[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Roger's status report, July 2012



Here's what I said at the beginning of July that I hoped to do:

> - Attend the Dev meeting and hack fest in Florence. Help everybody
> understand about our upcoming grants, and the upcoming deliverables that
> go with them.

Done. It was a great dev meeting and hack fest -- we had something like
40 Tor developers in one place. How the community has grown!
https://trac.torproject.org/projects/tor/wiki/org/meetings/2012SummerDevMeeting

Thanks again to Gunner for helping us making sure everything went smoothly
and we kept moving forward:
http://aspirationtech.org/about/people/gunner

> - Attend PETS

Done:
http://petsymposium.org/2012/program.php

David Fifield gave a fantastic talk on our Flash Proxy design:
http://crypto.stanford.edu/flashproxy/

I talked to Greg Norcie a lot about Tor Browser usability issues, progress
we've made so far, and what remains to be done:
http://petsymposium.org/2012/papers/hotpets12-1-usability.pdf
If we had enough money we should totally be funding research grants for
people like Greg to do further usability analysis. On the other hand, we
have a pile of known problems and not enough developers to actually fix
them -- so accruing *more* known problems, while great, maybe shouldn't
be the most immediate goal.

I should also draw your attention to Yossi Gilad's paper, "Spying in
the Dark: TCP and Tor Traffic Analysis":
http://freehaven.net/anonbib/papers/pets2012/paper_57.pdf
It's another in the line of congestion-based traffic analysis papers
(watch Alice's connection into the Tor network, send some packets to the
suspected exit relay and/or destination website to reduce its TCP window,
and then see if the flow on Alice's side slows down). It's unclear how
bad it is in practice (i.e. how practical the attack is), but it's a
nice example of how congestion attacks are not yet fully understood.

The next PETS will be at Indiana University next summer.

>plus do a talk at the 'provably privacy' workshop in Vigo.

Done:
https://www.cosic.esat.kuleuven.be/ecrypt/provpriv2012/program.html

The ecrypt workshop was a tough combination of people who already did
Tor research and people who didn't know that Tor doesn't mix. It ended
up being in part a group discussion of Tor's toughest research attacks,
to try to raise awareness of issues rather than suggest solutions.

> - Probably go to Berkeley for the last week in July.

Done. I met with EFF people for a day (mainly Peter Eckersley, talking
with Mike Perry and Isis about how to salvage our browser situation
in the face of both Firefox and Chrome including new privacy-invasive
features at a faster clip than we can keep up with).

I had lunch with Prateek Mittal, a post-doc at Berkeley who used to be in
Nikita Borisov's lab at Illinois. Prateek is working on Sybil resistance
and social-network-based security -- e.g. routing through your social
network to resist some of the attacks that Tor has problems with.

I also met briefly with Doug Tygar, a Berkeley prof who is working on
evaluating circumvention tools, and with Vern Paxson's group at ICSI,
who are looking into how to reason about pluggable transports and find
ways to do better at the arms race.

> - Summarize open simulation tickets and open performance tickets, so we
> can prioritize them and get more developer attention on them.

I talked to Karsten and Rob about performance work at the dev meeting,
and we moved each ticket forward individually. I haven't had a chance to
sit down and organize them en masse though:
https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/Performance

Nickm now has a list of specific Tor development tasks (mostly of the form
"clean up this patch so it's something we'd be willing to merge").

And Rob has been doing simulations on our current patches to help us
decide which ones should actually help:
https://trac.torproject.org/projects/tor/ticket/6401

> - Publicize one or more new job openings on our jobs page:
> https://www.torproject.org/about/jobs.html.en
> and start collecting applications.

I helped Mike get the Tor Browser Hacker job description up and announced:
https://www.torproject.org/about/jobs-browserhacker
Now we need to get enough applications and interest that we have great
people to select from.

> - Make sure our new core dev gets added to the people page, and make
> sure we do some sort of announcement so there's closure. Follow-up on
> the original core dev job announcements to say we've got one (but leave
> the job announcement up, because we wouldn't mind having another if the
> perfect person came along).

I just added Andrea to the core people page, along with some other
people who have been core people for a while but never made it onto
the page. We continue to have a blurry line between which of our fine
volunteers happens to make it into the core people page. I think we
should probably put more of them on it -- isis and Moritz come to mind,
as well as David Fifield, Philipp Winter, the Tails people, Ian Goldberg,
and others.

All that said, I don't think we've actually done any sort of announcement
or acknowledgement about the core dev spot. Should we?

> - Ian told me that Tariq's "Changing of the Guards" paper was flawed. I
> don't yet agree that it's flawed -- I should follow up with them and see
> which parts of the design need to be discarded and which I can resurrect.

Tariq, Ian, I, and others ended up adapting the paper into a WPES
submission, which focuses on Tariq's framework for how to answer questions
about bridge churn.

I still think the investigation has uncovered a really interesting
privacy vulnerability: if the Tor client has perfect connectivity, it
will pick three guards, and if one of them goes offline it will continue
in a degraded "two guard" state rather than picking a fourth guard
and risking showing its circuits to a new relay. So far so good. But a
client with bad connectivity will end up with dozens or even hundreds
of guards on its list, and when one of its top three goes away it will
move to a fourth. Somewhere in there it would seem this is suboptimal
behavior. More research required, as they say.

> - Get Tor 0.2.3.x closer to stable.

We released 0.2.3.19-rc on 2012-07-06.

> - Organize and announce (hopefully in that order) our upcoming plans
> for encouraging more exit relays.

Done:
https://lists.torproject.org/pipermail/tor-relays/2012-July/001433.html

I spent much of my second half of July on this topic, including individual
mail threads with many of the fast exit and non-exit relay operators,
to strengthen the community and learn who is in a good position for
growing their relay.

We have several trac tickets following the "diversity metrics" side:
https://trac.torproject.org/projects/tor/ticket/6232
https://trac.torproject.org/projects/tor/ticket/6443
https://trac.torproject.org/projects/tor/ticket/6498
https://metrics.torproject.org/fast-exits.html

I also talked to Sathya about having him do his undergrad thesis on the
question of measuring and tracking diversity in the Tor network. It would
be great to see more Tor research groups take an interest and give him
some guidance.

Next steps for me on the exit relay front are to hit up my contacts
at universities (Boston University and University of Waterloo run fast
exits, but many more want to if I just help them enough); figure out how
logistically we can get money to the exit relay operators who need it;
and figure out how to integrate Moritz into the "continuing to strengthen
the relay operator community" role.

> - Track down all the plans for my November trip to Amsterdam. The original
> plan was to speak in Rotterdam at their CA conference (organized after
> the DigiNotar thing), but that expanded to maybe talking to Dutch law
> enforcement, and then maybe Austrian law enforcement, and now the Belgian
> law enforcement want me to come explain the Internet to them too. All of
> these things are worth doing (the more law enforcement groups understand
> Tor, the less they hassle our exit relay operators and the less they
> lobby for laws to outlaw privacy), but we'll see how many I can fit in.

Not started. Should do rsn.

> - Start looking into properties we want for a more DPI-resistant "obfs3"
> protocol.

I talked to Ian Goldberg about it, and got him talking to George (asn)
at PETS. I believe they have a plan, and I think Brandon Wiley (our
gsoc student) is even planning to integrate it into his python pluggable
transport library. Stay tuned for more details.

------------------------------------------------------------------------

Here are some other things I did in July:

- While in Vigo, I called in to the SponsorF site visit to help brief the
program manager on our progress. One of the followups is that we should
either get a 320KB torperf instance running (since 50KB is very small),
or better, get something running that fetches some actual popular web
pages including their css, images, etc. We could either do it as "this
is how long it takes in practice to load the frontpage of foo.com",
which would show us realistic performance over time, or we could set up
a fake foo.com so real-world website changes don't add another variable.

- Had multiple tor-exec budget meetings to figure out how to do all the
new things our sponsors want, without running out of money. We have a
plan, and it looks good. I look forward to learning how much that means
we can scale up in 2013.

- Helped Karsten plan for the SponsorL deliverables:
https://lists.torproject.org/pipermail/tor-dev/2012-July/003808.html

- Did a bit of actual Tor development, including tracking down some
fun bugs like https://trac.torproject.org/projects/tor/ticket/6404

------------------------------------------------------------------------

Here are some items I expect to do in August:

- Chair the FOCI workshop at Usenix Security, and also attend the rest
of Usenix Security.
https://www.usenix.org/conference/foci12/tech-schedule/workshop-program
https://www.usenix.org/conference/usenixsecurity12/tech-schedule/technical-sessions

- Talk to Ralf-Philipp Weinmann about his TorScan paper (upcoming at
Esorics) and what we can do to address his attacks.

- Look at Rob Jansen's performance graphs from his new Shadow simulations.
Try to move the performance tickets forward.

- Expand on the set of metrics by which the SponsorF Red Team will judge
the project's success. Specifically, I should list the anonymity attacks
that they shouldn't evaluate since the PETS community is already doing
a good job at evaluating anonymity attacks.

- Launch the "run fast bridges for BBG" campaign, ideally by gathering
volunteers on tor-relays.

- Launch the "exit relays at universities" push, and send BBG a timetable
for how our exit relay rollout is looking.

- Get some money to some exit relay operators, since it turns out (ha)
that it's harder than I expected on our side to do it in a way we'll
pass our audits.

- Get 0.2.3.20-alpha and 0.2.3.21-alpha out.
- Consider an 0.2.2.38 stable update.
- Consider an 0.2.4.1-alpha release.

- Sort out my September travel to Germany, and my November travel to
Netherlands et al.

- Schedule our NSF "censorship measurement" kickoff meeting, perhaps
the last week of September or first of October.

- Encourage Andrew to put our "project coordinator" job description up
and announce it.

- Try to take a vacation Aug 11-19.

------------------------------------------------------------------------

Things I'm still dropping the ball on:

- Transparently document the secteam process, especially since we have
concluded to use it far less often and only for critical security things.

- Answer the thread between Karsten and Jake where we had an excited
volunteer with a clearly useful contribution that we totally dropped on
the floor. Try to generalize the experience to improve our response to new
contributors. We used to be great at it, and lately we're all overloaded.

- Add a "scientific papers" exception to our trademark-faq: I want to give
blanket permission to scientific papers to use the word Tor in their paper
name, so long as they don't go and write software under that name too.
https://www.torproject.org/docs/trademark-faq

- Make a plan for fixing all the "CBT sometimes breaks Tor" issues.
https://trac.torproject.org/projects/tor/ticket/3443

- Start summarizing Tor research papers on the blog more regularly. There
have been a huge number of really important research papers lately,
and most Tor people don't know about them. Should I summarize them on
the blog (for a broader audience), or on tor-dev (for the rest of the
Tor developers), or what?

- I need new business cards.

- Get https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorA
through D back up on the wiki somewhere (Andrew took them down since
they were concluded, and since they just listed contract deliverables
rather than the progress reports and trac ticket links that we've been
doing for later funders; but we should keep them there for posterity).

- Tell Micah Sherr and Chris Wacek (Georgetown) about the open
simulation questions; and get Rob Jansen (UMN/NRL), Mashael AlSabah
(Waterloo), etc a good summary of the current performance situation.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk