 Hi everybody, I'm Roger Dingledine from Tor. I've got some really bright lights up here. We're still filing in in the back but I think I'm going to get started because we've got a lot of stuff to talk about. So hi, I'm Roger from Tor and let me get the clicker working. There we go. Okay, so I'm going to start off telling people a little bit about how Tor works. How many people know quite a bit about how Tor works already? Raise your hand if. Great, I see a lot of hands. Awesome. So I'm going to blow through the beginning introduction stuff and then we're going to talk more about the censorship side of things. So what is Tor? Tor is a free software project. Tor is a non-profit. Tor is a protocol. Tor is a network of volunteers running relays around the world. Tor is a bunch of researchers trying to figure out how to provide better privacy and better anonymity and better safety to people around the world. And we've got some number of users. It's a bit hard to tell because it's an anonymity or privacy system but one estimate puts us at about 2 million users a day and another more recent estimate puts us at about 8 million users a day which is a huge network of people. At this point the average Tor user is the average internet user which is pretty cool. Okay, so what are we trying to do here? The easy, so the threat model, the question is we've got this user Alice. She's trying to go to some website bob or some service bob and somebody is trying to learn who is going to which place. So maybe somebody is watching Alice's local network connection. Maybe that's somebody spying on the Starbucks. Maybe that's somebody being Comcast or the local telco. Or maybe they're watching on the bob side. Maybe they're watching WikiLeaks and they want to know who's connecting to it. Or maybe they're somewhere in between their NSA or AT&T or something like that. So that, this is the scenario that we're trying to think about. An important thing to consider anonymity is not encryption. You should use encryption. Encryption is good but even when you're using encryption somebody watching your traffic gets to learn who you're talking to, when you're talking to them, how much you're talking to them. And I keep talking to companies who say, no I use a VPN. It's totally fine. I've got encryption. I'm good. Whenever the intelligence agencies are thinking about figuring out who's talking to who, they draw their social network graph. They figure out who's in the middle. They figure out whose house to break into. So it's not even about breaking the encryption anymore. It's about drawing the social graph and figuring out who's interesting. So another way of looking at that. Everybody here knows creepy NSA dude? I hope. So we kill people based on metadata as his quote from a few years ago. So that metadata is exactly the name of the game on the tour side. We try to protect who's talking to who, what websites you're going to, where you are in the world when you're using the internet. Things like that. So I actually only use the word anonymity when I'm talking to other researchers. When I'm talking to my parents, I tell them I'm working on a privacy system. Because privacy is a good American value. But when I'm talking to companies, I tell them I'm working on communication security or network security. Because I hear privacy is dead. I hear anonymity is scary. But you're right, communication security, that's a really important thing to do. And when I'm talking to governments, I work on traffic analysis resistant communication networks. And again, it's the same system. It's the same security properties as the same users. But they're using it for different reasons. And part of the goal of this is to try to figure out how to frame this for different people so that they can all blend together. You can't have a cancer survivor's anonymity system where all the users are cancer survivors. Because then everybody will know why you're installing it and why you're a user. So you need this wide variety of people. And then the fourth category we're going to talk about today is the reachability side of things. People trying to access websites like BBC and GitHub from different parts around the world. So the goal of Tor is to blend all of these different groups into the same network so that they can provide security for each other. So how's it work in a nutshell? We've got a network of relays around the world. And people build circuits, build paths through three of the relays. And the goal is that no single relay gets to learn which user is talking to which destination. So that was actually only half of it. That was the network level privacy half. There's also the browser level privacy half where cookies and flash and browser resolution and all sorts of other things can give you away or can make you identifiable while you're browsing the web. So the second half of Tor is Tor browser which is a version of Firefox that tries to fix all of these application level issues. And there are other ways of using Tor. There's an operating system called Tails which is Debian based which has everything you want pre-configured and nothing you shouldn't want. And it's a live CD so when you're done you pull it back out and everything disappears from your system. We now have a Tor browser Android which is awesome. So there's now that Firefox actually works well on Android. We can have a Tor browser on Android so there's an actual first class Tor browser that does everything that the normal Tor browser does on Android which is great. So another piece of knowing about the Tor background is how fast the network has gotten over time and we've got the actual load on the network is up to like 200 gigabits a second and the capacity of the network is something like twice that. So we're on the level of Wikipedia or something like that so there's a lot of different traffic going through the network from our millions of users. Okay so one of the questions that we think about in terms of how to assess whether Tor is doing his job is how do you measure safety? How do you measure diversity? How do you figure out whether Tor is keeping somebody safe and how do we think about that? So the first question is the diversity of where the relays are. The more different relays we have around the world, the safer it can be, the less likely it is that a given attacker is going to be able to watch all the traffic going into the network and also your traffic going out of it. So for example, French intelligence probably isn't in a good position to be able to see enough of the traffic on the internet to start correlating people. So where the relays are is an important first piece. The second piece is diversity of types of users. This goes back to the privacy, anonymity, traffic analysis resistance side where it's not just about how many people we have, it's about what kind of people. So for example, the average Tor user in Iran is not a political dissident trying to take down their government. The average Tor user in Iran is a Facebook user trying to reach Facebook. And that's critical for safety and security of the rest of them because that means you can't, I mean if Iran wanted to round up all of their 20 year olds and kill them, I guess they could do that but it wouldn't actually work. It wouldn't actually get rid of the political dissidents, it would create more, we all know how that works. So that the normalness of using Tor is a key piece of its security. And then a last thing to think about transparency is a really important piece of how we build Tor. So we've got its open source, we give you specifications, we describe everything and try to work with the research community to understand what security properties we get. And we identify ourselves and go on stage, hi I'm Roger, I'm from Tor. And the key thing to remember here, a lot of people look at this and they're like oh ha ha the privacy people are talking about transparency, ha ha that's so stupid. No privacy is about choice, privacy is about control. And we choose to be transparent because it helps us build a better community, a better tool, a better software, a better protocol, a better network of relay volunteers around the world. Okay so what am I going to talk about today? We've got I guess three different pieces. The first one is the background of the censorship side of things, the second one is what's happened in the past couple of years in terms of new attacks from governments that are trying to censor Tor. And then the third one is a bunch of new tools that we're working on that will hopefully move us forward in the arms race. Okay so I'm going to start with the background side of things. How many people here know about Tor bridges and uh pluggable transports and phrases like that? I see far fewer hands than before. Okay awesome. So when you're trying to think about uh censorship resistance tool, there are really two pieces to it. The first piece is the relaying component, the encryption, how you build the paths, stuff like that. And the second piece is the discovery component. Where do you learn the addresses or the proxies or uh or whatever first contact you have? Where do you, how do you learn how to connect into the network in a way that, that you can get an address that somebody else hasn't blocked already? So the simple version from the Tor side of the discovery approach is we have a centralized set of directory authorities and they build a list of all the relays and then all the clients fetch that list. And that's great, it's simple, it's easy to understand, we can think about the security of it but it's not good from a censorship side because you the adversary get the list of, of all the public relays and you block them and that's the end of it. So that's actually not how the story started. Uh the first blocking that we had was actually blocking of Tor's website back in 2006. And then in 2007 Smart Filter and WebSense started blocking the Tor HTTP directory fetches because we were using unencrypted HTTP back then. So yeah so that it started off not from a more complicated thing, it started off from the blocking the website and blocking the initial Tor protocol. And blocking the website actually works really well, like here are some screenshots from back then of the Tor website from various countries around the world. And we've got you know some fun ones, it's uh here we are, uh this website found uh cannot be accessed in the UAE. Uh here's another one, the site has been blocked due to content that is contrary to the laws of the Sultanate. And there you know they're trying to make it fun, we've got another one uh down here. Um oops uh you know oops we, we blocked this thing, oops we're fascists. Uh sorry this is you know this is fun. Uh and, and there's this recurring theme where people are trying to make it fun. They're not, I mean we're not you know totalitarian regimes, we're just trying to help you out on the internet. They're, they're these friendly, goofy people who are uh who are the reason why this website doesn't load. It's all fun, why, why are you all so angry? So blocking the Tor website actually worked pretty well back then because at the time everybody thought that anonymizers or proxy tools were websites that you go to. So people would try going to the Tor website, it wouldn't work and they would say oh I guess Tor doesn't work anymore. And Tor worked if you had a copy of it. And there were people in Iran who were giving it out over USB keys or something like that. Uh but blocking the website actually worked pretty well. So fast forward a few years. The next interesting event was uh so does everybody remember uh I guess ten years ago there was an election in Iran and uh this guy named Musavi won but then suddenly he wasn't in charge and then there were a lot of people who were angry in the streets. Uh at that point the government did a lot of uh trying to censor things and trying to block things. One of the the key steps that they took was throttling SSL. So they bought this fancy new Nokia Siemens device and got somebody from Roger to come in and configure it for them. And they detected SSL on the wire and then turned down the bandwidth that you get for SSL. And because Tor was trying to look like SSL because who would block SSL they ended up throttling Tor uh at the same time without even uh taking any extra steps to do that. So that's actually one of the ways let's think about this more thoroughly. There are four basic ways of blocking Tor. The first one those directory authorities I talked about before. They're centralized. There are nine of them. If you block them nobody can bootstrap. The second one is you get the list of the 7000 relays around the world and you block all of those by IP address. The third one is you look at Tor's network fingerprint and you do deep packet inspection to try to figure out if this flow that you're seeing is related to Tor. Uh and then the fourth one is you block the website or prevent people from getting the software. So one of the fixes we had at the time uh for this sort of thing was what we call Tor Bridges. And the idea is let's get all of the users who are in uh less blocked areas to offer to be secret relays, private relays for censored users. So the idea is rather than here are 7000 IP addresses and I want to keep China from learning them. Instead here are thousands of bridge addresses and there is no public complete list of them and now we want to give out bridge addresses one at a time to the good guys so the bad guys can't learn all of them. And that turns out to be a crappy arms race but that was that was the first step that we were thinking. And how do you get a bridge at the time? Uh and this is still basically the same answer. You go to bridges.torproject.org, solve a CAPTCHA and it looks at what slash 16 of the internet you're coming from and gives you a different answer based on where you are and what day it is. And the goal of that is every user is going to get a few bridges but if you want to learn all of them then you need to come from a lot of different places of the internet and be consistent and persistent about it. Another approach is you can email us from your gmail account and we'll answer the same gmail account the same way so you need to build a lot of gmail accounts in order to learn all of the bridges that are given out through that strategy. Another answer is I knew a great guy in Shanghai and I sent him some bridges and he sent them to his people and uh and that was the social network approach. Or you can also just run your own private bridge and just tell your friends about it and we don't even have to know about it. So there's actually a much better interface inside Tor browser for this at this point so I don't know how many people can see the tiny font from back there but uh basically there's a an interface for you to say uh my government blocks Tor and I need to use a bridge and it says either paste the bridge address you know here or there's this other cool approach which we added recently that uses domain fronting I'll talk about what that is later but basically it routes the traffic through uh Azure cloud into bridges.torproject.org so that you can automatically get a bridge from inside Tor browser without having to learn how uh how the bridge database works or even how you know what you're supposed to do you just go inside Tor browser and you click on it and you solve the captcha and it magically gives you a couple of bridges. So that was cool back then and the first interesting uh attack from China happened right about the time it was like the 60th anniversary of some dude becoming in charge in China and they grabbed all the public relays and blocked them and they grabbed the HTTPS version of the bridge distribution mechanism so they blocked a bunch of bridges but it turns out they didn't block the other distribution mechanisms so we'd I mean it's easy to block Tor from a public perspective so we knew this was coming so we designed the bridge thing we'd rolled it out we'd translated a bunch of stuff into Chinese and the result was so here's a graph of the number of people using one of the Tor relays at the time and it sort of plummeted right about uh the 60th anniversary but at the same time tens of thousands of people switched over to using bridges from inside China so this is a pretty awesome example of preparing for the arms race and rolling out something and then having it go the way that you expected to go. So that that's the good news uh the bad news is a little while later China got the the second one the Gmail one and at that point we were down to social network distribution or run your own private one and that's that's still kind of where we are I'll talk more later on in the talk about some of the better approaches but one of the big research questions that still exists in the world is how do we come up with really good bridge distribution mechanisms let's say you've got thousands of private bridges and you've got a bunch of users around the world who want to get some and you've got adversaries who are well funded and they want to learn all of them how do you give out these bridges in a way that the good guys are going to get some and the bad guys aren't going to get all of them. Okay so the next interesting attack was uh Iran a few months after that they did not at all do what we were expecting you'd think that they would get the list of public relays and block them no they use their fancy new Nokia Siemens device to DPI for SSL and look for the particular Diffie Helman parameter prime that we were using so this was the very first step that Iran used to block tour they DPI'd for our SSL handshake and they looked for a particular number in the handshake and said you're using a different prime than Firefox and Apache use so we're gonna we're gonna cut those connections so we started off making a list of like 15 ways somebody can block tour and what we would do for each one of them boy was this not on our list of 15 ways people could block tour so the feature of this the the good feature was since the Diffie Helman parameter is a server side parameter it's in the like the TLS certificate that the server side that the server supplies we could change just the relay side just the bridge side and users didn't have to update at all so it was just we change a couple of relays and suddenly things work again so here's a graph of people who were using tour from Iran at the time you can see when the blocking happens and it was actually a great guy from team Khmeri who was messing around in the tour code and he's like I don't know what this constant is but when I change this constant it starts working again so that was wonderful for him to to find that and be able to fix it in a week or two so fast forward a little bit more to Egypt there was a bunch of interesting stuff happening around the Arab Spring you can see in the graph where they block Facebook and you can see in the graph where they unplug the internet and my favorite part of this is there are a lot more people afterwards using tour than before because there are a lot of people saying yeah yeah we had a coup yeah we you know revolution okay but the military is still watching everything they're watching before the surveillance infrastructure is still in place you're darn right I'm going to be trying to use some some safety security tools okay so fast forward a little bit more then they ended up Iran ended up blocking tour using DPI looking at a different TLS parameter so that was you can see the little red dot on the right hand side so there's a much shorter event because I happen to be at home at the time looking at things somebody found it we figure out what it was we rolled out a patch like 12 hours later and it basically didn't interrupt them much at all and maybe that caused them to not do that for their arms race but that's a crappy arms race in general where we try to look like SSL and they try to find figure out a way where we don't really look like Firefox talking to Apache so we'll come up with with some better approaches but in the meantime how many people here know the horrible story of blue coat in Syria I see one hand every time I ask there's one hand no matter the size of the odd okay three hands great so a larger audience has three people who know what it is so this is a story that everybody should know about long ago in 2011 or something like that there were some folks from anonymous from telecomics who found a misconfigured FTP server in Syria with gigabytes of blue coat logs on it and each line in the log was this IP address tried to access this website and I allowed it or I disallowed it so it's just line after line of line of IP address and URL and whether it worked and that's actually kind of fucked up in general that they you know that they have this surveillance and censorship infrastructure and that they screwed up and put their logs out but another piece of that is Syria is actually on the list of places that American companies aren't supposed to sell their stuff to so these folks are like hey what you do in running the surveillance censorship infrastructure in Syria and blue coats like oh no that's not us and they're like but the top of the log line says blue coat version 1.5 point something and they're like oh well yeah okay we we sold us to Dubai and how are we supposed to know that that Dubai resold it to Syria and so then they're like yeah and we totally shut off the auto update and there's no way that that these things are going to continue getting their updates so the folks from telecomics got the serial number from the blue coat device and connected to the update server and they were offered an update so basically blue coat lied every step of the way and the the end of the story is and then the state department gave blue coat an award for their cooperation in the investigation so it's kind of a sad story actually it continues blue coat was sold to Symantec so now Symantec runs the surveillance and censorship infrastructure and they probably don't even know it so this is a recurring theme of these little arms dealers in Sunnyvale California who build these tools and then their sales people go out and they try to sell it to Burma and Syria and and and all the other countries that they can and it's even worse than that so I was in a meeting a few years ago with the German foreign ministry and they were trying to figure out what should Europe do in terms of laws about like should we allow Italian companies like a hacking team to to deploy their stuff in Saudi Arabia what are the constraints that we as Europe should have and one of the meeting one of the discussions I had was with the telco engineer from UAE who's like look you folks mandated the back doors and all the routers you put all the lawful intercept stuff in and now you're angry when my prince plugs a port into the lawful intercept port on the router that that you made you put the back doors in there and now you're upset when we use them so there's a there's a big discussion right now about how about encryption and back doors and so on and one of the really fucked up things is that nobody arguing about encryption from the FBI side realizes there are other countries in the world so once you build a tool and you put your back door in it and then other people use it and they don't have the same judicial process that we have even if ours were good then then you end up with a bunch of different problems all around the world so part of the challenge here is how do we build tools that are safe no matter which government is using them and that don't enable governments to start hurting people even more okay so speaking of that I had a really interesting meeting with the fellow in charge of the Tunisia internet right after their revolution so before revolution he was like a mid-level engineer and suddenly he was in charge of the whole thing afterwards which is awesome and he was the first one he gave a speech while I was there in French because that was the language he was comfortable with saying yes we use smart filter and yes we pay them a million dollars a year and imagine how much food we could buy for our country if we weren't spending a million dollars a year on this stupid censorship stuff so that was awesome as the very first country to admit to be censoring and another interesting part of that they don't actually operate smart filter themselves they outsource the smart filter operation to some foreign company he wouldn't tell me which one but I assume they're in France or something so there's some French company that gets to see and decide what the Tunisian military can do on the internet that's not just a privacy thing that's not just a censorship thing that's a that's a national security thing that's a national sovereignty thing where you outsource what your internet looks like to some foreign company and that happens over and over around the world and then the last interesting part of the Tunisian story apparently they only pay a million dollars because then smart filter went to Saudi Arabia and said it works in Tunisia you pay full price so there's a lot of interesting discussion to be had about those companies okay so moving on from the that particular Arab spring world the arms race with TLS is a crappy one we can't just keep on pretending to look like SSL because it's they're gonna go back and forth finding a little thing we fix a little thing the real answer is what we call pluggable transports the real answer is you leave the privacy anonymity side for tour and then separately you have modules that you can pop in the transform the tour traffic into something that people are are less likely to be willing to block people something that the people expect or that they can't afford to block or something like that and there are two successful pluggable transports right now they're deployed in the world the first one is called ops proxy obfuscating proxy and the basic idea is you add another layer of encryption on top and the goal is that somebody doing DPI to figure out what protocol you're talking the answer is I don't recognize this and then they have their forced to choose do I block everything that I can't classify in which case there's gonna be a huge false positive uh per side or do I allow things that I can't classify and then ops proxy goes in and then the other piece of it is called meek or domain fronting and the idea is that you route your traffic to Google cloud or Amazon cloud or Azure or something like that and from there you reach through the tour network using their cloud services and that way they're forced to either block Google or not block Google okay so that was the background side of things and I'm gonna speed up a little bit to cover some more things okay so the next step uh China again did a thing we were not expecting it's called active probing so we were thinking you know they'll block some more bridges they'll DPI for other stuff no they looked at all the connections that looked like they might have been tore they're like SSL of some sort and then they make a follow-up tour connection of their own to that destination and talk the tour protocol to it and if the other side says yes I'm a tour bridge by talking the tour protocol then they cut that connection and blacklist that IP address so they can't they they basically have infrastructure running at the nation level in at the you know backbone level in China being able to make all these outgoing connections within a second or so of when they see something and so the fix is another iteration of ops proxy where the client needs to prove knowledge of some secret some password so when you give out the bridge line it comes with a bunch more parameters including a secret and if the client connecting to the ops proxy doesn't know the secret then the job of the ops proxy bridge is to act natural whatever that means and act natural is kind of a complicated like what do I do what do I do so that there's no fingerprint and the best answer we have right now is we wait for a random number of seconds and then we hang up because if we ever provided an error that would be a fingerprint so we need to come up with something that that blends in with a lot of background traffic in a way that that isn't going to be recognizable later okay so there are bunch of other interesting stories that I I'm happy to tell you about later Ethiopia for a while dpi again on the SSL handshake and then they stopped Russia has an interesting story so here's a graph of people connecting into the tour network from Russia during a couple of years ago and the fun part of this graph is people inside Facebook apparently have the exact inverse of this graph of Russia people connecting to Facebook so this was when Russia blocked Facebook twice three times and then a bunch of people in Russia decided to use the tour network in order to reach Facebook safely and then Turkey's been doing some weird stuff that we still don't fully understand there's definitely dpi involved I don't think there's IP address blocking they do it and then they stop and then they start and then they do something else so they've been they've been experimenting with a lot of things recently and then Venezuela is another fun example they have an ISP called can TV which is sort of their like Comcast equivalent and it blocked the public tour relays and a small set of public tour bridges but it didn't do any dpi so it was just blocking by IP address okay so another challenge that we've got in China right now there are a couple of other circumvention tool projects there's one called lantern that actually reuses the obsproxy design and the idea it's supposed to be modular it doesn't have to be just tour it could be anything so they they give out these bridges to their people and after a while the bridges stop working as well are they being throttled is somebody learning about them how are they learning about them so there's a bunch of mysteries and design questions to solve there but the important lesson is this feedback loop is really bad so you you do a thing and it's not really clear whether they blocked a thing or not so you don't know whether you need to change so the the tighter feedback loop we can have and the more certainty we can have about what's going on the better everything works and recently so it used to be that China looked for a particular TLS pattern something in the certificate something in the cipher suites that the clients are offering and if both of those matched then it triggered the act of probing we've changed the cipher suites to try to look like the more recent firefox and the more recent Apache and some combination of patterns doesn't trigger the act of probing right now so are they not following up as closely as they could there's a lot to be researched in there and then another piece let's not forget the like the political side of things so a couple of years ago apparently there were these folks from the CIA who had their own anonymity system and Iran learned about it and then watched who is using it and then killed everybody and also they told China about it so then China did the same thing to the spies there so there's one of the lessons there is don't have your own anonymity system because then everybody who uses it is going to be you and if they find some users and they start learning how it works so you need a lot of different groups to blend in with but the the more important lesson from the the censorship side of things Australia sensors their internet England has this thing called the internet watch foundation which is part of their government which sensors the internet Denmark sensors the internet Sweden sensors the internet so when governments go to China and say hey you're being a bad government by by preventing people from reaching BBC China quite reasonably says look we're just keeping our citizens safe just like everybody else where why are you picking on us we're we're protecting our users from the internet and so one lesson there is maybe we should work on cleaning up what we consider you know Western countries and the fact that they're excited to be censoring their internet and if we can't solve the fact that Australia wants to censor how on earth are we going to solve the fact that Saudi Arabia wants to censor and speaking of the political side these are the actual honest to God cyber police in China these are the official cyber police in China and this goes back to the you know making it fun side of things we're not we're not a regime out to stop things we're just you know keeping the internet safe because this is fun and if you see one of these people on some of the websites you go to then it helps remind you about what websites you should go to and what websites you shouldn't go to so it's it's not just about censorship it's about creating an awareness among the users that they're being watched and then they can control themselves and I should also mention so there's a a a province of China called East Turkestan they actually call it new province in Chinese and right now the people in China are basically wiping out the folks who live there it's at the point where the the folks who live there have a live in Han Chinese person who lives in their house and watches them and reports on them and they take their kids away and they put them in reeducation camps and you get to see your kid for one hour a week on the other side of the chain link fence but your kid spends the whole hour yelling at you about how you're a bad Chinese person so they are genociding the people who live there and I was talking to some folks there and I'm like so here's PGP and here's tour and they're like yeah I can't go a block without showing papers that I don't have they take away my devices and they install things on them they're living in my house so here's a an an important example where a tool for internet privacy is not going to solve some of the really bad things that are happening around the world okay so what are some of the newer things that we're that we're deploying in terms of of tools that can be helpful for later one of the really interesting ones is called snowflake the idea so in the past for OBS proxy you you find a nice person who knows what Linux is and they apt get install OBS for proxy apt get install tour they added a text file maybe they open a port and if you knew all those words you're in good shape but most people in the world don't do that so the cooler way to do that ten minutes awesome the cooler way to do that is a tool called snowflake which is javascript that runs in your browser so I'm a helpful person in a non-censored area I want to help out the tour world so I install the snowflake extension or I go to a website which gives me some javascript and suddenly I'm a tour bridge without installing any new software it's all running inside my browser and uses web RTC so it does not pierce incorrectly and the goal there is to have a blizzard of snowflakes all around the world where blocking them by IP address isn't going to make sense because you're going to end up blocking every browser on the internet and blocking them by DPI doesn't make sense because web RTC is what Google Hangouts uses it's what a bunch of video chat things use so if we can actually use the real web RTC that normal browsers use when they're talking to each other and doing video chat and if we can get an army of millions of snowflakes then hopefully this will be a cool new move forward in the arms race so you can install the firefox extension snowflake right now and it will turn you into one of these volunteers so it used to be a few years ago that we didn't need the extension side there's just a website you serve some javascript and I mean you could put it on your Facebook page you could put it in an ad if you're evil which we're not so basically all sorts of different ways of giving people the javascript except the browser world is moving to not running things in the background if there's a tab and it's not the primary tab that's open then it doesn't run the javascript there so we need to shift to a world where you install an extension and then you're opting in it's all above board and you're volunteering to be one of these relays so please install the snowflake extension and we're working on coming up with a better GUI and better visualization and feedback about how many snowflakes there are in the world and if you're a chrome person rather than a firefox person there's another one called cupcake that's been around for longer and now has snowflake built in as well and it's got these cool icons that tell you how your cupcake is doing are you helping is it sad is it happy stuff like that so we'd love some help on the development side of snowflake and cupcake at the same time we need more of four bridges so here's a url community.tourproject.org slash relay slash setup slash bridge and please go there follow the instructions if you're a debbie in person it's all pretty easy the most complicated thing is opening a port on your firewall or maybe you have a computer on the real internet and you don't even have to do that step so it'd be wonderful to have some more of four bridges so that we can have more flexibility about giving out more addresses in more ways without getting blocked as quickly and in the future we're experimenting with an app to install tour servers that like gives you a decision tree sort of thing where it says do you want to be a bridge and you say yes and it says do you want to open this and you say yes and then you don't have to know what a text file is in order to be helping out and running a knobs for a bridge okay so I'm gonna skip a couple more I'll briefly talk about some of these things and then we'll get to the end so one of the important pieces we need some sort of feedback cycle for how so we're trying to give out bridges and we want to give them out in a way that works what does works mean one of the answers is imagine you have a bunch of different bridge distribution channels and each channel it's maybe you give it out over Gmail maybe you give it to a nice guy in Shanghai there are a bunch of different possible approaches to a distribution channel and let's see great so let's think about for each channel how much use to the bridges get that we give out over that channel do they end up being used a lot before it gets blocked does it never get blocked does it get blocked quickly does it never get used much but also it never gets blocked and then let's figure out how quickly the blocking actually happens and then let's reward the channels that end up giving out bridges well so if there are a bunch of channels that get bridges blocked quickly they don't get more bridges if there are a bunch of channels that work really well and they end up having a lot of users and they're working well then we shift more bridges to being allocated through that so in theory there could be like a dynamic feedback process where we automatically learn which distribution channels are working well and automatically give the bridges out to those turns out that measuring bridge reachability is really hard do we install a computer in China and scan all the bridges and hope that China never notices that we're doing that do we give out a few addresses to each volunteer and let them scan then and hope that the volunteers aren't the bad guys trying to learn them so there is a project called uni the open observatory for network interference that is basically a mobile app that lets you test a bunch of things from your local network it's main goal is to figure out how am I being censored but maybe we can also use this as an infrastructure for learning about which bridges are blocked where and how reachability works so there are a couple of other interesting upcoming things there's a tool called format transforming encryption or marionette and the idea is that it transforms the traffic into whatever regular expression you describe so if you can describe HTTP as a reg X then it will transform tour traffic into what looks like legitimate unencrypted HTTP traffic on the wire and if you've got a DPI engine that has a classifier for HTTP and it says yes this is HTTP then the classifier thinks it should let it through I let normal unencrypted web browsing through another approach that people working on is called decoy routing and the idea is that the user does an SSL connection somewhere and something in the middle of the network running it like an ISP and Verizon or something looks at a stagnographic tag inside the SSL handshake and says ah this is decoy routing traffic I'm going to reroute it internally to the tour network or to some circumvention tool in a way that the local ISP for the user thinks that they're talking to the decoy destination but actually the traffic is being routed redirected to somewhere else okay so arms races the censorship arms race sucks because China has billions of dollars and there are a lot of companies like Cisco and Bluecode and so on who are building tools like this the surveillance arms race is worse at least in the censorship case you try a thing it doesn't work you change it it works great the cycle is pretty simple from the surveillance side you try a thing you don't know if they saw you so you don't know if you need to change it and then there's no feedback loop so maybe we need a new Ed Snowden coming out every week with a new set of documents I don't know how to end up with that feedback loop in a way that you can tell whether the surveillance is working okay so how can you help on this side of things so run an ops forebridge we mentioned that be a snowflake we mentioned that please teach your friends all about tour there are a lot of mainstream journalism places that want to scare people about the internet with pictures of icebergs and discussions of you know 99 other internets out there and dark webs and so on so please help us teach the world what tour actually is how tour actually works why privacy is important on the internet and there's a research community petsymposium.org that writes a bunch of interesting research papers if you want to do grad school on tour or you're in grad school and you want to work on tour love to chat with you more and speaking of the donation side we're running a bug smash fund this august all of the month of august and the goal is a lot of our normal funders only want to fund some shiny new feature and we actually want to go through and fix all the bugs and make things stable and actually make it reliable and work the way that everybody expected it to and funders don't really want to fund that sort of thing so we'd love to have your help getting the word out about about the bug smash fund and then we have an awesome new onion badge that a great volunteer made we also have a booth for the first time ever in the vendor area so if you want to see the onion badges I believe that uh... forty dollars I think is what they said for getting one of these cool and I'll turn on the the blinky lights as it's going happy to show you this more later and then again we mentioned the booth for the first time ever we're in the vendor area I hear there's a mob right there right now and I'm gonna answer a few questions in the back with my bright green shirt and then I'm gonna lead the mob over to the vendor area and I'm gonna be hanging out there for the rest of the day in my bright green shirt answering your tour questions thank you