[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Roger's status report, August 2012
Here's what I said at the beginning of August that I hoped to do:
> - Chair the FOCI workshop at Usenix Security, and also attend the rest
> of Usenix Security.
Done. FOCI went really well -- we had 30-40 people there, and I think
most of the talks were interesting.
I've attempted to pass the torch to Jed Crandall and Joss Wright
for next year's FOCI. But it looks like there will be some early
stumbling blocks around whether Usenix wants to keep FOCI attached
to Usenix Security. We'll see how that plays out.
I spent much of my Usenix Security talking to research groups about
setting up fast exit relays. See more about that below.
I also talked to George Kadianakis about Tor network diversity metrics,
and got him talking to a wide variety of other researchers for further
> - Talk to Ralf-Philipp Weinmann about his TorScan paper (upcoming at
> Esorics) and what we can do to address his attacks.
I talked to him, but we didn't come to any conclusions. Most of the fixes
are delicate and have poorly understood tradeoffs. I left him with the
plan that he would write a Tor design proposal or two, so we can think
through the implications.
> - Look at Rob Jansen's performance graphs from his new Shadow simulations.
> Try to move the performance tickets forward.
Done. We did a bunch of huge simulations using Amazon EC2, and ended
up finding that mysterious bugs were ruining our results. We decided
to focus on the simplest simulation question, and try to sort out the
bugs. You can read our saga here:
and as of early September, we've found and/or solved some good ones. Hard
to say how many more remain before Shadow can solve all our problems, but
I think we're getting closer.
> - Expand on the set of metrics by which the SponsorF Red Team will judge
> the project's success. Specifically, I should list the anonymity attacks
> that they shouldn't evaluate since the PETS community is already doing
> a good job at evaluating anonymity attacks.
Continued. You can read some of my discussions at
George suggested that we try to turn them into a survey list of Tor
attacks. Feel free to get that started if you like the idea.
> - Launch the "run fast bridges for BBG" campaign, ideally by gathering
> volunteers on tor-relays.
We have a few fast bridges running. The real challenge here will be the
traditional bridge distribution strategy question: we need to give them
out to people who need them without letting the bad guy find them. We're
trying out some not-so-automated strategies first. I think the handful
of fast stable bridges we have should be enough for now, on the principle
that for any strategy that doesn't tell so many people that the bad guy
learns too, a stable 100mbit bridge can handle all the good users who
learn about it. In parallel we should continue exploring tricks like
Philipp Winter's brdgrd tool:
and maybe later on we'll move on to alternate transports like Obfsproxy.
> - Launch the "exit relays at universities" push, and send BBG a timetable
> for how our exit relay rollout is looking.
We've got immediate plans from CMU and Penn that I know of, and promises
from Georgia Tech and Michigan:
Moritz and I wrote up
which has so far been useful.
Steve Bellovin at Columbia suggested that we get EFF to write a letter
that university professors can hand to their general counsel, explaining
what Tor is. I'm still talking to EFF people about what exactly they
There's also now a tor-relays-universities list as a support group for
people trying to run exit relays at universities:
> - Get some money to some exit relay operators, since it turns out (ha)
> that it's harder than I expected on our side to do it in a way we'll
> pass our audits.
Not done. I believe Andrew met with Tor's lawyers to discuss how to
position it so that we continue to pass our audits, etc. (Making new
organizational and bureaucratic ways to attack Tor doesn't sound great,
at least not until we understand them better.) I'm hoping to team up
with a couple of other organizations so that we can give them large bulk
grants, and they can divide the money up further. If that should be you,
please let us know!
I'm hoping Moritz can take charge of this topic and make it happen.
> - Get 0.2.3.20-alpha and 0.2.3.21-alpha out.
I got 0.2.3.20-rc out:
Turns out 0.2.3.21-rc waited until September.
> - Consider an 0.2.2.38 stable update.
> - Consider an 0.2.4.1-alpha release.
Not done, but done in September.
> - Sort out my September travel to Germany
Done. I'm going to Berlin next week:
Dagstuhl after that:
and ETH Zurich after that to do a talk at Srdjan Capkun's group on
> and my November travel to
> Netherlands et al.
> - Schedule our NSF "censorship measurement" kickoff meeting, perhaps
> the last week of September or first of October.
Not yet scheduled. The other PIs are overloaded with other things,
so I guess there's no rush, so long as we're doing useful research things.
> - Encourage Andrew to put our "project coordinator" job description up
> and announce it.
He's written the web page, but hasn't announced it or linked it yet. I
guess I'll leave that timing up to him
> - Try to take a vacation Aug 11-19.
Done. I even managed to be on vacation for some of it.
Here are some other things I did in August:
- Continued a mass of personal mail threads with exit relay
operators. Reaching out to them and talking about how to help them makes
them like us more:
Exit relay capacity moved from 10Gbps to just over 12Gbps in August
(growth of 20%), and actual reported load moved from around 6.4Gbps to
8Gbps (growth of 25%).
I don't think it's wise to aim to get to BBG's "125 100mbit+ exit relays"
goal anytime soon (that would involve something like doubling or more
the exit capacity), but we're seeing great effects so far from ramping up
the campaign. And if George and Sathya's preliminary graphs are accurate,
we have maintained or improved our network diversity during this time.
- Tariq's paper on guard rotation got into WPES! I helped them revise it.
- Turned down a pair of journal review invites because the journals are
harming my field (aka not open-access).
- Agreed to be on the program committee for PETS 2013:
Though PETS is technically not open-access either (due to its publisher),
I maintain the website so I can make sure that it is open-access in fact.
I think that's good enough for now, but I'm pushing for more.
- Jumped into the latest "omg Tor isn't perfect" thread:
- Lost a weekend to what was supposed to be a routine drive replacement
and turned into an almost complete hardware replacement for moria1,
one of the directory authorities. Thanks again to Andrew Lewman for
spending his weekend messing with it.
- Helped suggest useful historical documents to seed Karsten's Tech
tor-talk mailing list