I've let my status reports lapse while focusing on getting "real" work done. Here's a start at getting back on track.
- Karen and I attended a conference at the German Foreign Office to help them decide what role Germany and the EU should have at regulating the sale of censorship and surveillance tools to dictators: http://internethumanrights.org/ihrberlin2012/ Highlights: - I liked Eric King (from Privacy International)'s suggestion that when companies are submitting their tools for export evaluation, they should be required to submit their brochures too. Some of these companies are just shameless in terms of how they pitch their tool in terms of number of bloggers you can round up per unit time. I'm convinced that controlling "the worst of the worst" in terms of how they can present their product will influence how these products spread. - That said, these were all (foreign) policy experts, not technologists. They all seemed to take it for granted that you could draw a line between "bad" products and acceptable / dual-use products. I tried to hold back from saying "every time you people try to come up with legal phrasings about what technologies are ok, you end up putting tools like mine on the wrong side of the line." In retrospect, I should have said it more loudly. - They were really proud to have Tor representatives there. Having us there let them show the world that they had "real technologists" at their meeting. There were several cases where the whole breakout session turned to me and wanted to know what Tor thought about the given question. - I met a nice man who worked for a telco/DPI company that deploys its products in the Middle East. He raised a compelling argument: "Look, you folks are the ones that mandated backdoors in the telco equipment we produce, using the term 'lawful intercept'. And now you're surprised and upset when bad people use these same backdoors? You made us build it that way!" It certainly is easier for officials in countries like Germany to think of the world as divided between "good" places and "bad" places, but it sure isn't that simple. - I went to Dagstuhl after that: http://www.dagstuhl.de/no_cache/en/program/calendar/semhp/?semnr=12381 I did a talk on the last day about the state of attacks on anonymous communications systems. I found myself in the curious position of preparing a talk for serious crypto people, to try to give them some research topics they can grapple with, and then having a few of them derail the conversation by arguing that deployment and incentive questions are the most pressing problems Tor sees, not anonymity research questions. I think that's probably true, but it doesn't mean that crypto people are the right ones to tackle those questions. I'm increasingly pessimistic that the 'serious crypto people' have much to offer real-world security research. I had some good chats with other anonymity researchers at Dagstuhl, including a start on a more scaleable design to hide presence information for hidden-service chat; and helping George Danezis work through the tradeoffs in how Tor chooses its paths, and how Tor chooses what circuit to put a stream on, so he can better analyze Tor's anonymity. - After that I did a Tor talk for Srdjan Capkun's group at ETH Zurich. It went very well -- we had a full crowd, and afterwards everybody was fired up to talk about Tor. The security people at ETH are really sharp and focused -- I was impressed (and having done a lot of talks at a lot of universities lately, I don't say that lightly). - While in Zurich I met with Bernd Fix, board member for the Wau Holland Foundation. I'd like to sign them up to be our partner in Europe for disbursing Tor exit relay funding. Progress continues. I also hope we'll find some partners in the US who can do the same. - Released Tor 0.2.3.21-rc: https://lists.torproject.org/pipermail/tor-talk/2012-September/025434.html - Released Tor 0.2.4.1-alpha: https://lists.torproject.org/pipermail/tor-talk/2012-September/025436.html - Released Tor 0.2.4.2-alpha: https://lists.torproject.org/pipermail/tor-talk/2012-September/025476.html - Released Tor 0.2.3.22-rc: https://lists.torproject.org/pipermail/tor-talk/2012-September/025501.html - Released Tor 0.2.2.29: https://lists.torproject.org/pipermail/tor-announce/2012-September/000087.html - Released Tor 0.2.4.3-alpha: https://lists.torproject.org/pipermail/tor-talk/2012-September/025637.html - Talked to Collin Anderson about his tech report about Iran's "national internet" plans. Check out his resulting document: http://arxiv.org/abs/1209.6398 - Met with SponsorF plus a bunch of other researchers funded under the same program, to discuss the impact of increased Tor network capacity on our torperf graphs. I think the meeting happened because the program manager saw this graph: https://metrics.torproject.org/performance.html?graph=torperf&start=2012-08-15&end=2012-09-03&source=all&filesize=50kb#torperf along with the green lines on https://metrics.torproject.org/network.html?graph=bandwidth-flags&start=2012-08-15&end=2012-09-03#bandwidth-flags and concluded that more capacity was hurting rather than helping. The bigger picture looks like this though: https://metrics.torproject.org/performance.html?graph=torperf&start=2012-08-15&end=2012-09-15&source=all&filesize=50kb#torperf showing that the brief spike was just a temporary thing. In fact, the torperf spike happened at that point because the Tor network was having overload issues due to some load balancing hiccups. I turned the meeting around to discuss the various Tor performance improvements I've been looking at: https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/Performance _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
