1 00:00:00,042 --> 00:00:02,042 RUNA SANDVIK: Hi, everyone. 2 00:00:02,542 --> 00:00:05,125 I would like to have a show of hands. 3 00:00:05,125 --> 00:00:07,751 How many of you have heard about or used Tor. 4 00:00:09,542 --> 00:00:10,999 (laughter). 5 00:00:12,751 --> 00:00:14,999 How many of you run a relay? 6 00:00:17,250 --> 00:00:18,459 (applause). 7 00:00:23,709 --> 00:00:27,250 So my talk is about the safety of the Tor network. 8 00:00:37,334 --> 00:00:39,626 My name is Runa Sandvik. 9 00:00:48,042 --> 00:00:53,876 We have contractors working full time and on tour on other projects. 10 00:00:54,167 --> 00:00:56,167 We have volunteers all over the world. 11 00:00:56,167 --> 00:00:59,834 We're also hiring, if anyone is looking for a job, come see me after. 12 00:01:00,626 --> 00:01:03,876 The goal of Tor is to express free speech 13 00:01:03,876 --> 00:01:06,209 and privacy online. 14 00:01:15,459 --> 00:01:21,167 We've met with activists, survivors of domestic abuse, so we do a lot 15 00:01:21,167 --> 00:01:26,792 more than just developing this tiny piece of software. 16 00:01:28,083 --> 00:01:32,959 So sort of like the background for my talk, over the past two years I've 17 00:01:32,959 --> 00:01:36,417 had an opportunity to travel a the lot. 18 00:01:36,584 --> 00:01:45,375 I met with activists in Beirut, journalists in Istanbul, students in DC. 19 00:01:45,999 --> 00:01:49,999 A lot of them have questions about Tor and the Tor network. 20 00:01:49,999 --> 00:01:52,959 How safe is the Tor network? 21 00:01:53,083 --> 00:01:54,999 Who are the real operators? 22 00:01:55,083 --> 00:01:57,083 What about malicious relays? 23 00:01:57,334 --> 00:01:59,876 How much network diversity is there? 24 00:02:00,083 --> 00:02:03,751 And what about the CIA, NSA, Prism, and so on. 25 00:02:03,751 --> 00:02:07,417 So I want to just comment on one straight off. 26 00:02:07,417 --> 00:02:10,250 CIA was does not run Tor. 27 00:02:10,626 --> 00:02:13,292 Tor is not a CIA honeypot. 28 00:02:13,834 --> 00:02:16,999 Tor was originally developed by the U.S. 29 00:02:16,999 --> 00:02:17,999 naval research lab. 30 00:02:18,083 --> 00:02:19,999 That was before 2000. 31 00:02:19,999 --> 00:02:23,999 Since 2002 Tor has been completely free and open source and developed 32 00:02:23,999 --> 00:02:26,167 by the Tor Project. 33 00:02:27,999 --> 00:02:30,792 So before we start kind of go deeper into these topics, 34 00:02:30,792 --> 00:02:32,999 I'll kind of start with a quick introduction 35 00:02:32,999 --> 00:02:34,999 into onion routing. 36 00:02:37,209 --> 00:02:41,083 You can run Tor as a relay or run Tor as a client. 37 00:02:41,292 --> 00:02:46,501 When you run as a relay, you set it up on a computer or a raspberry pie 38 00:02:46,501 --> 00:02:51,918 or whatever it is, and you can decide to run it as an exit relay or 39 00:02:51,918 --> 00:02:54,083 a nonexit relay. 40 00:02:54,083 --> 00:02:56,334 So you can decide whether or not you want Tor users 41 00:02:56,334 --> 00:03:00,167 to exit onto the public Internet from your computer. 42 00:03:00,709 --> 00:03:05,334 In the case you're not running an exit, you'll be calling what's called a nonexit. 43 00:03:05,375 --> 00:03:08,999 That nonexit could also be what's called a guard relay, which 44 00:03:08,999 --> 00:03:12,250 is the first server that users connect to. 45 00:03:12,999 --> 00:03:17,959 So running Tor as a client, you download it onto the computer, 46 00:03:17,959 --> 00:03:23,417 open it up, and your Tor client will then, first off, download the list, 47 00:03:23,417 --> 00:03:25,542 the consensus. 48 00:03:25,542 --> 00:03:28,667 Download the list of all the relays in the network. 49 00:03:28,959 --> 00:03:35,876 And out of those roughly 4,000 relays right now, it will pick three guard relays. 50 00:03:35,999 --> 00:03:38,999 For the next two to three months, it will only choose 51 00:03:38,999 --> 00:03:43,083 between those three when it chooses the first hop. 52 00:03:43,501 --> 00:03:46,999 So after choosing that guard relay, it will choose the middle relay and 53 00:03:46,999 --> 00:03:48,834 the exit relay. 54 00:03:48,959 --> 00:03:51,542 After that, Tor will set up a connection 55 00:03:51,542 --> 00:03:55,125 between your computer and the guard relay and negotiate 56 00:03:55,125 --> 00:03:57,999 a short term session key. 57 00:03:58,083 --> 00:04:00,334 It will then connect through the first server 58 00:04:00,334 --> 00:04:04,375 to the second server and negotiate a second short term key and it 59 00:04:04,375 --> 00:04:07,667 will do the same for the exit relay. 60 00:04:07,667 --> 00:04:10,375 When the whole circuit, the connection from you 61 00:04:10,375 --> 00:04:14,834 to the last from you to the destination website is set up, 62 00:04:14,834 --> 00:04:20,417 the data you sent, for example, I want to visit Twitter.com will be wrapped 63 00:04:20,417 --> 00:04:23,375 in three different layers. 64 00:04:23,834 --> 00:04:25,959 You sent the packet from your computer 65 00:04:25,959 --> 00:04:29,083 to the guard relay and the guard relay will peel 66 00:04:29,083 --> 00:04:33,459 off that third outermost layer and say the packet came from you 67 00:04:33,459 --> 00:04:36,834 and going to somebody else in Tor. 68 00:04:37,083 --> 00:04:39,083 So they'll send the data off, send this blob of data 69 00:04:39,083 --> 00:04:41,167 off to the second relay. 70 00:04:41,375 --> 00:04:43,459 Second relay will peel off that second layer, see that 71 00:04:43,459 --> 00:04:46,250 the packet came from somewhere in Tor. 72 00:04:46,250 --> 00:04:49,417 It's going to somewhere in Tor, but that's all it knows. 73 00:04:49,626 --> 00:04:53,999 So we send it off to the third exit relay, the third relay the exit relay, which 74 00:04:53,999 --> 00:04:58,584 will peel off that final layer, see that it will go to Twitter.com. 75 00:04:59,584 --> 00:05:02,918 In this model there is no single hop that 76 00:05:02,918 --> 00:05:06,709 will see what you are doing online. 77 00:05:06,999 --> 00:05:11,999 Now, the challenge here is if someone, the same person, owns 78 00:05:11,999 --> 00:05:17,375 the guard relay and the exit relay, that person can see what you're 79 00:05:17,375 --> 00:05:19,459 doing online. 80 00:05:19,459 --> 00:05:22,792 That person can see that you are using Tor to visit Twitter.com. 81 00:05:23,459 --> 00:05:26,999 Another issue is the exit relay. 82 00:05:26,999 --> 00:05:32,876 The exit relay operator can look at any traffic going from her relay 83 00:05:32,876 --> 00:05:35,999 to the public Internet. 84 00:05:36,083 --> 00:05:38,209 I'll get back to that later on. 85 00:05:38,999 --> 00:05:43,459 So at the moment there's roughly 4,000 relays 86 00:05:43,459 --> 00:05:48,375 in the Tor network pushing around 2,500 megabytes 87 00:05:48,375 --> 00:05:51,667 a second in aggregate. 88 00:05:51,999 --> 00:05:56,667 And you would think that 4,000 relays, we have 600,000 daily users. 89 00:05:56,667 --> 00:06:02,751 You think 4,000 relays is a good number if you look 90 00:06:02,751 --> 00:06:12,792 at this graph, out of 1,000 are exit relays and only 1,000 are guard relays. 91 00:06:12,918 --> 00:06:16,626 So when your Tor client is trying to choose which servers 92 00:06:16,626 --> 00:06:20,375 to send traffic through, it only has 1,000 or less options 93 00:06:20,375 --> 00:06:23,834 for the first hop and the third hop. 94 00:06:26,375 --> 00:06:30,167 I figured a lot of you will probably want to know 95 00:06:30,167 --> 00:06:34,999 about how Prism or other spying programs factor. 96 00:06:34,999 --> 00:06:39,959 And Tor was originally designed to protect government 97 00:06:39,959 --> 00:06:45,417 communications, to hide where you are and who you're 98 00:06:45,417 --> 00:06:47,667 talking to. 99 00:06:47,918 --> 00:06:50,417 So Tor can't hide the fact that you're talking, 100 00:06:50,417 --> 00:06:54,501 how much you're talking or when you're talking. 101 00:06:54,834 --> 00:06:56,999 What Tor can give you location anonymity. 102 00:06:57,250 --> 00:06:59,501 If you're here at DEF CON and you're using Tor 103 00:06:59,501 --> 00:07:01,834 to connect to Twitter. 104 00:07:01,918 --> 00:07:02,999 Twitter will see you're the one logging 105 00:07:02,999 --> 00:07:04,999 on because you have a user name and password, 106 00:07:04,999 --> 00:07:07,584 but they won't know that you're here. 107 00:07:08,999 --> 00:07:11,709 Like I mentioned, if the same person owns 108 00:07:11,709 --> 00:07:17,459 the guard relay and the exit relay, they can see what you are doing online. 109 00:07:17,918 --> 00:07:21,125 And recently it's sort of, you know, after Snowden leaked 110 00:07:21,125 --> 00:07:26,209 all of these documents we learned that there are countries working together 111 00:07:26,209 --> 00:07:28,999 on other spying programs. 112 00:07:29,125 --> 00:07:32,125 So now the issue the concern is not so much who is running 113 00:07:32,125 --> 00:07:34,999 the relays, but who owns the links? 114 00:07:35,083 --> 00:07:36,751 Who controls the AS's? 115 00:07:36,751 --> 00:07:38,999 Who controls the Internet exchange points? 116 00:07:39,292 --> 00:07:42,751 It's not necessarily about the relays. 117 00:07:42,999 --> 00:07:46,083 So this kind of all fits into whether or not we should, 118 00:07:46,083 --> 00:07:50,125 you know, consider different threats, if we should reconsider 119 00:07:50,125 --> 00:07:52,999 the threat model for Tor. 120 00:07:54,459 --> 00:07:59,751 This is a paper that is that it will be published later this year that 121 00:07:59,751 --> 00:08:02,083 a group at the U.S. 122 00:08:02,083 --> 00:08:03,626 Naval research lab worked on. 123 00:08:03,834 --> 00:08:06,083 It's called The Users Get Routed, Traffic Correlation 124 00:08:06,083 --> 00:08:08,667 by Tor Realistic Adversaries. 125 00:08:08,999 --> 00:08:11,459 They took for the way it works right now 126 00:08:11,459 --> 00:08:15,083 and looked at what happens if you're sending your 127 00:08:15,083 --> 00:08:18,292 at that time through relays that it happened 128 00:08:18,292 --> 00:08:22,334 to be controlled by the same entity, by the same AS, or 129 00:08:22,334 --> 00:08:27,542 in similar Internet exchange points or by countries that are now known 130 00:08:27,542 --> 00:08:31,999 to work together on different spying programs. 131 00:08:33,959 --> 00:08:37,125 We are sort of considering how we can 132 00:08:37,125 --> 00:08:39,417 approach this. 133 00:08:39,417 --> 00:08:42,083 We're sort of trying to figure out if changing 134 00:08:42,083 --> 00:08:47,083 the way Tor selects relays is something that we should actually do 135 00:08:47,083 --> 00:08:50,999 or if users are safer now than if we were to choose 136 00:08:50,999 --> 00:08:53,751 a different algorithm. 137 00:09:12,417 --> 00:09:14,709 This one is from Compass.TorProject.org. 138 00:09:22,375 --> 00:09:26,083 It shows your exit relay and your middle relay. 139 00:09:27,250 --> 00:09:33,709 There is a 25% chance your first server will be in the U.S. 140 00:09:33,918 --> 00:09:37,751 There's a 23% chance your middle he server will be in the U.S. 141 00:09:37,792 --> 00:09:41,792 and a 30% chance you will exit in the U.S. 142 00:09:42,834 --> 00:09:45,542 Below that there is a 29% chance you will enter 143 00:09:45,542 --> 00:09:49,125 in Germany, that your middle relay will be in Germany, but only 144 00:09:49,125 --> 00:09:52,334 a 6% chance you will exit in Germany. 145 00:09:52,334 --> 00:09:57,834 On the top of the list is U.S., Germany, Netherlands, France, Sweden. 146 00:09:58,542 --> 00:10:02,792 So we have 4,000 relays and 150 different countries. 147 00:10:03,167 --> 00:10:06,167 But Tor will look at the relays that are offering 148 00:10:06,167 --> 00:10:11,250 the most bandwidth when choosing which relays to use for its path. 149 00:10:11,250 --> 00:10:12,999 It doesn't look at the countries. 150 00:10:12,999 --> 00:10:14,542 It looks at the bandwidth. 151 00:10:18,334 --> 00:10:21,999 That means that we may not actually have as much diversity 152 00:10:21,999 --> 00:10:24,999 as we would like to, because all the relays are 153 00:10:24,999 --> 00:10:27,792 in countries like the U.S. 154 00:10:27,792 --> 00:10:33,250 and Germany where bandwidth is free and where hosting providers are 155 00:10:33,250 --> 00:10:38,250 actually happy with us setting up relays. 156 00:10:39,626 --> 00:10:43,250 So I wanted to figure out who the relay operators are. 157 00:10:44,667 --> 00:10:46,999 Has the NSA ever set up. 158 00:10:49,000 --> 00:10:51,999 All the data, all consensus documents that has been 159 00:10:51,999 --> 00:10:55,959 generated since 2007 is all on matrix.TorProject.org. 160 00:10:58,125 --> 00:11:02,125 Who owns the IP addresses for all of these relays? 161 00:11:05,918 --> 00:11:09,959 I did not find any government entities running relays. 162 00:11:09,999 --> 00:11:17,876 That means one, we're not data centers, but also maybe they're not running 163 00:11:17,876 --> 00:11:20,334 relays at all. 164 00:11:20,584 --> 00:11:23,292 We know about all the spying programs. 165 00:11:23,292 --> 00:11:27,250 We know they have access to links to Internet exchange points. 166 00:11:27,501 --> 00:11:30,167 They have connections all over the world. 167 00:11:30,334 --> 00:11:34,667 Why would they need to run relay wouldn't necessarily have 168 00:11:34,667 --> 00:11:36,709 to run relays. 169 00:11:42,083 --> 00:11:48,999 A couple of interesting relays that did pop up was TBRAG. 170 00:11:51,626 --> 00:11:57,542 If you're on our mailing list, you would see this name pop up. 171 00:12:02,209 --> 00:12:06,999 TBRAG was the nickname of a few Tor relays that were running 172 00:12:06,999 --> 00:12:08,999 inside China. 173 00:12:09,709 --> 00:12:12,584 We're running as Tor exit relays in China. 174 00:12:15,292 --> 00:12:20,417 20,000 different IP addresses associated with it. 175 00:12:20,751 --> 00:12:23,709 Now, I don't know who inside China would have access 176 00:12:23,709 --> 00:12:28,542 to be able to set up a Tor exit relay, and two, have 20,000 IP addresses 177 00:12:28,542 --> 00:12:33,083 in a year, my guesses is government, university maybe. 178 00:12:33,083 --> 00:12:34,999 But we don't know. 179 00:12:34,999 --> 00:12:38,876 We never actually caught this relay doing anything malicious. 180 00:12:39,209 --> 00:12:42,083 After a year, it sort of just fell off the grid and we haven't seen 181 00:12:42,083 --> 00:12:43,584 it since. 182 00:12:44,834 --> 00:12:49,417 A couple years later Trotsky popped up. 183 00:12:49,417 --> 00:12:53,250 It was the name of a number of a couple thousand relays 184 00:12:53,250 --> 00:12:59,999 in eastern Europe, all running on sort of dial up or at least offering very, very, 185 00:12:59,999 --> 00:13:03,250 very little bandwidth to Tor. 186 00:13:03,626 --> 00:13:08,083 So there was it wasn't an exit. 187 00:13:08,083 --> 00:13:14,083 There was no contact information given as to who were the real operators. 188 00:13:14,999 --> 00:13:17,834 At that point we decided to take it out of the consensus 189 00:13:17,834 --> 00:13:20,876 because we believed it might be a botnet. 190 00:13:21,334 --> 00:13:24,999 We haven't really been able to figure out whether it was a botnet, 191 00:13:24,999 --> 00:13:29,501 but we only saw Trotsky for two or three weeks and that was it. 192 00:13:30,334 --> 00:13:34,918 When I say take out of the consensus, we have a way, and I'll get back 193 00:13:34,918 --> 00:13:37,999 to that later, to when we see that there are relays 194 00:13:37,999 --> 00:13:40,584 misbehaving, we have a way to mark them 195 00:13:40,584 --> 00:13:44,584 as bad and then take them out of the consensus. 196 00:13:44,584 --> 00:13:51,083 When a client is down the list of the Tor relays, 197 00:13:51,083 --> 00:13:58,999 it does not choose bad exits for its circuit. 198 00:13:59,999 --> 00:14:03,876 So Orbot is the Tor for Android. 199 00:14:04,250 --> 00:14:08,459 So you can run Tor as a client on your tablet and you can browse 200 00:14:08,459 --> 00:14:10,167 through Tor. 201 00:14:10,501 --> 00:14:13,999 You can also run as a relay on your air service. 202 00:14:13,999 --> 00:14:18,083 I saw a number of nicknames with the Orbot nickname popping 203 00:14:18,083 --> 00:14:20,999 up in the Middle East. 204 00:14:20,999 --> 00:14:24,959 There were a lot of users with normal phones, smart phones. 205 00:14:24,999 --> 00:14:28,792 Apparently a lot of them set up relays a couple years ago as well. 206 00:14:29,250 --> 00:14:32,375 So there are a lot of different groups sort 207 00:14:32,375 --> 00:14:37,999 of running relays there are those who run relays on a raspberry pie there are 208 00:14:37,999 --> 00:14:43,584 those that try and run bigger groups in the case of Orbot or Trotsky that may 209 00:14:43,584 --> 00:14:46,250 or may not be malicious. 210 00:14:46,751 --> 00:14:50,375 Then there is the groups that are sort of supporting the Tor network 211 00:14:50,375 --> 00:14:54,626 in a completely different way and in a very, very good way. 212 00:14:59,626 --> 00:15:04,542 Torservers.net is a German nonprofit whose only goal 213 00:15:04,542 --> 00:15:08,918 is to increase network diversities. 214 00:15:09,083 --> 00:15:15,375 They will take donations and spend that money on relays for the Tor network, 215 00:15:15,375 --> 00:15:21,792 primarily Tor exit relays, which is when you saw the list of, you know, 216 00:15:21,792 --> 00:15:27,083 there's a 23% chance that you'll exit in the U.S. 217 00:15:27,083 --> 00:15:29,083 or in the Netherlands, most of those relays actually belong 218 00:15:29,083 --> 00:15:30,999 to Torservers.net. 219 00:15:32,999 --> 00:15:37,083 So when you're use it go Tor, you are more likely to end 220 00:15:37,083 --> 00:15:40,626 up using a relay owned by Torservers.net or one 221 00:15:40,626 --> 00:15:46,083 of the other groups that I'll show, because they're running so many relays 222 00:15:46,083 --> 00:15:50,667 and because they're offering so much bandwidth. 223 00:15:50,792 --> 00:15:53,999 You're more likely to use relays that are run 224 00:15:53,999 --> 00:15:59,501 by people that we trust rather than some random guy in, I don't know, 225 00:15:59,501 --> 00:16:02,083 the UK, for example. 226 00:16:03,083 --> 00:16:08,542 They also run relays offering a lot of bandwidth, if you create 227 00:16:08,542 --> 00:16:13,334 a list looking at which relays offer the most bandwidth, 228 00:16:13,334 --> 00:16:18,083 the Computer Club would come up as Number 2. 229 00:16:21,792 --> 00:16:23,083 (applause). 230 00:16:26,751 --> 00:16:30,999 Another group is BFRI in Sweden. 231 00:16:32,999 --> 00:16:37,083 I don't think they have nonprofit yet, but they managed 232 00:16:37,083 --> 00:16:40,250 to get everything together and they're able 233 00:16:40,250 --> 00:16:44,999 to accept donations and put the money towards actually running 234 00:16:44,999 --> 00:16:47,584 high bandwidth relays. 235 00:16:47,999 --> 00:16:50,584 Noistour out of San Francisco. 236 00:16:50,999 --> 00:16:52,999 They will also take donations. 237 00:16:54,292 --> 00:16:57,209 They will also take donations in Bitpoint. 238 00:16:57,501 --> 00:16:59,834 If you can't run a relay, maybe you can donate 239 00:16:59,834 --> 00:17:02,999 to someone who can actually set it up for you. 240 00:17:05,250 --> 00:17:18,292 So malicious relays: There are, I guess, three groups of malicious relays. 241 00:17:18,292 --> 00:17:21,542 The first one is malicious, but not intentional, 242 00:17:21,542 --> 00:17:26,417 meaning that someone set up an exit relay and they have, 243 00:17:26,417 --> 00:17:30,792 you know, open DNS or they have an antivirus that 244 00:17:30,792 --> 00:17:33,999 is blocking certain sites. 245 00:17:34,083 --> 00:17:37,542 While they may feel safe using that, having gone 246 00:17:37,542 --> 00:17:42,375 on a Tor exit relay means that users Tor users will also sort of end 247 00:17:42,375 --> 00:17:45,083 up with the same filter. 248 00:17:45,083 --> 00:17:48,375 So if they can't visit Google.com, then any Tor user will be unable 249 00:17:48,375 --> 00:17:50,626 to visit Google.com. 250 00:17:52,542 --> 00:17:57,083 In those cases we try to contact the relay operators. 251 00:17:57,209 --> 00:18:00,501 And when you are setting up a Tor relay you can sort of put 252 00:18:00,501 --> 00:18:04,792 in your contact information if you want, and if something is wrong, 253 00:18:04,792 --> 00:18:07,417 we know how to contact you. 254 00:18:09,209 --> 00:18:13,999 So we contact these relay operators and ask what's going on and see 255 00:18:13,999 --> 00:18:19,959 if maybe they can just reconfigure their computer to not sensor users. 256 00:18:19,959 --> 00:18:23,083 The second category is straight-up malicious, 257 00:18:23,083 --> 00:18:27,709 those that try and strip off SSL or do some other sort of man 258 00:18:27,709 --> 00:18:29,959 in the middling. 259 00:18:38,250 --> 00:18:41,584 We try to contact when there is contact information given, 260 00:18:41,584 --> 00:18:44,626 but if they're found to actually be just malicious and 261 00:18:44,626 --> 00:18:49,834 they don't have contact information, we'll just take them out of the list. 262 00:18:49,999 --> 00:18:53,292 The third category is passive, sort of more malicious, 263 00:18:53,292 --> 00:18:56,626 but not necessarily detectable. 264 00:18:56,876 --> 00:18:58,792 They may be logging. 265 00:18:58,999 --> 00:19:05,667 I mention when you are using Tor, traffic from you to the exit relay 266 00:19:05,667 --> 00:19:10,292 is visible to the exit relay operator. 267 00:19:10,334 --> 00:19:12,999 It means that the exit relay operator can see what 268 00:19:12,999 --> 00:19:15,125 people are doing online. 269 00:19:15,125 --> 00:19:16,999 They won't know necessarily who is doing what, 270 00:19:16,999 --> 00:19:21,876 but they'll see what people are doing, what websites people are visiting. 271 00:19:21,876 --> 00:19:25,584 In some cases people set up exit relays just to log 272 00:19:25,584 --> 00:19:28,292 all of this information. 273 00:19:28,834 --> 00:19:31,667 That is not something that we can actually at the text. 274 00:19:31,667 --> 00:19:32,667 That is a risk. 275 00:19:32,667 --> 00:19:37,501 Just a risk to be aware of, but I would say that it's probably safer 276 00:19:37,501 --> 00:19:41,125 to use Tor than not these days. 277 00:19:43,250 --> 00:19:47,876 So a question I often get is how bad can it get? 278 00:19:47,918 --> 00:19:50,501 You know, you're using Tor, you have to head 279 00:19:50,501 --> 00:19:54,459 up on a malicious exit relay, how bad can it get? 280 00:19:54,999 --> 00:19:57,501 My answer is that it depends. 281 00:19:57,501 --> 00:19:59,209 I know that's usually an answer that you would hear 282 00:19:59,209 --> 00:20:01,125 from a lawyer, but it really does agenda 283 00:20:01,125 --> 00:20:03,999 on what you're doing and for how long you're to go it and 284 00:20:03,999 --> 00:20:06,999 whether or not you're actually logging on. 285 00:20:07,250 --> 00:20:10,417 Say you're using Tor to access Twitter. 286 00:20:10,417 --> 00:20:12,584 You go to Twitter.com and your browser gives you 287 00:20:12,584 --> 00:20:15,501 a warning about a fake certificate. 288 00:20:17,125 --> 00:20:20,292 Now, if you choose to accept that certificate and log on, 289 00:20:20,292 --> 00:20:23,542 you're giving your adversary, your attacker, your user name 290 00:20:23,542 --> 00:20:26,501 and your password and you have lost. 291 00:20:26,834 --> 00:20:30,999 That is true whether you're using Tor or not. 292 00:20:32,417 --> 00:20:37,167 In the other case, if the person is just logging traffic and you're not 293 00:20:37,167 --> 00:20:40,918 logging in anywhere, and you're not communicating any 294 00:20:40,918 --> 00:20:45,918 sensitive information, that person will just get lots of random data, lots 295 00:20:45,918 --> 00:20:49,918 of websites like you're visiting, but not necessarily a way 296 00:20:49,918 --> 00:20:52,459 to tie that back to you. 297 00:20:54,000 --> 00:20:58,209 Another thing to note is Tor, when creating those circuits, 298 00:20:58,209 --> 00:21:02,167 when choosing those three relays and using them to visit 299 00:21:02,167 --> 00:21:06,918 all the websites that you're visiting, Tor will choose a new path 300 00:21:06,918 --> 00:21:10,250 for your traffic every ten minutes. 301 00:21:10,999 --> 00:21:13,999 So if you're visiting Twitter and you spend, I don't know, 302 00:21:13,999 --> 00:21:15,999 20 minutes on Twitter and you open a new tab 303 00:21:15,999 --> 00:21:19,834 in your browser, Tor will create a new circuit for you. 304 00:21:19,959 --> 00:21:22,417 Whenever Twitter has to open a new TCP connection to pull 305 00:21:22,417 --> 00:21:26,334 in new content, Tor will open a new connection for you. 306 00:21:27,999 --> 00:21:30,167 I don't know how to best answer this question how bad 307 00:21:30,167 --> 00:21:31,999 can it get, because it really does depend 308 00:21:31,999 --> 00:21:33,876 on what you're doing. 309 00:21:33,876 --> 00:21:36,751 I think in a lot of cases it's probably better 310 00:21:36,751 --> 00:21:40,375 to use Tor than to not to use Tor. 311 00:21:40,375 --> 00:21:43,209 And the threats to Tor are pretty similar to using 312 00:21:43,209 --> 00:21:47,834 the open wireless network at Starbucks or elsewhere. 313 00:21:49,999 --> 00:21:52,918 So we have a couple of different tools for sort 314 00:21:52,918 --> 00:21:55,959 of finding these malicious relays. 315 00:21:55,999 --> 00:21:59,999 The first one is called the consensus tracker, 316 00:21:59,999 --> 00:22:05,292 which we created somewhere between the time we saw TPRAG crop 317 00:22:05,292 --> 00:22:07,667 up and Trotzky. 318 00:22:08,083 --> 00:22:14,999 It is a script that every hour it will look at the list of relays are new, 319 00:22:14,999 --> 00:22:19,584 which relays just joined the network. 320 00:22:20,083 --> 00:22:22,125 Send us an e mail. 321 00:22:22,125 --> 00:22:25,999 Anyone can look at the list of new relays joining the network. 322 00:22:26,918 --> 00:22:33,459 So the information we get is sort of the IP address, the port, which ports, 323 00:22:33,459 --> 00:22:39,999 if it allows exit to, content information if that has been set. 324 00:22:39,999 --> 00:22:42,459 Just sort of basic info. 325 00:22:42,999 --> 00:22:45,375 It doesn't really check for maliciousness, 326 00:22:45,375 --> 00:22:49,083 but if we suddenly have, like, 1,000 relays pop up in Syria; it's 327 00:22:49,083 --> 00:22:53,125 at least something we can monitor and keep an eye on. 328 00:22:57,083 --> 00:23:00,999 We created Snakes on a Tour, TOAT. 329 00:23:06,083 --> 00:23:12,792 It will allow you to check for SSL certificates or any sort 330 00:23:12,792 --> 00:23:18,667 of tampering with DNS, any other types of sensor ship 331 00:23:18,667 --> 00:23:26,250 and it was written in python, so it is no longer maintained. 332 00:23:30,250 --> 00:23:34,083 We have been working on the open observatory 333 00:23:34,083 --> 00:23:36,999 for network nervous. 334 00:23:40,626 --> 00:23:44,167 It will check for censorship essentially. 335 00:23:44,959 --> 00:23:48,999 Hopefully, in six months or so, you know I probe will able 336 00:23:48,999 --> 00:23:53,999 to do what SOAT once good so we can actively check for malicious relays 337 00:23:53,999 --> 00:23:56,584 or misbehaving relays. 338 00:23:57,918 --> 00:24:01,834 The Tor we have is SSL checker. 339 00:24:05,334 --> 00:24:10,834 It will take the list of exit relays and a list of URL's that you have given 340 00:24:10,834 --> 00:24:15,709 it, say Twitter and Gmail.com, and it will connect to the exit relays 341 00:24:15,709 --> 00:24:19,999 and download the SSL certificate and then it will do the same 342 00:24:19,999 --> 00:24:23,292 over non Tor and compare the two. 343 00:24:23,834 --> 00:24:26,375 If there is a difference, it will give you a warning. 344 00:24:34,459 --> 00:24:38,999 To be able to check for other malicious behavior 345 00:24:38,999 --> 00:24:46,417 in the future, we hope, so there's, like, three I guess three topics that I sort 346 00:24:46,417 --> 00:24:50,334 of wanted to touch on that I hope that you 347 00:24:50,334 --> 00:24:53,876 will leave this talk with. 348 00:24:54,918 --> 00:24:57,918 One: I want you to use Tor. 349 00:24:57,918 --> 00:25:00,542 It seemed like a lot of people were already using Tor. 350 00:25:00,542 --> 00:25:02,876 In the case that you're not, please to. 351 00:25:03,083 --> 00:25:05,999 We already see that anonymity loves company. 352 00:25:05,999 --> 00:25:08,584 The more people that use Tor, the better off you are. 353 00:25:09,542 --> 00:25:12,459 If you're the only person at DEF CON using Tor, you sort 354 00:25:12,459 --> 00:25:14,083 of stand out. 355 00:25:14,083 --> 00:25:16,334 If you're one out of 12,000 people using Tor, 356 00:25:16,334 --> 00:25:18,375 the better off. 357 00:25:24,334 --> 00:25:26,876 Not a lot of people run relays. 358 00:25:27,125 --> 00:25:29,792 I'm not sure why, if it's lack of bandwidth, 359 00:25:29,792 --> 00:25:34,876 if you just don't know how, if you're worried you'll be an exit relay. 360 00:25:36,501 --> 00:25:41,459 But no matter what the reason is, you can always fund a fast relay. 361 00:25:41,459 --> 00:25:46,959 Funding Tor servers.net We're back. 362 00:25:48,209 --> 00:25:50,125 I think you know the routine. 363 00:25:50,125 --> 00:26:00,209 What are we gonna do now? 364 00:26:00,209 --> 00:26:01,209 (applause). 365 00:26:01,209 --> 00:26:02,209 That mic is dead. 366 00:26:02,209 --> 00:26:03,918 RUNA SANDVIK: I have the mic. 367 00:26:04,167 --> 00:26:06,999 Can I just get really close, then? 368 00:26:06,999 --> 00:26:08,999 RUNA SANDVIK: No. 369 00:26:09,083 --> 00:26:12,999 Just talk really loud. 370 00:26:12,999 --> 00:26:13,999 (laughter). 371 00:26:13,999 --> 00:26:21,417 What are we gonna do? 372 00:26:21,417 --> 00:26:22,751 You all know the routine. 373 00:26:22,751 --> 00:26:24,501 Do we have any first time attendees? 374 00:26:25,083 --> 00:26:26,667 Here. 375 00:26:26,667 --> 00:26:28,709 You, sir, come up. 376 00:26:28,999 --> 00:26:35,459 Your fiancé is here? 377 00:26:35,459 --> 00:26:48,083 Did you want him to come up? 378 00:26:48,083 --> 00:26:49,125 RUNA SANDVIK: No. 379 00:26:49,125 --> 00:26:50,125 SSL certificate. 380 00:26:50,125 --> 00:26:51,125 (laughter). 381 00:26:51,125 --> 00:26:52,125 All right. 382 00:26:52,125 --> 00:26:54,999 To our first time speaker and our first time attendee. 383 00:26:55,667 --> 00:26:56,999 (applause). 384 00:27:00,999 --> 00:27:03,999 RUNA SANDVIK: I have a lot of time for questions. 385 00:27:08,083 --> 00:27:11,083 I sort of wish I had started with that. 386 00:27:11,083 --> 00:27:12,709 (laughter). 387 00:27:12,751 --> 00:27:16,999 You can run a fast relay and help increase network diversity 388 00:27:16,999 --> 00:27:20,501 or you can run an exit scanner or help us improve 389 00:27:20,501 --> 00:27:23,709 the ones that we already have. 390 00:27:23,876 --> 00:27:25,999 And help us find misbehaving relays. 391 00:27:27,375 --> 00:27:30,792 So at this point, being the first time speaker at DEF CON 392 00:27:30,792 --> 00:27:36,292 and talking a lot faster than I usually do, I have a lot of time for questions. 393 00:27:36,792 --> 00:27:37,626 So if you have questions, you can line 394 00:27:37,626 --> 00:27:39,834 up with the microphone up front. 395 00:27:39,834 --> 00:27:47,167 (Off microphone) The people on the network are doing illegal things. 396 00:27:47,250 --> 00:27:51,083 (applause) RUNA SANDVIK: I got half of that. 397 00:27:51,083 --> 00:27:52,334 Do you want to repeat it. 398 00:27:52,334 --> 00:27:58,083 Is it legal to run an exit (inaudible) if the people exiting 399 00:27:58,083 --> 00:28:03,792 the network are doing illegal things? 400 00:28:03,792 --> 00:28:04,959 RUNA SANDVIK: Okay. 401 00:28:04,959 --> 00:28:08,667 Is it safe legally to run an exit relay if the people using your exit relay are 402 00:28:08,667 --> 00:28:10,999 doing illegal things? 403 00:28:13,083 --> 00:28:21,083 Running an exit relay is in some cases check be a bit risky. 404 00:28:21,292 --> 00:28:25,959 So it means that any Tor user, 600,000 users, a lot of them 405 00:28:25,959 --> 00:28:31,667 will be using your server to access the public Internet. 406 00:28:31,667 --> 00:28:34,250 It means anything they do online will be seen as coming 407 00:28:34,250 --> 00:28:37,999 from your computer, from your IP address. 408 00:28:38,375 --> 00:28:41,999 Over the past year there has been stories about people 409 00:28:41,999 --> 00:28:46,334 in Germany having their doors knocked down and their computers taken 410 00:28:46,334 --> 00:28:50,584 or a series of DNC take down notices and similar. 411 00:28:50,751 --> 00:28:55,501 We have spent a lot of time trying to educate law enforcement, 412 00:28:55,501 --> 00:28:59,250 teach them what Tor is, how it works, when or how 413 00:28:59,250 --> 00:29:04,167 they would encounter Tor when investigating people. 414 00:29:05,542 --> 00:29:07,959 That's worked out pretty well. 415 00:29:07,959 --> 00:29:11,334 We have sort of helped them understand that when 416 00:29:11,334 --> 00:29:15,584 they do hit an exit relay, it is Tor. 417 00:29:15,584 --> 00:29:17,751 It doesn't actually log any information. 418 00:29:17,751 --> 00:29:20,999 There is no information to be found there about the Tor users. 419 00:29:21,501 --> 00:29:25,834 But at the same time, if you feel that that is a risk, 420 00:29:25,834 --> 00:29:30,999 then running a nonexit is probably the safer option. 421 00:29:30,999 --> 00:29:34,999 So we have a blog post called tips for running an exit relay 422 00:29:34,999 --> 00:29:40,292 with minimum amount of harassment, which sort of lines out a series 423 00:29:40,292 --> 00:29:46,834 of steps and things to consider if you want to set up an exit relay. 424 00:29:46,834 --> 00:29:50,459 Sort of running on a dedicated server, don't have your personal photos 425 00:29:50,459 --> 00:29:52,918 and GPG and whatever else, chat logs 426 00:29:52,918 --> 00:29:57,501 on the same server that you're running a Tor exit relay. 427 00:29:57,876 --> 00:30:01,459 Do not encrypt that drive in the server that is running 428 00:30:01,459 --> 00:30:04,250 the Tor exit relay felt. 429 00:30:04,501 --> 00:30:08,584 If you have a server with a nonencrypted disk and Tor 430 00:30:08,584 --> 00:30:14,417 is not logging anything, there will be no information on that server 431 00:30:14,417 --> 00:30:18,459 for law enforcement to dig through. 432 00:30:18,959 --> 00:30:21,709 So I would say if you're considering setting 433 00:30:21,709 --> 00:30:24,709 up an exit relay; that would probably be 434 00:30:24,709 --> 00:30:29,000 the first page I would send you to read up on. 435 00:30:29,000 --> 00:30:30,999 Whether or not it's safe legally, I'm not a lawyer, 436 00:30:30,999 --> 00:30:33,959 so I can't really answer that question. 437 00:30:36,334 --> 00:30:39,876 (Off microphone) RUNA SANDVIK: Sorry? 438 00:30:39,876 --> 00:30:44,584 (Off microphone) RUNA SANDVIK: It's a service that allows you to enter 439 00:30:44,584 --> 00:30:47,999 an IP address and see if server X was running 440 00:30:47,999 --> 00:30:50,375 as a Tor exit relay at time Y. 441 00:30:50,375 --> 00:30:55,375 So in the case that you to run into issues with law enforcement, 442 00:30:55,375 --> 00:31:00,667 you can use that service to sort of point them to our page and sort 443 00:31:00,667 --> 00:31:04,459 of explain to them that you were actually running 444 00:31:04,459 --> 00:31:06,542 an exit relay. 445 00:31:06,542 --> 00:31:09,751 If you do run an exit relay and you run into problems, 446 00:31:09,751 --> 00:31:12,375 you can also e mail us and we will send 447 00:31:12,375 --> 00:31:17,083 a signed letter confirming that, yes, you were running an exit relay 448 00:31:17,083 --> 00:31:19,626 at that point in time. 449 00:31:28,250 --> 00:31:32,501 So there's hidden entrance nodes via bridges. 450 00:31:32,501 --> 00:31:37,167 Are there any to look into having exit nodes in a similar way? 451 00:31:37,167 --> 00:31:39,709 RUNA SANDVIK: Having hidden exit nodes? 452 00:31:39,709 --> 00:31:40,792 Yes. 453 00:31:40,792 --> 00:31:44,999 RUNA SANDVIK: So the question is about bridges. 454 00:31:46,876 --> 00:31:50,626 The image that I showed of how Tor works, mentioned 455 00:31:50,626 --> 00:31:54,792 the guard relay, we also have something called bridges, 456 00:31:54,792 --> 00:31:59,125 which is similar to the guards, just that they're not listed 457 00:31:59,125 --> 00:32:01,375 on the Internet. 458 00:32:01,375 --> 00:32:02,584 You can't find a list of every single Bridge, 459 00:32:02,584 --> 00:32:05,292 which means that if you're in China and you need to connect 460 00:32:05,292 --> 00:32:09,167 to Tor and Tor is being blocked, you can use a Bridge instead. 461 00:32:12,083 --> 00:32:15,250 I don't think I'm not sure if we have even considered hiding 462 00:32:15,250 --> 00:32:17,083 the exit nodes. 463 00:32:17,083 --> 00:32:18,709 I'm not sure if that would actually be 464 00:32:18,709 --> 00:32:20,709 a good defense. 465 00:32:20,709 --> 00:32:24,459 It sort of seems to me like it would be just a bit 466 00:32:24,459 --> 00:32:26,999 of an arms race. 467 00:32:27,375 --> 00:32:29,292 We would hide them someone would find them, 468 00:32:29,292 --> 00:32:32,083 and it would continue from there. 469 00:32:36,999 --> 00:32:41,083 What about running relays in the Cloud and like, for instance, 470 00:32:41,083 --> 00:32:44,083 if there are just a whole bunch of Cloud based 471 00:32:44,083 --> 00:32:47,083 like Amazon AWS based relays, what does that do 472 00:32:47,083 --> 00:32:49,999 with your network diversity? 473 00:32:49,999 --> 00:32:52,667 RUNA SANDVIK: Okay. 474 00:32:52,709 --> 00:33:01,999 Relays so with Amazon specifically, you are allowed had to run a Bridge. 475 00:33:02,083 --> 00:33:05,999 Running a relay is also allowed as terms of service, but you 476 00:33:05,999 --> 00:33:09,876 will be paying too much money for bandwidth. 477 00:33:10,459 --> 00:33:13,999 So you just don't want to do that. 478 00:33:13,999 --> 00:33:17,999 An exit relay is not allowed in the terms of service. 479 00:33:17,999 --> 00:33:21,999 If someone wanted to set up thousands of relays to join 480 00:33:21,999 --> 00:33:25,542 the network, I'm not sure it would help 481 00:33:25,542 --> 00:33:28,626 the diversity too much. 482 00:33:28,626 --> 00:33:32,542 Tor will only pick fast relays to use for its circuits. 483 00:33:32,542 --> 00:33:35,959 So if you have, like, a thousand sort of slow relays joining the network, 484 00:33:35,959 --> 00:33:40,083 then we would have a thousand slow users on the network. 485 00:33:40,751 --> 00:33:44,083 My question is pretty specific 486 00:33:44,083 --> 00:33:50,584 regarding are you aware of whether or not Google fibers' terms 487 00:33:50,584 --> 00:33:57,751 of service restricts you from running an exit relay or not? 488 00:34:01,250 --> 00:34:04,999 RUNA SANDVIK: I don't know. 489 00:34:06,292 --> 00:34:09,918 If anyone from Google is here that can answer that question, 490 00:34:09,918 --> 00:34:12,375 then we would like to know. 491 00:34:12,375 --> 00:34:13,999 No servers on Google fiber. 492 00:34:13,999 --> 00:34:18,209 RUNA SANDVIK: No servers at all? 493 00:34:19,209 --> 00:34:20,999 (Off microphone) RUNA SANDVIK: If anyone from Google is here, 494 00:34:20,999 --> 00:34:22,918 then I'd like to talk to you. 495 00:34:22,918 --> 00:34:23,918 (laughter). 496 00:34:23,918 --> 00:34:25,459 No computers on Google fiber. 497 00:34:25,459 --> 00:34:26,459 (laughter). 498 00:34:28,999 --> 00:34:30,375 (applause). 499 00:34:36,375 --> 00:34:39,125 RUNA SANDVIK: Any questions at this point? 500 00:34:39,125 --> 00:34:47,751 (Off microphone) RUNA SANDVIK: I didn't hear 501 00:34:47,751 --> 00:35:01,999 the full (Off microphone) RUNA SANDVIK: If there are more malicious 502 00:35:01,999 --> 00:35:06,083 relays than non? 503 00:35:06,167 --> 00:35:09,083 More malicious users. 504 00:35:09,125 --> 00:35:12,999 (Off microphone) RUNA SANDVIK: Okay. 505 00:35:12,999 --> 00:35:15,999 If there are more bad users than good users? 506 00:35:16,417 --> 00:35:17,417 Okay. 507 00:35:18,667 --> 00:35:20,417 We don't know. 508 00:35:20,792 --> 00:35:24,083 So you go to our website and you download Tor, and 509 00:35:24,083 --> 00:35:27,167 the only thing that pops up in our Apache log 510 00:35:27,167 --> 00:35:30,083 is that someone visited Tor. 511 00:35:30,584 --> 00:35:32,250 We don't log your IP address. 512 00:35:32,250 --> 00:35:34,999 We know people are downloading Tor, but that is it. 513 00:35:34,999 --> 00:35:36,209 We have no information. 514 00:35:36,209 --> 00:35:38,250 We don't know what you're using Tor for. 515 00:35:38,334 --> 00:35:40,459 Back in the day someone did a study to see 516 00:35:40,459 --> 00:35:43,667 at least which protocols were used. 517 00:35:43,751 --> 00:35:45,459 It was mostly web traffic. 518 00:35:45,876 --> 00:35:48,125 But apart from that, we have no we have no way 519 00:35:48,125 --> 00:35:51,918 of telling what people are doing over Tor. 520 00:35:52,167 --> 00:35:56,999 (Off microphone) RUNA SANDVIK: We were accidently banned 521 00:35:56,999 --> 00:35:59,375 by Facebook, yes. 522 00:35:59,999 --> 00:36:02,999 The issue that was a month ago. 523 00:36:03,209 --> 00:36:04,209 Okay. 524 00:36:04,209 --> 00:36:05,417 So it does happen. 525 00:36:05,417 --> 00:36:08,125 So someone used Tor to sort of try and scrape content 526 00:36:08,125 --> 00:36:12,125 from publicly available content from Facebook and Facebook sort 527 00:36:12,125 --> 00:36:16,083 of accidently blocked a ton of Tor exit relays. 528 00:36:16,083 --> 00:36:17,125 So it does happen. 529 00:36:17,209 --> 00:36:19,709 But we have no way of telling how often it happens 530 00:36:19,709 --> 00:36:23,709 or how many users are actually misbehaving that way. 531 00:36:23,918 --> 00:36:28,999 Can you speak to hidden services. 532 00:36:29,167 --> 00:36:33,417 RUNA SANDVIK: What about hidden services? 533 00:36:33,417 --> 00:36:35,918 Could you briefly detail what they are? 534 00:36:35,918 --> 00:36:40,999 RUNA SANDVIK: Tor Hidden Services, dubbed by the media 535 00:36:40,999 --> 00:36:46,250 as Darth Web, is a way of hosting content anonymously 536 00:36:46,250 --> 00:36:48,125 over Tor. 537 00:36:48,125 --> 00:36:52,999 So it means that you can set up a website and it will have a URL 538 00:36:52,999 --> 00:36:57,792 of 16 characters and dot onion at the end. 539 00:36:57,999 --> 00:36:59,918 It will only be accessible on Tor and no one 540 00:36:59,918 --> 00:37:03,876 will know you are hosting the sites and no one will know who is visiting 541 00:37:03,876 --> 00:37:06,999 the sites because everything is over Tor. 542 00:37:07,876 --> 00:37:10,792 The content cannot be censored. 543 00:37:10,792 --> 00:37:14,125 We cannot find out who is running Tor Hidden Services. 544 00:37:14,999 --> 00:37:19,167 So it's sort of anonymous hosting in a way. 545 00:37:19,501 --> 00:37:21,918 Recently there was a paper published pointing 546 00:37:21,918 --> 00:37:25,918 out a number of issues with Tor Hidden Services. 547 00:37:25,918 --> 00:37:27,167 We wrote a very long blog post explaining 548 00:37:27,167 --> 00:37:29,626 all the things we would like to see improved 549 00:37:29,626 --> 00:37:31,999 with Tor Hidden Services. 550 00:37:37,083 --> 00:37:39,542 How do you establish trust in the consensus? 551 00:37:39,542 --> 00:37:41,209 RUNA SANDVIK: When you set up the question was how do you 552 00:37:41,209 --> 00:37:43,999 establish trust for the consensus? 553 00:37:43,999 --> 00:37:50,083 How do you make sure that the list clients download is a safe list? 554 00:37:50,167 --> 00:37:56,834 When you set up a relay, your relay will tell nine directory authorities that 555 00:37:56,834 --> 00:37:58,667 it exists. 556 00:37:58,792 --> 00:38:03,209 These nine directory authorities will then confirm that your relay has 557 00:38:03,209 --> 00:38:08,626 the IP address that you've said that it has, the nickname matches, if it's 558 00:38:08,626 --> 00:38:11,999 an exit it will make sure that you can actually 559 00:38:11,999 --> 00:38:17,584 exit, and then these nine directory authorities will vote on this information, 560 00:38:17,584 --> 00:38:21,709 whether or not that information is correct. 561 00:38:21,709 --> 00:38:26,584 If the majority of them vote that, yeah, it's correct, is valid, 562 00:38:26,584 --> 00:38:31,209 then that relay makes it into the consensus. 563 00:38:31,501 --> 00:38:33,999 Once they have done that for all the relays in the network, 564 00:38:33,999 --> 00:38:37,999 that list is then signed by every single directory authority. 565 00:38:37,999 --> 00:38:39,999 When the client downloads this list, they will check that 566 00:38:39,999 --> 00:38:41,999 the signatures are okay. 567 00:38:43,584 --> 00:38:46,501 I had a follow up question to that. 568 00:38:46,876 --> 00:38:49,083 Who controls the directory authorities 569 00:38:49,083 --> 00:38:52,584 and who controls the onion domain name services 570 00:38:52,584 --> 00:38:54,334 or servers? 571 00:38:54,334 --> 00:38:55,999 RUNA SANDVIK: Okay. 572 00:38:55,999 --> 00:39:02,292 The directory authorities are run by core Tor Project developers 573 00:39:02,292 --> 00:39:05,959 or people that we trust. 574 00:39:06,083 --> 00:39:08,334 So there's a good mix of some of them are in the U.S., some 575 00:39:08,334 --> 00:39:10,834 of them are outside of the U.S. 576 00:39:10,834 --> 00:39:12,999 Some are run by Tor people and some are not. 577 00:39:13,083 --> 00:39:17,334 But you have to be a trusted member of the community to be able to run one. 578 00:39:17,999 --> 00:39:21,999 The second question was about the .onion domains. 579 00:39:23,959 --> 00:39:26,083 No one really controls that. 580 00:39:26,501 --> 00:39:27,792 You generate a domain when you set 581 00:39:27,792 --> 00:39:29,999 up a Tor hidden service. 582 00:39:29,999 --> 00:39:32,083 (Off microphone) RUNA SANDVIK: Japan? 583 00:39:32,083 --> 00:39:38,167 (Off microphone) RUNA SANDVIK: Is there diversity 584 00:39:38,167 --> 00:39:46,751 in the directory authorities to protect from corridors 585 00:39:46,751 --> 00:39:51,250 from a certain country? 586 00:40:11,042 --> 00:40:15,417 (Off microphone) RUNA SANDVIK: If the NSA server and directed 587 00:40:15,417 --> 00:40:20,125 all Tor traffic to the NSA, then we just wouldn't do it. 588 00:40:31,250 --> 00:40:32,667 (applause). 589 00:40:43,792 --> 00:40:49,876 (Off microphone) RUNA SANDVIK: Is there any way for an exit relay 590 00:40:49,876 --> 00:40:53,918 to figure out who the Tor user is? 591 00:40:54,209 --> 00:40:55,209 No. 592 00:40:55,667 --> 00:40:57,918 So the only information that the exit relay has 593 00:40:57,918 --> 00:41:01,417 is that people are doing stuff, people are watching, you know, 594 00:41:01,417 --> 00:41:03,250 videos of cats. 595 00:41:03,999 --> 00:41:05,167 (laughter). 596 00:41:05,167 --> 00:41:08,626 The only thing that you can do, if you were to attack Tor users, 597 00:41:08,626 --> 00:41:12,626 would be to make sure that you are that first hop, that you are 598 00:41:12,626 --> 00:41:16,709 the guard relay and that you are the exit relay. 599 00:41:16,999 --> 00:41:20,709 And doing that when targeting a person seems really, really difficult. 600 00:41:20,709 --> 00:41:23,999 I'm sure you have at least the NSA, probably has way better options 601 00:41:23,999 --> 00:41:29,083 to actually target people than to try and spin a thousand Tor relays. 602 00:41:33,626 --> 00:41:41,709 (Off microphone) RUNA SANDVIK: So Tor is TCP only right now. 603 00:41:42,083 --> 00:41:47,751 We have a proposal for UDP, but I'm not sure what the status is. 604 00:41:47,751 --> 00:41:50,459 I don't think we've done a lost work on that for a while. 605 00:41:50,459 --> 00:41:53,918 We have done more work on getting Tor to IPv6 to play nice. 606 00:41:53,918 --> 00:42:01,501 (Off microphone) RUNA SANDVIK: Hardware? 607 00:42:01,751 --> 00:42:04,834 (Off microphone) RUNA SANDVIK: Could you repeat that? 608 00:42:04,834 --> 00:42:06,417 Hardware integration. 609 00:42:06,417 --> 00:42:08,792 RUNA SANDVIK: Hardware integration? 610 00:42:08,792 --> 00:42:09,792 Okay. 611 00:42:09,792 --> 00:42:10,792 Thanks. 612 00:42:10,999 --> 00:42:14,918 So we have a project called the Tor router, which the goal is just 613 00:42:14,918 --> 00:42:19,167 to take a stock router and put Tor on it and make sure that it sets 614 00:42:19,167 --> 00:42:24,083 up a wireless network where everything that you do on that wireless network 615 00:42:24,083 --> 00:42:28,751 is sent through Tor and that it is also running as a Bridge or a relay 616 00:42:28,751 --> 00:42:31,667 or an exit relay, for example. 617 00:42:31,999 --> 00:42:33,626 That project will probably be announced 618 00:42:33,626 --> 00:42:35,751 in about six months. 619 00:42:35,751 --> 00:42:39,501 There are other projects, like the onion pie? 620 00:42:39,999 --> 00:42:42,999 I know freedom box has sort of worked on some stuff. 621 00:42:43,501 --> 00:42:45,876 There's a lot of work being done. 622 00:42:45,999 --> 00:42:49,083 We need more people to sort of help us test those projects, 623 00:42:49,083 --> 00:42:52,292 but we don't have anything right now. 624 00:42:59,751 --> 00:43:02,999 What's your opinion on an exit node filtering traffic? 625 00:43:02,999 --> 00:43:03,999 RUNA SANDVIK: If you're running an exit node to filter traffic, 626 00:43:03,999 --> 00:43:06,083 then don't run an exit node at all. 627 00:43:06,083 --> 00:43:07,834 Like child pornography? 628 00:43:07,834 --> 00:43:10,999 RUNA SANDVIK: Sure, if you want to talk 629 00:43:10,999 --> 00:43:15,250 about child pornography specifically. 630 00:43:16,125 --> 00:43:20,417 Running an exit relay in general means who are you 631 00:43:20,417 --> 00:43:25,709 to decide what people can and cannot watch online? 632 00:43:26,999 --> 00:43:28,250 Right? 633 00:43:29,626 --> 00:43:31,876 It's you okay. 634 00:43:31,876 --> 00:43:35,876 So you obviously, I think we'll agree, child porn is bad. 635 00:43:35,918 --> 00:43:40,209 What if we gave people the ability to actually decide what Tor users can 636 00:43:40,209 --> 00:43:44,083 and cannot visit through their exit nodes. 637 00:43:44,542 --> 00:43:48,375 Watching videos of cats is bad, so suddenly I'm censoring a number 638 00:43:48,375 --> 00:43:53,209 of Tor users who want to look at totally legitimate things. 639 00:43:53,834 --> 00:43:57,250 So we just decided that we shouldn't decide what users can 640 00:43:57,250 --> 00:43:59,459 and cannot watch. 641 00:43:59,459 --> 00:44:06,999 It also means that we cannot be asked or forced by anyone to censor anything. 642 00:44:06,999 --> 00:44:08,459 We don't control the network. 643 00:44:08,459 --> 00:44:09,459 Users do. 644 00:44:09,459 --> 00:44:10,459 (applause). 645 00:44:10,459 --> 00:44:11,459 Anything else? 646 00:44:11,459 --> 00:44:11,459 On the last point, is there a problem right now with deficiency 647 00:44:11,459 --> 00:44:12,959 in the number of exit nodes? 648 00:44:12,959 --> 00:44:28,999 I can run an exit node by filtering certain sites, like illegal. 649 00:44:28,999 --> 00:44:33,083 (Off microphone) do you think it's worth running an exit node? 650 00:44:33,083 --> 00:44:36,959 Are you guys desperate for exit nodes? 651 00:44:40,417 --> 00:44:56,792 RUNA SANDVIK: We are desperate for exit nodes. 652 00:44:56,792 --> 00:45:00,792 But we would prefer exit nodes that are not touching user traffic regardless 653 00:45:00,792 --> 00:45:02,626 of what it is. 654 00:45:07,501 --> 00:45:11,999 (Off microphone) RUNA SANDVIK: There are absolutely no logs. 655 00:45:15,125 --> 00:45:17,250 (Off microphone) RUNA SANDVIK: Nine. 656 00:45:17,250 --> 00:45:20,501 The question was if we have any logs at all. 657 00:45:20,584 --> 00:45:22,918 And the answer is no, we don't have anything. 658 00:45:22,918 --> 00:45:24,250 When you visit our website, you download Tor, 659 00:45:24,250 --> 00:45:27,334 we write just zeroes in the log or we write all zeroes 660 00:45:27,334 --> 00:45:29,999 if you're visiting the HDTP. 661 00:45:34,542 --> 00:45:38,501 We don't know you start up Tor and the only there's sort 662 00:45:38,501 --> 00:45:42,999 of two entities that will know you're using Tor. 663 00:45:42,999 --> 00:45:45,209 Your ISP and the guard relay. 664 00:45:45,209 --> 00:45:46,959 They will know you're using Tor. 665 00:45:46,959 --> 00:45:48,999 They won't know what you're using Tor for. 666 00:45:48,999 --> 00:45:51,083 And the exit relay, one will know someone is using Tor 667 00:45:51,083 --> 00:45:54,375 to do something, but they won't know who. 668 00:45:54,375 --> 00:45:55,876 There are no logs. 669 00:45:55,876 --> 00:45:57,459 Nothing to be subpoenaed. 670 00:45:57,459 --> 00:46:00,999 We cannot be given any magical letters to force us to do anything. 671 00:46:01,083 --> 00:46:02,999 We don't have any info about our users. 672 00:46:02,999 --> 00:46:09,792 (Off microphone) RUNA SANDVIK: That's a good point. 673 00:46:09,792 --> 00:46:15,876 The ISP, yeah, the ISP, whoever the backbone provider is, that's 674 00:46:15,876 --> 00:46:18,626 a good question. 675 00:46:18,751 --> 00:46:21,459 The question is if they actually look at that traffic. 676 00:46:22,375 --> 00:46:28,834 Is that like a common thing for ISP's or service providers on a top level? 677 00:46:30,375 --> 00:46:33,999 Does the backbone provider log incoming 678 00:46:33,999 --> 00:46:39,709 connections to websites that are hosted by people? 679 00:46:43,999 --> 00:46:51,417 (Off microphone) RUNA SANDVIK: If we want if we're going 680 00:46:51,417 --> 00:47:00,083 to put together a list of Tor projects, is that the question? 681 00:47:00,167 --> 00:47:04,959 (Off microphone) RUNA SANDVIK: Tor apps? 682 00:47:04,959 --> 00:47:07,417 So we have a list on our website talking 683 00:47:07,417 --> 00:47:10,999 about products and services that we had. 684 00:47:11,667 --> 00:47:15,999 If you're not in that list, then it is not a project that is maintained 685 00:47:15,999 --> 00:47:18,999 or developed by the Tor Project. 686 00:47:18,999 --> 00:47:24,083 Have you ever seen exit nodes attacking to browsers? 687 00:47:24,083 --> 00:47:26,459 RUNA SANDVIK: No. 688 00:47:26,459 --> 00:47:29,167 I have not seen any Tor exit nodes attacking browsers. 689 00:47:29,167 --> 00:47:33,250 So for users running, like, the door browser bundle, 690 00:47:33,250 --> 00:47:37,999 what safeguards are in place to prevent the exit relay 691 00:47:37,999 --> 00:47:42,083 from serving up, like, a malicious Twitter.com 692 00:47:42,083 --> 00:47:46,209 and sending some sort of malicious program back 693 00:47:46,209 --> 00:47:50,292 to their computer to kind of make a connection 694 00:47:50,292 --> 00:47:52,834 on the open Web? 695 00:47:52,834 --> 00:47:56,999 RUNA SANDVIK: So if there are any restrictions 696 00:47:56,999 --> 00:48:02,626 on Like what kind of protections are there? 697 00:48:02,626 --> 00:48:05,959 RUNA SANDVIK: The Tor blocks a lot of things like Flash and Java 698 00:48:05,959 --> 00:48:09,459 and some JavaScript and things like that. 699 00:48:10,667 --> 00:48:16,083 But like I said, if an exit relay is able to inject a very specific type 700 00:48:16,083 --> 00:48:20,584 of exploit into the users traffic, then there are no, like, 701 00:48:20,584 --> 00:48:25,375 if you can do that without getting a user to open an attachment, 702 00:48:25,375 --> 00:48:27,083 then yeah. 703 00:48:35,209 --> 00:48:38,334 (Off microphone) RUNA SANDVIK: Okay. 704 00:48:39,292 --> 00:48:43,999 So he's waving at me saying we're out of time. 705 00:48:43,999 --> 00:48:47,751 We could meet in the chillout room and kind of continue there. 706 00:48:47,751 --> 00:48:48,751 Thanks.