 Our next speakers are Gus and Geco or Geo from the Tor Project. They both became onto the project, have been working with the project for a long time now, and a couple of years ago they both became on as employees Gus as the team leader, as the community lead of the project, and Geo as the network team lead, where he has been working on improving the health of the network and making sure that bad relays are removed. Give them all a great round of applause from home and welcome to the stage guys. Take it away. Hello everyone. Hello. This is Geo from the Tor Project and I have Gus with me today to talk about the state of the onion yearly thing and we are really happy to be here at the CCC and think about providing an update what we did, what we're excited about next year and what is basically in the pipeline. Before we start, assuming we have some folks watching this talk wondering what this tool thing is, we thought about picking them up, getting them up to speed and talking a bit about what we are actually talking about here. So Tor is concerned with the online anonymity and censorship circumvention. We produce free software and we actually have an open network of relay operators and relays operated by volunteers, but that's not the only meaning of Tor. You find VR as well in community of researchers, developers, users, and they mentioned relay operators. As a project, we are a US 501C3 non-profit organization. So that's the different notions of Tor you might encounter. So what is actually the Tor design? How does it help with the anonymity goal or censorship circumvention goal? So assume you have two parties who want to communicate over the internet and in particular Alice wants to hide their location or their IP address so they can connect directly to Bob because that would be obvious where they are coming from. So they try to get their traffic through multiple relays so no signal relay can actually betray Alice here and find out what else is up to or where she is coming from. So what Alice is doing or actually Alice Tor client on her machine is picking a path through the network with three relays mentioned here with a one, a two, and a three before she is finally reaching Bob. So this looks like something like this year and at the end Alice is asking the access relay or relay three on this slide to connect to Bob and then they can talk to each other. That's the basic underlying concept of Tor. Then there's the problem that we sometimes see censorship in the wild which means that an adversary is trying to prevent Alice from actually reaching the Tor network and so she can benefit from the privacy properties the network is providing and in this case the direct connection to the cloud above there with the public relays is prevented and what Alice needs to do is to connect to so-called bridges which are non-public relays in this case which work as a first hop and then she is picking the usual remaining two hops before connecting to Bob. So this is a rough idea of how Tor is trying to prevent censorship or to bypass censorship to be more correctly and which will play a role in the coming slides because we talk a bunch about censorship work we do and have done and want to do. So that's basically Tor in a nutshell. There are many more things to Tor but that's hopefully enough to understand what the following updates are about. So if you recall the previous slides that was basically trying to provide privacy at the network layer for users hiding their AP addresses but as we know the web and in particular browsers are large beasts and that's by far not enough anymore to guarantee any meaningful privacy on the internet because of all the tracking mechanisms and ways of fingerprint users. So a couple of years ago we essentially started to provide a tool called Tor Browser which is essentially a fork of Firefox and has dozens of patches on top of that so we can actually provide the privacy guarantees we think are important. And this tool got some meaningful updates over the year and one of this is that we overhauled the Tor Connection experience. Some of you who are already familiar with Tor Browser know about this weird modal dialogue popping up once they installed Tor Browser which was up until the Tor Browser 10.5 the default way of connecting to the Tor Network with the Tor Browser and this is gone because that's a really weird experience. If you have any other browser what is happening once you've started you get a browser window and then start searching or typing whatever you never get any modal dialogue which is a UX experience which is not really the best so we fixed that there's no modal dialogue during startup anymore and there are easy ways to as an easy way to connect automatically now so you don't even see this particular starting screen anymore. Overall skipping a much smoother experience for your Tor Browser usage which is pretty exciting. Then we finally deployed Snowflake which is a means for helping censored users on the internet which is kind of a next next next level step in the arms race against sensors and this has been in the works for a couple of years and has been testing for a month in our Alpha release series and finally made it earlier this year and stable and you can see in this on this graph how the the usage grew over over time starting with the initial launch in the stable series at the beginning of July this year you see there's a continually growing numbers of Snowflake users you see at the at the right side the the spike up and down and Gus will talk about this a bit later but it's it's a growth and we can see this and we can hear the feedback for users so what you can help is running Snowflakes how this is going to to work is a thing Gus will explain it on but there's already a thing you can try to remember and getting out of this talk so you can help censored users yeah that's two of the highlights for this year for for the next year and upcoming years we plan to make it even easier to help censored users around the world for instance by faster updating the default bridges we ship it through browser usually what's happening right now is that once we want to bundle new bridges to a tool browser we have to have a new release which is pretty cumbersome and slow we want to make this faster so that you can keep your tool browser but get updated bridges if there are any available which we can ship and then we continue working on the general idea of just helping users bypassing their censorship they should have a button like I am censored and then tool browser should figure out everything it needs to provide the working bridges for the for the user in the particular region where they are that's the the kind of the golden standard where we want to to get to so this will be pretty exciting work then for another project actually a multi-year project which we recently started I want to give an update the tool browser thing is pretty cool in the sense that you have an app and then you have per app settings kind of and per app means of providing privacy properties but particularly on mobile where you have kind of dozens or hundred of apps it's pretty cumbersome if it's usable or possible at all to configure every app to every app to use tool as a proxy so what we want or we actually want or what users want on mobile at least is a way to to route all safe traffic and specific safe applications through tool you don't want to configure this per app though that's that's not the the way to go um that's a pretty vpn like functionality and do I put vpn in quotes here because that's kind of very working you know concept we we probably want to come come up with the the better term at the the final product because vpn is kind of tainted and and there people have particular understandings what it what it means the vpn is and and we have kind of a new tool here where we are tools trying to to fill the niche and and provide better guarantees and than regular vpns do so we want probably come up with a different term but that's pretty close from the from functionality point of view what what tool wants to do and the the the bonus points here as well are that we can easily expand our censorship circumvention means to the whole device and don't have to deal with that on a per app basis either the work is done with the with our friends from the guardian project and the leap encryption access project which is exciting and we plan to have this available on android first likely starting in 2023 maybe already at the end of next year we'll see as I said it's a multi-year project it's spanning different teams at tour it's it's using the it's using arty the new rust based torque line we are currently writing so that's a pretty exciting project and we hope we make serious progress over next year so let me leave the the application part right now and talk a bit about what we could call network health the one of the points which frequently comes up which is important is our work in the bed relay area the the overall the dealing with malicious relays remains hard with our limited resources we remove for instance several large groups of actual relays in early 2021 and use this actually as kind of a wake-up call through seriously invest in in this area which means writing new scanners for detecting malicious behavior and do a better monitoring for for malicious behavior at the network and I think over the year I'm confident to say that we actually got a stable tour network and compared with the previous years I think it's fair to say as well that we right now have a safer tour network as well compared to the what we had in the previous years so that is exciting progress worth mentioning here but that's not enough right so what we actually want to do to provide an even safer experience and tackling the the problem of malicious relays more at the core is leveraging trust in our really community helping with with those problems and the key points to take away here is that is a mixed approach in a sense that we have technical tools helping with bed relay work but as well this is a social approach which is important here because we can solve the the problem of malicious relays with technical means alone and this is a thing we take into account right now already we started successfully I think with experiments for instance we we removed like three weeks ago two large groups of of relays which we deemed to be malicious which were perfectly configured from a configuration perspective then all the my family setting set and they had a contact info information set which was supposed to be non-spoofable so they did all the technical parts right but still once we started to contact them and and tried to talk to them it was pretty clear they they were very likely malicious and we removed them quickly from the network which showed us once more that there's a social component here too which is important and this will be a priority for the network health team not only for the team I mean there's a community team involved as well and and other teams too but it would be important for for the talk project in 2022 and what this means at the end you know taking trust into account is not set yet there could be the idea that we say okay we have here a large group of trusted relays and they get more traffic to see or more traffic to see from users compared to the non-trusted group this is performance implications and many other implications which we need to explore in detail starting this year and and but more next year and probably for the coming years which actually brings me to my final point on for my part which is talking a bit about the two performance and the work we did this year what's coming up next so if you look at these and this graph or those two graphs you see a growing gap between the bandwidth which is a vertus on the network and the actually used bandwidth over the years starting from you know kind of 2011 and continuing up until today this is kind of counterintuitive because one of the things we usually get as kind of most of the most important complaint is that slow so what's the issue here if you have so much kind of surplus bandwidth but it's not getting used but on the other hand users are complaining towards slow so we have a project which is trying to solve those problems now we think that a big part of this equation is coming up with a good congestion control for the torn network which was lacking so far so that we have an overall better bandwidth usage and this got implemented this year which is exciting and will be deployed next year and we hopefully see not this growing gap anymore but this shrinking gap additionally one thing we we we sorely missed was feedback for relay operators whether they're released or doing well whether they are overloaded and whether they can improve settings and the problem modifications so we implemented a series of kind of warnings or triggers which really operators can monitor and we from the tour project side can monitor as well and then we can can ping really operators and helping them figure out their stuff and getting those issues fixed resolving the overload they see on their relays and planning for plan for 2022 as well is that we start do better load balancing by figuring out which relay relays are seriously overloaded and moving traffic from them back to less overloaded relays giving an overall better performance and and user experience for our users so I think that's all I had to say for my side thanks for listening and now Gus will pick this up thank you dear so hello just as Gus from the tour project and today I will talk a little bit about the community team and our work on the tour community so we will cover user support the new user support forum our new gamification project uh they run a bridge campaign that we started last month and and we are also going to talk about the censorship the tour censorship in Russia so oops here is so for the tour forum uh we at the beginning of this year we start to think about having a place where people can ask questions that is not a main list so in 2021 what looks like a support forum you know how where users can do questions and receive help so email and user documentation are nice are cool are important because people in censored regions they can access this resource they can send an email from Iran from China from Russia now and they can access our documentation but we were thinking about other other ways to reach out to this community to find places to find a way to to them to communicate and ask questions so part of this plan is to the first part of this plan is to have the tour forum so people can access this information and ask questions on a new user support forum that's friendly and you can install an app on your phone and and contact and talk with others and later I will talk about the second part of this plan so we launched the tour forum this year in October and it's been it's been very nice and I invite everyone to join our our tour forum the other project that we are doing at the community team is the our gamification project for relay operators so the idea is to understand what what are the motivations how we can incentivize the tour network how we can grow the tour network basically or why people are stopping children relays so we are doing this as part of our internship and Niko is all in turn and she's doing this work and we have a survey online so people can ask some questions and give feedback about their experience in running relays and we and last month in November we launched a campaign to get more breads and and so far well breads are very important for users living in sensory countries this is how they are going to connect to the tour network so our plan was to have 200 new ops for breads ops for is a plugable transport that can obfuscate your tour connection and uh uh and we uh so the plan was 200 new breads and the campaign stats at now are 900 new running breads 800 new ops for breads and the network size bump from 1,200 to 2,000 new breads uh overall so we uh so the campaign was a is a real success and we and we you can see on the graph here on the on the screen how the campaign changed the the the course of the network size here and and so this campaign started in November and in December a situation just happened so in the beginning of December we we received a lot of users asking for support in Russia and it was not well we usually have some users asking help but that time budget time was different we received like a lot of user support requests basically emails asking for tar breads and that was very strange because we didn't know anything happening so we start to investigate with uni which is a uh open server tar off network interference to understand what was happening so we start to see some anomalies on the tornet uh on on russia uh basically blocking uh not just our uh website but also the tor network uh and not only the tor network but also some tar breads and that was like some we start to looking to that to understand what was happening so uh we start to collect information and we put together in our ticket in the few days later we received an email from from russian authorities uh saying that they were going to block the tar parts domain in and basically we thought to give you answer reason and and we didn't understand what was happening so we i'm going to skip the lawyer part and and and the the supposed the the reasons that they are blocking uh the tor project website and they will focus on what they are actually doing and how that's impacting the tor network and the tor community so russia is the second country legacy country of tor users uh is united states russia germany netherlands and other countries that are the top 10 top 20 countries that are using tor and uh and and we start to look on metrics and see that the the numbers of tor users were were decreasing in in december and we also saw that the bridge users was increasing so you can see clearly the impact of the censorship on joseph graph here and joseph graph is available on matrix portal tool so the summary here is one on december first russian authorities they block it tor director authorities so if you have tor installed on your computer you cannot bootstrap tor uh they block it tor browser breeds so if you have tor browser installed you cannot use these breeds they also block a domain fronting mickey asia so if you try to bypass censorship that was not going to work they also block it snowflake and i'm going to talk a little bit later and they also block it a bunch of tor bids uh in different internet providers so uh depends on where you are on russia you can use tor but in other places that was going to be more complicated and the only way to bypass the censorship at that time on december first was to use a breed from bridge dot tor purge dot org or from our email and and so we start to fight the censorship we launched a telegram bot that you can get a bridge and that and that bridge is not blocked in russia and we test these breeds on our vintage points on russia to see if they are blocked if they are blocked be asked for relay operator to rotate that type of address so these breeds are working and we are checking if they are uh and we are checking inventorying if they are working the tor community also fight fought back and we and the tor community spin up like uh more than 400 new tor breeds in just a few days when we have amazing volunteers translate the tor user support guides in russia and uh and during after the first block on december first the anti-censorship team also provided a fix for snowflake and and it was and just fix was available on tor browser the last released so you can see on just a graph that snowflake was around like less than 2000 users but after december you can see it take a while but then start to increase the number of snowflake users in basically because of russia and you can see just just graph here there is a decrease here is because um the the server crashed after too many users so we fix the server and uh and we start to get more users so if you want to help people in certain country you can run at our bridge or you can run a snowflake proxy and that that will be very helpful for tor users in russia and uh a new update uh during christmas we also had a new round of censorship in russia more breeds were blocked between december 23 and 24 uh we are going to reach out to relay operators and and and say and we are going to contact contact them and say okay you need to rotate your IP address if you want to get back in the game and and fight censorship and we are going to do that and just week uh is snowflake is working fine and we have been working uh with uh doing user support with russian users and we already answered more than 1300 help requests since december 1st just for comparison we we sold at 140 sorry 1,400 support tickets between january and november so in one month we already have more user support requests from russia than uh in a whole one in 12 months basically so so i will do a call here for the internet freedom community to spin up at our bridge or run isoflake proxy if you can if you cannot run a bridge you can donate to relay associations if you cannot donate you can help and teach tor users about uh about breeds or you can help localize tor in russia or you can do we can apply pressure uh like if you are part of a digital rights organization or a human rights organization uh help us to make pressure on russia government uh and stand up in solidarity like edwards noden did and published is uh calling the the russian government to stop blocking tor uh how to get involved uh we are available on tor irc and matrix channels you can join us uh our mailing list they are public and you can see what we are talking and you can help you can also join the tor forum and you can contribute to our get lab and for next year we are going to improve we are going to continue to improve our user support tools for user living in certain uh countries or regions uh so one of our ideas is to provide a telegram uh chat channel so users can communicate and have and get user support on telegram we are going to continue to develop the tor relay gamification project and uh continue to organize tor trainings in the global south in matine america in east africa and organize relay operators meetups uh today we are going to have a relay relay operator meetup 10 p.m german time and the link you can find on tor relay mailing list and also if you search on twitter also some media you can also find that um and the uh today we just covered some topics from the state of the onion we some uh one month ago we did a a huge presentation like two hours and and half about anti-sensorship, fundraising, ux, sysodemine and many other updates about rt about v2 onion deprecation and many other topics and you can watch that on youtube so i think that's it from my side and and we are open for more questions thank you so much guys like obviously so it's a really important project and that's honestly great to see how dedicated you are to to basically helping everyone i was actually uh now we're going to go on to the question and i was actually wondering something myself before we uh we head over to to taking the ones coming in from the internet um basically i as far as i understand like when you working with bridges and making sure to like avoid this censorship and everything like as far as i understand an important tool in this process are the meat bridges where you use huge cloud providers to basically mask traffic to tor that's like regular hdcps website traffic does that not work in the case of russia or like what does the attack threat situation look like at the moment in that scale landscape i can answer in two parts the first part is that some cloud providers they don't like domain fronting and so amazon and and others they they they change their policy and they start to block uh well not just block but to remove uh projects that were using domain fronting so the only cloud provider that allows tor or allow tor to do that was uh azure and we and we had to limit the bandwidth on that so if you use mickey azure on tor browser it's going to be very slow and um and one thing that we so this is the first part like the the providers they don't like that and they were enforcing us to stop or remove remove uh just support the other thing is that the the bill like the cost of running a mickey azure breed or or a mickey amazon breed that was too high and too costly so snowflake is uh is the next step here because it use mic it use domain fronting to to connect you to a tor proxy uh snowflake proxy and the cost will be like a very cheap so you can you can get the the benefit of domain fronting and you can use uh a lot of proxies to connect tor users and that will not cost a lot of money for for the tor project and for for tor users so that's uh is there a way to go here is not look back but look forward it sounds so cool like obviously it seems that this was very important and actually hearing like some of the problems that you guys are facing in your fight i think that's very interesting for for all of us so uh questions from the audience uh the first one is that the apps that you're making like it the question is whether they would make you identifiable so basically if exactly those five apps are always calling home over the same tor nodes that the question is if that if someone could link that back to you do you want to talk about this dust should i go ahead yeah i think this should not be the case i mean depending on what kind of apps you have how they are configured um and um some potential you know timing signatures and stuff so that's one of the things we are concerned for instance with tor browser and um trying to really make sure to break this up in the sense that folks can't learn anything about those patterns you have it's hard in particular if adversaries can monitor you know exit nodes or end points over a long period of time but generally you should be protected from this kind of thread right that makes sense so the next question is that if they understand correctly the tor organization is registered in the united states could the project be in danger of any government pressure to be discontinued and have you guys ever planned to move to more net neutral countries like switzerland or similar hi um so from my point of view i i don't think we suffer any pressure right now from us government so i think what would be interesting well one thing that is important is one thing is the tor project and the other thing is the tor network the tor network is we have director authorities in different countries and that just to avoid this kind of government pressure against the tor network so i think i think the question would be more like finding different ways to fund to to make tor sustainable not just like diversifying our firms so we don't be too connected with a government or one source provider of resource i think this is happening right now isabella the executive director has changing a lot of our money income and if you look back in the history who has government was adding a lot of money through to the tor project in different by different ways you know like uh uh human rights projects and uh internet freedom projects and just was basically how tor is and was funded by us we asked the government but not just us government other governments like swedish government too so i think uh i would be more concerned about the tor director authorities being in just one country and that's not true we are in different countries and i so far i don't i never heard any kind of pressure from the us government against the non-profit college the project so i think that is basically my answer here that's good to him and now to um onto maybe a little bit lighter question do uh top browser users have any chance or hope to see less captures in the future yeah i think we do have some hope there is i mean not just only hope but um we have work ongoing solving this from different angles the first one is um outreach to major providers trying to understand why they are blocking to war or why they provide captures and working with them um to come up with solutions which is or which are not only deployable by them but by the wider industry so there is a knowledge gap here and then trying to based on that trying to figure out how we can solve this problem and that's not only from a you know policy angle but we plan to look into technical means as well for instance there's the idea of providing tokens to to users so they which they can spend anonymously at websites for instance and the websites can can look for that and try to regulate the traffic keeping the noisy bots out while providing good service to our toy users providing such a token that's another thing that won't be solved next year it's a multi-year project to we are a small organization so there has to be you know some kind of prioritization but that's definitely on our radar and a serious problem for us so we should fix this sounds like great initiatives and also like they're going some of the way in order to to some extent legitimize the use of the tool browser maybe not as much in common society but also when actually visiting different websites yeah exactly nice next up is whether you guys are planning to figure out some kind of solutions for firewalls for instance the corporate ones that are slowing traffic down hmm i know guys do you do you have some you know queries or complaints from users for this particular issue i i'm not sure about that yeah i just just would be a very specific question i it's also very fair to just say that it's not a problem that you've heard a lot of complaints about right yeah just true we i didn't heard about that like the capture one is a popular one but i never heard yeah i think there a bunch of larger things to fry here yeah it's not really you know not even our top 10 so there right i guess it can also be very hard for you guys to like work with figuring out how to prioritize all the different initiatives and the wishes that that people have yeah definitely cool um so um unfortunately we don't have time for any more questions right now but there is a break out out room that people can come to and you will answer any further questions for now we are going to have a break on this channel before the next talk that's going on at the 20 hundred which is cookie banner that's online verben ecosystem and google preisträger big brother was 2021 for now thank you very much guys take care and maybe we see you in the