(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Notes for interview with @DanMilmo in saturday’s @Guardian regarding @Twitter, @TorProject and bypassing censorship

2022-03-12 00:01:00+00:00

Dan asked me some questions in respect of an upcoming article, and this is what I wrote in response, as well as one additional postscript which I added for Dan, and another postscript from another conversation I had elsewhere, which I am sharing here for relevance.



Very little of my input survived the editing process.



Where I’ve subedited for clarity, I’ve added [square brackets].

Final article

https://www.theguardian.com/world/2022/mar/12/russians-seek-to-evade-social-media-ban-with-virtual-private-networks

Notes

Hey Dan,

You asked me three questions:

Why did you pursue this tor project – was it to help Russians understand what is really going on? For the layman exactly how does it work? Are you confident it can survive the attentions of Russian agencies; i.e. people will [definitely] stay anonymous?

Let’s start in reverse: this is not about anonymity, this is about access.

It is about what I have described in essays elsewhere, as “discretion”.

quote:

I like to see this as a progression: with HTTP we used to be amazed that packets got from A to B at all; then we demanded some degree of privacy and integrity with the arrival of HTTPS — and the two are now used in complementary roles, each where most appropriate. Now with the sudden realisation that “Wow, Onion Networking Kinda Makes Sense” — there is another quality that we can offer: “discretion”, and along with that comes “block-resistance” and bombproof “identity”, the latter far more certain than one achieves solely with HTTPS and DNS. HTTPS and Onions are quite a winning combination for commercial sites — but then I would say that. Together HTTPS protects your data at the level of “web-browsers talking to web-servers”, and Onion Networking reinforces that at the “series of tubes”-level of computers talking to computers. It’s like having seatbelt-and-airbags, belt-and-braces. 🙂 Not everyone needs to offer their websites discreetly, of course, but that’s okay. This is not a zero-sum game, this is not like “one thing must lose for the other to win”. There’s plenty of space for diverse value to offer to users, and it’s nice to have a bigger box of tools. https://medium.com/@alecmuffett/tor-is-end-to-end-encryption-for-computers-to-talk-to-other-computers-34e41d81c9e2

Lots of people hear “Tor” and think “Anonymity”, and I am like “meh” because that’s a decade-old fallacy which is perpetrated by the media.

No Onion Service [can offer] anonymity for people who are willing to post videos of “here I am at the intersection of X and Y, and I just had a coffee in this cafe, here’s a picture with my personal information embedded in it” — so it’s a topic best never promised and overall avoided.

So that answers Question 3; and frankly if you want to answer question two for the layman, the answer is that:

“Tor is end-to-end encryption for Web Browsers to talk to Websites at the ‘series of tubes’ level…”

…very much like the end-to-end encryption that you have been caught up [reporting government-solicited criticism] under the banner of “#NoPlaceToHide”. [see also the “teach the controversy”-style argumentation from NCA]

Twitter itself has been caught up in scandals like “we employed saudi hackers and they went around spying on dissidents”:

— which [spying on messages] would have been impossible if they had deployed proper end-to-end encryption for Twitter Direct Messages.

But they did not [do that, either] — and [this] brings me to timelines:

I first spoke with Twitter about setting up an Onion site in 2014 shortly after the launch of the Facebook Onion site which I led. I can evidence this claim, since Jan Schaumann was the relevant manager at the time – he is now at Yahoo – and [he] acknowledged this [amongst the responses], along with several other [twitter employees] who helped [at various points]

That’s awesome! Glad they could finally convince management to do it after all these years when we first talked about that back in… 2014 or so. ?? — Jan Schaumann (@jschauma) March 8, 2022

Since [2014] I have reached out about 3 more times, so we could have had this feature several years ago, and it would be much more mature by now. But [instead] it’s been a rush.

Why [has it been a rush]? Answer: not Putin.

Since 2014 Twitter has rebuffed every attempt to date to implement end-to-end encryption either for the site or for DMs, because of the fear of being called-out in the press by journalists pushing the “Dark Web = Evil” line, and backed-up by (e.g.) the home secretary of the day.

Yet: one sniff of a positive opportunity to tell a story and suddenly Nadine Dorries is on it:

Quelle Surprise: #Russia starts a war and all of a sudden the UK Government — or, the bits of it which don't need to be on-message with @ukhomeoffice — is suddenly talking-up the value of End-to-End Encryption.@NadineDorries, no less.



??#NoPlaceToHide?https://t.co/8JYpVmMfbh pic.twitter.com/TQzNplmzVo — Alec Muffett (@AlecMuffett) March 6, 2022

As I said, as a result of some of those conversations, WhatsApp has launched an end-to-end encryption service that the Ukrainian people can access to find out what is happening in their location on a minute-by-minute, real- time basis and where they can get emergency support and help – Nadine Dorries, DCMS

Well yes, [end-to-end encryption] is what the service offers by default, so it’s not a great stretch and it’s weird that DCMS now appears to want to take credit for [encryption, as if it were an innovation].

So the media should look to its own storytelling: if this is a good idea now, it was always a good idea, and it should have been done years ago. And you should consider what it is that distinguishes #NoPlaceToHide backdoors from [those] which Russian Twitter infiltrators would use.

I am posting this as a blogpost once you go live.

Postscript #1, written for Dan

regarding what kind of people use Tor

Tor is not a VPN but for abuse-reporting purposes is often lumped-in with them, which yields unfortunate reputational harm.

From my time at Facebook the amount of badness/malfeasance as a percentage which arrived via Tor in-and-of-itself, let alone via an onion address, was typically in the mid-single-digits of percentages, or put differently this would be about 3 to 7% “naughty” rather than “nice” users, as a broad distinction.

This may sound a lot, but then “naughty” percentages for VPN and the cleartext internet traffic may exceed 40% — numbers similarly large are commonplace.

From this: Tor in general, and Onion Services in particular, tend to act as a “filter” for people who actually use the service for the designed purpose.

This is not a story which journalism usually wants to tell. Perhaps you can change that.

Postscript #2, regards building the Facebook Onion Service, from a conversation elsewhere

regarding what proportion of the Twitter userbase are using Tor

I cannot speak for Twitter, I do not know how many people use Twitter over Tor in the plain sense, and irrespective: such a number is probably not entirely useful at the outset, because Twitter traditionally has treated Tor in a hostile manner.

When I started trying to make Tor acceptable and even welcome in Facebook, I ran an experiment sampling IP addresses of page fetches and intersected them with the Tor exit node set, and scaled the results.

This gave me a ballpark of about 330 thousand monthly active people using Facebook over Tor, measured at a point in history where Facebook was marginally hostile towards Tor.

That’s a tiny amount – Facebook at the time was about 1.5 billion people, so that’s 0.022% of the userbase; however it is also about the population of Iceland. Seeing as we had Icelandic translations, etc, it seemed stupid to discount the existence of such a set of people.

So long story short: I justified building an onion on the basis of it being possible, reasonably easy, beneficial to connectivity, and let us also be honest: beneficial to reputation…

And by April 2016 we had increased monthly active users to about 1 million, because we had stopped being hostile to Tor. This comprised people using Facebook both across the onion and using Tor in the traditional way. [In 2016] the onion served only 10% (or so) of that traffic [but that’s fine for reasons I explain elsewhere, and is apt to increase greatly over time, given new tech like Onion-Location headers].
[END]

[1] URL: https://alecmuffett.com/article/16024
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.