Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After the Spring
Upcoming SlideShare
Loading in...5
×
 

Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After the Spring

on

  • 1,765 views

Network of Excellence Internet Science Summer School. The theme of the summer school is "Internet Privacy and Identity, Trust and Reputation Mechanisms". ...

Network of Excellence Internet Science Summer School. The theme of the summer school is "Internet Privacy and Identity, Trust and Reputation Mechanisms".
More information: http://www.internet-science.eu/

Statistics

Views

Total Views
1,765
Views on SlideShare
1,204
Embed Views
561

Actions

Likes
1
Downloads
8
Comments
0

4 Embeds 561

http://www.internet-science.eu 531
http://internet-science.eu 28
http://webcache.googleusercontent.com 1
http://www.docseek.net 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

 Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After the Spring Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After the Spring Presentation Transcript

  • Online AnonymityBefore and After the Arab Spring A talk by Runa A. Sandvik, runa@torproject.org, on August 14, 2012, at the first Network of Excellence Internet Science Summer School
  • I am• From Oslo, Norway, based in London, UK• A developer, researcher, project coordinator, community manager, support assistant, and translation coordinator• Worked for and with the Tor Project since Google Summer of Code in 2009
  • This is• A talk about what Tor is, how it works, the increase in users over the past two years, blocking events, and work in progress• Will look at blocking events from 2006 to 2009 and compare these with the events we have seen since the beginning of 2011
  • Before the Arab Spring
  • “Tor is free software and an open networkthat helps you defend against a form ofnetwork surveillance that threatens personalfreedom and privacy, confidential businessactivities and relationships, and state securityknown as traffic analysis.”
  • How Tor works
  • Tor is open source• The code was released in 2002• The design paper published in 2004• Tor was (and still is) an anonymity tool, but no one had thought about circumvention/ anti-censorship
  • The arms race begins• Thailand (2006): DNS filtering of our website• Smartfilter/Websense (2006): Tor used HTTP for fetching directory info, cut all HTTP GET requests for “/tor/...”• Iran (2009): throttled SSL traffic, got Tor for free because it looked like Firefox+Apache• Tunisia (2009): blocked all but port 80+443• China (2009): blocked all public relays and enumerated one of the bridge buckets
  • The Arab Spring
  • Use of social media• In the months following the first protests in December 2010, videos, pictures, and stories from activists spread quickly via the Internet• Use of social media helped activists organize protests and spread awareness, that changed when authorities started to censor more and more websites
  • Hacktivism• Griffin Boyce at HOPE Number Nine: Information distribution in the Arab Spring• Shortwave and pirate radio to communicate with other activists and the rest of the world• A few ISPs around the world set up dial-up services for people in Egypt• Speak To Tweet, Bluetooth local networks to share and spread videos, word of mouth• Free proxies, VPN services, RetroShare, Tor
  • Between 2010 and 2012• Tunisia: from 800 to 1,000• Egypt: from 600 to 1,500• Syria: from 600 to 15,000• Iran: from 7,000 to 40,000• All countries: from 200,000 to 500,000
  • Since then...
  • A quick reminder• DNS filtering of our website• Cut all HTTP GET requests for “/tor/...”• Throttle SSL traffic• Block all but port 80 and 443• Block all public relays and bridges
  • The arms race continues• DigiNotar and Comodo (2011): incorrectly issued certificates for our website to a malicious party• China (2011): use of DPI, follow-up scanning to determine what the connection is and if it should be blocked• Iran (2011): use of DPI on SSL in 2011, general SSL block in February 2012, “halal” Internet• Kazakhstan, Ethiopia, UAE (2012): use of DPI
  • Public key pinning• We pinned the certificate for our website in Google Chrome, the certificate chain must now include a whitelisted public key• A self-signed certificate will display a warning and ask the user if she wants to continue, an incorrect certificate will fail hard• Users with XP prior to SP3 will have some issues with SHA256 signed certificates, including the one for torproject.org
  • Obfsproxy• A new tool to make it easier to change how Tor traffic looks on the network• Rolled out in February 2012 when Iran started using DPI to filter all SSL connections• Requires volunteers to set up special bridges• We are working on automating builds of the Tor Browser Bundle with Obfsproxy• Different pluggable transports available; FlashProxy, StegoTorus, SkypeMorph, Dust
  • Manual blocking analysis• Requires in-country contacts with patience, access to Wireshark, the Tor Browser Bundle, and a private Tor bridge• We spend a lot of time analyzing captured network data, try to determine the fingerprint that is being used to block Tor, and then set up special bridges for affected users
  • Tor censorship events• An anomaly-based censorship-detection system for Tor on https:// metrics.torproject.org/, also includes the Tor censorship events mailing list• Censorship Wiki with details about blocking events, research, tools: https:// trac.torproject.org/projects/tor/wiki/doc/ OONI/censorshipwiki
  • ooni-probe• A part of the Open Observatory of Network Interference project• Can be used to collect high-quality data about Internet censorship and surveillance• Runs a set of tests on your local Internet connection to check for blocked or modified content• Will eventually be able to determine how different DPI devices are blocking Tor
  • Questions?• Support: help@rt.torproject.org• Development: tor-dev@lists.torproject.org• IRC: #tor and #tor-dev on irc.oftc.net• Twitter: @torproject• runa@torproject.org• Twitter: @runasand