Hi! Right at the close of the 2014 summer dev. meeting [1], I jumped in a train in direction of Montpellier to attend the 15th Libre Software Meeting [2]. Libre Software Meeting is the biggest free software event for the French community.
[1]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting [2]: https://2014.rmll.info/?lang=en The Tor / Nos Oignons booth --------------------------- Like last year [3], it started with two days of tents and booths [4] really close to the central Place de la Comédie. More than 60 different projects or organizations were represented [5]. Most of the tents [6] stayed up for the two days, despite the strong wind. No rain until Sunday evening, where we quickly packed. Saturday was well attended [7] and there was hardly two minutes without someone asking questions [8]. Sunday got a little less visitors [9] but it was still very successful. [3]: https://lists.torproject.org/pipermail/tor-reports/2013-July/000292.html [4]: https://2014.rmll.info/Lieux?lang=en [5]: https://2014.rmll.info/Participants?lang=en [6]: https://twitter.com/Bookynette/status/485667519655849984/photo/1 [7]: https://twitter.com/rmll2014/status/485440941021745152/photo/1 [8]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J1/SDC10140 There’s 5 people in front of the booth in that picture. [9]: https://twitter.com/ackrst/status/485719865148571648/photo/1 We had a joint booth [10] for Tor and Nos Oignons [11]. I had printed a A1 green on black poster with the “root design” logo that was hung on the outside of the tent. We also had a smaller sign with the Nos Oignons logo hanging on the other side. On the table, we had flyers about Nos Oignons [12] (but we quickly ran out of French ones), stickers (but not enough Tor ones), and A2 posters [13]. There was also a A1 version of the poster on the table [14]. Together with the flyer, they offered great visual support to explain what Tor was and what it did. Most often I would start my explanations with what Tor protected and move on to relays and onion crypto only if the person was curious for more details. But in any case, even if it was quite overwhelming for people passing by, the EFF visual helped clear out what was protected and what was not [15]. [10]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J2/SDC10171 [11]: https://nos-oignons.net/%C3%80_propos/index.en.html [12]: https://nos-oignons.net/Diffusez/nos-oignons-flyer-grand-public-201306-en.pdf [13]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J2/SDC10169 [14]: https://nos-oignons.net/Actualit%C3%A9s/20140623_rapports_affiches_et_conferences/600x-affiches-tor-et-https-03.jpg [15]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J2/SDC10170 From Monday to Friday, talks were happening at one of the city university, and booths were inside a big tent [16] in front of it. We quickly put up the posters up again [17] and went answering questions [18]. There was far fewer visitors who didn’t knew about free software or Tor. Discussions were often more technical. [16]: https://twitter.com/guerdal82/status/486763651442180096/photo/1 [17]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J5/SDC10266 [18]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J6/SDC10353-951885625 It was great to be with other Nos Oignons’ volunteers: nicoo, aeris, Lu, opi, mathieui, syl. There was always someone to hold the booth and it didn’t feel like a burden to be there. nicoo cooked us great vegan onion pies [19] every other day. Around 170 posters were given out in a single week. Nos Oignons made around 600€ in donations. [19]: http://www.fdn.fr/~fsirjean/nos-oignons/DSCN6916.JPG Many long time free software users have experience with Tor that is 3-4 years old. They still have in mind that Tor is slow and that it’s complicated to setup. Thankfully, by the end of the week, several of them took another look and had positive feedback (except for the website not being translated). One French operator explained that he had been raided and summoned by the police several times (but without follow-ups). They now reject every IP addresses known to be in France on their exit. What we might have missed on the booth: more hardware to demonstrate the Tor Browser and Tails (but then the network was not always available). Interviews and talk ------------------- In June, I was asked a couple questions by the security track organizers who had invited me to give a talk about Tor. The interview [20] was relayed a little bit on Twitter and other forums. [20]: https://2014.rmll.info/+Interview-de-Lunar-Defis-passes-et+?lang=en People from Radio Campus Montpellier had set up a radio for the event [21]. We did a 25 minutes interview [22]. Thanks to Marie-Odile, there’s even a transcript (in French) [23]. [21]: http://www.radiocampus.be/wp-content/uploads/2014/07/20140709_160956-1024x576.jpg [22]: http://radio2014.rmll.info/e/2014/ep/reseau-tor [23]: https://wiki.april.org/w/R%C3%A9seau_Tor_-_Interview_de_Lunar_-_Radio_RMLL_2014 With the dev. meeting right behind, and all that happening, I did not had enough time to prepare a formal talk for Tuesday [24]. So instead of doing slides, I collected many references on various past and present Tor challenges, sticked them in an Etherpad [25], did a quick 5 minutes introduction and opened for Q&A. The talk was in French, as there is already a good amount of material in English, and nothing I would say is not already written elsewhere. This was a good opportunity to have a conversation [26] within the French free software community. It lasted 40 minutes. Questions were: does Tor needs organizations like Nos Oignons? Do you advise against running a relay at home? What about this upcoming BlackHat talk which claims that you can deanonymize users for cheap? Can you explain how people have been able to make a list of hidden services? What do you think of distributions like Tails or Liberté Linux? How about Tor on Android? What should I do to use another browser than the Tor Browser [27]? Mozilla does security releases of Firefox very often, how long do I stay vulnerable with the Tor Browser? Would it be possible to detect on entry nodes that the browser used is too bad? Why did you told me that using Tor and a VPN was a bad idea? What do I need to run exit nodes? In the Tor project, if someone wants to contribute, who decides, who reviews? Is there a formal process to become a member of the Tor Project? What kind I do with my existing server to help you without getting harmed in the process? Is it interesting to create other organizations like Nos Oignons? The talk has been recorded on video [28]. The room was full [29] (90 attendees for 80 seats) being held concurrently with Richard Stallman’s [30]. I had good feedback both from the audience and from the security track organizers. [24]: https://2014.rmll.info/conference311?lang=en [25]: https://pad.riseup.net/p/lsm2014-tor/50/export/txt [26]: http://blog.rootshell.be/wp-content/uploads/2014/07/IMG_4014.jpg [27]: https://twitter.com/xme/status/486507392944066560 [28]: http://videos-cdn.rmll.info/videos2014/ubicast/31-sc002-defis-passes-et-futurs-pour-tor_e7bf/ [29]: https://twitter.com/phil_alex/status/486500898500521984/photo/1 [30]: https://twitter.com/xme/status/486500822801719297 I had an extra question from a system administrator right after the talk who asked me about how they should handle traffic from Tor from a network point of view. They looked worried mostly about DoS attacks, so I suggested looking at adaptive rate limiting of all Tor exit nodes. Virginie Galindo [31] and Xavier Mertens [32] blogged about the talk and others from the security track. [31]: http://poulpita.com/2014/07/16/rmll2014-free-software-all-in-one-place/ [32]: http://blog.rootshell.be/2014/07/09/rmll-2014-security-track-wrap-up/ Contacts -------- A supporter of Emmabuntüs [33] wanted me to discuss how to include the Tor Browser directly in the distribution. I did not pursue this as I was already tired and I believe this would again be blocked by #3994 [34] which I have mostly given up for now. [33]: http://www.emmabuntus.org/ [34]: https://bugs.torproject.org/3994 I went to the Fedora booth [35] to ask if they know about any progress on getting reproducible builds since last year blog post [36] but they were not aware of anyone working on this in the project. [35]: http://fedora-fr.org/ [36]: http://securityblog.redhat.com/2013/09/18/reproducible-builds-for-fedora/ Liberté 0 [37] is an awesome group of people working on accessibility in free software. I believe we could ask them to have a try at the Tor Browser and the future Tor Messenger to get feedback on how usable our tools are for people using screen readers, for example. [37]: http://wiki.liberte0.org/ We discussed support for XMPP servers behind Tor hidden services with developers of Salut à Toi [38] — a versatile XMPP client that does chat, microblogging, file sharing and many other things. We agreed that Tor hidden services were a nice way to simplify self-hosting. But they were cautious and wanted to review what kind of sensitive data they could leak before hooking the software with Tor. Great! [38]: http://www.salut-a-toi.org/ “YunoHost [39] is a server operating system aiming to make self-hosting accessible to everyone.” We discussed integrating the configuration of Tor hidden services into their interface. Maybe they will need #1922 [40] before that can be done nicely. Once again, I stressed that Tor can make the “how to configure my router” step optional. We also discussed how feasible it would be to enable YunoHost to securily host hidden services (remove as much fingerprinting as possible through network isolation, filesystem isolation, clock on UTC, etc.). It looked doable but non-trivial. One developper is also involved in Nos Oignons, so in any cases, it helps communication. :) [39]: https://yunohost.org/ [40]: https://bugs.torproject.org/1922 I had interesting discussions with the people from the “Serveur Libre” project [41] which is a local hosting provider, self-managed in a horizontal manner, with strong focus on protecting users’ privacy as much as possible. Unencrypted emails are rejected at the SMTP level [42], using Tor is mandatory to access some services [43], and root access is only available through a collective process [44] — using PAM for meetings changes and a submission/validation system for day-to-day operations. The crazy part is that they have a running TorBEL instance [45]. I was surprised that the code was working for them. They are chasing a bad memory leak, though. [41]: https://wiki.serveurlibre.net/ [42]: https://hg.serveurlibre.net/sldev/file/71011e5b086b/cryptomailfilter/README [43]: https://wiki.serveurlibre.net/D%c3%a9veloppement/DropNoTor [44]: https://wiki.serveurlibre.net/D%c3%a9veloppement/CollectiveSysadmin [45]: https://hg.serveurlibre.net/sldev/file/71011e5b086b/torbel/install.sh I also had quick discussions with several free software and Linux user groups on organizing talks about Tor. We’ll see about follow-ups in the next months. In my mind, this would less be about presenting Tor to people than giving material on how to talk about Tor to the rest of the world. Misc. ----- The main conference organizers did quite wrong in letting some people set up hidden video cameras [46] in several places to create “timelapse” movies. After being called out on this, they agreed it was a bad idea. The video material has been erased. Hopefully before someone else got hold of it. [46]: https://ldn-fai.net/rmll-2014-surveillance-video-de-la-foule-a-linsu-des-visiteurs/ I need to thank volunteers from APRIL [47] who have been awesome booth neighbors sharing tips, pens, tape, smiles, and sheltering our stuff in their car when it needed to be moved. [47]: http://www.april.org/ (Many thanks to Sebastian and weasel for proof-reading this long report.) -- Lunar <[email protected]>
signature.asc
Description: Digital signature
_______________________________________________ tor-reports mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
