The Tor Project, protecting online anonimity: Jacob Appelbaum at TEDxFlanders

The Tor Project, protecting online anonimity: Jacob Appelbaum at TEDxFlanders


Translator: Alix Lleb
Reviewer: Capa Girl Hi there.
It’s a great pleasure to be here and I’m really excited, actually,
to see so many familiar faces. And I wanted to tell about my story
and how I came to work in anonymity. 18 minutes isn’t really a lot of time
to sum up a decade of work, but, I’ll try. And I’ll start by saying that
I met Roger Dingledine, Rachel Greenstadt and Nick Mathewson
at a Hacker Convention in Las Vegas. And they told me about this idea,
this idea of anonymity. This idea that every person
has the right to speak freely, the right to read without exception. This idea that it should be
available to each person. They introduced me to the philosophy
but also to the technology. And the technology
was very fascinating to me. Overall, what I found to be interesting
was this idea that not one human should be excepted
from the basic human rights, that we, generaly, I think,
as a world, agree should exist, should be something
that is equally accessible to all, regardless of class, race,
gender, sexual orientation. But what does that actually mean? Well, it turns out,
for the Tor Project — which is a free software project for freedom,
that I and many others work on — what it means is to actually put enabling
technology into the hands of each person so that they can choose
whether or not they wish to use it. And so, what Roger and Nick and Rachel
and other members of the Tor Project — who are incredibly inspirational to me — what they were able to show me
was that by making it free software, this means that each person
would be able to inspect the software — should they wish — or to delegate
that task to someone who understands that. It means that each person without cost would be able to use the system
and it would allow them to communicate across boundaries
that previously were not something that they could transgress
without serious risk. This kind of idea, it doesn’t seem
terribly radical, I think, in the West. But in some parts of the world
this is extremely radical, this notion that you have
the right to speak freely, that you do not have to add a national ID card
to every statement that you sign, that in fact you might want to
show evidence of a crime and you don’t want to take any
credit at all for that. In some ways it’s a strange thing.
But in some fields it makes sense. We all have our own personal relationship
to privacy and to anonymity. And, we just don’t call it that, usually. So, everyone in this room seems to
be wearing clothes, as an example. I want to use the example of curtains
in the window but the Dutch, well — curtains and windows that’s not really
a good privacy enhancing technology since so many people
seem to not use them. But clothes are a good one,
because clothes are an example of how technology and society
may not be perfect, but we’re still going to try anyway. And so, what Tor as an anonymity system
is trying to do is to give us some autonomy, so that we have the ability
to choose when we wish, a thing which we do not claim as perfect, but we claim is better than what we have
without this system. And, what is that exactly? It’s a simple piece of software that you install
on your computer or onto your telephone, that can be use with web browsers,
with chat programs or whatever you’d like. So if you want to leak a document
to the New York Times, or to a reputable source like WikiLeaks, then you could very easily use
something like Tor to do that. It is essentially agnostic
in the sense that if it runs over the protocol known as TCP/IP,
that’s specifically TCP, then that will be something
that will work with Tor. So, if you use the Internet, you’re probably
able to do a lot of the things you do on the Internet with Tor. But, to actually talk about
why you would want to do that, we sort of have to address
what it is that we want to think about. And so, when we talk about
anonymity in the Tor project, it usually creates a strange feeling for people.
For example, they say, “Well, you know, I don’t really have
anything to hide” or “Well, I’m using this service
and they promised that they won’t, you know, they won’t do
anything bad with that data.” So what we want to do is to create
a clear dividing line between what we would call privacy by policy
and privacy by design. Privacy by policy is where a group
of people collect all of your private — ostensibly private —
communications and information, and they promise that they’re not going to
give it to anyone else. Sounds like a great deal right? So, think about it this way:
how many of you, if I could have a show of hands
in the audience, would be willing to have
a stranger, completely — have all of the information
on your government issued ID cards and everything in your wallet, which was issued by an agency
of some kind or a company how many of people here
would just empty their wallet on the street and show all of that to
a random passer-by that asked for it? Anybody here? I’m glad there is at least one person.
Thanks! Well, this is an interesting thing,
because many of you didn’t raise your hands. I think you probably thought
that was the right answer. But, as it just so happens,
the interesting notion here is this idea that, somehow,
because you don’t show it to someone, because the State keeps it
in confidence, that it’s private. Well how could it be private information
if the State forces you to give it up? That’s kind of strange. And that only certain members
of a privilege class — of privilege employee class, no-less — are allowed to have access to that information
in an unfettered manner. Well, that’s strange, to me, that that would be considered private. But that’s the kind of privacy by policy.
And sometimes it works alright. So it works really well
in cases where it is especially not important
that that information is not released. So, in the case of, say, you’re a victim of domestic violence, it is probably the case
that if that information exists somewhere, and someone could get it,
it would be quite damaging to you. It could be damaging to your literal life. So, in a privacy by design world, what we might do
is create a system where you no longer release your real home address
when you need to give that up. In the State where I live
in the United States, there’s the thing called
the address confidentiality program. And what they do is
they give you a special card and this card allows you
to say that this is your home address. But if an abusive person exists
within one of these State’s agencies, — say you being harassed
by a law enforcement, as an example — then if you are in this database, then it would allow you to make sure that the only people
that could get that information were people who could get it
from the agency that keeps it safe, including from all of the other agencies. This is a kind of privacy by design system,
but still a not very strong one. Because ultimately,
the authority to release your information rests with someone other than you. So with Tor, what we’re trying
to create is a system — and we have created this system — where that isn’t the paradigm. The paradigm is an absolute privacy
by designed system, given certain constraints. So, assuming that, the person
that wishes to know you are cannot watch the entire Internet,
all at the same time. When you use the Tor network,
your local network, that is usually the place where censorship
and surveillance occur in a way that is linked to you, to your national ID card, to your credit card,
to billing information, that connection only sees that
you’re connecting to this anonymity network. So that’s really fascinating because
it means that when you visit a website or when you visit a service of some kind, it does not know
that you’re in Belgium anymore. So if you’ve ever seen one of these movies
where they trace a hacker all the way around the world,
and they say, “Oh, they’re over here!
Oh, they’re over here!”, it sounds kind of cheesy, but it’s true. What Tor enables you to do
is exactly that, except that the tracing stops
at the Tor network. And the idea is to compartmentalize this because if you have to trust
one agency to never betray you that means there’s only one agency,
there’s only one group, there’s only one database that needs to
be compromised to ruin your day. And in some cases the things
that are disclosed — perhaps a disease status, perhaps what gender you’re actually born
regardless of how you present — these things become public information
in a way that cannot be non-public again. So, if you happen
to be doing research for business, if you happen
to be doing this in some context that has legal ramifications,
that kind of thing can destroy your career. But if you happen
to be a gay rights activist in Uganda, it could also be the end of your life. Where surveillance is often
in support of authoritarianism, and specifically in support of violence. Surveillance is one of
the pieces of the puzzle that allows an authoritarian regime
to do serious harm to people. Because it is the all-seeing eye. It knows who you talk to,
it knows what you say, — these kinds of so called
lawful interception systems — they can cause a lot of harm. So what Tor seeks to do is not to go to war
with these countries, where — we’ll call them Overthereastan —
that’s not the goal. The goal is to empower each person to choose whether or not they wish to have
the ability to speak freely. Each person gets to choose whether or not
they are going to read a thing and not have to suffer the consequences
of having read a thing. Cause when we talk about privacy,
we’re actually talking about dignity. We’re talking about autonomy. And we’re talking about the ability for each of us to develop as a human
without that exploration phase, which hopefully last our whole lives,
without part of that exploration phase irreparably damaging our lives. This notion of “it will go down on
you’re permanent record” has never been more true
than it is now. Because it is the case,
that what we do, it is recorded. And, unfortunately, it is not just a problem
of Overthereastan, it is a problem here. For example, Bits of Freedom,
in the Netherlands recently published a document
about the so called “Clean IT” program. And this program essentially seeks to monitor the entire Internet. Even when people in this room
are not suspected of a crime all of the things they do, all of the places
they go with their cellphones, — which are tracking devices
that make phone calls — (Laughter) All of that data would be used and would be allowed to
be retroactively used to police, which sounds fantastic except it gets rid of
this presumption of innocence. And then, instead
it creates this chilling effect where the things that we do,
the places that we have gone, the people we have associated with,
the people we have talked to, and in some cases,
in many cases in fact the full content of what we have said all of that information
being recorded, proactively. And then when someone needs to find, allegedly, a criminal,
then that data is there for them. But the problem is
that data that is retained, for example in the data retention policies
of the European Union, well, it tells a story
about you potentially, that is made up of facts,
but is not necessarily true to the narrative that someone else
has told with those facts. So to give an example, I know of a person
by second relation who, while being surveilled, decided that he wanted a free day. And so he put his train,
which he takes all of the time, onto his schedule as he always does, and he put his phone into the train, and he got off at the next stop. And the train took a long ride through
the entirety of the country, as it often does,
and he was never there. And it just so happens that because
this fellow was under surveillance or so the story goes, they were very confused
that they missed him. It turns out that the battery
died on the train. So they thought that
he’d given them the slip. Well, that may actually be the case but they didn’t really actually
understand how that was. And allegedly, the train returned to the city
in which it was originally coming from and at that point
he went to the train station, picked up the phone
because he had lost it, and then he went home
and plugged it back in. And of course then,
he was at home. And allegedly, later,
it was discussed how they just couldn’t figure out
how he had given them the slip. And of course the irony is
that they were so reliant on this data, and they were so sure
that the data was perfect, that they couldn’t
even consider for a moment that their preconceived notions
were wrong. But that’s actually the story that all of us
will be able to tell very soon. In fact, most of us probably
already can tell that story. So, what Tor is trying to do
is to move technologies such that it’s not a tracking device
that makes phone calls, but it’s a thing that empowers you
to communicate with other people. It’s a thing that allows you
to browse the web, but without your health insurance — in the US, of course, this is a problem — your health insurance companies
deciding they won’t give you coverage because people in your area
happen to search for symptoms related to cancer. Well, I’m not from a civilized country,
I apologize! But — (Laughter) — but that said —
(Applause) Uh, that’s fantastic, ha-ha! Thomas and I were discussing actually how in some ways the US
is kind of like the Third World and he says, “No, you have rich people.”
(Laughter) Fantastic! So, the key point here though is that we should not
suggest that privacy by policy, especially when combined with secrecy,
will lead to a more just world. Right, so, in a sense what I want to do
is tell you all about the technology, I wanna tell you about the software.
But technology is a weird thing. Because it dis-empowers people
who are otherwise totally literate. And so if we talk about computers
and if we talk about networks, it’s boring as hell, for probably
almost everybody in the audience. And reasonably so, it’s totally boring! I come at this from
the human rights perspective. I like technology
but it’s a means to an end. And it is a mean in itself
that is equally accessible, that is overly available
and it is free software. It’s openly specified, it’s peer reviewed
and it isn’t perfect. But what it has allowed people to do, it’s allowed people to make that choice, when they otherwise didn’t have a choice. So during the Green Revolution in Iran,
in 2008, in 2009, 2010 — it’s still ongoing depending on
who you talk to, people use this to circumvent what’s
colloquially referred to as the “Potato Wall” or, the Iranian version
of the Great Firewall of China. In some cases,
we’re doing pretty well. There is a cat and mouse game though, so in China if you try
to use Tor on your computer, it doesn’t work very well. Sometimes it works quite well, sometimes you just can’t connect. But that’s okay. Because that means Tor
essentially acts as an alarm, and it let you know that actually,
while you think that the Internet is safe, while you think that your communications
are not being monitored, that you — as being not a criminal —
are not under deep suspicion and you don’t have anything
to hide and so on. But then you know actually
that none of these things are true, because Tor doesn’t work for you. And the place in which you’re at,
it does not allow you to freely communicate without them being able to record
what it is that you’ve read, what it is that you’ve said. So it’s nice because
it can help dispel that notion. That notion that,
you’re not actually under surveillance. There’s a great quote
from the 18th century, which is quite long,
so I won’t repeat the entire thing, but the general gist of the quote is: people, when they are under surveillance,
are already imprisoned. This notion, which I think is less in Europe
than it is in the United States, or, in actually plenty of other places, but, this notion is I think
a good one to keep in mind. I think a lot of people here
understand this and yet Europe has mandatory data retention, not just for phone call related stuff,
but regarding Internet. All Internet communications. And that to me is a serious
and egregious human rights violation. And if we look at it,
to tie it back to my own story here, I’ve been the target of grand jury
in the United States, which is a way
that the department of justice — which is an ironically named department — the way that the department of justice
decides whether or not they’re going to prosecute someone,
like myself, for espionage. They did this because they fundamentally
don’t believe in freedom of association, and because of my friendship
with someone like Julian Assange, and work WikiLeaks, they’ve used massive
dragnets of surveillance, including, I believe,
the NSA’s worthless wiretapping data which should have never
been collected in the first place. They’ve subpoenaed through
their legal instruments, overreachingly I might add,
my Tweeter account, my Gmail account, they’ve done it for my ISP,
for my telephone companies, I’ve even have bank accounts
shut down as a result but I’ve never once
been charged or arrested. And so I use Tor, specifically because
I understand that I am not free and that this is not a problem such as in Overthereastan
but it is actually everywhere, and this surveillance is a threat
to the very fundamental core of democracy, because with total surveillance
comes the ability for someone to completely and totally
destroy democracy. And so I ask you, if you wish,
and you do care about technology, to simply help people
who are not just in my situation, but who are in many other situations
by running a Tor relay. Thank you. (Applause)

Danny Hutson

94 thoughts on “The Tor Project, protecting online anonimity: Jacob Appelbaum at TEDxFlanders

  1. The talk was specifically geared towards a wide (often non-technical) audience and centers around anonymity and privacy, however there are plenty of resources out there if you would like to learn more about Tor specifically.

  2. What's with the bright red scarf? not only does it look blatantly out of place but it seems to send a sinister message to the observant, just what is your actual agenda?

  3. You see, this is usually the point at which I call you a nut, but i get what you mean, he's wearing that scarf for a reason!

  4. Great video and message, the corrupt governments are screwing us over constantly on a daily basis these days

  5. The latest upgrade made TOR browser stop working and the fix is pages of geeky crap that nobody wants to bother with.

  6. *DO NOT TRUST THE TOR PROJECT*, they are the people that distributed a Tor Browser Bundle, then asked people to keep the settings supplied. They switched JAVA on a few months ago and disabled NoScript. This was in preparation for the FBI/NSA sting 2 weeks ago. With the help from TOR, the FBI/NSA exposed thousands of REAL identities. Would YOU trust them ever again? What about the serial numbers on each version of TOR! The TOR project put censorship/freedom of speech to an end through lies!

  7. I know you're right. I did some of my own searching and discovered this crap myself. I'm sure the NSA promised to torture them or imprison them if they didn't cooperate.

  8. @urbex2007:
    Torproject always disables Java.
    You mean JavaScript. If you disable JavaScript most internet sites won't work. If you allow JavaScript via a whitelist you become traceable.

  9. ……The NSA and affiliates have been strengthening their syndicate for decades. If people were CONSCIOUS of these violations they would find other ways of communicate in an effort to save their existence. Knowing the patterns of humans, the NSA exploits those patterns, as to shift more power to the man-beast. Mapping of internet traffic and use of informatics, transforms the culture to a slave state, tailor made by the ruling class to be controlled by remote.

  10. applebaum has said "internet child pornography" should be called "evidence of child abuse found by the internet", filtering child porn is destroying evidence, thus an injustice to the victims. also, alcohol and caffeine are more dangerous than many "drugs".

  11. If they did that it would no longer be an anonymous network though. You can't have it both ways. It's either secure or it isn't you just put back doors in the system that only the creators know of because soon they will be discovered and exploited by the wrong people.

  12. Tell that to someone from Bahrain. People have been locked up over just for peacefully protesting the government.
    Laws to protect your privacy? Have you been paying attention to the media at all? It's obvious they mean nothing.

  13. What's your point? That I shouldn't care because it doesn't affect me? If you can't see what's wrong with the sort of reasoning then I pity you.

  14. You can't show me evidence because there is none, I'll give you the benefit of the doubt and assume you were misinformed but I guarantee to you that the TOR browser bundle is configured to disable javascript. The latest version was released over a year ago now and you better believe if there was any sort of backdoor and given the fact that it's open source someone would have found out long before these identities were exposed.

  15. I can't show you evidence because I didn't save the page(s) I found back when I did my own research. Do your own research lazy person (or government person). But I repeat myself.

  16. About you being a government person? Again, if there's ANY question, it's not worth it to use TOR. I miss my free-speech rights, but I'm not gonna test them in this police-state climate! You go ahead and feel free to.

  17. Tor is in a center of too much ilegal interest.. The more the users the stronger is the encrypting. So promoting this.. well ok.. free speech.

  18. Thank you for Tor Jacob, I will be exploring it in depth in the coming months! I'm in my first CIS class and although half the information is repeat from growing up in the 80's and 90's; I'm learning key ideas. I'm writing about freedom of information in a dystopian story of mine and I would love to ask you some questions for my research. I will be in touch if I don't hear from you first sir.

  19. We are all treated like future criminals. They save all of our data for "when" we do something criminal or we need to be convicted for convenience. After all we will all commit some kind of sin in our lives. Lawyers and psychologists can go through years of an individuals personal data and find a crime to fit. Tax evasion to cheating. You can quit smoking for 20 years but you are still listed as a smoker in hospital records. Even grandma's guilty.

  20. Tor and the concept of anonymous browsing and internet use is essential when there are seedy shadow governments lurking in every corner eager to eavesdrop and catalog every last detail of our online presence. With mass data collection and behavior analyzation the powers that be hope to learn the intricacies of the collective conscience; either in the attempt to manipulate behavior in mass or to use us all as vessels to harness the power of the "hive mind."
    Before anyone thinks this sounds ridiculous, just google MK Ultra CIA Project, for starters. This is really just the tip of the iceberg in comparison to what is happening now, Im sure. If you are new to this type of information and would like some suggestions for this type of information, reply and I will link you to information that will start your journey down the rabbit hole quickly indeed!
    God Bless!

  21. The ironic part is that only about 10% of the people use this for what he is talking about. The other 90% are hackers, spammers, People that want to sell or buy guns, drugs and any other illegal item and let's not forget child porn. Yes the network is full of this, almost 98% of the websites served over the network have something to do with the above list. So great work guys for making our world so much safer. Wait let me not forget ISIS. Do some research and you will find how all these illegal organizations and terrorist groups hide behind them. So if you have nothing to hide them what are you so dam worried about. Nobody care that you went to ikea or Walmart, or that you got a cat poster from Amazon. Let's be real about this. If you are hiding something you are doing illegal stuff. Not that hard.

  22. tor is a great thing done for internet users all around the world. and like all the good things in life – it is free.
    tor should merge with firefox mozilla for the greater good.
    tor protect my privacy -it gives me freedom !
    thank you

  23. Red scarf could be symbolic of solidarity with the victims of gov't intrusion like the French's wearing red threads around their necks during the Reign of Terror.

  24. Except that is quite USELESS. TOTALLY AND UTTERLY. And, it is as fast as the speed of geriatric limbless turtles.All I can say is, DON'T believe the hype. My iPad and I cannot stand this piece of very much overrated garbage.

  25. really anti-patriotic, US hating piece of shit person. this coming from an EU citizen, I don't like this snitch human trash.

  26. if you don't want to have Tor on your hardrive, then simply use the system called Tor2web. it allows you to use the services of Tor with out actually installing it. goto duckduckgo.com and type in Tor2web. read it for yourself. I use it.

  27. Is it as simple as downloading TOR and being completely anonymous, or does it get complicated. I feel like you have to have some type of previous knowledge about it. Somebody correct me if I'm wrong.

  28. "Saying you don't need privacy because you have nothing to hide is like saying you don't need freedom of speech because you have nothing to say." – Edward Snowden

  29. Privacy and secrets are similar because the only way that you KNOW you have privacy/secret is if it is only known by two people, and the other one is dead.

  30. I'M SORRY…WHAT U HAVE CREATED, ALLOWED EVIL TO FESTER>THE DEEP WEB – THIS IS NOT A MORAL/HUMANE/LEGAL/SAFE RESOURCE – IT HAS BECOME A HIDING PLACE FOR THE SICKEST & MOST DEPRAVED OF THE HUMAN RACE ONLINE…FREEDOM WAS GIVEN TO US, NOT SO WE WOULD DO WHAT WE 'WILT', BUT SO WE WILL DO WHAT WE 'OUGHT'…PRIVACY IS ONLY RIGHT & HELPFUL WHEN IT IS LEGAL & SAFE – WHEN IT CROSSES OVER THAT LINE…IT SHOULD BE ILLEGAL & UNPERMISSABLE…THE PROBLEM THIS CREATES IS THE REMOVING OF BORDER NORMS, WHICH ARE ESSENTIAL FOR A FUNCTIONING CIVIL & MORAL SOCIETY…THIS IS THE INTENT OF THOSE WHO WOULD DESIRE SUCH A MEDIUM OF COMMUNICATION>TO DEGRADE SOCIETY, WITH THE END RESULT BEING, THE DESTRUCTION OF IT;)
    SINCE THE AUTHORITIES, AS WELL AS, DARK WEB HACKERS ARE ABLE TO FREELY MOVE WITHIN THAT MEDIUM, IT IS NOT A FREE RESOURCE, AS IS CLAIMED HERE…I WOULD LOVE TO DEBATE THIS ISSUE WITH MR.APPLEBAUM OR WHOEVER HAS CREATED THIS MONSTER THAT IS DESTROYING OUR HUMAN SOCIETY, EVEN OUR VERY WORLD 😉

  31. Scarf? Lol he might need to wipe his snatch. The shirt? I mean, what the hell happened to to the good ol' americun innate resistance to degeneracy

  32. Jacob, have a question. How do I neutralize all info collected to date, by whomever? I am sure,  records collected to date will exist 'somewhere' forever. So, do I dump my communication devices, and start all over? But, how does one start? I.e. if I buy new equipment today from whoever/whatever, the sales record are immediately recorded (I assume), + is available to whomever this info is of interest. Q: Is or can Tor be an Intermediary in obtaining such equipment?  K.I.M all the backdoors installed, which reportedly seem to exist on anything leaving the shop floors today. A follow up presentation? Please?

  33. You have all the privacy you need in your home and office. When you use a public utility the only reason you would seek anonymity is because you seek to do things and say things for which you wish to not be accountable. There is no legitimacy to unaccountability.

  34. Anonymity also means safe for criminals to do criminal things.. Nothing is secure. It will be exploited sooner or later. Best option, just don't use the internet. This guy is a total SJW.

  35. I went to the comments just to remark on the useless and pretentious scarf. But my work has been done for me.

  36. Remember this tor nodes are public nodes and private. These are onion layer 3 devices that have a public IP address.

Leave a Reply

Your email address will not be published. Required fields are marked *