from the so-long,-farewell,-auf-weidersehen,-goodbye dept.
Shari Steele is resigning her position as the director of the Tor Project, according to a report by Cyberscoop. Steele will remain director through December 31st, and the search for her replacement is still underway.
[...] For many, Steele's directorship, which started in December 2015, signaled a sea change within the organization and shifted Tor towards being more inclusive and community focused.
[...] "I had intended to retire after my time with EFF, but I believed strongly in the Tor Project's mission, and I felt I could help," Steele wrote in a blog post after the news broke. "I look at the Tor Project organization today and feel quite confident that we've got the talent and the structure to continue to support the organization's great work."
Source: The Verge
(Score: 3, Interesting) by Arik on Saturday February 24 2018, @05:58AM (8 children)
So I'm wishing her the very best.
If laughter is the best medicine, who are the best doctors?
(Score: 5, Interesting) by takyon on Saturday February 24 2018, @06:26AM (7 children)
The unstated (in TFS) story is that she was brought in as Appelbaum [wikipedia.org] was being transitioned out:
Jacob Appelbaum Leaves the Tor Project [soylentnews.org]
Not that there's anything necessarily wrong with that. Many cried foul when he left, but a project that is all about decentralization should obviously be bigger than any one coder/personality. They seem to have had their shit together since, but it's hard to know since critical vulnerabilities in Tor could end up being exploited for years (think: a Tor exploit gets used covertly by the FBI and NSA for years, and people start being arrested by the FBI as soon as it is noticed and fixed).
Tor Browser 7.0.2 is Released [soylentnews.org]
Russia Bans VPNs and Tor, Effective November 1 [soylentnews.org]
Tor Browser 7.0.3 is Released (Major Security Bugfix Release for Linux Users Only) [soylentnews.org]
Critical Tor Flaw Leaks Users’ Real IP Address [soylentnews.org]
Tor's Next Generation of Onion Services [soylentnews.org]
Tor use has been way up since mid-2017 [torproject.org]. I'm not sure how to explain that, maybe someone else can.
One unfortunate (?) thing is that Firefox never ended up directly integrating [soylentnews.org] Tor into the main browser. That could have been implemented in a way that limited potential issues (keep a "Tor incognito" window in a separate process, strictly enforce zero JavaScript or user-controlled whitelist-only, etc.). That could have added millions of new users to the Tor network, making it more robust (or not?), and could have given vanilla Firefox users a reason not to switch away to other browsers... particularly Google Chrome.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Interesting) by Arik on Saturday February 24 2018, @06:36AM (2 children)
So I'll skip most of it.
"One unfortunate (?) thing is that Firefox never ended up directly integrating [soylentnews.org] Tor into the main browser."
If I am not badly mistaken, Firefox is a trademark. On owned by the Mozilla Foundation. An organization which was completely pwned by the lowest form of jackass many years ago. Am I supposed to be surprised?
If laughter is the best medicine, who are the best doctors?
(Score: 4, Interesting) by takyon on Saturday February 24 2018, @06:50AM (1 child)
Well, I was more optimistic about it four years ago. I even thought that Firefox OS [wikipedia.org] might have a life on $10-50 smartphones.
Fast forward to today and usage share [wikipedia.org] of the browser has declined from about 15-25% to 9-12%. Firefox OS is dead. Mozilla has managed to get another default-search-engine-lifeline from Google, but is being sued by the remnants of Yahoo! Although it's unclear whether the Mozilla Foundation getting a couple hundred million dollars or whatever actually results in (m)any benefits to users.
https://soylentnews.org/article.pl?sid=17/12/07/0253255 [soylentnews.org]
https://searchengineland.com/yahoo-parent-sues-mozilla-replacing-google-firefox-default-search-287872 [searchengineland.com]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2, Interesting) by Anonymous Coward on Saturday February 24 2018, @10:10AM
Resulted in the entire board resigning. The replacement board included Steele as well as Bruce Schneier and a few other 'reputable' members of the security community.
However as I've recently discovered during a spate of security issues with I2P, Tor's outproxies number only a few thousand. Its number of relay nodes may number a few thousand more, but if you use TBB and look at your 'Tor circuit for this site' you will notice a *LOT* of the same tunnels popping up.
At least one or two people involved provided, on good authority, that passive traffic analysis has rendered Tor compromised for at least the past 5 years, rendering the prospect of parallel construction to knock off darknet markets as probable as the simple incompetence claimed by enforcement authorities.
I2P on the other hand is sitting on 80 million worth of BTC under the control of eche|0n with no major development having occurred in 5+ years, and a concerning series of security exploits plus 28 percent node compromise Sybil attacks being not only probable, but tested by a member of the community.
At this point in time, Tor is still useful for keeping corporations from tracking you. But hidden services and clearnet browsing history should be assumed within the capabilities if not actively being recorded by 5 eyes related groups.
At this point in time the options are a fresh I2P implementation (both the java and c++ ones, as well as the crypto libraries in use having a variety of known flaws, some resolved, some inherent to their designs), a new network based off the dissent'/riffle style cipher/protocols, or a new protocol combining fixed timing/bandwidth tunnels with some way of authenticating the reliability and connectivity of other peers on the network to watch for indications of sybil attacks.
(Score: 2) by fishybell on Saturday February 24 2018, @04:39PM (3 children)
That graph is slightly misleading. Tor usage is down from its late 2013 peak. That page has only been tracking usage since mid 2011.
A more complete [torproject.org] graph shows what I'm talking about.
As for why the usage rocketed up in 2013? I haven't the foggiest. I would have thought it was related to the popularity of the original silk road [wikipedia.org], but it was started in February 2011, and was shut down in October 2013.
(Score: 2) by fishybell on Saturday February 24 2018, @04:45PM (1 child)
*dons tinfoil hat*
...then again, the huge uptick could have been the real mechanism that was used by the FBI to find the real IP address of the Silk Road. Instead of leaked data from a CAPTCHA or PHP information linkage, they instead set up a huge amount Tor relays and clients to statistically determine the real IP address.
*doffs tinfoil hat*
(Score: 0) by Anonymous Coward on Saturday February 24 2018, @07:22PM
That doesn't seem like a tinfoil hat type scenario, I would say that sounds incredibly plausible and a reasonable course of action for them to take. Not a conspiracy level thing where people get murdered for finding out about it.
(Score: 2) by takyon on Saturday February 24 2018, @05:20PM
Edward Snowden's disclosures were in June 2013. What you see is a massive but temporary spike in interest in Tor as ordinary people tried the software out but grew tired of it. However, when it fell back down, it remained at a significantly higher level than pre-June 2013 (~500k vs. ~2 million), and organically grew to the high level we see today (3.5-4 million). The 2014-present activity is not misleading because it encompasses activity that happened after peak-Snowden and shows more stable growth.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2, Insightful) by Anonymous Coward on Saturday February 24 2018, @06:23AM (8 children)
How about a shift towards even greater technical perfection in the face of attackers?
(Score: 5, Informative) by takyon on Saturday February 24 2018, @06:31AM (7 children)
https://lists.torproject.org/pipermail/tor-announce/2018-January/000149.html [torproject.org]
They've been doing that, as ever, with every release.
What should leave you cold is that U.S. taxpayers fund people who will find, hoard, and exploit any security issue found in the Tor network/Browser/etc., instead of reporting them to The Tor Project.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday February 24 2018, @08:20AM (6 children)
Bletchley Park: I say there, you German chappies, that Enigma thingie...
Damn Vile Nazis: Ja?
Bletchley Park:Well, some of our boffin types, just messing around you understand, managed to start reading your messages...
DVN: Scheisse!.......errr, Danke?..fiddle..fiddle..fiddle VRBQMKIQOMXNGMYHXFOJFQPJBRFV ?
Bletchley Park: Didn't quite get that, old chap..
DVN:Ausgezeichnet! (KOPTAAQPZZI)
(Score: 2) by takyon on Saturday February 24 2018, @08:29AM (5 children)
Cute. That has about as much as relevance as the draft [wikipedia.org] does today.
If you want privacy and security, the U.S. government is your enemy, even if you are an American citizen. Possessing "irresponsible encryption" [soylentnews.org] is soon to be a terroristic act.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by jmorris on Saturday February 24 2018, @08:35AM (1 child)
And USG runs almost all of the Tor exit nodes. Connect the dots.
(Score: 2) by takyon on Saturday February 24 2018, @08:44AM
If you're concerned about that then you should stick to hidden services.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Insightful) by Anonymous Coward on Saturday February 24 2018, @09:20AM (2 children)
Ok, the point I was trying to make is that when you pay your Spooks to break encryption which may be used by an 'enemy' you don't exactly then expect them to then close the holes they've used to do so by pointing these out to the writers/inventors of the encryption mechanism..
Oh, a given, as far as any Government is concerned, not just the USian one.
Anyone not part of the 'unthinking masses' is the enemy, or potentially so, for any Government of any political colour anywhere on this dirtball...actually even the 'unthinking masses' are also the enemy, but a lower priority one and far easier to control (techniques developed over millennia of practice).
That's why I threw in the 'joke' Bletchley Park reference, this is not a new problem, 'They' are at war with 'us' and have been for centuries, even when they're stage directing the attentions of the 'unthinking masses' to whatever the external-enemy-de-jour is, they're still keeping a close(r) eye on 'us'.
(Score: 2) by takyon on Saturday February 24 2018, @09:34AM (1 child)
Yeah, sorry for calling it "cute", I'm tuned for aggressive e-fighting right now.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday February 24 2018, @09:47AM
No worries!.