 All right, shall we start? Can everyone hear me okay? Now that you're listening to my throat, not necessarily my voice. I have the benefit and the curse of being a native English speaker. So if I speak very fast and you don't understand me, please say something. How many people know about Tor? Why raise your hands? How many people have Tor installed? How many people use Tor daily? Okay. You've all just de-anonymized yourself. Thank you. So let's talk more anonymity. Anonymity in the Western world has this very shadowy, scary sort of impression. It could also be people at the Liberty Bell with a giant onion head and the woman to the left shocked that there's a guy with an onion head looking at her. Anonymity in other parts of the world isn't negative. They like being part of a crowd. They like being able to hide and being able to pop up as an individual when they need to. So what is anonymity not? Anonymity is not cryptography. Cryptography just protects the contents and someone can still watch who you are and what you're doing. Anonymity is not steganography. Even if you hide messages in transit, you can still tell who's talking to who and how often they talk or at least one party is. You may not know the intended recipient. Anonymity is not wishful thinking. There are lots of promises. There's privacy by policy, which is most of what these are, is that you can't tell it's me. I promise not to look at your data. I promise not to record your data. And I promise not to tell anyone else I recorded your data. I promise I didn't sign my name to it and isn't the internet already anonymous? I'll also find out. You can't prove it was me. Proof is a very strong word. Statistical analysis or the technical term is a long-term intersection attack. It works very, very well. And the longer you watch someone's communications, the more likely you can determine that this was actually you, regardless of what you insist it is not. Promise you won't look, tell, remember. These are all promises. You've all signed contracts with your ISP who probably says, you know, we value your privacy. We will never break a law. We'll never sell your data accidentally. I've had my identity stolen by my bank lost their backup tapes. They promised to never give up my data whatsoever. Now some mafia person has all my personal information and my bank accounts and my financial information because they broke a promise. Did they encrypt those tapes? No, of course not. I promise not to remember. Many places say we don't record any information and at least in America there have been all sorts of data breaches where credit card information was copied off to a local system so they could do better marketing and customer analysis. They promise not to remember the data either. And if you lost your credit card, you then were very upset because you had to get another one and all this stuff and by default you're the criminal, not the people who lost your data. And I promise not to tell. If someone offers you 50,000 euros to accidentally give up your web server logs or give up your transactional history, that's a tough incentive to defeat. And this is also why the US is growing with these data breach notifications because lots of companies say, you know, we promise not to tell anybody. We promise not to lose your data. We promise to use industry standard practices. It may or may not work. Didn't write my name on it. That's not what we're talking about. That's more identity. And isn't the internet already anonymous? No, no it's not. Who needs their privacy? The vast majority of people who use Tor that I run into talking around the world are just normal everyday people. It makes lots of press when you talk about Iranian activists or Chinese activists trying to take down their government. Most of those people just want to see what the BBC said about them. They want to see what CNN, they want to see what the latest Hollywood movie is. They want to see why Dilbert was blocked and what does Dilbert say today? Militaries and law enforcement. The US Navy and other branches are big users of Tor because they realize you can't have the Navy anonymity network because then everyone realizes you're just the Navy. So they treat you that way. Law enforcement, I spent most of the past year talking to law enforcement. And I've been absolutely surprised at how many law enforcement officers use Tor because they feel they need to protect themselves online, they need to protect their cases, they need to protect their families. And the fact that if you come from FBI.gov or Interpol.int, criminals try to pick up on that quickly. Journalists, human rights workers, businesses. Another surprising is businesses. Lots of lawyers use Tor. They use Tor so when they go out to do investigations they're not coming from lawfirm.com or something. And they can be more anonymous and they can do, I guess, different ethical concerns resolved. So anonymous communications. An enemy loves company. You can't be the only person using Tor in your entire country where you stand out because you're the only person using Tor. There are countries in the world where we have between one and 10 Tor users and we tell them to at least coordinate and get on on the same time. Because otherwise you stand out as a sore thumb that is on the only guy who ever used Tor so they pretty much can figure out, they may not know where you're going but they know where you started off and they know you're using Tor. And they can just beat it out of you anyway. The basic idea is hiding in the crowd. So I'm the only person in a fluorescent green t-shirt here so I would stand out in the crowd except you in the green sweatshirt. You and I would stand out in the crowd or everybody else. The idea is to look like everybody else. There's a thing with panopticlic, with EFS panopticlic browser identification. The whole idea about that is that it shows you how unique your browser print is against everyone else on the web. All the Tor users should look the same. So we look unique but we all look the exact same to everybody else. Tor is not the first system, it won't be the last. When Tor dies at some point or becomes illegal or becomes so popular everyone uses it, there'll be other systems that say let's do the anti-animity, let's do more darknets. Yeah. The difference between high latency and low latency. Low latency systems, most people don't want to wait forever for an email. They don't want to wait forever for the webpage, they don't want to wait for their chat. High latency systems are very resistant to traffic analysis. Low latency systems are subject to traffic analysis, traffic correlation. What is low latency versus high latency? The more interactive your app, that's low latency. If you're doing an IM, like I chat with my daughter or something, she doesn't want to wait a day and a half for me to say okay. Well, maybe she does sometimes. Video streaming, people don't want to watch videos one frame at a time every day. You get a different frame. Some apps do work well, email. There's things like Mixmaster and Mixminion that people will wait for a day, two days, three days to get their emails through because they need that level of protection. Some news groups, people will withstand that much of a delay to respond to threads. Blogging, a lot of bloggers actually do their work offline and then they post, so they don't mind if it takes a day or more to get their message posted. If any of you love company, the vast majority of users are in the interactive apps, so we aim for the low latency network to be more like interactive apps. So what is Tor? Tor is an acronym, it is also not an acronym. It can mean Tor is onion routing, it can mean the onion router, it can mean, I recently heard South African police called it the onion ring, and it can also mean telescoping onion routing. You'll also see it written in the press as capital TOR, meaning the onion router, but it actually doesn't have an acronym. We are an online anonymity software and network. We are a three-cause BSD license and GPL we do. Everything we do is open source, transparent. You can ask us anything about the Tor, we've written down the specs, so you can build your own compatible Tor clients based on the Tor protocol. If you don't trust any of our code, other people have done this. And we actively encourage the research community to attack us. We figure that which doesn't kill us makes us stronger. And most of the research community that does try to break Tor, they do successfully break Tor and then they come up with a fix or they won't get their thesis approved and they won't get their degree and that makes them sad. There are plenty of other people out there who attack Tor and then they go talk at a security conference and say, I can attack Tor in three packets. And then they realize that, well, it's a 10-year-old attack, five other people who have done this presentation, but security conferences seem to have a short memory and they'll get a lot of press about this. And sometimes they'll also say, well, I can emulate the man if I control all the Tor nodes in my virtual machine. Well, yes, you can, because if you can watch all the traffic in and out, then you win. If you can watch all the traffic in and out the entire internet, which there are many national security agencies rumored to be able to do this, then you may also win. We have a growing list of stuff. We started off with Tor, which is the Tor, the actual routing daemon client. And now we have a vast number of projects that people show up and say, hey, I did this for my PhD thesis and I'm giving you all the code and good luck. We've also developed a lot of things to make Tor easier to use. There's this Videlia controller, hence the onion thing. And Videlia is a GUI point and click, Voice of America actually funded this because going to the countries they were interested in, giving people a command line tool and says, here's a config file, here's your command line. Just completely freaked everybody out. So we made this little pretty GUI app that you can point and click and has a red, yellow, and green onion so you can tell how Tor is doing, if it's connected, if it's not. And then we have a bunch of other stuff. Orbot is actually the newest thing we have and it's Android compatible Tor. The issue with that is, so great, you have Tor running your Android phone. Nothing uses a proxy on the Android. So you can host a hidden service because you can get service, service running on Android. And now you have this Orbot thing that can talk Tor and you can connect to hidden services. So we're working on a browser, we're working on figuring out the rest of the environment. So who actually runs Tor project? About three years ago, we started taking donations before that. I've been a volunteer for about five or six years and we were just a bunch of guys and apparently you can't fund just a bunch of guys. You need to fund an actual entity. So we created the Tor project in. It is in US terminology, a 501c3 non-profit, which means your donations are tax deductible. This is not a sales pitch, I'm just telling you. We're founded through research and development for online anonymity and privacy. And part of the reason we went non-profit rather than for-profit, my background is venture capital and there are lots of VCs who wanted to fund us to do, you know, make Tor the biggest in America or whatever. But we believe we wanted to save the world. So we wanted to do everything transparent, everything we published is transparent, our internal schedules are transparent, who works for us is transparent, how much they get paid. When they get paid is transparent. And it also helps that many people don't want to volunteer for a for-profit company to a degree. And we need the volunteers to run the Tor network. We don't actually want to run the Tor network for liability reasons in that Tor is considered a common carrier in most countries regardless of what you're reading the press. And therefore like a telephone company, you're not responsible for the content that goes across it. Tor started off, well actually onion routing started off at the Office of Naval Research in the 1990s. The Navy realized that traffic analysis was a growing concern in various realms that they're dealing. Where traffic analysis at the core is you watch all the communications, you figure out what the hubs are and you take the hubs out. Your enemy's doing this too. So if they can't figure out where the hubs are because everyone looks like a mesh and everyone's talking to everyone else, then you've raised the bar enough that your enemy now has to go figure out some other way. Either you gotta take out everybody all at once or you do whatever else it takes to infiltrate an organization. They quickly realized that you can't have the Navy anonymity network because then it would all be Navy personnel and you'd be treated as a military counterpart. So they open sourced it, public demand it and the U.S. government actually holds a patent on onion routing, the original idea of onion routing. And because it's a U.S. government, it's public domain and they don't sell it, they don't do anything like that with it. We say it's privacy by design in that we don't record logs, we don't have any promises to break because we don't have your data. By default the TOR software doesn't record any sort of personal identifiable information for any strict definition of personal identifying. It supports any TCP right now. We're working on UDP and possibly SCTP in the future. One for performance too because lots of people want to use UDP over TOR. And there are ways to tunnel UDP through TCP but those are messy. And over the past year we've been sort of thrust into the limelight as activists around the world have picked up on TOR to circumvent national firewalls because the properties of breaking apart who you are from where you're going on the internet seems to work well. I've also talked to lots of bankers who use TOR not because they want to defraud the bank but because they want to get to Gmail to go check their mail, to go check their calendar to see what time they have to pick their kids up from school or from soccer practice or something. And they just turn it on and they need it, they turn it off and they don't need it. One key difference is that we have a set of seven directory authorities. Directory authorities are kind of like the root DNS servers that they publish a consensus of all the relays in the network and that's what your client downloads. We haven't done a distributed hash table yet even though there may be designs out there because there's partitioning attacks where if you start breaking the DHT up different people see different parts of the network and then you can start to win as to profiling clients. What is TOR composed of? Primarily C. I couldn't get the graph from earlier but around 2005 we were like 30,000 lines of code. After lots of researchers and other people have committed to the code base we have around 15 core committers and around 2,000 other volunteers between running relays, helping out with translations, helping out with documentation. And we've recently picked up a few people who are very good at videos. They started putting together videos about how to use TOR because people seem to like watching a video about how do I install TOR versus read instructions. The tech late tech there because we document everything we do and because we come from academia we tend to use late tech for everything. We write a lot. So in our nutshell, how does TOR work? The blue cloud is the internet. You as a TOR user, you have TOR software installed on your laptop and you want to get to your web server. Terminology is entry node, middle node, exit node. The entry node is your first connect to. There's also guard nodes to protect you from attacks where you can watch, just pick up traffic over time and start noticing trends. And the exit node is your exit to our network. You build an encrypted tunnel from your client so everything is encrypted as it goes into TOR or leaves TOR into the network. And if your traffic originally was encrypted like HTTPS, IMAPS, Pop3S, then it comes out that way. We are a tunnel. We don't touch your traffic at all. We just wrap it in encryption and relate it around the world. There have been press stories about people, particularly this guy in Sweden who set up an exit node, recorded all his traffic and said, look, I have embassies and all the stuff using these. One, he found out the hard way that was illegal and that the Swedish police came and arrested them and no one's heard from them since because you can't wire tap because he's not a telco. And two, most of the accounts that he thought he had were actually criminals watching these accounts anyway. He also disclosed some police investigations which were watching fake accounts which is really what he got in trouble for. So how many people use TOR? Well, it's an enemy system. We don't ask. We don't ask for demographics. You don't have to register. We don't record anything on our web servers. As a U.S. company, not recording anything on our web servers gets us around U.S. export laws so far. As soon as we start recording IP addresses and start doing registration, then we have to block all the bad countries for whatever the U.S. considers bad. However, we do disclose everything we record. Everything we record about TOR is published on metrics. We have another site called Archive that is copies of the directory authority's consensus files from every hour of every day for the past seven years. It's around 25 gigs compressed. It's around a couple hundred gigs uncompressed. And a few organizations have started looking at that to look through to see are there anonymity attacks here? Are we giving out more information than we need? And we look forward to the research. However, Mozilla does spy on you. This is from the TOR button dashboard. We've made it completely public so everyone can see what's been recorded about you inside Mozilla. If you have TOR button installed and have checked for version updates, it will dutifully report to Mozilla over TOR that you have TOR button installed, here's the version, and here's how many daily users you have. This is undercounting. Lots of people don't use Firefox. I know a lot more devices out there that have TOR embedded in them. So roughly half a million daily users seems right. You may have noticed TOR is slow at times, all the time. It's getting faster. One is because we have like half a million people using 2,000 servers. In reality, you have half a million people using 2,000 servers trying to go through 500 exit nodes. So the exit nodes become the bottleneck because you've got this swell of traffic going into them. And we've had millions of people download it and the common use case is you download it, you use it when you need it, and then you turn it off and you don't need it. Some other features are hidden services. The Finnish Defense Department actually wrote and funded most of this hidden services stuff because they wanted a way to host location-independent sites, services, chats. So the dot-onion domain is what they use internally. The way it basically works is your client, so your TOR clients can also run hidden services. It doesn't have to be a relay. So if you have millions of clients, we probably have millions of hidden services. I know I personally have hidden services for all my SSH stuff. So when I'm traveling, like on this wireless here, I can just SSH into my hidden service node as opposed to go into an actual IPv4 address. WikiLeaks has used this successfully. Many of you must know about WikiLeaks for, you know, you can publish documents from whistleblowers and more transparency. Somewhere inside the Ministry of Defense leaked the How to Leak Stop Leaks document, which obviously no one read that document. WikiLeaks is the most obvious example. There are other examples where human rights organizations will work in country, and even the fact that they are in country is enough to get their activists arrested. So they'll use a hidden service with some sort of out-of-band authentication, whether it's SMS or, you know, here's a secret passphrase, so that people in country can report in and they know who they are roughly, but there's no trace of them actually going to a site that any sort of sensor will notice. Because Tor looks like SSL talking in their normal website, no one would ever think that anything's going on. So how is Tor different? Why do we use three relays? This classic design for proxy service, you have a single big machine somewhere in the world. Maybe this is your brother running this because he moved to America or Europe. Maybe it's some company you trust and Alice and Bill can talk to each other all day long and it's great, it's fast, they're not worried about it. Maybe Alice is behind some sort of restrictive firewall, she can get by it, they can talk to Bill. The issue is if that relay goes evil for some definition of evil, meaning they accidentally recorded all your traffic and then they lost it or sold it. The company is actually a government front and they want to record everything you do just so they can go back at you for a history. Or maybe your brother decides that he's gonna sell your traffic because he needs money. It doesn't matter. The big machine somewhere in a data center can be wiretapped, meaning that the government or anybody corrupt criminals do this too, corrupt ISPs do this too, where they'll just record all the traffic in and out, traffic confirmation tax very well, say I saw you go to Facebook because Facebook looked like this going in and you went like this going out. If you're using unencrypted protocols, they can also grab what you're using in passwords, all the text you're going back and forth, what you search for, and everything else of that relay. So where does all this matter? So we have this cool antinomy network, lots of researchers use it, lots of hackers and other people like to hack at it and play with it, and some people use it for hidden services. The mass majority of people seem to use it for anti-censorship. The core of this comes from Article 19 and 20. You have the right to freedom of expression, you have the right to freedom of assembly. George Orwell was an optimist as it's turning out. He imagined many people cutting up newspaper archives. That only scales so well. He could never imagine that millions of computers would be able to do this vastly faster than he could. And John Gilmour said, well the net intercept censorship was damages and routes around it. Not so much true anymore. Ask the people in China, ask the people in Australia who are about to get lots of censorship. And they can't ride around it because the censorship's in the routers. They control the IPs, they control the domains that you're allowed to see. Almost every country in the world is implementing some sort of censorship regime. And first off, it comes to protect the children. I can tell you from lots of law enforcement talks that they tell you that these block lists for protecting the children are where porn was, not where it is and not where it's going. So you have this growing list of websites that are for children, to protect the children, to stop gambling, to stop bad fishing targets. And talking to Richard Clayton last night, again, by the time something gets into a block list, for a national block list, it's already been passed. The criminals have already moved on. So you're just blocking whoever the unlucky person is to get that domain or that IP address. On a social level, people still are willing to work around it. There is a chilling effect that as people get picked up, especially in Iran, we saw this, where people would go to Twitter or people would go to Facebook to say, here's where we're gonna organize, and then that person gets picked up, all your friends go, whoa, what is this? I can't do this. I can't afford to be beaten up. I can't afford to be arrested. Governments are monitoring the internet a lot. Every organization, every government has a internet surveillance plan. There are different names up there for what it's called. The idea is to record all the data about you just in case you might be a criminal. The analog I heard was actually from Jacques, I wanna say is Veras, from the DGJLS on Thursday. And he said basically the police are coming to him saying that in the old world, in the physical world, I can watch somebody, I can record what they do, and I have a history. And there's a history that can be recreated based on who saw who, doing what, and then a crime was committed. So I can build up the history into that crime and then I can go forward and watch them completely. They want the same thing on the internet. The difference is in the real world, you have this sort of freeze situation where as soon as someone is suspected of a crime, then you can tell them, then you can record what they do, who they call, how often they talk to people, where they go for their coffee in the morning. On the internet, you can do that all the time. You can record everybody, every last detail, down to infinitely degrees of timing, and get all their information just in case. And because computers make it vastly easier to update, you can sort through this, and this massive haystack you've built, just in case people won't be criminals. And this, understandably freaks out a lot of people. This is equivalent of the Stasi becoming robots, so that seven of seven Germans are, East Germans are Stasi. If anyone recognizes that room, that's the NSA wiretap room. Some countries, and yes, I've said this to people in the US, some countries obey their laws and roll out the various bills that force you to record the internet, otherwise you do warrantless wiretapping, which just record everything, just because they can. The core traffic data analysis is who talks to who, how often they talk, how much data they send. That's all you need to do to pick up networks of people. When the former director of the Interception Modernization Program in the UK says, you know, wait, what are we doing here? That should be assigned to people. When your own internal people start freaking out saying, holy crap, look at all the stuff we're recording about these people. You can rebuild my entire friendship, social networks and everything. And that's what it looks like. There's a fine paper in the economics and mass surveillance and how absolutely cheap it is to surveil everybody all the time and build really cool social network maps. This is actually from mailing lists and of different mailing list people who overlaps who and who talks to who. And the issue with this is maybe you're not worried about your social graph, but many places will say, all right, so one of these red dots becomes a terrorist cell or becomes a child porn cell or becomes a gambling site. Is everyone associated with it now guilty? In many countries the answer is yes. And there we go. We have some fans who create some graphics for us. You can rejoice in anonymity. Getting involved is volunteer. We have a fine long volunteer page of here's the technical projects, here's advocacy projects, here's anything you can do to help people around the world. And that's it. Any questions? How to best convince a wife, mother or other non-technical family member that they should be using Tor? Well, so we're not, I don't force Tor on my wife and daughter either. I'll let them make out, I'll let, I'm basically letting Facebook and the banks who lose all your data and everyone else freak them out so they realize they should do something. I've talked to some cancer victims who either they or their loved ones find out they have cancer, they go start Googling for stuff and all these ads show up about here's all the treatments and they go into Gmail and they get all these pharmaceutical ads and then they start realizing that for a while all the results are sort of sorted based on here's your pharmaceutical stuff and that's typically enough to freak people out that they start worrying about what's going on in the US and other countries that don't have sort of nationalized healthcare. You can lose your job if you find that you have a condition that's very expensive. The incentives aren't quite there yet. There's been lots of research by Alessandro Aqueisti out of CMU in Pittsburgh who's doing work on incentives for privacy and how much people will pay for privacy, how much they won't. I used to worry about how would we tell people to worry about these things and it seems the commercial industry is doing just fine and the government industry is doing just fine. I think most people who use tour now are sort of early adopters. My grandmother had her computer broken into, turned into a bot and she fished and spammed like thousands of people and I apologize for that if you're part of that but she didn't know she got this cool crossword thing and so she ran this application that gave her a cool crossword puzzle. It just happened to infect her. She worried about where information they had and then she independently started searching for VPNs or privacy tools to protect ourselves online. As the world gets more and more online and as you have things like data retention, people start to worry about the trailer leave and it's nothing, I found I can't convince someone who doesn't already worry about their privacy to run tour until they have something happen. They have the holy cow moment. Thank you, as a tour user, I've observed that there are few exit nodes and the major problem is as people try more and more to use tour is getting slower and slower. Have you any plans of increasing the number of exit nodes? There are some things we can do to increase this number. Thank you. Yeah, so we have multiple plans. One, when we first designed tour, we figured we'll worry about when it gets to half a million users. We're now at half a million users. There's a lot of protocol designs we need to do to make things faster. We have a fine 27 page performance roadmap that we wrote up that goes in excruciating detail down to the multiplex TCP streams. We don't queue busy streams versus less busy streams meaning if you're file sharing over tour, you hog a lots of bandwidth and the IM users who only need tiny little bits get pushed out. We're going to start this year a release for tour campaign where the first step of that was to get the legal protections in place. Many people would want exit nodes if they know there's help available for if someone does something bad through your IP address that has the most chilling effect where if someone fishes a site or does whatever gambling fraud or something through your tour exit node the police come and knock on your door if you're lucky and say we think your IP address is something bad. We have a growing number of law firms around the world who will give free help or at least give you directions to people who can help you to say, well, here's how to defend against this. You have a civil right to run these things. Your IP address is personally identifiable. They can't just give it out anywhere. And it's not you, tour is treated like a telephone company where you're not responsible for the content just the delivery. Hello, just one look back yet. Hello. Lots of great examples you give for, I guess, what I would think of as positive users of tour in terms of anonymizing people that are doing good work, fighting oppression in countries, say. But from an ethical perspective, my interest would be whether you think on balance, it's used ethically for things that many people consider good versus bad. Because when you choose to use your computer as an exit node, you're making, I guess, an ethical choice that you are gonna hide people. And maybe you want, you know, maybe it's good to hide US military personnel from being blown up. Other people disagree. But I mean, at least what is your sense of the balance of use of tour? Is it typically pornography? Or is it typically worthy human rights activists? Or is it typically military spies? Or ethically, how do you persuade people to use their computer to support tour? So for people who've done research on this, the vast majority of tour traffic is absolutely mundane and boring. What makes the press are the people who get caught for doing child porn or gambling or credit card fraud. And no one ever hears about, you know, user browse BBC successfully. No one cares. That's sort of expected. The do criminals use tour? Of course they do. Criminals also use cell phones, cars, highways, digital cameras, all this other stuff. They use email. The 9-11 hijackers use Hotmail quite successfully. And we generally say, like any technology, we promote the good uses. It's an infrastructure. It's anonymizing later on the internet. And we just let it, the whole point is to look like the internet. Internet traffic is like some percentage of porn, some percentage of normal usage, some percentage of bots, some percentage of criminals. And that's, I mean, the best I can tell you is that we're here to promote the good uses. We do work with law enforcement. And law enforcement comes to us and says, you know, so-and-so threatened to kill his wife. And he uses a tour posting. They generally have a profile and they can start figuring things out. Old-fashioned police techniques work well because criminals have to be lucky all the time. Police have to be lucky once. There have been lots of cases where criminals slip up, forget to turn on tour, use a real IP address, and it takes a shockingly short amount of time for someone already under suspicion to get arrested. Does that answer your question? Yes, no? Mostly? Anyone else? Hello. I have a question. Well, Tor is nice, but why do you list the exit nodes? Like I have a site here with 2,112 exit nodes, meaning, well, if I go to some forums, where we'll say, hey, you're on a tour node. Well, you can't post. Bye-bye. So how does that enhance anonymity list the nodes, actually? I don't get that. So a number of sites, and I'll pick on Wikipedia, block the internet based on IP because they assume an IP is a person. Unfortunately, when they block IP addresses from posting, they've blocked all of AOL and most ISPs that NAT everyone to death. We are working on systems. One of the tools up there was called Nimble. Nimble is a pseudonym system that you do some sort of computation, improve the UU, you get a nonce, and the nonce is then what you use to log into the websites. These are very much in design and in research, but we realize this concern exists. And as people, the same concern with websites that is like FreeNode has a sort of hidden service GPG-based identity that you can prove that, here's who I am, I've done some sort of computation and this identity is valid until I turn into a jerk, then you can block that identity. And it's difficult enough that you can't just create thousands of them and spam everybody. Anybody else? Another question? Yeah. Do you know if anyone is building an anonymous or pseudonymous payment system on top of this? I know that people have thought about it and are thinking through incentives. Some of the concerns, some of the resource challenges actually are with incentive systems. You'd be very careful what you incent. There's a technology called, I think it's called BitBlinder. That's basically for anonymous file sharing and they have some sort of payment structure where for every byte you transmit and you get two free bytes or something like that and they've created all sorts of incentives for people that want really, really fast nodes for the short bit of time to get twice the amount of bandwidth and then they shut it down. As for actual like eCache type things, I know those are in research. I don't think anyone's deployed like a hidden service based eCache system yet. Hi. I would like to know if you have some, maybe some more news about the recent attack from some blackout on the Tor server. I think I got half that. Can you repeat your question? My question is recently there was an attack against the web server on the Tor project and maybe you know who's behind or why such attack occur on Tor project. Are you asking who, how do you know who runs the Tor server? The web server, the host. Oh, our bandwidth hogs? Is what you're talking about, our public notification, the breach we had? Yeah. Yeah. No, we don't. We suspect they're Southern German because the Germans who work on Tor said this is Bavarian. No one writes like this. So either someone's very good at faking a Bavarian. Mostly what they attacked was SPD.DE and they wanted lots of bandwidth through a bandwidth amplification attack or DDoS. We spent a lot of time and had a lot of help looking through the forensic analysis of our servers and as far as we can tell, they used some old SSH exploit on someone else's server, took the keys, because Tor admins, Tor people are still people. They had the private key for their SSH along with their public key and I got into other servers and then stalled basic kernel exploits to some, some are zero day that we found out, which may become published soon and published, used it to do bandwidth attacks, bandwidth intensive attacks. All the forensics point to that they didn't realize what they broke into. They just saw, look, here's some servers on some gigabit links. Woo-hoo, I can go attack things really quickly now. They didn't touch any of the Tor code. We had two people go through every Git commit, every SVN commit, compared to what was in the repository, compared to what we send emails out when that happens, compared their own trees and looked through every last bit for the past two years to see if anything changed. One of our volunteers who's a student in Germany went through every single Git commit ever and compared everything to make sure that what changed was actually what was supposed to change and no one went through and modified the archives and so basically, I mean, one, we got lucky. Two, they just wanted, there were basically silly attackers and wanted bandwidth and took advantage of volunteer and other servers that related to Tor. Yeah, I mean, Tor is a great project about privacy and everything like this, and but there are some other party who don't like the point of view of Tor and Tor user. And do you think with maybe the widely range of user, there will be also widely more attacks like this kind of? Do we expect to get attacked more? Yes. As activists around the world have used Tor to actively speak out against their government, this attracts a different level of attention that we're not quite used to, and we're working through securing our systems and doing things sort of more securely, vastly more securely, so that as we get these attacks from like nation level, SPNL and other services that we can at least detect them and hopefully defend against them. So exit nodes are in fact being wire tapped, so using Tor would increase the chances of you being, of your communications being followed. Do you know if this is correct? And if so, wouldn't that mean that you would only want to pass encrypted traffic to Tor? We encourage people to use encrypted traffic period whether you use Tor or not. All right, you would like me to be more wire tapped. It's unclear. I mean right now, most law enforcement, you have to have a reason to wire tap somebody and there's all sorts of precautions in place and then they may or may not be able to analyze that much data that comes out. So I think the answer right now is no, could it be in the future, maybe. As laws come into effect, when the IPRED law came into effect in Sweden, we saw Tor usage from Sweden go up by 50%. You know, like other VPN providers saw their subscription skyrocket the day before. So you put the laws in place and you just created this arms race of people trying to avoid being wire tapped, whether it's in a nation level or individual level. Did anyone in the Western world ever got sued for running a Tor exit nodes? They're not from running a Tor exit node, no. They've been taken to court. There's a guy Morpheum from Germany who had his exit node, did something bad, police came and collected his computer and then he became much more of an activist because his attitude was, well, screw them. They're gonna do this to me, watch me, I'm gonna run five exit nodes. Not only does he run more exit nodes, he now runs WikiLeaks.de and a bunch of other things and he keeps winning cases that basically what he's doing is nothing more than telcos do. Like the ISPs and the telephone companies do. So why should he be picked on? He will also run very open exit policies to attract more traffic just to sort of, cause he wants to have the fights. So the answer right now is no, Tor is not illegal anywhere in the world as far as we know. Maybe North Korea, but North Korea has no internet and when you browse, when you go to internet cafe in North Korea, you have an 18 year old with an M16 sitting behind you, ready to shoot you if you do something bad. So that's a pretty good incentive.