How Shari Steele Plans To Take Tor Mainstream

blottsie writes: Over her career, Shari Steel has taken on United States Department of Justice, the National Security Agency, and the Federal Bureau of Investigation. She built the Electronic Frontier Foundation into an international powerhouse for protecting online rights. Today, she has a new mission, perhaps her heaviest challenge yet: Take the Internet's most powerful privacy tool mainstream. From the Daily Dot article linked, a hint of one reason that bringing Tor mainstream isn't straightforward: At the heart of Tor's image problems are what's known as "hidden services" -- sites that are only accessible through the Tor network. Hidden services have been home to drug and gun marketplaces, child pornography forums, fraud and hacking sites, and sites where you can place bets on when a high-profile target may be assassinated. While the media tends to focus on the nefarious elements Tor enables, hidden services make up only about 1 percent of the Tor network, according to Steele, and are in no way operated by the Tor Project.

"I'm trying to teach everyone that we need to recognize that we are doing the work of the angels," Steele says. "What we are providing is really important and really great, and there happen to be uses that are residual that aren't what we're doing. We're not creating this for [illegal activity]. And OK, maybe it's being used for that, but that's not what we're about!"

1 percenters

[Stormcrow309]

Great, we will have geeks getting stomped by bikers for wearing 1%ers patches.

Re:1 percenters

[VernonNemitz]

Nevertheless, the fact remains that anything that can be used can also be abused. A pillow can be a murder weapon or help you sleep better. An H-bomb can deflect a dangerous asteroid or destroy a city. Water is problematic. [dhmo.org] :) Government can be tyrannical or ...hmmm!. And so on.

Re:

[Maritz]

Show me the safety standard-compliant pillow that cannot be used to suffocate someone.

Re:

[Narcocide]

You don't have any idea who/what the EFF actually is/does, do you?

Re:

[beastofburdon]

End up? Are you really foolish enough to think the CIA would develop a tool for anonymity and release it to the public before it was thoroughly defeated? It is only good for pirating, anything that would be subversive to the government's ambitions done on TOR will get you killed.

Re:

[KGIII]

EFF and the ACLU (plus the local chapter) get donations every year - sometimes more often if I read about an issue they're needing help with funding. I am not affiliated with either but I do like to remind folks that both groups are hard at working at helping with our liberties. So, if you've got a buck or two and want to help out, I'm certain they'd appreciate it.

Re:

[KGIII]

Thank you. I was, until now, entirely unfamiliar with them. They look like they might be a worthy cause. Free speech means protecting the speech that is not preferred and these folks get funding from the government. So, it's a noble goal and I thank you for bringing it to my attention. I'm in the process of getting some BTC, where I'll wash it, and then I'll push it on to them anonymously in chunks over the weekend and into the coming week*. I need neither a shirt nor recognition. I care not about the tax w

Well, I don't blame the gunmaker

[NotDrWho]

For how someone uses the gun.

But still, you have to wonder about a large-scale gunrunner who knows that his guns are being used to kill civilians in some civil war.

Re:Well, I don't blame the gunmaker

[DogDude]

Sir, put down the the Glenn Beck, and slowly walk away.

Re:

[bigfinger76]

Pretending that humans have evolved dramatically in that time is also a boner move.

Re:

[Narcocide]

All of you, stop trying to turn this into a discussion about guns. This conversation is about network security. The two technologies could not be more fundamentally different.

Re:

[Opportunist]

You really think your gun would stop the biggest military (by a margin and then some) on the planet from infringing on what you perceive to be your rights? They'll blow a hole into your history book and your constitution before you can yammer anything about having any kind of "right".

You have no rights anymore. You have privileges. And only until they happen to be in the way of someone important. Then they will simply be removed. The main reason you have that oh so important right to bear arms (or arm bears

Re:

[beastofburdon]

You dumb shit. The point of the right to bear arms is so that a very large group of citizens can overthrow the corrupt government, not a single moron with mental issues. By the way, we can still take on the military. Our government will do anything they can(propaganda) to make us think that we are powerless, but that is just a ruse. And you are here trying to propagate that propaganda. Oh, and the reason they haven't taken that right away completely yet, is that they know they will die for it. There i

Re:

[Opportunist]

Dude, face it: You are powerless. You can't even get a sizable number of people to VOTE for something other than The Party, you really think that you have any chance to get a sizable number to get off their fat asses and away from their flatscreen TVs to overthrow the corrupt government? Please.

The main reason you still have that 2nd is that it is a great tool to get some votes because the other party (i.e. the other side of The Party) wants to take your guns away, so vote for us!

Yes, it's a propaganda elem

Re:

[Maritz]

Your bushmaster will really come in handy when a drone-launched hellfire missile is screeching towards your house. lol. If it's about defending yourselves from the government shouldn't you have, at a minimum, tanks? APCs? Something like that?

Re:

[beastofburdon]

And that is why we have gun control, so that it is much harder to oppose the government.

Re:

[wyHunter]

He's a lefty so that's not likely.

Re:

[Krishnoid]

I'll bet he gets maimed by one of his own munitions, then captured by guerilla forces, and has to wear an electromagnet in his chest to keep metal from entering his heart. Hopefully he learns from this and uses his knowledge for good instead of evil. You know, an ironic sort of punishment.

Re:

[Narcocide]

Aside from your cute reference to the plot of Ironman, this STILL HAS NOTHING TO DO WITH NETWORK SECURITY.

Re:

[RockDoctor]

you have to wonder about a large-scale gunrunner who knows that his guns are being used to kill civilians in some civil war.

What do you have to wonder about them? They're making a profit, aren't they? And that is their job.

Re:

[nbauman]

Selling arms to dictatorships is just one of those things we have to put up with in life.

http://sciencenordic.com/unite... [sciencenordic.com]
The United States arms most dictatorships
January 1, 2012 - 07:00

You'll have to come up with a better reason than that to shut down anonymous networks.

Like, "Because we want to control which dictatorships get arms."

If you want to be on an NSA watchlist...

[NoNonAlphaCharsHere]

...set up a Tor relay node. Easy peasy.

Re:

[Narcocide]

I hear that pretty much any VPN or other sort of tunneling or encrypted network traffic pretty much accomplishes the same thing. Probably just posting to discussions about this type of topic Slashdot does it too.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[wjcofkc]

Do I mod you up? Do I mod you down? Funny or Troll? Fuck it, I'll just post and admit that was my very first thought too.

Re:

[Anonymous Coward]

Oh we are on reddit now.

Re:

[Anonymous Coward]

Yeah ... it's important that women - particularly those in the public eye - match up to expectations on sexual attractiveness. Otherwise, how will guys know who to mate with?

Why can't people be even a little bit nice?

Re:

[R3d M3rcury]

Actually, I was thinking of Roger Daltry [pinimg.com].

Re:

[Opportunist]

Make it 5 and I'll fire up Photoshop.

Didn't the NSA already break Tor?

[JustNiz]

I'm fairly sure that I read somewhere quite a while back that Tor was already broken by one or other of the organs of the US government, and some people doing something illegal via Tor got caught and prosecuted. No?

Re:

[Iamthecheese]

No. I'm not saying it's not broken, I read a paper some years ago showing that Tor can be compromised by anyone owning 50% of the nodes. Using fast nodes can cut that percentage significantly. At the time there were, IIRC, 2400 total Tor nodes. So to say Tor wasn't compromised would be to say the US government didn't have the means and will to set up 1200 systems in various places as Tor nodes. I don't know how many nodes there are now but if it's not in the hundreds of thousands, I would bet my ass the who

Re:

[cavreader]

"The NSA does keep claiming to have broken Tor"
The NSA has never made such a claim and there is no evidence that TOR has been broken by the NSA or anyone else.

However, I wouldn't be surprised if the NSA could figure out how to compromise TOR since the government has been involved with the TOR project since it's inception. It was originally designed and built by the US Naval Research Laboratory. Their stated purpose at the time was to protect US intelligence communications. Onion routing was originally devel

Re:

[Maritz]

If the NSA broke Tor, they would not say that. They would be fucking encouraging people to use it if they'd broken it.

Re:

[gweihir]

It is not. Get your facts straight.

Re:

[JustNiz]

I may not be totally correct about Tor but at least I'm not an arrogant dick like you.

Re:

[gweihir]

You are clueless and shoot off your mouth and the person pointing it out is an "arrogant dick"? Are you campaigning for equal credibility for idiots and morons or what?

Re:

[KGIII]

Gotta be honest here... You're really being the dick in this situation. Read their post again. Note the question mark? Heaven forfend, someone try to learn something when we're always telling people that if they don't know they should ask and learn. (Or just directing them to the manual.) However, in all fairness, a number of articles have made it a bit confusing and one might believe that TOR has been broken. By all accounts, it hasn't so long as you remain on the .onion domains. Exiting the network might

Re:

[Maritz]

Sadly the general tone of Slashdot seems to lean in that direction.

Re:

[KGIII]

I won't argue but I will add that you're right, it's not uncommon. However, I've communicated with 'em before and they're usually not a dick. Even I'm a dick sometimes. Though, often it's my poor articulation that makes it seem like it was intentional but sometimes I'm still a dick. I suspect they were just grumpy or drunk. ;-)

Re:

[JustNiz]

>> You are clueless and shoot off your mouth
No, I simply asked a question.

>> and the person pointing it out is an "arrogant dick"?
exactly. See the way you did it, both originally and just then.

>> Are you campaigning for equal credibility for idiots and morons or what?
Thanks for just further confirming my assertion that you are, in fact, an arrogant dick.

Re:

[tlhIngan]

I'm fairly sure that I read somewhere quite a while back that Tor was already broken by one or other of the organs of the US government, and some people doing something illegal via Tor got caught and prosecuted. No?

Well, it's not Tor itself that's the problem it's poor OpSec that was the issue causing the identity of the site owner to leak out. And there's another one involving an Apache module that is configured to listen to requests from localhost by default, except that Tor dark sites do exactly that so

Re:

[MrNiceguy_KS]

In short, get everyone to use Tor and they'll be easily identifiable as they start using Facebook, social networking, as well as e-commerce and everything else.

I think the whole point of this exercise is to make Tor usage as widespread as possible. Right now, I'd imagine that Tor usage is an immediate red flag for further attention. But if you get millions of people using Tor for social networking, e-commerce, and other general, innocuous purposes, than it becomes just another security precaution, no more suspicious than having your phone PIN-locked.

This is partly the reason I make it a point to use Tor on a semi-regular basis myself.

Re:

[AHuxley]

Onion routing vs Tempora https://en.wikipedia.org/wiki/... [wikipedia.org] would show that in a nation every packet in and out can be reconciled.
The US gov origins and fronts for funding for onion routing to help US backed NGO's, spies, freedom groups, color revolutions.
https://pando.com/2014/07/16/t... [pando.com]
As for the NSA, GCHQ? Why would anything the US gov created be left out of their reach? Collect it all is the mission. A lot of nations globally have given or got asked or offered to share their entire telco systems a

Re:

[Anonymous Coward]

You don't want to know.

The work of angels?

[Daniel Matthews]

Angels are the, some times murderous, henchmen of the universal dictator. Biblical metaphors are never a good idea, except in sermons to people that welcome being preached at.

My problems with it.

[waspleg]

I'm a big advocate for TOR and what they try to do but there are some big obstacles.

* Speed sucks.
* There are no good search engines.
* Exit nodes are widely blocked and/or monitored.

I saw a good BBC documentary that explains TOR in laymen's terms https://www.youtube.com/watch?v=rZhmuGVSdaY [youtube.com] if anyone is interested.

Re:

[Anonymous Coward]

It sounds like you haven't used it in a while. It's gotten a lot better. Tor is really fast now and while sites blocking exit nodes is a problem it's probably more important that hidden service work be improved. There are ways to get around sites that block Tor for those who actually need to access public web sites over Tor. On the other hand the people who really need to remain anonymous in order to publish content have no such ability to protect themselves adequately against attack. It's the weak spot of

Re:

[AmiMoJo]

Speed is okay for general browsing, especially since you would normally have full ad-blocking enabled and scripts disabled. For searching, I presume you mean for hidden services because google works with Tor, and well... Maybe the reason most of those sites don't make themselves available for indexing by search engines is because they don't want to be found that way.

As for exit node monitoring, it's really only an issue for n00bs. Maybe the Tor Browser bundle should block non-HTTPS sites by default.

1/3 Image, 1/3 Society,1/3 Tech

[Voyager529]

Tor's issues with respect to going mainstream, in my opinion, are as follows:

1.) It's complicated. Yes, it can be streamlined, which is the goal, but even if it were, it's still inherently more complicated than "not using Tor".
2.) No need. "I'm just browsing Facebook and paying bills online...and if someone is really snooping that traffic, what difference does it make?"
3.) Location data is convenient. As much as I hate Google tracking me, I'd much prefer knowing about restaurants near me when I'm hungry, than ones in Malaysia.
4.) Many people's first encounters with Tor are the result of ransomware...which are usually a traumatic experience. That's not exactly great marketing.
5.) Tor slows down browsing significantly; adding additional users would exacerbate the issue.
6.) Even the "good guys" have questions about the utility of Tor (compromised exit nodes, honeypots, etc.)
7.) Tricky on mobile devices.

Honestly, I see Tor's problems having much less to do with technological problems than with sociological ones. For most people, Shari would have to establish a need for them to use Tor. I don't see her being effective in that - not because of who she is, but because of her audience.

Re:1/3 Image, 1/3 Society,1/3 Tech

[tnk1]

Tor is useful when you need it and really have no better choice, but its not going to be a mass solution. There's too many things you have to get right for it to work the way it is intended and not expose you to discovery.

And yes, it is slow. Painfully slow.

Another thing I consider when I look at encrypted or otherwise more purposely "secure" transmission methods is that if you're using them, you're now in a group of people that is passing more "interesting" traffic. Observers may or may not be able to read what you are saying, but they're a whole lot more interested in whatever it is you are saying, if you show that you're taking more than the usual precautions with it.

It also means that even if they can't see you, there are specific Tor .onion sites which are only a small subset of the Internet, and those sites can become infected with malware that talks back to the investigators, as it has been seen in the past. In that way, a Tor user may be more likely to get caught in the dragnet and investigated. And it doesn't have to be something like a Silk Road type of site either, although you're certainly a target if you look at one of those kind of sites.

So, when I hear of people trying to take this sort of thing mainstream, I can totally see why you'd want to do that. It makes it less likely that you're a higher priority surveillance target just for using it.

Unfortunately, most people have to have a good reason to be inconvenienced in this manner during normal transmission of data because they just want to send a message or look at a site and don't care who knows where they browse. We'll need something a lot more user friendly (and more secure) than Tor for that sort of adoption.

Re:

[Snotnose]

5.) Tor slows down browsing significantly; adding additional users would exacerbate the issue.

This. I've tried to use Tor several times over the last 10 years, it's always been so slow I gave up on it before getting 3-4 pages.

Re:

[Anonymous Coward]

1) My grandmother thought the VCR was complicated
2) "what difference does it make?" Is that you Hillary? (It makes a lot of difference, I'll spare you the details)
3) Having the restaurants location data and knowing where it is in relationship to yourself is convenient. ____, inc recording and storing the details of your location is the problem
4) In my life, sadly of which too much is spent online, I have never encountered 'Tor ransomware'. But maybe this is a reality for some?
5) My understanding of Tor is l

Re:

[Voyager529]

1) My grandmother thought the VCR was complicated

Yes, there will always be those who cannot adapt. However, the problem attempting to be solved is that there is a majority of people for whom Tor is prohibitively complicated.

2) "what difference does it make?" Is that you Hillary? (It makes a lot of difference, I'll spare you the details)

No, it's not Hillary. I too know it makes a difference. The problem is that the perception of the implications for most people is that they are trivial. Hence, why this is a social issue as much as a technological one.

3) Having the restaurants location data and knowing where it is in relationship to yourself is convenient. ____, inc recording and storing the details of your location is the problem

Yes, but Tor doesn't solve this problem. Running a Google search through Tor will show me restaurants near the exit nod

Re:

[AmiMoJo]

I think perhaps you misunderstand the goal of Tor. It's not really aiming to be the default way people browse the web. We should concentrate on other technologies for that, like making sure everywhere uses HTTPS properly.

Tor is ideal for low bandwidth stuff like messaging and browsing simple but important web sites. It's useful when you need to communicate privately and securely, even if it isn't always perfect. So there are two important points here:

1. Even if it isn't always used perfectly, it still preve

Re:

[account_deleted]

Comment removed based on user account deletion

Corporate TOR sponsorship

[Anomalyst]

They need to petition large/multinational corporations like BK, MickyD, Pepsico, Walmart, etc to install tor exit nodes at all their retail locations and make available something like an all inclusive raspberry PI package with a rolling distro configured to auto-update to keep it secure. Maybe with a bitcoin full node as well. Call it a the Raspberry Freedom with the audio catch phrase "PHHHHHHHT" raspberry sound (distinctly discernible from the farting apps constituting so much of whats available for apple

Comment

[WallyL]

So unrelated to the story specifically, but this is a discussion about a woman in technology who actually does stuff? She's not complaining about SJW issues; she's out there fighting the fight with us-- for us! So for once, we can relax and not have a big feminism discussion just because a woman is doing something tech-wise.

Thank you, Shari.

Tor's problem is not hidden services

[Keybounce]

Tor's problem is not hidden services.

Tor's problems:
1. Speed sucks. Since *ANY* node can be used in the pathway, your speed is limited to the upload speed of the slowest node you are using. Since you have no control by default over which nodes are used, you cannot prevent this.

Scarily, when I was playing/using Tor, the best results came from limiting my usage to only half a dozen nodes. Never mind the goal of security here.

The work-around: Use an IP-like system, where your stream is sent over many links, an

That's not my department, said Werner von Braun

[mcswell]

From the OP: "We're not creating this for [illegal activity]. And OK, maybe it's being used for that, but that's not what we're about!"

https://www.youtube.com/watch?... [youtube.com]