Tor’s Branding Pivot is Going to Get Someone Killed

[Batu69]

There’s never been a better time to leave Tor. After a few weeks of unsuccessfully waiting for my views to mellow, I add my voice to the exodus.

Three weeks ago, The Tor Project, Inc. published their Tor Social Contract. The contract was covered by the media, but the media focused on the policy not to backdoor software (as though that were surprising?), and regrettably, missed the real story carefully hidden in the first bullet:

1. We advance human rights by creating and deploying usable anonymity and privacy technologies.

This bullet is a continuation of Tor’s new mission statement adopted in late 2015 which reads:

“To advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.”

Collectively, these two policy documents pivot The Tor Project, Inc. from an organization that was foremost about privacy technology to an organization that is foremost about human rights (HR) where privacy technology is the chosen means to the end.

Naïve observers may see little difference, but this pivot has deep ramifications. In western liberal democracies (where Tor is overwhelmingly based, and by raw numbers, largely serves) human-rights advocacy has better optics than privacy. But the opposite is true in the regions that Tor aims to serve. Privacy empowers the individual. Empowering the individual naturally dovetails with human rights, so its plausible that greater human rights is a natural byproduct of privacy advocacy. However, Tor’s pivot from “Privacy Enthusiasts” to “Human Rights Watch for Nerds” substantially increases the risk of imprisonment to those operating a Tor relay or using the Tor Browser Bundle from less HR-friendly regions.

For example, in Singapore (where I live), the government absolutely does not care for what they term “Western human rights” and views them, at best, as a handicap in maximizing GDP, and at worst, as cultural imperialism. But despite their dim view of human rights, Singaporean authorities top-to-bottom are fanatical about reducing corruption. Most importantly, Singapore’s love of anti-corruption exceeds its apprehension about human-rights-laden privacy enhancing technologies. Singapore’s attitude here is representative of the cultural terrain from China to Indonesia, which constitute >30% of the world population.

Pigeonholing a generic technology like Tor into the human rights category makes it immensely harder to justify using Tor as part of generic (non-human-rights related) communications. For example, say you’re a sysadmin at a local business wishing to further secure its comms. You propose running a Tor node or using Tor internally. This was just something you could do (if perhaps a bit overzealous), but if asked you justifiably reply defense against corporate espionage matters. After Tor’s pivot, you now have to justify why the company is using software explicitly designed for banned HR activism — why is this worth drawing the government’s ire? Using Tor is now an additional mild liability for all non-HR users.

In profound irony, Tor’s pivot especially hurts local users who would use Tor for human rights. Say you’re an Asian HR activist — choosing one, would you prefer:

1. A poignant mission statement and social contract saying Tor, unsurprisingly, supports your noble cause.
2. A larger local anonymity set by including non-HR users, faster performance via local relays, and greater plausible deniability, so that your mere use of Tor is less suspicious?

To my surprise, Tor management believes (1) is more valuable than (2). Call me a bleeding-heart, but I believe privacy is so important that the efficacy of (2) takes priority over the emotional self-satisfaction of (1). Demonstrating how complete the transformation is within Tor, arguing this is deemed VERY SUSPICIOUS. And, I kid you not, that suspicion yields Tor management’s thumbs-up.

As a born-and-bred American, I get the human-rights motivation — I really do. But the “Human Rights Watch for Nerds” branding gives decidedly-unfriendly-and-opportunistic-authorities full license to do as they please with Tor operators or anyone who uses Tor (regardless of whether the use is HR related!). Yet a large portion of Tor is so drunk on self-righteousness they can’t recognize they are piloting into their adversaries’ hands. Here’s a more familiar analogy illustrating the regional equivalent of what Tor has done. Imagine Tor canonized a new policy document stating:

“The Tor Project proudly advances drug-use by creating and deploying usable anonymity and privacy technologies so people around the world can circumvent local drug laws.”

Thereafter, anytime an authority sees anything Tor, the enterprising officer has full-authority to proceed for investigating a drug-crime whereas before ze did not. I do not know how to make this more clear.

During my undergraduate years (2002–2007), I admired Tor’s skillfull treading on the tightrope separating three groups who typically don’t get along:

• the military-industrial complex among its funders
• the anarcho-capitalist cypherpunks among its early operators
• the potpourri of activists among its most dedicated users

I’m sure it was a difficult balance—but that balance was the secret sauce of Tor’s success, as Tor was perhaps the only thing these wildly divergent groups could agree on! Unfortunately, modern Tor has firmly rejected the first group, rebuffed the second, and filled the resulting vacuum with one of the worst aspects of the third — the purity politics and prioritizing of virtue signaling over mission efficacy.

Tor’s branding pivot is misguided, damaging for global privacy, and ironically, harmful to Asian human rights. Anonymity requires not just company, it requires diverse company, yet Tor has increased the risk to all non-HR Tor users. This something Tor has brought upon itself, and they are knowingly throwing their most vulnerable users under the bus.

After seven years of proud service to Tor including: founding Tor2web, Roster, and Toroken, as well as writing a Tor Tech Report and running several high-performance relays, I am resigning because:

• Given my residency in Southeast Asia (and already being on a first-name basis with the Singapore Police Force due to tor2web), Tor’s pivot creates nonnegligible risk for me personally.
• I do not trust an organization which prefers reaping modest public relations benefits within comparably cozy jurisdictions over the security of its neediest users risking imprisonment.

Anyone want to set up an organization based on the efficacious promotion of privacy? Because Tor is no longer it.

Addendum

In discussing this post, one of my colleagues opined that, from a management perspective, the pivot towards human rights is actually great for fundraising in the West. With modern Tor Project placing getting off defense-industrial funding at top priority, new funding must come in. And if a byproduct of that new funding demands throwing the most vulnerable users under the bus…well, that’s just the price for them to pay.

So, lets take a step back. The primary reason for Tor to distance from defense money is so it’s not perceived to be a puppet of the West. The optics will look better to casual observers, but dropping defense funding for building products and pivoting towards human rights grants will, ideologically speaking, surprisingly have the opposite effect.

Article source

[straycat19]

I don't see how a group that created a space for illegal markets in drugs and weapons can claim they are in any way an organization to support human rights, when in fact their system does just the opposite.  Because of those markets it has drawn the attention of the FBI, CIA, NSA, and who knows what other 3-letter agencies, not only in the US but overseas also.  So the privacy that HR advocates need will not be found on Tor, just the opposite, being found on there just identifies them to their secret police.  We already know Tor is not secure and people can be tracked if the trackers really want to find a person.  I have been told there are more government agents from all countries on Tor than there are regular users. 

[Sylence]

They won't leave TOR alone unless they can have flawless access to the data and apparently they still don't have such access. anyway, TOR doesn't work for us, whatever bridge or settings you throw at it still it won't connect. 

[edwardecl]

Nothing is secure, but you can use TOR along with other methods to make finding you difficult if not impossible. If nothing else at least TOR slows them down, TOR is a great tool for getting around ISP firewalls though which is what I mainly use it for.

[steven36]

1 hour ago, edwardecl said:

Nothing is secure, but you can use TOR along with other methods to make finding you difficult if not impossible. If nothing else at least TOR slows them down, TOR is a great tool for getting around ISP firewalls though which is what I mainly use it for.

1.Tor itself is not very useful anymore  since cloudflare  blocks  most sites  to bypass sites being blocked  ..

2. Tor is a good way to bring attention to yourself . If you're trying to  hide you're identity ..

3. Most the time the DNS do not mach you're IP ,

4.  Always if they check you're ip it will show  you're using TOR .

5. If they have exploit  for it there more likely to sting you with it  for using it .

6. The only thing its really useful for is if you surf the darknet witch i dont there's plenty to do on the clear net still.

 

 

[edwardecl]

Well my ISP block a lot of sites including torrent sites and sites that just report of releases, so it's either use a proxy or tor, tor is easier.

[Holmes]

I have used tor I dont really use it now because its slow If I want to hide my ip address Ill use Cyberghost VPN.