Ask Me Anything: Tor Project

Abridged and Remixed (or “Untangled”)
Below is an abridged version of the AMA (casual comments and content unrelated to questions have been removed for ease of reading) with the questions and related responses matched up for your sanity. Questions are in bold and responses are in italics. You can access the full unabridged transcript on the Localization Lab Mattermost channel.

Tor Project Attendees:

@arma: Roger Dingledine, the original Tor person
@tomrittervg: Tom Ritter, long-time Tor volunteer and currently working for Mozilla on Tor Browser Patch Uplift and supporting Tor Browser
@arthuredelstein: Arthur, Tor Browser developer
@mcs: Mark Smith, tor Browser developer
@phoul: Colin Childs, Tor Support and Localization Coordinator
@flexlibris: Alison, Tor Community Team Lead

dkaurin: To start us off, l want to ask about recent development in Egypt surrounding censorship, and why Tor is blocked. I think it's quite difficult for users and our LocLab members to know what to do in that kind of situation. Maybe you can explain briefly what bridges are, and how one would get access.

arma: the tor network is made up of about 7000 relays, run by volunteers around the world

it aims to provide good security and privacy, so long as you can reach (some of) those 7000 relays. but also, it lets you get around censorship, kind of like a vpn. so countries that want to censor well also try to block connections to those relays.

(it's not just countries. also libraries or schools or coffee shops that want to censor tend to buy some product that does it for them, and that product tries to censor things like tor too)

most of the simple censorship tools just block the tor website. i guess they figure if you can't download tor, you can't use it to reach the tor network.

that means if you have your tor browser already, it doesn't matter if they've censored just the website

but some of the more complex censorship systems try to block connections to the relays. they do that blocking either by making a list of all 7000 relay addresses, or by trying to recognize the tor protocol and blocking anybody who speaks it.

bridges are things we invented for the case where they block relays by address. bridges are basically just like relays except they're not in the big public list, so they're harder to get a list of, and thus harder to block.

so you can go to bridges.torproject.org, and get a few bridge addresses, and put them into tor browser, and now you're reaching the tor network in a more indirect way.

dkaurin: And these won't get blocked too?

arma: the default bridges in tor browser can be blocked, yes. they're just like 30 addresses. but not many censors have opted to do so. i think it's typically because they feel they've done their job by blocking the website, or by going the extra mile and blocking "vanilla" tor.

so the arms race, from the user side, is: if vanilla tor doesn't work, use the default bridges. if those don't work, it's time to go to bridges.torproject.org, and ask a friend to run one for you.

a: That means if I don't have friends there is no need to run another random bridge/transport, right?

arma: well, not quite. a lot of people get their bridges from bridges.torproject.org.

arma: more complicated censors do "deep packet inspection" (dpi), and that means we need to change what the protocols look like too. that's where the phrase "pluggable transports" comes in. the most common pluggable transport these days is obfs4. it basically adds another layer of encryption on top of your tor traffic, so it's harder to recognize that it's tor (and thus harder to block the connection)

egypt's censorship situation seems to change by the week. the ooni project is a great resource for figuring out what's blocked today.

a: I run a bridge for >1 month now. But there is now traffic yet. When will that change? I thought Tor is low on bridges…

arma: when you run a bridge, it announces its existence to bridges.torproject.org, which then gives it out to users using a variety of techniques. some of the bridges are given out over https, and some of them are given out over gmail, and some of them are kept in reserve, to be given out manually.

a few years back, we added some default bridges to tor browser, that is, if you click "my isp tries to block connections to the tor network", then you'll get these bridges, unless you manually change it to use your own.

in many places, these default bridges work out of the box. so people don't need to take that extra step of manually fetching one and entering it into tor browser.

for example, last i heard the default obfs4 bridges work in egypt.

A: @arma How hard would it be for Egypt to use the same DPI tools to start blocking obsf4-encrypted traffic?

arma: actually, very few of the dpi tools can block obfs4. it's designed to be hard to recognize any headers in. so most of the censors around the world don't know how to recognize obfs4 traffic.

the one that khazakstan uses is an exception.

A: @arma which DPI software is kazakhstan using? do we know?

arma: current theory is that they are buying "allot", which is a little arms dealer in israel.

m: We Chinese are quite familiar with obfs and other tech that help circumvent censorship

A: and does obfs work in china?

m: It works. Though we often run it within some other socks proxy e.g. Shadowsocks.

arma: we need to do a better job of distributing the volunteer bridges that we have, to the right people. that's a tough balance, because if we distribute them too much, then the bad guys can learn them too easily.

erinm: Another Egypt-related question from a community member: Do you have any insight into whether or not the recent censorship of websites and the Tor Network in Egypt is being done in a centralized manner or are you of the opinion it is done on ISP level, despite that ISPs are denying any wrong doing on their part?

phoul: From what I've heard, the censorship in Egypt is not even spread. We've heard
from some users who see Vanilla Tor being blocked, and others who say vanilla is completely accessible. The only thing that sounds completely blocked is the website. 

(Vanilla in this case meaning Tor without bridges)

A: +1 to that, we hear the same from our friends and members in Egypt

erinm: Ok, so it is blocked based on the ISP then?

A: Seems so, OONI found blocking is inconsistent across different networks and also at different times
    
erinm: Ok, I looked through the recent OONI post and saw a MadaMasr article saying that a gov't contact let them know this was a centralized gov't effort and wasn't sure if there was a consensus yet.
https://ooni.torproject.org/post/egypt-censors/
https://www.madamasr.com/en/2017/06/21/feature/politics/egyptian-government-bypasses-isps-to-block-access-to-websites-telecommunications-ministry-source/
    
A: It kind of sounds like the government issued a legal order to the ISPs but different ISPs are implementing it differently and/or using different tools (more/less effective) to do so (??)

a: @arma Is it useful to run an entry node inside a country where Tor censorship occurs? I am thinking of turkey/kurdistan/china

arma: that's a complicated one. yes, in that more relays are good for building the capacity of the tor network. yes, in that maybe surveillance is only done at the country's borders, so it would be safer to use an entry node inside. no, in that maybe the surveillance is done throughout the country, in which case you're not buying yourself anything. in many countries, if they block the tor protocol well enough, running a relay inside that country will basically not work, since that relay can't reach enough other relays.

for example, a while ago mexico was blocking connections to the tor directory authorities. those are 9 or so relays that together tell the tor users what relays are available. that meant if you used a bridge, you were fine. but if you were a normal relay, and you tried to publish to the directory authorities so you'd be added to the network... your relay would be censored.

M: hi @phoul, Alison mentioned translator lab. Sounds interesting. Could you pls tell us more about it? 

Sorry. I confused it with another project. It should be support portal. I read it from Tor-project ML.

phoul: ahh, that I can answer. The Tor Project has historically provided support through mailing lists, irc, and we also had a proper help-desk open for a period of time. Unfortunately, this help-desk became overloaded with support requests, which made us decide to put the effort into writing a proper support portal. Currently the community team is writing content for this portal, and working on the initial stages of design.

M: will it allow users to ask questions? Maybe something like stackexchange?

phoul: I forgot about stackexchange, we also have one of those. However, the support portal is largely intended to be a resource for users. We will have a way for users to provide feedback, however a direct support function through the portal may not be a feature. We would likely have users contact an email address as a last resort, rather than having an interface on the portal for chat or similar.

A: @phoul "Unfortunately, this help-desk became overloaded with support requests" - What would it take ($$, capacity etc) to support a help-desk that could actually cope with the volume of requests you were getting?

dkaurin: In the meantime, I've got a question for @phoul about l10n-- how are you doing community management on your side? And what is the most complex part of the localization process on the Tor Project side?

phoul: Community management is largely being integrated into the community team under @flexlibris. We are working on bringing more community projects under this team, which will hopefully involve more of the translation community on Transifex / the l10nlab community over time. 

The most complicated side of our translation process is attempting to bridge the disconnect between our development community and the community on Transifex. Attempting to make sure that all translators and developers are operating under the same assumptions re: translations can be a process.

dkaurin: Also are there any languages that you constantly struggle to have updated translations for, but are in large demand?

phoul: For languages, I dont think there is anything we are constantly in demand of and do not have. We are very lucky to have such a wide translator coverage on Transifex.

arma: dkaurin: let me turn that question around: are there any tor browser translations that are particularly in need of improvement? 

dkaurin: Well I think given the research you posted the other day, whenever we meet up in person we seem to be talking about the places on this map where there are disproportionately lower number of users:  
https://www.digitale-gesellschaft.ch/2017/06/21/tor-usage-worldwide-the-anonymous-internet/

arma: (long ago, before transifex existed, we had some nice people translating things for us. one of the torbutton strings is something like "discard cookies on exit". the espanol translation was literally something like "throw away the cakes when you leave". god help you if you were trying to use the spanish torbutton. translations are hard. 

dkaurin: @flexlibris (and @arma actually since it's on topic)-- In Tor development, how important is user feedback from around the globe, and more closed societies in particular? And how can individual users safely help provide the data and feedback you need to make the Tor Network work more effectively in their communities?

flexlibris: @dkaurin -- user feedback is hugely important, especially from places where we don't have strong community representation yet. there are a few ways to give feedback -- 

@dkaurin -- you could show up on IRC (we're on OFTC at #tor, #tor-project, and #tor-dev)
@dkaurin writing good tickets on trac.torproject.org is a great way to give feedback

@dkaurin a really great thing would be to have some folks from these countries join our community team and help give ongoing feedback to the devs while building up stronger Tor communities in those places

dkaurin: How can we help facilitate that? 
It's a huge community here, I just think folks don't know where to start or how to partake

arma: dkaurin: one great way to get involved is to work on teaching people around you about tor. we've found some great people in kenya, bolivia, etc who are doing that teaching, and then they have a more focused set of questions for us, and we love helping them because it clearly helps many more people.

dkaurin: Oh absolutely, there is no better marketing than word of mouth. We tend to overlook it, but trust is an expensive commodity, it takes a long time to build trust in a product, especially this one. 

But I think also leaving space, plenty of space, for communities to develop their own narrative about the product helps a lot

arma: dkaurin: plenty of space, but not too much space. as we've grown, we found ourselves with millions of users around the world, and not enough developers, and not enough outreach people, and... so yes, the people we are best equipped to help now are the self-motivated ones who have their own mission and helping them means helping many people.

erinm: @phoul Question from a Turkish contributor: Do you plan on localizing your website? With all of the the translations of Tor, translating the website would be really helpful.

phoul: @erinm That is a tricky question. We do plan to localize the website, however there has also been a website rewrite plan for a while now. The general consensus has been that we would wait for the rewrite before having translators go through it. Its possible we may need to rethink this depending on how long the rewrite is anticipated to take though.

dkaurin: Yeah, I think if we're sending the message Tor should be available for everyone we really need to start there.

arma: dkaurin: did you know that the tor website used to be translated? we used to have like 15 or 20 good languages. but that was the distant past now. colin is right that i think the next order of operations is (a) make our website better, followed by (b) then translate it.

erinm: @arma If you guys have some how-to and introductory content that you don't think will be revamped with the site, that can be a starting point.

phoul: @erinm Some of our intro content (like the Tor Browser user manual) is currently translated into a number of languages. The support portal content will also be able to be put on Transifex before the rest of the website is able to go up. The portal is still a little ways out though.

erinm: @phoul Once available for trans. do you think you will make this content available in all finished languages even if Tor, Tor Browser etc. aren't available in those languages yet?

phoul: For the portal content, this wont be an issue. For the Tor Browser user manual, its not clear if we will support languages that the Tor Browser doesn't. Much of the manual relies on screenshots of the browser, which would not be translated into the correct language if we went ahead and opened translations up completely. 

erinm: Understandable. In my past life working on an encryption tool, at times we would translate content and then use the English language screenshots and make sure all button references  were in English.

phoul: @erinm That would also work, and might be better than just not offering those languages a manual.

erinm: I think so many people have a certain familiarity with English in tech that a guide with that structure would be much better than nothing. It's the how-to you want in a language of more comfort, but often using the tool itself in another language is not as much of an issue.

phoul: @erinm thats a good point. I will look into opening up the language selection for the manual
    
arma: erinm: great point. i am not sure what context people are hoping to salvage. that said, there are 1-page brochures that are designed to be the sort of thing you can hand out at a conference. let me hunt down the link for those.

erinm: https://blog.torproject.org/blog/spread-word-about-tor

that blog post is old, but i think those brochures could still be something that would be very useful. please look at them and decide for yourself and let us know.

erinm: @arma Perfect, will do! Even just having the cursory overview in your own language even if the full site and software aren't can be really helpful.
    
arma: In particular, the goal with the brochures was to have something you can give to journalists, or to skeptics, or even to law enforcement, to help them understand what Tor is. We'd love to have those in lots of languages.

a: One final question. Thank you for the answers so far.
Who is in control of the directory servers? Who controls the controller? Is there a transparent process?

tomrittervg: There are 8 Directory Authorities (although a ninth will be coming soon). They are listed on https://consensus-health.torproject.org/ which also tracks the status of the network consensus document they agree on each hour.

They are made up of long-time tor contributors and friends, some of whom work for or have a close involvement with Tor (~4) and some of whom are more distant (~5)

The activities of the DirAuths is pretty, but not 100%, transparent. They don't always agree on everything (and Consensus Health is a way to watch that disagreement technically). I've also seen them argue (politely) in person about how things should work. The non-transparent parts are around "who should become a new DirAuth" (which happens pretty infrequently) and "we need to block [this relay] I caught it doing bad things".  We have to keep the latter one a little secret because if we were completely open about how we find those bad relays, they could evade detection unfortunetly.

a: @tomrittervg Is it possible that I run a "controlling directory authority" which is not voting, but gathering data just like the 8 (9) other relays? I could compare those data then

tomrittervg: Kind of, but not really. There would be two parts of things you'd be missing. Firstly, relays wouldn't know about your quasi-DirAuth because it's not hardcoded in their source code. So they wouldn't tell you "Hey I'm a new relay, please add me".  So you'd miss out there. Secondly, you would want/need to run a bwauth alongside your dirauth - the bwauth is a similar function as a DirAuth but it solely measurements network speed.    

Running a bwauth would let you compare measurements, but I am hesitatnt to recommend a bunch of people run them because they could bog down the network (plus they use a ton of bandwidth and need a very large uplink to be accurate)

a: @tomrittervg A follow up last question by me: Where is the right place to report malicious Tor relays? I might have found a relay that injects javascripts from time to time

tomrittervg: That is awesome (well not awesome that it's hapenning but awesome you found it and want to report it. Please report it to bad-relays@lists.torproject.org
    
arma: https://blog.torproject.org/blog/how-report-bad-relays
    
tomrittervg: Oh that's a much better reference. (and links to https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays which goes into more detail)

p: The major question I have is about Tor timing attacks and the use of botnets to determine a person's location. What is being done to combat this?

tomrittervg: So this is a partial answer to this, but we are actively investigating padding to combat netflow based analysis: https://trac.torproject.org/projects/tor/ticket/16861

arma: Yeah, this one is a big topic. I also don't quite understand your question -- e.g. what do botnets have to do with timing attacks. Maybe we try to tackle that one after the other topics quiet down?

dkaurin: @philosopherssage Yeah, same ^ can you share a little bit more here?

p: @dkaurin I've see some security researchers post about using botnets where the position of each node is known and using timing of pings to localize the Tor socket, then scrub local router traffic to find Tor packages and thus the actual IP

arma: That attack sounds far from practical. Rather, it is a cool research problem worth writing a research paper about. But if the attack ends with "then just go over to that part of the internet and start watching it".. that sort of attacker is very powerful and can probably do simpler things. Check out https://petsymposium.org/ for a conference where anonymity researchers gather each year.

p: @arma yes I would agree that this does incline to state sponsored attacks, but in many areas that is exactly who people must hide

erinm: Another question from a contributor in Norway: When will the Tor Browser change to the Firefox model of bundling every language in? Some languages like Romanian and Norwegian Bokmål aren't available, despite having been finished for quite some time.

arthuredelstein: We should definitely do this. Or provide a separate bundle for each language we have a full translation for.

erinm: @arthuredelstein Are there big time/resource barriers to making bundles available?

arthuredelstein: I'm not sure. I don't expect so. Thanks for the reminder -- it's something we should look into again.

mcs: Here are some tickets that are related to providing Tor Browser in more languages: https://trac.torproject.org/projects/tor/ticket/17400  and  https://trac.torproject.org/projects/tor/ticket/21245  (and there are probably others).

arthuredelstein: Here's one other ticket related to @erinm's question:
https://trac.torproject.org/projects/tor/ticket/20628

k: I think having one build with all languages will be better in that it is always the same link, and you cant tell what language the user wants from doing a bundle. It is more flexible to change by user locale, but it will be a tiny bit bigger.
Also less work than having to do the manual (?) builds. Perhaps a selection for user language in the tor-browser would prove useful.
    
arthuredelstein: That may be the right solution. According to https://trac.torproject.org/projects/tor/ticket/17400#comment:2 it's an extra 4 MB if we include the current ~15 languages. Another possibility might be to dynamically download any language pack a user chooses on first startup.

k: Even with all, it should be lighter than the equivalent FF version I should think.

arma: arthuredelstein: "download the language pack on first startup" is a nice idea except if the user is censored, and needs to configure stuff first, and all of the instructions are by definition not in their language, and then it becomes a crummy idea. 

arthuredelstein: True. I guess my thinking is if no other options are acceptable (many one-language bundles or many languages in one download), then this third option is better than nothing. 

dkaurin: Idk if Erin asked this one yet, but @phoul do you check the messages when someone tags strings on Transifex with an issue? Is that helpful?
Or is there other preferred ways to communicate with individuals managing Tor Project l10n?

phoul: @dkaurin I do check these, however its less helpful as many users also use this as a way to interact with the language reviewer, or other translators, so the majority of notifications I receive for this are not actually directed at us. I've sent an announcement on Transifex a few times asking people to directly email me if they have questions for Tor, as that is one way I can be sure they all get seen.
    
dkaurin: Yeah the problem with that is that it usually ends up in direct "messages" which are now sort of out of sight on the Transifex dashboard

It makes it a nightmare to communicate efficiently, but we hope these channels will be helpful. 
    
phoul: I will also make it a point to stick around here.

M: @arma Tor browser supports snowflake now. Will there be any new PT protocol like obfs5? obfs4 bridges might be blocked some day in country like China. And meek is slow and expensive.

arma: Snowflake is a great upcoming pluggable transport option. The snowflake developers seem to have slowed down though, so I don't know what their future plans are. It needs some more work to be more usable.
    
m: right. we are always adjust the means of obfs and/of protocols we use.
    
arma: There are some known deficiencies in obfs4, and people have designs for an improved version. But right now nobody is developing it. There are some other groups out there, like brandon wiley, who are developing their own thing that we hope will be an improvement.
    
m: The DPI also has machine learning skills now.

M: Also could Tor make it easier to use TB with circumventing tools like goagent and shadowsocks?

arma: mik: https://bugs.torproject.org/22399 is related to your last question

M: the tor browser people are wary of making it look like we 'endorse' one of these random third-party things    

M: that said, i think looking at the usability side of things, and what can be changed in tor browser to make it easier for people to do it themselves, sounds really smart.

dkaurin: Ah yes (I know we only have a couple more minutes left but) Do you have plans to make more usability changes?

arma: Yes. In fact, there is a UX team within Tor these days. They meet once a week on irc, and people are welcome to drop in and listen and participate. Let me hunt down a URL.

https://trac.torproject.org/projects/tor/wiki/org/teams/UxTeam

M: There are lots of developers in China who are interested in Tor and are internet freedom fighters.  I know  @flexlibris  is working on Global South.  Could this project do something to get them more involving in Tor community?

flexlibris: @mik can they reach out to us in some way? mailing lists, IRC, coming to a community team meeting. from there, we can talk about what they're doing and how we can support them. 

arma: There is a mailing list, and also irc meetings every wednesday, ish. (I say 'ish' because people are at the Mozilla "all hands" meeting next week, so the schedule is a bit off. best to check the mailing list for scheduling.)

dkaurin: Perhaps a bit off topic, but I definitely want to continue talking about this narrative building around Tor, and how it varies by community, and by group threat model. I've been dying to do a marketing lab too--it's something thats really missing from this space.

One big difference is that, in proprietary world "customer" and the "end user" are the same-- in this space they are not. And hence working on marketing this technology is overlooked

arma: dkaurin: even the word 'marketing' makes many people itch

t0mmy: hi dkaurin -- I'm Tommy, a writer at Tor. Narrative questions are what I spend a lot of my days on. Totally agree that you have to bear audiences in mind.

dkaurin: I know, I know. We need to either use a different word or get some antihistamines, friends.  
    
arma: "outreach"? "Advocacy"?
"education"

erinm: And one last question from communia:
Hello Colin and Roger, and thanks for joining us. I am Communia from Brazilian Portuguese team.

I am very interested in having a version of Tor in Pt-Br considering
that many Brazilians don't speak English, that using a software in one's mother tongue increases it's usability, and makes it's use more
comfortable even for those who speak some English. Also, it is much
easier to debate privacy related topics with individuals who can
experience using such tools in a more intimate way, which is made
possible through one's own mother tongue.

Pt-Br team has progressed quite a lot with reviewing and a version of
Tor could be released in a relatively short time. I am nonetheless
concerned about the quality of the final translation and its usability,
and think that the best quality translation would be achieved after I
could review the software interface in Pt.
How would this process of merging translations and submitting a version

of Tor to a final review work from your perspective?
Maybe you have other ideas about how this could be done?

arma: Great question. Right now we have "nightly" Tor Browser builds, that have the latest and greatest development changes. I wonder if we should try to have a nightly "just shove all the translations into it" build too.

phoul: @arma that would be helpful, if we could pull it off. 

Currently the nightlies and the bundles released to the QA list are the closest thing to that we have, as far as I know. And neither are likely great solutions for testing translations.

arma: mcs, arthur: what do you think? nightly translation builds? 

mcs: I think it is a good idea (nightly translation builds). I just added a comment to https://trac.torproject.org/projects/tor/ticket/20628 but maybe we should spin out a new ticket.

mm: I wonder if a couple Tor people could find a few hours every week or so to do an AMA/techsupport on /r/Tor.

arma: (yes, good idea. the reddit ama idea discussion is happening on #tor-project, so we don't bother the people here with it)