> You propose running a Tor node or using Tor internally. Before, this was just something you could do. After Tor’s pivot, you now have to justify why the company should explicitly associate itself with banned HR activism and draw the government’s ire. Using Tor is now an additional mild liability for all of its non-HR users.
Using Tor already marks you as suspicious depending on who's looking, regardless of why you use it. The ideals or mission statement of the Tor project don't change this.
Tor suffers from the same impediment as the Bittorrent protocol; it is used a lot for illegal purposes, so a stigma of illegality surrounds the tool itself. By focusing on the legitimate use of Tor (e.g., as a human rights facilitating tool) the Tor project might actually improve adoption rather than frustrate it.
Is this based on experience or assumption? I've had minor issues with Tor and VPNs abroad, when questioned about them. Brushing them off as a "security tool" usually worked.
A "human rights" tool, on the other hand, makes Tor dangerous to be caught using in many parts of East Asia. I find most Westerners (myself included until recently) don't understand the cultural and political sensitivity around the term in certain countries. OP's analogy to the Western treatment of anything rhyming with drugs is spot on.
This is a very high social cost in the west, and you can't pose with a tor t-shirt (like the dude in the photo) if that the narrative. You will be expelled from your students union instead of celebrated for supporting it. So, a typical westener tor-supporter does not want this image. But the typical westener is no the person that needs tor mosts.
Such a label in east asia would probably help. If the Singaporean police would assume that all tor users a looking for child porn (or just porn, that's illegal there) uses would fall in the vast bin various criminals. But not a political opponents, that are targeted with much more energy. The social cost of consuming (child) porn might be lower than being a dissident. And the prosecution might be less serve.
I suggest this is overstated, at least as far as Tor is concerned. While there are occasionally news reports about various crimes that utilized Tor as part of the process, more often the generic term "encryption" or "anonymizing software" is used in news reports. I think the general reaction to anyone wearing a Tor T-shirt would be indifference, save maybe one or two curious talkative parties.
I will admit this is anecdotal, but overwhelmingly when Tor has been brought up in the past in my workplace or during discussions, overwhelmingly the response has either been "what's Tor" or "oh Tor. I've heard of that. What is that exactly?". The idea of "expelled from student union" for being a Tor Supporter is completely outside of my understanding of what people in the US even know about Tor. Even so much as having a casual two-way conversation with a non-tech person about Tor seems like a foreign concept. Tor might catch headlines once in awhile, but when it comes to things like online privacy and anonymity, I don't think this is what the lay person thinks of.
I mean, just page through news.google a bit searching for "Tor". The news outlets covering it are pretty much tech-oriented; going just a few pages deep, only politico really mentioned Tor, and that was literally only to say it was used by the hackers during the Clinton email breach, calling it an anonymity tool.
I just don't think there's enough evidence to really say that the general public or even law enforcement really knows what Tor is, much less form an aggressive opinion towards supporters.
I bet if some large corporation came out with it, the government would have no problems. Because they could probably convince that company to let them monitor everything
This is a curious construction, one that I can't pin down to any kind of secondary-language issues. "Using Tor" is not the subject of that sentence, "who's looking" is. So, some people see Tor as suspicious. Who are those people, and why is it a problem? Law enforcement...anybody else?
What does it mean for Tor traffic to be demeaned by law enforcement (or $chosen_group) as by-default suspicious, and is this a good use of their time and resources? Is it a good way to solve crimes? History tells us that law enforcement, and by extension the government, will use bigotry to effect prosecutorial goals at least as readily as they will shoe-leather investigation. Defining Tor as suspicious-with-exceptions operates in the same sphere as asset forfeitture: prove you ain't.
Point being, I think it's important to be clear what is happening with Tor as a character in the wider world of politics and policy, and "using Tor" is something that I don't think needs to be justified. Passive voice also elides these serious issues by pinning results on nebulous activity.
"Using [Tor]" actually is the subject of that sentence. "Who's looking" is not the subject even of the dependent clause in which it occurs; "depending on" is introducing an adverbial clause, in which "who" is the subject, "is" is the verb, and "looking" is the predicate.
> Passive voice also elides these serious issues by pinning results on nebulous activity.
The passive voice is not used in the sentence quoted.
I recommend preferring rhetorical techniques other than grammatical analysis; even for someone with a solid understanding of a language's grammar, picking apart the way something is said tends not to advance the discussion as well as repling to content would, however dubiously it may be expressed.
> Passive voice also elides these serious issues by pinning results on nebulous activity.
No, no, no.
Firethief has already largely covered this, but: "Subject" and "passive voice" are grammatical terms. They have to do with the syntax of a sentence. Not with who performed an action, or whether that agency was clearly expressed in the sentence. There is nothing necessarily agency-hiding about the passive voice; conversely, one can hide agency quite well without using it.
Basically, go read some Language Log, they talk about this all the time. Hell, they've got a whole category for people complaining about the passive voice while not actually being able to identify when a sentence uses it: http://languagelog.ldc.upenn.edu/nll/?cat=54
(Edit: One particular post on the subject I should point out, I think -- http://languagelog.ldc.upenn.edu/nll/?p=1227 )
Or here's a whole paper by Geoff Pullum on the subject, with more examples than you can shake a stick at in section 3: http://www.lel.ed.ac.uk/~gpullum/passive_loathing.pdf
Don't get me wrong, I like Tor, but I also understand the pragmatism in law enforcement being a bit interested in people trying that hard to hide what they are doing online.
Nearly a year-and-a-half after CMU canceled a Black Hat presentation, hints were dropped that CMU's Tor-related efforts may not have been for research purposes only. An anonymous tipster claimed the FBI had paid CMU $1 million to unmask Tor users. A quasi-confirmation popped up during the DOJ's prosecution of Brian Ferrell, who was allegedly assisting Blake Benthall in running Silk Road 2.0. Ferrell and Benthall were both swept up in the wake of a Tor-related FBI raid known as "Operation Onymous," which began a few months after the hastily-cancelled Black Hat talk.
Included in the information handed over to Farrell's legal representative was the following:
On October 13, 2015, the government provided defense counsel a letter indicating that Mr. Farrell’s involvement with Silk Road 2.0 was identified based on information obtained by a “university-based research institute” that operated its own computers on the anonymous network used by Silk Road 2.0.
[1] https://www.techdirt.com/articles/20160225/07295633707/silk-...
[1] http://motherboard.vice.com/en_au/read/carnegie-mellon-unive...
And the more troubling aspect is that the courts have accepted the government's arguments that no warrant is required to disclose IP addresses:
> ... Tor users clearly lack a reasonable expectation of privacy in their IP addresses while using the Tor network. In other words, they are taking a significant gamble on any real expectation of privacy under those circumstances.
If both of these statements are true (that the government could easily run a majority of Tor relays, and that the government does not need a subpoena), then any particular vulnerability being patched is irrelevant to the inherent insecurity of the network.
It was bad that Tor didn't notice the large number of new relays joining the network but greater vigilance is being shown.
Tor is effective against many threat models and yet many attacks are known. Further work is required.
Secure against what or who? Nothing is completely secure.
Your browser isn't secure, and most Tor users are using browsers over it to visit websites. All an attacker has ever needed to do is compromise your browser.
I thought the whole point of Tor was that it would work against highly capable or motivated adversaries?
Tor has lost their mission, which should have been Privacy above all else.
Today they seem to be more focused on Social Justice, and less about privacy.
I don't see this as an implosion. I am not fond of the majority of SJW rhetoric as a lot of the defenses seen in those circles seem to be constructed as thought-terminating cliché.
I have much respect for Virgil, but I also think Tor is in need of a rebrand at home.
Ancap/cypherpunk messages are not agreeable to the mainstream, and they do not maintain a project when it becomes this close to mainstream. The common Western observer begins to equate the network with the abusive practices inherent in anonymous communication. The average user sees "Tor" and thinks "child porn" or "drug dealers", or "Mr. Robot" hacker types. These are things that economic resources that have to answer to Western political authorities will run from, and if the project needs funding, it needs to have a feel-good message that supporters can parrot to politicians and others that actually have power.
I, too, am an anarchocapitalist cypherpunk type. But I'm realistic enough to recognize you can only push that platform so far as an organization scales. Most people still won't care.
Full disclosure: I am not affiliated with Tor, but I have run relays in the past and will likely run more in the future.
Thanks! I love you too.
> These are things that economic resources that have to answer to Western political authorities will run from, and if the project needs funding, it needs to have a feel-good message that supporters can parrot to politicians and others that actually have power.
This is a totally reasonable response. I would be delighted if Tor Project could make a pronouncement like this.
As a reply, I saw no indication they were having trouble appeasing western authorities---e.g., they had no trouble getting DARPA money for the big MEMEX project. They are voluntarily cutting themselves off from defense because they dislike the politics of the funders. Instead, they are piloting themselves into a position where they are forced to take money from human-rights funders just to stay afloat. And becoming "Human Rights Watch for Nerds", makes Tor work vastly more difficult in the Asia Pacific.
I agree with you that Tor could use a rebrand, but this is a poor choice of one.
The second they learn that tor can and will be used to spread "hate speech" or the classic CP, Drugs, Terrorism, the "mainstream" will (and is currently) demand that Tor sacrifice privacy in the name of defending Social Justice, stopping terrorism, ending CP, or catching drug dealers.
Under new board of Tor, and this new direction I fear Tor will cave to these demands.
Edit..
and just to be clear. Social Justice is not the same as Human Rights. People of late seem to be confusing the 2.
At this point I'm 99% sure that (a) SJW backlash is some form of mass hysteria where large groups of people have convinced themselves and each other that these people exist in vastly greater numbers than they actually do (I'm talking multiple orders of magnitude) and (b) many of the most vocal anti-SJW warriors (let's call them ASJWWs) are simply people who at some point in their lives had experiences where they were being a-holes (probably without realizing it), and somebody called them out on it, but rather than learning from the experience and feeling slightly guilty about being a jerk, they decided it was all a big conspiracy against courageous truth-tellers such as themselves.
All based on anecdotal evidence of course, but I'm old enough (and have lived in every corner of the US, around pretty much every demographic there is) to have accumulated an embarrassing amount of anecdotal evidence on this topic.
They already need to have policies/processes to vet code coming over the internet, so there's no need to know contributors in person. It's better to not know anyone in person, in order to not compromise the goals in any way or challenge someone's safety.
Also, if Tor devs would never have interacted in person, then the alleged sexual offenses wouldn't have happened during Tor meets but some other event the accused was present at, keeping Tor free of such non-technical events.
Just like reverse engineers, emulator devs, un-free codec devs are smart to operate anonymously, so should Tor devs, and it would force them to adopt needed policies for vetting random contributions properly.
Why do people continue to use it?
In particular:
* Use a separate system for Tor traffic, never use that system for anything else
* Don't use BitTorrent (which you shouldn't be doing anyways - the network wasn't built for it!)
* Don't touch non-TLS sites, the exit node could be hostile
* Javascript off
Tor can still be useful as a building block of the next thing, but people should start demanding something better than Tor.
"Imagine"? If you think this is hypothetical, bub, I have some bad news for you about the current perception of Tor.
When I think "Tor user" I think of illicit pornography, black market drugs, and human rights activists. Those are pretty much your options. What nation is okay with the first two, but not the third?
"Oh shit, we knew he was moving $2m USD in heroin, but we had no idea he was documenting human rights abuses! Apprehend him!" Please.
Frankly, there are a lot of better reasons -- mostly technical -- to doubt the efficacy and long-term future of Tor. But the recent politicization and drama certainly doesn't help it.
After a bumpy start, Rotorproject[1] is starting to iron out a plan. It's my hope that Rotorproject can help Tor Inc resolve it's issues while simultaneously providing alternatives to the current (technical) monoculture in terms of easily usable anonymity.
I think advancing human rights are a reasonable goal, but when I've seen political activism as a specific project goal, I've yet to see long term success.
[1] - https://phab.rotorproject.org/w/general_project_information/
(Note that you haven't actually fully made that argument. We have multiple competing concerns here (as we always do[0]). Virgil has made an argument based on one; you are trying to make an argument based on another. The question then is, which one outweighs the other? Since neither of you are actually responding to the other's arguments, merely expressing different concerns, it is impossible to tell from your arguments alone. (To put it another way, in pg's "Hierarchy of Disagreement"[1], you're purely counterarguing with no attempt at refutation.) Calling Virgil "willfully ignorant" makes it sound like his argument carries no weight or has already been refuted, but this is not the case.)
[0] http://lesswrong.com/lw/gz/policy_debates_should_not_appear_... [1] http://paulgraham.com/disagree.html
However, this argument doesn't generate any virtue points. My sole claims about Tor are (1) they've pivoted and (2) their short-sightedness. They want to be rah-rah human-rights, but their angle of pursuit of human-rights is, ironically, notably counter-productive.
I think the author conflates the risk to Tor users with the risk to Tor Project members and volunteers. It may well be true that the latter groups are at greater risk.
And so while it might be click bait to say that this will wind up killing someone but at the same time you can say that it is far from impossible.
So if you're a "privacy technology" group, anything not related to privacy technology should not be part of your focus.
Ever Civil War, for example, has two (or more sides). Now the Tor group has to pick one. If they were simply interested in privacy technology, they wouldn't have to.
You see a similar thing with Codes of Conduct, or "inclusiveness" initiatives. Why can't a Python conference be about Python and only about Python?
Previously, I could have a reasonable conversation around "securing sensitive but non-threatening communications". The rebrand makes the tool dangerous to be caught using. The OP's comparison between Western treatment of anything drug related and certain cultures' reactions to the term "human rights" is spot on.
If you are a reporter, you have a very good reason to use Tor. When searched at a border or by some police force, having tools made for privacy and security is going to be expected. Having tools for human rights activists is going to cause trouble.
Why do you act like it's the west obligation to solve your social problems?
TOR was created in the west, its main contributors are from the west and now - and very rightly so - the people in front of TOR identified the eroding of personal privacy as an eroding of our human rights in the west and they want to change that.
It's good for the west, is good for the TOR creators and main contributors. If it's not good in the Orient or middle East, then instead of complaining you should be creating and contributing to projects that help your purposes and your social advancement.
However, Tor self-righteously insists it is improving human rights, especially for improving human rights outside the west.
I had to stifle a giggle at this 'example'. I have to wonder how many 'local businesses' so value their comms that they want to hide their origin at the expense of significantly downgrading their bandwidth... and what do these 'local businesses' look like?
Anyone, with even an iota of self-preservation in them, is best served staying away from this identity-leaking crapware. There is no gentle way of putting it. Tor is fundamentally and practically compromisable, do not trust it for guarding your anonymity against a determined adversary.
No. I don't have any suggestions for alternatives either.
This attitude from someone representing the Tor project is, to put it mildly, terrifying.
But I guess fundraising matters more than lives of actual real human beings.[1]
[1] I'm inclined to believe the author slightly exaggerates the risk, but the reply completely neglects to address that issue. Trying to shift blame on local governments is hardly an option when those are the ones you're trying to defy.
