Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
Roger Dingledine wrote: On Sat, Aug 21, 2010 at 10:53:48PM -0600, Jim wrote: I connect to the Internet with dialup. I have been successfully using Tor clients for 4+ years. One of the issues with using Tor over a slow connection is the amount of time it takes to update the information about the network when Tor is first started after having been off-line for a while. Depending on connection speed and how long the client has been off-line, this typically takes about 3 to 10 minutes. Perhaps a bit longer. My experience is that during this time the connection is pretty much useless for any other purpose. Yep. While inconvenient, this situation is certainly manageable. My concern has been what happens as the Tor network grows. At some point the delay would start being a serious problem. Here's some reading: https://blog.torproject.org/blog/overhead-directory-info%3A-past%2C-present%2C-future We haven't gotten the microdescriptor out in practice yet, but it's on its way: https://trac.torproject.org/projects/tor/ticket/1748 That's good to know. Thanks for the links. Jim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
And what about Microsoft? I think someone should be targeting/lobbying them to include a Tor client and default bridge relay in every version of Windows 8 or 9. Find out what it would take to get them to do this, Sorry, what's in this for Microsoft? Being a good corporate citizen? From a business point of view, including a peer to peer style client BY DEFAULT in an operating system has PR nightmare written all over it, but they will take the risk of lost revenue for being a good corporate citizen? I find it unlikely... of having a European voice in all this. That means another $20M a year in funding please. At least. Then there is law enforcement and the military and intelligence agencies - for f*ck sakes if someone at the Tor Project can't see them as low hanging fruit then I will start to cry. Right... so in the case of law enforcement, you are going to ask law enforcement to fund a project that (this is not my opinion, this will be theirs) allows people to access illegal content anonymously and makes their job that much harder? That's low hanging fruit? Hate to hear what the high hanging fruit will involve :) I think if you want a job at the tor project, you should just ask :P And maybe just provide them with past results you've obtained for similar organisations or in a lobbyist role, as opposed to getting frustrated on mailing lists :) Cheers, Al *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
Thus spake Al MailingList (alpal.mailingl...@gmail.com): And what about Microsoft? I think someone should be targeting/lobbying them to include a Tor client and default bridge relay in every version of Windows 8 or 9. Find out what it would take to get them to do this, Sorry, what's in this for Microsoft? Being a good corporate citizen? From a business point of view, including a peer to peer style client BY DEFAULT in an operating system has PR nightmare written all over it, but they will take the risk of lost revenue for being a good corporate citizen? I find it unlikely... Actually there are several large-userbase companies that want to include Tor by default in their product, either as a client, a relay, or a bridge. Unfortunately, the only answer we have for them in the immediate term is For the love of goddess don't do that, you'll destroy Tor. Our immediate concern is making it possible to support at least a fraction of one of these userbases in either the relay or the bridge roll. The relay role will require a significant update to Tor's directory mechanisms, and we are trying to drive academic research forward in these areas. The bridge roll may be more immediately doable, but we're not sure that bridgedb wouldn't just fall over yet either. of having a European voice in all this. That means another $20M a year in funding please. At least. Then there is law enforcement and the military and intelligence agencies - for f*ck sakes if someone at the Tor Project can't see them as low hanging fruit then I will start to cry. Right... so in the case of law enforcement, you are going to ask law enforcement to fund a project that (this is not my opinion, this will be theirs) allows people to access illegal content anonymously and makes their job that much harder? That's low hanging fruit? Hate to hear what the high hanging fruit will involve :) Actually, most competent law enforcement agents realize that what gets them the most points are sting operations that topple entire distribution rings, gangs, or bot herders. These sorts of stings require heavy use of Tor. Roger and Andrew actually spend a good amount of their time talking with law enforcement and giving presentations about what Tor is and how they can use it to anonymize their investigative activity. I think if you want a job at the tor project, you should just ask :P And maybe just provide them with past results you've obtained for similar organisations or in a lobbyist role, as opposed to getting frustrated on mailing lists :) Actually almost all of the people working for Tor today started out on the mailinglists, frustrated with some aspect of Tor or other :). Of course, they also tended to naturally step in to some sort of volunteer capacity along their areas of interest, as a result of this frustration. Tor tends to care about this level of passion way more than resumes or interviews. The Tor Project is trying most of the things Julie has suggested. It just takes time, effort, communication, and people. We don't mind letting our consistently passionate volunteers talk to people about Tor in official capacity, either. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpiblWx40FaN.pgp Description: PGP signature
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
On Sat, Aug 21, 2010 at 4:13 AM, Mike Perry mikepe...@fscked.org wrote: Actually there are several large-userbase companies that want to include Tor by default in their product, either as a client, a relay, or a bridge. Unfortunately, the only answer we have for them in the immediate term is For the love of goddess don't do that, you'll destroy Tor. Our immediate concern is making it possible to support at least a fraction of one of these userbases in either the relay or the bridge roll. The relay role will require a significant update to Tor's directory mechanisms, and we are trying to drive academic research forward in these areas. The bridge roll may be more immediately doable, but we're not sure that bridgedb wouldn't just fall over yet either. Thanks, Mike. That's probably the biggest flaw in my bigger thinking effort. Tor is, after all, only at version 0.2 isn't it? Sigh. Maybe I am just 2 or 3 years ahead of reality, where/when Tor could run reliably and without making a mess of it. But then again, if that is true, then what better time to plan for it than now, eh? :) So if no one else is putting their hat in the ring yet to convince Google to include a default Tor relay or bridge in Chrome OS (in 2-3 years) then I would be glad to carry the ball on that one in addition to doing the same at Microsoft for Windows 2013. I've no experience doing this, but it can't be rocket science to talk to the right people and find out what it would take to reach a desirable, shared goal. -- Julie
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
Mike Perry wrote: Actually there are several large-userbase companies that want to include Tor by default in their product, either as a client, a relay, or a bridge. Unfortunately, the only answer we have for them in the immediate term is For the love of goddess don't do that, you'll destroy Tor. Our immediate concern is making it possible to support at least a fraction of one of these userbases in either the relay or the bridge roll. The relay role will require a significant update to Tor's directory mechanisms, and we are trying to drive academic research forward in these areas. ... This might be a good time to bring up a concern that has been on my mind for a while. I don't know if this is one of the concerns that has already been identified when thinking about a much larger relay pool. I connect to the Internet with dialup. I have been successfully using Tor clients for 4+ years. One of the issues with using Tor over a slow connection is the amount of time it takes to update the information about the network when Tor is first started after having been off-line for a while. Depending on connection speed and how long the client has been off-line, this typically takes about 3 to 10 minutes. Perhaps a bit longer. My experience is that during this time the connection is pretty much useless for any other purpose. While inconvenient, this situation is certainly manageable. My concern has been what happens as the Tor network grows. At some point the delay would start being a serious problem. So as you think about how to change the directory mechanisms to handle a significantly larger number of relays I request that you also think about changing how this information is distributed to clients. Perhaps with a much larger Tor network, each client doesn't actually have to know about all of the nodes but can make do with a reasonably sized sampling. Or maybe there is a way to spread out over time the increased amount of information available. I can imagine that a solution to the problems a slow connection has might not be acceptable for relays. As such, maybe there could be a slow connection option in torrc that would not be used by relays. Thanks for giving consideration to this issue. Jim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
On Sat, Aug 21, 2010 at 10:53:48PM -0600, Jim wrote: I connect to the Internet with dialup. I have been successfully using Tor clients for 4+ years. One of the issues with using Tor over a slow connection is the amount of time it takes to update the information about the network when Tor is first started after having been off-line for a while. Depending on connection speed and how long the client has been off-line, this typically takes about 3 to 10 minutes. Perhaps a bit longer. My experience is that during this time the connection is pretty much useless for any other purpose. Yep. While inconvenient, this situation is certainly manageable. My concern has been what happens as the Tor network grows. At some point the delay would start being a serious problem. Here's some reading: https://blog.torproject.org/blog/overhead-directory-info%3A-past%2C-present%2C-future We haven't gotten the microdescriptor out in practice yet, but it's on its way: https://trac.torproject.org/projects/tor/ticket/1748 Perhaps with a much larger Tor network, each client doesn't actually have to know about all of the nodes but can make do with a reasonably sized sampling. Most ways to do this are bad news: http://freehaven.net/anonbib/#danezis-pet2008 But it probably is how the distant future will look: http://www.hatswitch.org/~nikita/papers/shadowwalker-ccs09.pdf http://freehaven.net/anonbib/#ccs09-torsk http://freehaven.net/anonbib/#wpes09-dht-attack --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Bigger Thinking [was: Tor Project 2008 Tax Return]
From: Paul Syverson syver...@itd.nrl.navy.mil Date: Tue, Aug 17, 2010 at 2:29 PM ... Also, it is much easier for IBM and Oracle to understand the RoI in linux than for such players, qua corporate position, to see the RoI in Tor, but even that still occurred over years of footdragging, hedging bets, etc. ... I have been evangelizing versions of onion routing including Tor to VCs etc. since before we started calling this version Tor. My experience is that if they want to put serious money in (or sometimes not even), they want to be able to generate revenue from that in a short period of time, perhaps a few years. Similarly for other sources of funding even if they aren't expecting direct immediate financial return but are not paying for prototypes, research, and improvements to what's there now; although the story changes somewhat in each case. They may not be looking for financial return, but they have unrealistic expectations about what would happen if they abruptly threw lots of money at someone or added fifty percent to the infrastructure at once. When you describe ways that things could improve with an investment in the 50K USD to a million range, they become less interested. They actually seem to prefer to hear promises to roll out whatever random stuff from someone who would be happy to get an instant ginormous influx of cash or adopt their plans to put a thousand new nodes up from their corporate network. Good to hear this perspective, Dr. Syverson. Thank you. But it doesn't smash my vision of this being possible. The VC's are probably the wrong target. I really think there must be some parts of the UN - as just one example - who should be financing the Tor Project. Do lobbyists work on commission? Have you tried recruiting one or more lobbyists to find a way for the UN to fund you for $20M a year? And what about Microsoft? I think someone should be targeting/lobbying them to include a Tor client and default bridge relay in every version of Windows 8 or 9. Find out what it would take to get them to do this, and keep a list. Assign someone to this task full time. Tell Microsoft it will take funding from them of at least $20M a year. Why would they even consider doing this? To be a good corporate citizen, to better protect the anonymity of their users, to do their part to fight the good fight for freedom of speech, and to possibly give them a chance to one-up Google for once. Because really, if Google is not being prodded to include a Tor client and default bridge relay in their Chrome OS then someone is sleeping on the job. They are standing up to China, at least publicly, and are likely the new face of American entrepreneur-ism. Do no evil? Then fund the Tor Project for more than a lame $25,000 a year and GSoC stipends. This should be at least worth $20M a year in funding from them. Then there should be some organization in the EU who can see the importance of having a European voice in all this. That means another $20M a year in funding please. At least. Then there is law enforcement and the military and intelligence agencies - for f*ck sakes if someone at the Tor Project can't see them as low hanging fruit then I will start to cry. You absolutely have to have someone properly do your branding and marketing too - because the path you are taking in educating everyone about the benefits vs. evils of using Tor is not working, nor do I expect it to work any better. It does work for small groups and individuals, but the fact is that the general public is not smart enough, nor scared enough, to really understand what they give up in the name of better security. This is a job for professionals, to get this message out in a really effective way. And it will take 2-3 years in my estimation, maybe longer. I am sure I have only scratched the surface with these bigger picture ideas. On the other hand, I admit this is just a vision - I have not been doing the hard work of bringing the Tor Project into fruition. But I beg all of you not to let this hold you back from achieving what is possible. And what is needed. -- Julie C. ju...@h-ck.ca GPG key 06D32144 available at http://keys.gnupg.net
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
And what about Microsoft? I think someone should be targeting/lobbying them to include a Tor client and default bridge relay in every version of Windows 8 or 9. Find out what it would take to get them to do this, and keep a list. Assign someone to this task full time. Tell Microsoft it will take funding from them of at least $20M a year. Why would they even consider doing this? To be a good corporate citizen, to better protect the anonymity of their users, to do their part to fight the good fight for freedom of speech, and to possibly give them a chance to one-up Google for once. Possibly the fact that they are our enemies and want to end online anonymity. Microsoft Exec Calls For 'Driver's License For The Internet' http://techdirt.com/articles/20100204/1925188060.shtml *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
Curious Kid wrote: And what about Microsoft? snip at least $20M a year. Why would they even consider doing this? To be a good corporate citizen, to better protect the anonymity of their users, to do their part to fight the good fight for freedom of speech, and to possibly give them a chance to one-up Google for once. Possibly the fact that they are our enemies and want to end online anonymity. Microsoft Exec Calls For 'Driver's License For The Internet' http://techdirt.com/articles/20100204/1925188060.shtml Plus, would you trust Microsoft's (binary only, no doubt) implimentation of Tor? I wouldn't (Yes, I realize that even running a known, good instance of Tor on a proprietary system can result in that instance of Tor being subverted.) Cheers, Jim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
On Fri, Aug 20, 2010 at 4:28 AM, Curious Kid letsshareinformat...@yahoo.com wrote: Possibly the fact that they are our enemies and want to end online anonymity. Microsoft Exec Calls For 'Driver's License For The Internet' http://techdirt.com/articles/20100204/1925188060.shtml Our enemies? That's a self-limiting attitude. Plus, can we take one employee/executive's comments to be company policy? Plus, would he be the one making this decision? Plus, what about hold your friends close, and your enemies closer? Plus, he is just one more of the majority view that the bad guys have to be stopped at any cost - and one more reason the Tor Project needs a professional PR/branding/marketing makeover to tell the good side of the Tor story. I don't pretend to believe this would be an easy sell. Only that it shouldn't be ignored outright when there is so much upside. And maybe this is not the same old bad Micro$oft that many like to loathe. Hell, if no one else wants to tackle this then I would be glad to on the basis of a reasonable expense account and 20% of whatever I convince them to send to the Tor Project every year in funding. -- Julie