Hello all,
This is my first report as a Tor contractor. ^_^ July contained a
lot of travel [1] and a lot of needful discussions and a lot of dealing
with legal bureaucracy[2], but despite my best efforts did not include a
lot of coding. Thankfully, there will not be another month like this
until at least next February.
Attended Summer 2014 Tor developers meeting in Paris.
Attended the Tails dev meeting, also in Paris.
Attended HOPE X in New York City.
.d8888b. 888
d88P Y88b 888
Y88b. 888
"Y888b. 888888 .d88b. 888d888 88888b.d88b. 888 888
"Y88b. 888 d88""88b 888P" 888 "888 "88b 888 888
"888 888 888 888 888 888 888 888 888 888
Y88b d88P Y88b. Y88..88P 888 888 888 888 Y88b 888
"Y8888P" "Y888 "Y88P" 888 888 888 888 "Y88888
888
Y8b d88P
"Y88P"
In late June, work on Stormy began in earnest, as the move away from
being a personal project into being a formal Tor project changed its
scope a bit. As part of this, I sought out a very large variety of
opinions from both the community and those I see as being
non-technical/semi-technical end-users. Stormy is designed as a shell
script to install necessary components for a Tor hidden service that is
useful for journalists and activists.
At the Paris meeting, I discussed other options for implementation
with Lunar, Karsten, and ioerror, which included expanding on Onionshare
(no) and packing the project for Debian. Packaging for Ubuntu is
absolutely possible, and while outside the scope of the contract, I'm
happy to work to package Stormy later this quarter. Debian Developers
working on Tor-related projects have thoughtfully offered to have it
added once finished. I'd love to have `apt-get install stormy` as a
realistic option for users who want to set up a hidden service.
Seeking additional outside input on Stormy was necessary, but
ultimately hasn't changed much in terms of development. I've run
through initial user tests, which have confirmed that documentation
needs to be a top priority, as most users won't have someone to pose
questions to. Initial issues are related to connecting to an outside
server (using PuTTY/commandline) -- all users were able to set up a
Ghost instance and hidden service unassisted. Which is a pretty big win
as far as I'm concerned.
b. 8 `8.`8888. ,8' ,o888888o.
888o. 8 `8.`8888. ,8' 8888 `88.
Y88888o. 8 `8.`8888. ,8',8 8888 `8.
.`Y888888o. 8 `8.`8888.,8' 88 8888
8o. `Y888888o. 8 `8.`88888' 88 8888
8`Y8o. `Y88888o8 `8. 8888 88 8888
8 `Y8o. `Y8888 `8 8888 88 8888
8 `Y8o. `Y8 8 8888 `8 8888 .8'
8 `Y8o.` 8 8888 8888 ,88'
8 `Yo 8 8888 `8888888P'
After travelling to Manhattan for HOPE X, the first thing that
happened was to play Marco Polo with various people I was slated to meet
with. This is always amusing. :D Visited with Twitter engineers and
project managers at various points to talk about the expression needs
for Tor users in oppressive regimes, as well as ways perhaps to make it
easier to unblock Tor exit nodes. They were very understanding and easy
to work with. The main issue is that they were not entirely sure how to
keep an up-to-date list of exit nodes included within their whitelist.
So, when tracking abusive IPs, exit IPs (which each serve millions of
people) would get included and non-abusive users would get locked out.
In discussions with James Vasile of OpenITP, we've come to the
conclusion that working together to (hopefully) tackle what we see as
key issues in easing access to the Tor network for those most at risk.
Chief among these is bridge address diversity (and increase of obfs3
population) and convincing large websites that supporting flashproxy is
in the public interest (which it is). To achieve both requires much
analysis and writing and convincing of third parties. This is still
in-progress, but I am *quite* optimistic that both will be successful.
Am working with hosting companies on possible donations of IP space
usage for the purposes of increasing bridge address diversity.
Came to the conclusion that I should write a proposal or proposed
addendum on BridgeDB improvements, with a particular emphasis on
geo-rotation and blocking response.
Sandy from OpenITP and I are working together in the early stages of
two projects that aim to broaden understanding of and perhaps increase
diverse representation in the community. As a result, I may wind up
working out of the OpenITP office in SoHo at times. #perk
Had a great discussion about Onionshare with Micah Lee, and confirmed
his future development plans for it. While I don't think it's a match
for the use cases that Stormy's trying to solve (and vice versa), I <3
it completely and think that the features he's about to introduce will
be ~awesome~
_ _
___ | |__ __ _(_)
/ _ \| '_ \ / _` | |
| (_) | | | | (_| | |
\___/|_| |_|\__,_|_|
Completed initial research for 'Batou' accessibility+usability
project. Implementation to be finished late August. This project is
unfunded, so no one actually cares about when it gets completed (so it's
likely to move to later).
In addition:
* Relayed my usability recommendations to Mike Perry and may write a
draft proposal in support of them.
* Followed up on non-profit registration for Cupcake Bridge as an
entity.
* Am seeking outside help on Cupcake, as deadlines grow short.
* Tor Browser downloads via Satori have passed ten thousand.
* Colleagues have convinced me to apply to two research fellowships in
support of my netfreedom/anti-censorship work.
* Began discussions about possibly getting institutional support for
some (or perhaps all) of my research.
* People are slowly convincing me to move to Holland. But I will
probably stay in DC.
* Submitted talks to Arse Elektronika.
* Met with researchers.
* Replaced my derpy/huge laptop with a sweet Lenovo sourced from the
only shop which does enough business in a day to not be able to
realistically facilitate hardware backdoors. <3 I ~highly~ recommend
laptop shopping with a renowned security engineer.
This is not quite everything, but I promised myself I'd stop at a
thousand words.
best,
Griffin
[1] Four trips across two countries and five states. Two of those with a
fiften-year-old.
[2] Inheriting a kid leads to a lot of paperwork and costs a small
fortune, as it turns out.
_______________________________________________
tor-reports mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
