to a us academic researcher who did a study at his university of if i put this censorship rule in place to my students at my university he ended up concluding that he would block one or two percent of of all the flows going through his university so i don't think china can afford to to make this broader than those destination ip spaces but i don't know so we are going to need better transports that that look like nothing in better ways or that look like something in better ways that's going to be a talk in a bit we have these awesome uh tour onion badges at the tour at the tour booth in the vendor area so after this talk ends i'm going to head over to the vendor area i'm wearing my break green shirt i'm easy to spot and i will answer all of your tour questions until you have no more tour questions so uh we are out of time at this point some things for you to think about please run tour bridges if you can apt get installed or then run an obspor bridge on your debbie and a rubuntu or whatever system please run snowflakes we've got a firefox extension we've got a chrome extension so these are easy to add and you'll be one of the tens of thousands of people who are helping people in russia get around their censorship please run tour relays please make the tour network stronger and also think about the anti-censorship research area we need more academics engaging in workshops like folky and conferences like pets to to think through how to analyze these things and there will be ongoing tour q and a at the vendor booth and i believe i'm at the end so thank you