[ Please ignore the other email. It missed language ] [ fixes and the list of recurring questions. ]
Hi! Right at the close of the 2014 summer dev. meeting [1], I jumped onto a train in the direction of Montpellier to attend the 15th Libre Software Meeting [2]. The Libre Software Meeting is the biggest free software event for the French community. [1]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting [2]: https://2014.rmll.info/?lang=en The Tor / Nos Oignons booth --------------------------- Like last year [3], it started with two days of tents and booths [4] really close to the central Place de la Comédie. More than 60 different projects and organizations were represented [5]. Most of the tents [6] stayed up for the two days, despite the strong wind. No rain until Sunday evening where we quickly packed at the first drops. Saturday was well attended [7] and there was hardly two minutes without someone asking questions [8]. Sunday got slightly less visitors [9] but it was still very successful. [3]: https://lists.torproject.org/pipermail/tor-reports/2013-July/000292.html [4]: https://2014.rmll.info/Lieux?lang=en [5]: https://2014.rmll.info/Participants?lang=en [6]: https://twitter.com/Bookynette/status/485667519655849984/photo/1 [7]: https://twitter.com/rmll2014/status/485440941021745152/photo/1 [8]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J1/SDC10140 There’s 5 people in front of the booth in that picture. [9]: https://twitter.com/ackrst/status/485719865148571648/photo/1 We had a joint booth [10] for Tor and Nos Oignons [11]. I had printed a A1-sized green on black poster with the “root design” logo that was hung on the outside of the tent. We also had a smaller sign with the Nos Oignons logo hanging on the other side. On the table, we had flyers about Nos Oignons [12] (but we quickly ran out of French ones), stickers (but not enough Tor ones), and A2 posters [13]. There was also a A1 version of the poster on the table [14]. Together with the flyer, they offered great visual support to explain what Tor was and what it did. Most often I would start my explanations with what Tor protected and move on to relays and onion crypto only if the person was curious for more details. Even if it was quite overwhelming for people passing by, the EFF visual helped to make clear out what was protected and what was not [15]. [10]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J2/SDC10171 [11]: https://nos-oignons.net/%C3%80_propos/index.en.html [12]: https://nos-oignons.net/Diffusez/nos-oignons-flyer-grand-public-201306-en.pdf [13]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J2/SDC10169 [14]: https://nos-oignons.net/Actualit%C3%A9s/20140623_rapports_affiches_et_conferences/600x-affiches-tor-et-https-03.jpg [15]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J2/SDC10170 From Monday to Friday, talks were happening at one of Montpellier's universities, and booths were set up inside a big tent [16] in front of it. We quickly put up the posters up again [17] and started answering questions [18]. There, most vistors already knew about free software or Tor. Discussions were often more technical. [16]: https://twitter.com/guerdal82/status/486763651442180096/photo/1 [17]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J5/SDC10266 [18]: http://photo.rmll.info/index.php/2014/Montpellier-Esplanade-Charles-de-Gaulle-J6/SDC10353-951885625 It was great to be with other Nos Oignons’ volunteers: nicoo, aeris, Lu, opi, mathieui, and syl. There was always someone to hold the booth and it didn’t feel like a burden to be there. nicoo cooked us great vegan onion pies [19] every other day. We really made progress in how we explained things during the week. Around 170 posters were given out in a single week. Nos Oignons made around 600€ in donations. [19]: http://www.fdn.fr/~fsirjean/nos-oignons/DSCN6916.JPG Recurring questions included: * Does Tor work in China? * What's the difference between Tor and Peer To Peer? * What's the difference between Tor and a VPN? * Does Tor remove ads? * Every Tor users are under surveillance by the NSA, is that bad? * How do I user Tor with other applications? * Is it dangerous to use Tor with a Wi-Fi network that you do not trust? * Tor is slow, right? * Are my messages protected when I use Tor? * How can I trust Tor when the NSA operates 2/3rd of the relays? * How is Tor funded? * What is Tor legal framework? * What is the difference between Tor and Freenet? * What is the difference between Tor and other anonymization networks? * Can I get around the filters set up by university housing with Tor? * Why should I use the Tor Browser when I can use Firefox and extensions? * If I use Tor, will I get infected by malware more easily? * Is it dangerous to run an exit node? * When I use the Tor Browser, I'm relaying connections from other users, right? * Can I become an exit node without knowing it? * How can an attacker fingerprint my browser? * What are hidden services? * What is Tor doing about cookies? * But the Silkroad guy got arrested, right? * What does Tor bring me? * How do I use Tor? Many long time free software users have experience with Tor that is 3-4 years old. They still have in mind that Tor is slow and that it’s complicated to setup. Thankfully, by the end of the week, several of them took another look and had positive feedback (except for the website not being translated). One French operator explained that he had been raided and summoned by the police several times (but without follow-ups). They now reject every IP addresses known to be in France on their exit. What we might have missed at the booth: more hardware to demonstrate the Tor Browser and Tails (but then the network was not always available). Interviews and talk ------------------- In June, I was asked a couple questions by the security track organizers who had invited me to give a talk about Tor. The interview [20] was relayed a little bit on Twitter and other forums. [20]: https://2014.rmll.info/+Interview-de-Lunar-Defis-passes-et+?lang=en People from Radio Campus Montpellier had set up a radio for the event [21]. We did a 25 minutes interview [22]. Thanks to Marie-Odile, there’s even a transcript (in French) [23]. [21]: http://www.radiocampus.be/wp-content/uploads/2014/07/20140709_160956-1024x576.jpg [22]: http://radio2014.rmll.info/e/2014/ep/reseau-tor [23]: https://wiki.april.org/w/R%C3%A9seau_Tor_-_Interview_de_Lunar_-_Radio_RMLL_2014 With the dev. meeting right behind, and all that happening, I did not had enough time to prepare a formal talk for Tuesday [24]. So instead of doing slides, I collected many references on various past and present Tor challenges, put them on an Etherpad [25], did a quick 5 minutes introduction, and opened for Q&A. The talk was in French, as there is already a good amount of material in English, and nothing I was about to say is not already written elsewhere. This was a good opportunity to have a conversation [26] with the French free software community. It lasted for 40 minutes. The questions were: does Tor needs organizations like Nos Oignons? Do you advise against running a relay at home? What about this upcoming BlackHat talk which claims that you can deanonymize users for cheap? Can you explain how people have been able to make a list of hidden services? What do you think of distributions like Tails or Liberté Linux? How about Tor on Android? What should I do to use another browser instead of the Tor Browser [27]? Mozilla does security releases of Firefox very often, how long do I stay vulnerable with the Tor Browser? Would it be possible to detect, at entry nodes, that the browser used is too bad? Why did you told me that using Tor and a VPN was a bad idea? What do I need to run exit nodes? In the Tor project, if someone wants to contribute, who decides, who reviews? Is there a formal process to become a member of the Tor Project? What can I do with my existing server to help you without getting harmed in the process? Is it interesting to create other organizations like Nos Oignons? The talk has been recorded on video [28]. The room was full [29] (90 attendees for 80 seats) despite the presentation being held concurrently with Richard Stallman’s talk [30]. I had good feedback both from the audience and from the security track organizers. [24]: https://2014.rmll.info/conference311?lang=en [25]: https://pad.riseup.net/p/lsm2014-tor/50/export/txt [26]: http://blog.rootshell.be/wp-content/uploads/2014/07/IMG_4014.jpg [27]: https://twitter.com/xme/status/486507392944066560 [28]: http://videos-cdn.rmll.info/videos2014/ubicast/31-sc002-defis-passes-et-futurs-pour-tor_e7bf/ [29]: https://twitter.com/phil_alex/status/486500898500521984/photo/1 [30]: https://twitter.com/xme/status/486500822801719297 I had an extra question from a system administrator right after the talk who asked me how they should handle traffic from Tor from a network point of view. They looked worried mostly about DoS attacks, so I suggested looking at adaptive rate limiting of all Tor exit nodes. Virginie Galindo [31] and Xavier Mertens [32] blogged about the talk and others from the security track. [31]: http://poulpita.com/2014/07/16/rmll2014-free-software-all-in-one-place/ [32]: http://blog.rootshell.be/2014/07/09/rmll-2014-security-track-wrap-up/ Contacts -------- A supporter of Emmabuntüs [33] wanted me to discuss how to include the Tor Browser directly in the distribution. I did not pursue this as I was already tired and I believe this would again be blocked by #3994 [34] which I have mostly given up for now. [33]: http://www.emmabuntus.org/ [34]: https://bugs.torproject.org/3994 I went to the Fedora booth [35] to ask if they know about any progress on getting reproducible builds since last year's blog post [36] but they were not aware of anyone working on this in the project. [35]: http://fedora-fr.org/ [36]: http://securityblog.redhat.com/2013/09/18/reproducible-builds-for-fedora/ Liberté 0 [37] is an awesome group of people working on accessibility in free software. I believe we could ask them to have a try at the Tor Browser and the future Tor Messenger to get feedback on how usable our tools are for people using screen readers, for example. [37]: http://wiki.liberte0.org/ We discussed support for XMPP servers behind Tor hidden services with developers of Salut à Toi [38] — a versatile XMPP client that does chat, microblogging, file sharing and many other things. We agreed that Tor hidden services were a nice way to simplify self-hosting. But they were cautious and wanted to review what kind of sensitive data they could leak before hooking the software with Tor. Great! [38]: http://www.salut-a-toi.org/ “YunoHost is a server operating system aiming to make self-hosting accessible to everyone.” [39] We discussed integrating the configuration of Tor hidden services into their interface. Maybe they will need #1922 [40] resolved before that can be done nicely. Once again, I stressed that Tor can make the “how to configure my router” step optional. We also discussed how feasible it would be to enable YunoHost to securely host hidden services (remove as much fingerprinting as possible through network isolation, filesystem isolation, clock on UTC, etc.). It looked doable but non-trivial. One developper is also involved in Nos Oignons, so in any cases, it helps communication. :) [39]: https://yunohost.org/ [40]: https://bugs.torproject.org/1922 I had interesting discussions with the people from the “Serveur Libre” project [41], which is a local hosting provider, self-managed in a horizontal manner, with strong focus on protecting users’ privacy as much as possible. Unencrypted emails are rejected at the SMTP level [42], using Tor is mandatory to access some services [43], and root access is only available through a collective process [44] — using PAM for meetings changes and a submission/validation system for day-to-day operations. The crazy part is that they have a running TorBEL instance [45]. I was surprised that the code was working for them. They are chasing a bad memory leak, though. [41]: https://wiki.serveurlibre.net/ [42]: https://hg.serveurlibre.net/sldev/file/71011e5b086b/cryptomailfilter/README [43]: https://wiki.serveurlibre.net/D%c3%a9veloppement/DropNoTor [44]: https://wiki.serveurlibre.net/D%c3%a9veloppement/CollectiveSysadmin [45]: https://hg.serveurlibre.net/sldev/file/71011e5b086b/torbel/install.sh I also had quick discussions with several free software and Linux user groups on organizing talks about Tor. We’ll see about follow-ups in the next months. In my mind, this would be less about presenting Tor to people than giving material on how to talk about Tor to the rest of the world. Miscellanea ----------- The main conference organizers did quite wrong in letting some people set up hidden video cameras [46] in several places to create “timelapse” movies. After being called out on this, they agreed it was a bad idea. The video material has been erased. Hopefully before someone else got hold of it. [46]: https://ldn-fai.net/rmll-2014-surveillance-video-de-la-foule-a-linsu-des-visiteurs/ I would like to thank volunteers from APRIL [47], who have been awesome booth neighbors, sharing tips, pens, tape, smiles, and sheltering our stuff in their car when it needed to be moved. [47]: http://www.april.org/ (Many thanks to Sebastian for proof-reading this long report.) -- Lunar <[email protected]>
signature.asc
Description: Digital signature
_______________________________________________ tor-reports mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
