https://twitter.com/wikileaks/status/755019531228250112
"Tor operator @LuckyGreen resigns; a collection of leaks (for/against)
on the @TorProject 'rape+plagiarism+CIA' saga
https://www.oneeyedman.net/?p=2508
Since things seem to be falling apart at the Tor Project, and also in
the campaign against Jacob Appelbaum (@ioerror), I’m beginning a list
(for my own convenience) of leaked documents.."
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/19/2016 12:02 AM, grarpamp wrote:
> On 7/18/16, Mirimir <mirimir(a)riseup.net> wrote:
>> Anyway, what does Tor Project gain by not mentioning Whonix?
>
> That's a bit sideways, but in the interest of sideways eventually
> moving forward...
I'd say "meta" rather than "sideways", but hey ;)
> 1) Funding of sorts, which spreads around, to develop TBB, a
> sizable prioject, to do decent things a browser should do,
> hopefully feeding back to Mozilla. Were certain elements of
> security left uninvestigated and just punted to Whonix+FF, well
> that's a incomplete partial approach too. If you want funds, you
> might not want to publish other partial solutions.
Well, Whonix uses stock Tor browser, with a tweak to keep it from
launching its own local tor process. It also enforces stream
separation for other apps. But the key thing here is that it prevents
proxy bypass.
> Securing the browser and browser meta is a fine project. And as has
> been said, it's still needed to pair the app with defense in depth
> and a known line around application land. Just remember TBB and Tor
> are not and cannot be that line.
Yes, they are for sure not that line. So why not acknowledge that?
Maybe key funders have said no to that.
> 2) Captured audience dependency. As with publishing, this is
> corporate 101. Giving someone an app is well... welcome to apps,
> and a torbox to run them on. Like iTunes on iPhone.
Right. For most, Tor browser on Windows. Pwnage waiting to happen.
But why does Tor Project care about captured audience dependency?
People using Whonix, like people using Tails, are still using Tor. And
still using stock Tor browser.
Maybe goals of key funders are driving this. Deliver lots of Tor
relays and users to hide our agents. But make sure that users can't
hide from our TLAs. That's what language in Graham's appropriations
bill says. Maybe that's been the backroom deal for years, and Tor
Project has been pushing back. One does get that sense from the leaked
IRC logs.
> Giving someone unix is like airdropping a great big box of freedom
> their way. Here, have some free beer...
>
> https://www.freebsd.org/https://www.openbsd.org/
> https://torbsd.github.io/
>
> Or whatever it is penquins drink... https://www.whonix.org/
> https://www.whonix.org/wiki/Qubeshttps://www.qubes-os.org/
>
> Or a fine Javanese app... https://geti2p.net/
>
> 3) Like I said, the real reason is probably a bit more mundane...
> nobody signed on to update the content. Tor has money, go hire
> yourself.
I doubt that they hire anons :(
But damn, I'd do it for free, if they let me :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJXjdcZAAoJEGINZVEXwuQ+G24IAKZTOZVxidiX2qEnOokfKh1T
pg8BsXRgyMx7395mMc3WDFx16zc1Ylbh14z+YUq+1TOenO2wURjtTT9OCjCAjnOI
IL1GRXjM23QLTI0qkRCwiEB04HZsu5t1jq1sJ7F23BUX/UjSBuK1osmtK3Ve3ucb
qMTgZVIgmnWwdFkEM1l5fcDltnIYzOxF5VR0jHo5KTQ63l7E/xcNaWD/Y92yUu5C
ZLeCYgVc+KdngHhVPDzhphCeWXwrVdpwRO0zqqLiR8ijn/dW0fFA7gOfZzTI1YTw
VmVymrDWBfr6RjZ0FVeSIrvhewVRPjHIepTHwOuQQsAde5UGhtNv9lnXt+P7Rq4=
=w5Ab
-----END PGP SIGNATURE-----
https://trac.torproject.org/projects/tor/ticket/19690http://archive.is/T8Hlu (Uncensored version)
http://forums.theregister.co.uk/forum/1/2016/07/18/lucky_green_torpedos_tor…https://www.reddit.com/r/privacy/comments/4tectj/tor_veteran_lucky_green_ex…
"""""
Tonga (Bridge Authority) Permanent Shutdown Notice
2016-07-16T01:06:25Z
Dear friends,
Given recent events, it is no longer appropriate for me to materially
contribute to the Tor Project either financially, as I have so
generously throughout the years, nor by providing computing resources.
This decision does not come lightly; I probably ran one of the first
five nodes in the system and my involvement with Tor predates it being
called "Tor" by many years.
Nonetheless, I feel that I have no reasonable choice left within the
bounds of ethics, but to announce the discontinuation of all
Tor-related services hosted on every system under my control.
Most notably, this includes the Tor node "Tonga", the "Bridge
Authority", which I recognize is rather pivotal to the network
Tonga will be permanently shut down and all associated crytographic
keys destroyed on 2016-08-31. This should give the Tor developers
ample time to stand up a substitute. I will terminate the chron job we
set up so many years ago at that time that copies over the
descriptors.
In addition to Tonga, I will shut down a number of fast Tor relays,
but the directory authorities should detect that shutdown quickly and
no separate notice is needed here.
I wish the Tor Project nothing but the best moving forward through
those difficult times,
--Lucky
"""""
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/19/2016 04:18 AM, Jon Tullett wrote:
> On 19 July 2016 at 12:01, Mirimir <mirimir(a)riseup.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 07/19/2016 03:50 AM, Jon Tullett wrote:
>>> On 19 July 2016 at 08:31, Mirimir <mirimir(a)riseup.net> wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>>
>>>> On 07/18/2016 07:08 PM, Jon Tullett wrote:
>>>>> On 18 July 2016 at 16:17, Mirimir <mirimir(a)riseup.net>
>>>>> wrote:
>>>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>
>>>>>> A few years ago, I wrote
>>>>>> <https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me>.
>>>>>
>>>>>
>>>>>>
Have you updated it to account for subverted VPN providers?
>>>>> Advising people to use VPNs which may have been subject to
>>>>> national security letters is arguably bad.
>>>>
>>>> Which VPNs have received NSLs?
>>>
>>> I take it that's a no, then?
>>
>> I account for it by distributing trust, just as Tor does.
>
> But your guide does not. It doesn't even mention them. Why are you
> concealing the truth from users?!?11
This gets at the trust issue:
| Using VPN services obscures online activity from local observers,
| and it also obscures location and identity from remote observers
| on the Internet. However, users are entirely vulnerable to
| betrayal by the VPN provider. With a second VPN service tunneled
| through the first, trust has been distributed, in that compromise
| would require collusion between the two providers.
That comes pretty close, I think. NSLs are really irrelevant in risk
assessment. Because NSL or not, you have no way to know who you can
trust. So you can't trust anyone.
> The point I'm trying to make is that you can't cover every base.
> Too often, attempts to do so just end up with unusable rambling
> essays on security which no one will read and which still fail to
> cover a lot of ground. You're accusing Tor of something that you
> yourself can't avoid. That's not a criticism - just a reflection of
> reality.
Say what you will, this is misleading:
| Tor prevents people from learning your location or browsing habits.
<SNIP>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJXjgMTAAoJEGINZVEXwuQ+P4UH/3zyjj3FmgZTjH0Qe7pijN5s
ETxHDAK5gZoGA/8VVeYIEG3SNg2rnNSc6cvD9aW5pdebdZfirtvuwY++vVrFw3P/
y5zqt+MQAdfcPlsFmpty5qkzKAAuO37/4m6yAEAxuTkJvfCpY/ThWVFy8xXk+OeV
p2naoo5GFboRP3r4+N1nxY7DsgzwRfhkxVZQSxmPjJhEFxTvNiq2crAnvUHLrBJe
46QiWn+agldN54LxkPVasAUgd7RWirl4O+H9UhZumA2ZrBHNa4I5YYoOw28zc4Am
/G2+Kdgst3Ua8em3D6LvNmQnMAUXi7NS5tAazl5IYpQsuj1G/jfkDnUtYeTJN1s=
=+aIe
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/19/2016 03:50 AM, Jon Tullett wrote:
> On 19 July 2016 at 08:31, Mirimir <mirimir(a)riseup.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 07/18/2016 07:08 PM, Jon Tullett wrote:
>>> On 18 July 2016 at 16:17, Mirimir <mirimir(a)riseup.net> wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>
>>>> A few years ago, I wrote
>>>> <https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me>.
>>>
>>> Have you updated it to account for subverted VPN providers?
>>> Advising people to use VPNs which may have been subject to
>>> national security letters is arguably bad.
>>
>> Which VPNs have received NSLs?
>
> I take it that's a no, then?
I account for it by distributing trust, just as Tor does.
> Point being, not only do we now know which operators have received
> letters, we _can't_ know. The first rule of NSL club is you don't
> talk about NSL club. I have yet to see much evidence that warrant
> canaries help. And that's not the only risk; operators can be
> coerced, hacked, suborned, or otherwise compromised. Belgacom, for
> example.
What Tor relays have received NSLs?
> We mitigate that by layering services, but that's back to the
> question of how complex an environment suits your risk profile. Not
> everyone has the same nut; not everyone needs the same size
> hammer.
The NSA is a pretty big nutcracker ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJXjfqHAAoJEGINZVEXwuQ+jfsH/j2m+GIEfHEG/Ye1mKviqiYB
2NpeeI5W/r6Zq/Bv/xoqnid+qhwtP/4BwkukXeJ2LhXHBinDKJuKJluOzqiSOqMI
7ThceELgk0ec2eiPSDNJAfH784ShDMpwZEJIJ4I6MmuPXBJ6CJFdzau0rf/M0vGT
tm2m5SfPKh66ZvtGzvoHGsyUV0p1Hu5I3H3ID+EiBbP2uqSi/mL1OXaezT5tGamu
OxczvVFo5cl3uGCJechHXq/jlTyiNrRf6YAUocitFXwXejMHpUQrvU/TlDnZqN5u
rA9Ezxg2YFZ3NltC1Owob8oEgA8/VfWhUZ5v+w9poWG8c6WgOfB4pti5Jq6TAfo=
=W8Yj
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/18/2016 07:08 PM, Jon Tullett wrote:
> On 18 July 2016 at 16:17, Mirimir <mirimir(a)riseup.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 07/18/2016 07:33 AM, Jon Tullett wrote:
>>> On 18 July 2016 at 14:57, Mirimir <mirimir(a)riseup.net> wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>>
>>>> On 07/18/2016 06:11 AM, Jon Tullett wrote:
>>>>
>>>>> Haroon Meer, who I greatly respect in the security space,
>>>>> describes UX complexity in terms of his mum. As in, "could
>>>>> my mum do this?" and if the answer is no, it's too complex
>>>>> for the average user. I like that.
>>>>
>>>> His mum probably shouldn't be using Tor.
>>>
>>> Why not? Are you able to say with certainty that they are not
>>> at risk and shouldn't be using Tor? Sounds like a risky
>>> assumption. Not that it's applicable here, but activists'
>>> families are not uncommonly at high risk. I'd caution against
>>> assuming you know someone's risk profile better than they do.
>>> And that, in a nutshell, is why I don't think Tor should be
>>> making such an assumption in its recommendations to users in
>>> general.
>>
>> Giving clueless folk an illusion of safety is arguably bad.
>
> Now you're back to "sheep". Don't assume that "technically
> inexperienced" equates to "clueless".
Well, say "technically inexperienced" if you like. In my world, we
call that "clueless". I'm more or less clueless in many areas, and am
not ashamed to admit it.
> Security theatre is generally not positive, but again, security is
> never absolute and you will always be able to find an argument for
> doing more, and someone who will argue that failing to do so is,
> yes, arguably bad. Everyone has to draw the line somewhere. Tor has
> done so.
Well, given what we know of TLA capabilities, what Tor Project says at
<https://www.torproject.org/> is tantamount to false advertising:
| Anonymity Online
|
| Protect your privacy. Defend yourself against network surveillance
| and traffic analysis.
Maybe so against local adversaries. But clearly not against global
adversaries. Cynical folk note that so far, the US and its allies are
the only known global adversary. And claim that this is self-serving
bullshit.
| Tor prevents people from learning your location or browsing habits.
It for sure hasn't stopped FBI, with their honeypots that drop
malware. And I doubt that it stops NSA/GCHQ. But Tor Project just
postures about "bad FBI". They don't give naive users, who may be at
risk, even a brief heads up about proxy leakage, and how to prevent it.
Two or three years ago, even after the Freedom Hosting debacle, I was
willing to cut Tor Project some slack. But after the PlayPen attack,
it's becoming harder to escape the conclusion that Tor Project either
doesn't want to mitigate this risk, or doesn't have the contractual
freedom to do so.
> We're going in circles on this now, so this will be my last
> repetition of that particular argument. As I've said, I think we
> agree there's room for better education, but just differ on
> details.
Fair enough :)
>>>>> It's probably far more meaningful to help users understand
>>>>> that spectrum, self-assess where they fall on it and what
>>>>> their risk profile may look like as a result, and pointers
>>>>> to resources which would align with that.
>>>>
>>>> That sounds good to me. Except that there's nothing on the
>>>> Tor Project site about Whonix, and virtually nothing about
>>>> proxy-bypass leaks.
>>>
>>> Why should there be mention of Whonix? It's an independent
>>> project.
>>
>> What about
>> <https://www.torproject.org/projects/projects.html.en>?
>
> That's a list of projects Tor is involved with. It's interesting
> but there's no context - someone who knows they need the tool is
> already most of the way there. Helping people identify that the
> need the tool at all is the part I'm interesting in.
It's my general impression that Whonix project has been actively
rebuffed. But I have no inside knowledge.
> (snip)
>> Tails is on
>> <https://www.torproject.org/projects/projects.html.en> but not
>> Whonix. Why is that?
>
> At a guess, it's because Tor is more actively involved in Tails
> than in Whonix. But that is just a guess. Have you asked the
> maintainers?
Yes, that does seem to be the case. But asking hasn't gotten me
anywhere. Maybe some fly on the wall will dump some evidence ;)
>>> Proxy bypass, maybe, but that's in there with all the other
>>> potential risks, and again, Tor can't document all of them.
>>
>> Tor Project has made a huge deal over the PlayPen pwnage.
>> Demanding that the FBI release information about its NIT. But
>> they can't be bothered to actually explain how users could have
>> been protected?
>
> Very different issues, I think. I'm sure you disagree; I'm not
> going to debate it.
I don't disagree that they're different issues. My point is that
warning users about proxy bypass takes but a few words on a website,
and maybe a link. And given that it's such an easy fix, I suspect that
Tor Project either doesn't want to admit the risk so clearly, or is
somehow being prevented from doing so.
>>> That's a rhetorical question - I'm sure there are pros and
>>> cons either way and it could be argued at length without
>>> conclusion. I'm not convinced Tor should be promoting either;
>>> same way I'm not convinced Tor should be promoting any specific
>>> tools. There will always be others, and they may be better
>>> suited to users depending on their circumstances.
>>
>> Sure. Except that proxy bypass has been a major fail. Do you
>> disagree?
>
> Yes, I do. Systems get attacked, and are updated to thwart
> attacks. Tor does this - that is not a fail, that's the normal
> security dev process. Don't assume that nothing is happening - it's
> not like Tor is not actively researched and developed.
It's been at least five years! The relay early bug got fixed in
months. Maybe devs are working on some integrated firewall or
whatever. That would be cool. But Whonix isn't vulnerable, has been
available for years, and gets no love. And it's not just Whonix. Other
approaches that separate tor process and userland have also been
largely ignored.
>> A few years ago, I wrote
>> <https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me>.
>
> Have you updated it to account for subverted VPN providers?
> Advising people to use VPNs which may have been subject to national
> security letters is arguably bad.
Which VPNs have received NSLs?
Anyway, I don't assume that a particular VPN operator can be trusted
any more than a particular Tor relay operator can. Just as Tor uses
three-relay circuits, I recommend using nested VPN chains, with at
least three different VPNs, operating in different jurisdictions.
Some useful links:
IVPN privacy guides: https://www.ivpn.net/privacy-guides
VPN info/ratings: https://thatoneprivacysite.net/
VPN test results: https://vpntesting.info/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJXjck/AAoJEGINZVEXwuQ+2hgH/38KYdqwRmjIoz/CnfVyizHv
c6c0KnouGRfxXqMfC8wuIPG5rptIx22k0fZScv+vt+1OHJts6kzol2SUPMQKRnmo
f6oBS7z7MBAJR+JEJ02LfPRMihl5/FzY4CupTE+kIQlg2cPj83jnmu1Ywdg+gLpi
o21YNt9RdZhYjFPwtp7/4c70f6QBnNV/lNXLapBKciXbVhw+WClhanXnbqwgXZHr
C8BkPnQ6M3KruNYueAD0lb0HSDBqd1l9lQmn5arRjpKbJctCP5joOOlXOMYHmugA
0/caDabgdG76rZE9l/9nFrE2mFvPfBSNHjjaWns8YNH0U0J54G1CEfCD6wJB0R4=
=AA9M
-----END PGP SIGNATURE-----
