[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Just some updates on "Use Privacy Software, Use Tor" advocation

Great stuff! Thanks especially for the Stem bug report. It was a great catch. :)

On 2/20/17, m.ajiao@xxxxxxx <m.ajiao@xxxxxxx> wrote:
> Hello, Tor Talk and Privacy Enthusiasts!
> Here are some small updates about my hobbyist project "Teach and encourage
> people to use Tor."
> 1. I emailed Damian Johnson, the Stem developer, about the wide character
> handling bug, which makes Stem fail to authenticate when Tor executable's
> path contains Chinese or Japanese characters. This bug has been fixed now.
> 2. The content in my GitHub repo [1] is written in a style that young people
> in China, Japan and possibly other countries can easily accept. It might
> appear strange to a different group of audience.
> [1] https://github.com/m-ajiao/Dr.-Tanaka-Says
> 3. My GitHub repo got views from Reddit, Facebook and komica.org image
> board. Though no stars, it gains a little bit of popularity.
> 4. News: [2] On Feb. 16th, Chinese man arrested in Japan for illegally
> uploading cartoon episodes (I guess via peer-to-peer software). Police
> typically won't take action if the amount of uploaded data does not exceed a
> certain threshold. Up to now, at least 4 Chinese people have been arrested
> for torrenting without any protection, over a monitored network. Lesson
> learned: when doing something controversial or semi-illegal, know your
> threats. When you have a basic understanding of the threat model, you don't
> unconsciously put yourself in danger. For example, though not necessarily
> enough, that guy should at least use some basic protection such as VPN.
> [2]
> https://www.reddit.com/r/Piracy/comments/5uvouh/the_3rd_time_chinese_fansubber_arrested_in_japan
> 5. Got spikes on traffic graph on Feb. 18th and 19th. Most of them are not
> unique viewers. (People were reviewing what they read?)
> 6. Got questions from Reddit: "Why is it exclusively in Chinese? Readers may
> need translation."  "Why is it addressed specifically to fansubbers? You may
> want to expand it to larger audience."  "Since this is the theme, you can
> write about the specific threats and defenses for fansubbers."
> I am trying to add more content, both general to all and specific to
> fansubs, and English translations are coming very soon.
> 7. I quickly searched the web and read through the comments general Chinese
> netizens left under the discussions of the Feb. 16th news. I saw people
> mention public key encryption and "multi-hop VPN":
>> "The person who uploads video should use the public key from the group
>> members in China."
>> "Look at American fansubs. They use multi-hop VPNs."
>> > "Wow that really looks like spies."
> Generally, I saw better comments, in contrast with last year's comments,
> which I mentioned in my previous email. Comment writers demonstrated a basic
> grasp of encryption concept and its importance. The most interesting comment
> is:
>> "What exactly is the Onion software?"
> Well, it is Tor, The Onion Router, or TBB, the Tor Browser Bundle. Both its
> name and its traffic are heavily censored in China, but I believe people in
> Japan have easier access to Tor software and Tor network.
> 8. I am writing about why the proprietary and inactive Perfect Dark [3] is
> not OK. It is obvious to us, but the audience is the general Chinese young
> people. I am trying to encourage readers to switch to free libre open source
> privacy software and well-studied, more reliable anonymity networks. I have
> listed the reasons, both generally and specifically why Perfect Dark is not
> safe.
> [3] https://en.wikipedia.org/wiki/Perfect_Dark_%28P2P%29
> - It has not been updated for a year.
> - It is closed source, proprietary software. You can hardly check if the
> software behaves correctly. Note that even security experts can get a
> headache auditing things by reverse engineering.
> - "You are too weak." It is using weak crypto -- RSA-1024. Now HTTPS
> certificates using RSA-1024 are being revoked!
> - Japanese cyber agency claims to have software used to decipher the traffic
> of Perfect Dark. They claimed they were able to get the metadata of the
> files being shared. But limited research effort had been made to figure out
> how the cyber agency did it. The links to the sources are dead.
> I could only think of these 4 reasons. Any other suggestions on the reasons?
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to