No worries, JUAN, they promise no backdoors… (I’m with you on your design stance, btw) https://blog.torproject.org/blog/tor-social-contract "The Tor Social Contract Posted August 9th, 2016 by alison in • ethics • human rights • social contract At The Tor Project, we make tools that help promote and protect the essential human rights of people everywhere. We have a set of guiding principles that make that possible, but for a long time, those principles were more or less unspoken. In order to ensure that project members build a Tor that reflects the commitment to our ideals, we've taken a cue from our friends at Debian and written the Tor Social Contract -- the set of principles that show who we are and why we make Tor. Our social contract is a set of behaviors and goals: not just the promised results we want for our community, but the ways we seek to achieve them. We want to grow Tor by supporting and advancing these guidelines in the time we are working on Tor, while taking care not to undermine them in the rest of our time. The principles can also be used to help recognize when people's actions or intents are hurting Tor. Some of these principles are established norms; things we've been doing every day for a long time; while others are more aspirational -- but all of them are values we want to live in public, and we hope they will make our future choices easier and more open. This social contract is one of several documents that define our community standards, so if you're looking for things that aren't here (e.g. something that might be in a code of conduct) bear in mind that they might exist, in a different document. Social goals can be complex. If there is ever tension in the application of the following principles, we will always strive to place highest priority on the safety and freedom of any who would use the fruits of our endeavors. The social contract can also help us work through such tensions -- for example, there are times when we might have a need to use tools that are not completely open (contradicting point 2) but opening them would undermine our users' safety (contradicting point 6). Using such a tool should be weighed against how much it's needed to make our technologies usable (point 1). And if we do use such a tool, we must be honest about its capabilities and limits (point 5). Tor is not just software, but a labor of love produced by an international community of people devoted to human rights. This social contract is a promise from our internal community to the rest of the world, affirming our commitment to our beliefs. We are excited to present it to you. 1. We advance human rights by creating and deploying usable anonymity and privacy technologies. We believe that privacy, the free exchange of ideas, and access to information are essential to free societies. Through our community standards and the code we write, we provide tools that help all people protect and advance these rights. 2. Open and transparent research and tools are key to our success. We are committed to transparency; therefore, everything we release is open and our development happens in the open. Whenever feasible, we will continue to make our source code, binaries, and claims about them open to independent verification. In the extremely rare cases where open development would undermine the security of our users, we will be especially vigilant in our peer review by project members. 3. Our tools are free to access, use, adapt, and distribute. The more diverse our users, the less is implied about any person by simply being a Tor user. This diversity is a fundamental goal and we aim to create tools and services anyone can access and use. Someone's ability to pay for these tools or services should not be a determining factor in their ability to access and use them. Moreover, we do not restrict access to our tools unless access is superceded by our intent to make users more secure. We expect the code and research we publish will be reviewed and improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute this information. We also design, build, and deploy our tools without collecting identifiable information about our users. 4. We make Tor and related technologies ubiquitous through advocacy and education. We are not just people who build software, but ambassadors for online freedom. We want everybody in the world to understand that their human rights -- particularly their rights to free speech, freedom to access information, and privacy -- can be preserved when they use the Internet. We teach people how and why to use Tor and we are always working to make our tools both more secure and more usable, which is why we use our own tools and listen to user feedback. Our vision of a more free society will not be accomplished simply behind a computer screen, and so in addition to writing good code, we also prioritize community outreach and advocacy. 5. We are honest about the capabilities and limits of Tor and related technologies. We never intentionally mislead our users nor misrepresent the capabilities of the tools, nor the potential risks associated with using them. Every user should be free to make an informed decision about whether they should use a particular tool and how they should use it. We are responsible for accurately reporting the state of our software, and we work diligently to keep our community informed through our various communication channels. 6. We will never intentionally harm our users. We take seriously the trust our users have placed in us. Not only will we always do our best to write good code, but it is imperative that we resist any pressure from adversaries who want to harm our users. We will never implement front doors or back doors into our projects. In our commitment to transparency, we are honest when we make errors, and we communicate with our users about our plans to improve. • alison's blog"
On Thu, Aug 11, 2016 at 09:08:06PM -0400, bbrewer wrote:
No worries, JUAN, they promise no backdoors… (I’m with you on your design stance, btw)
Tor Inc. "Do 'no backdoors' evil" - gee, where did we hear -that- hollow 'promise' before? <caugh>Google</splutter> Juan, you're right of course - where the funding is compromised, the entity is compromised. And corporations have a sociopathic "profit at all costs" constitutional/ foundational principle - so any "good" they "promise" shall be compromised, the only question being timing (and often times that timing is "now, we trust peeps don't see it yet".
On Aug 11, 2016, at 10:00 PM, Zenaan Harkness <zen@freedbms.net> wrote:
Tor Inc. "Do 'no backdoors' evil" - gee, where did we hear -that- hollow 'promise' before?
<caugh>Google</splutter>
Absolutely, it is all BS. Difference is, google isn’t really ‘aiming’ at the crowd that really gives a crap about such things, vs where TOR is. I myself am completely owned by google; gmail since beta, and a FI user for nearing 6 months. I know and understand that they know *everything* about my life, perhaps better than I do — I figure as long as that is acknowledged, c’est la vie. It’s a tradeoff… Seems like TOR isn’t marketing towards those willing to ‘make those tradeoffs’, especially since their entire ‘service/product’ is the vague notion of being ‘invisible’ online. While both seem to be fucking you in the ass, google isn’t really lying to your face. Besides, evil is all in the mind of the beholder. sigh. you want privacy? Keep it in your head; or at least, keep it off the inter-basket, where all our eggs seem to collect. -bbrewer * written on my super sekure osx device. ** not really secure. *** fuck it.
On Sat, 13 Aug 2016 20:22:39 -0400 bbrewer <bbrewer@littledystopia.net> wrote:
While both seem to be fucking you in the ass, google isn’t really lying to your face.
Are you kidding?
Besides, evil is all in the mind of the beholder.
Oh fine. So all these discussions are pretty much meaningless.
sigh. you want privacy? Keep it in your head; or at least, keep it off the inter-basket, where all our eggs seem to collect.
-bbrewer
* written on my super sekure osx device. ** not really secure. *** fuck it.
On Aug 13, 2016, at 8:54 PM, juan <juan.g71@gmail.com> wrote:
On Sat, 13 Aug 2016 20:22:39 -0400 bbrewer <bbrewer@littledystopia.net> wrote:
While both seem to be fucking you in the ass, google isn’t really lying to your face.
Are you kidding?
Not kidding; No one looked to google services for their privacy and protections, no? They subscribe to email, knowing they are read for ‘ads’, and knowing that no doubt, everything is logged and available at whatever ‘official’ request’. They look towards TOR for… almost the opposite. They *are* ‘selling’ protection.
Besides, evil is all in the mind of the beholder.
Oh fine. So all these discussions are pretty much meaningless.
Not meaningless at all; however, for *myself* the notion that TOR is screwing people over carries far more weight (and no surprise) than the notion of google screwing people over who were not explicitly seeking said ‘protections’. *shrug*. Like you said, technology aside on the Micro level, the Macro level design of TOR provides ‘them’ all the protections with none of the liability. How others do not understand this is beyond my ‘scope’, if you will.
On Thu, 11 Aug 2016 21:08:06 -0400 bbrewer <bbrewer@littledystopia.net> wrote:
No worries, JUAN, they promise no backdoors…
That's really nice of them. The security they provide is worse than mediocre, but they surely are masters of Newspeak.
(I’m with you on your design stance, btw)
https://blog.torproject.org/blog/tor-social-contract
"The Tor Social Contract Posted August 9th, 2016 by alison in • ethics
• human rights
• social contract
On Sat, Aug 13, 2016 at 05:02:18PM -0300, juan wrote:
On Thu, 11 Aug 2016 21:08:06 -0400 bbrewer <bbrewer@littledystopia.net> wrote:
No worries, JUAN, they promise no backdoors…
That's really nice of them. The security they provide is worse than mediocre, but they surely are masters of Newspeak.
Look, they might not have the ultimate security, but at least they tolerate criticism on their own communication forums thereby supporting a balanced comprehension by new comers. Oh .. wait ...
(I’m with you on your design stance, btw)
https://blog.torproject.org/blog/tor-social-contract
"The Tor Social Contract Posted August 9th, 2016 by alison in • ethics
• human rights
• social contract
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/11/2016 09:08 PM, bbrewer wrote:
No worries, JUAN, they promise no backdoors… (I’m with you on your design stance, btw)
https://blog.torproject.org/blog/tor-social-contract
"The Tor Social Contract Posted August 9th, 2016 by alison in • ethics
• human rights
• social contract
At The Tor Project, we make tools that help promote and protect the essential human rights of people everywhere. We have a set of guiding principles that make that possible, but for a long time, those principles were more or less unspoken. In order to ensure that project members build a Tor that reflects the commitment to our ideals, we've taken a cue from our friends at Debian and written the Tor Social Contract -- the set of principles that show who we are and why we make Tor. Our social contract is a set of behaviors and goals: not just the promised results we want for our community, but the ways we seek to achieve them.
[ etc ] As a QA and document control guy, I can't read something like that without processing it like this: "We are committed to transparency; therefore, everything we release is open and our development happens in the open. Whenever feasible, we will continue to make our source code, binaries, and claims about them open to independent verification. In the extremely rare cases where open development would undermine the security of our users, we will be especially vigilant in our peer review by project members." Translation: We believe in and practice an open, accountable development process, except when we don't. The public is allowed to see how TOR works, except when the public is not allowed to see how TOR works. Trust us, what you don't know won't hurt you. "We are not just people who build software, but ambassadors for online freedom. We want everybody in the world to understand that their human rights -- particularly their rights to free speech, freedom to access information, and privacy -- can be preserved when they use the Internet. " Edit to include: The TOR project believes in human rights, except the rights of persons accused of crimes to be held innocent until proven guilty, and to publicly confront their accusers in a neutral, public Court. The TOR Project believes in and exercises the rights of risk-averse employers to discipline and discharge victims of malicious office gossip and/or anonymous denunciation as an expedient conflict resolution method. "We never intentionally mislead our users nor misrepresent the capabilities of the tools, nor the potential risks associated with using them. Every user should be free to make an informed decision about whether they should use a particular tool and how they should use it." Edit to include: "The TOR Browser ships with NoScript installed but disabled. Users must enable it themselves to obtain protection against de-anonymization at will by any malicious or compromised website. We do this as a convenience for naive users who may not understand what NoScript is or what it does." With TOR, one can have exactly as much "freedom and security" as one can steal. Just like real life. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXsNlgAAoJEECU6c5Xzmuqx7UH/juSkFhBaENZSOhPfoPsG/2u UPsXzjtjP7GAf5sMeacTl4O/DCosIace5e67NNuC5JIfmxPl5cJdV+VDfiAJ1uTF MppYOZNW6H0iS/+9TrLsM1YvBO33JjqU2Rep1kA9bxhYV4CtWWTGFPhgQEElbLZL 6wKKzGQy4zYTj6P5oeqEi3Crq9HdETsZstyKNDLqTnPANyLlrHQo5HKQjYeTxNs/ ywLfTRK4kBJxB5Xq8RYI9x4FwVV9R7pjqlZLLhFtuS8WXzA0AmfanDgOvSc1WXef vt7ZyNCm/tgpfNiCTjC60qZeGCpGy9mRzalMgUPI8YVe9QI4P6CUOrMav8GqPgk= =3BN7 -----END PGP SIGNATURE-----
On Sun, Aug 14, 2016 at 04:49:36PM -0400, Steve Kinney wrote:
On 08/11/2016 09:08 PM, bbrewer wrote:
written the Tor Social Contract -- the set of principles that show who we are and why we make Tor. Our social contract is a set of behaviors and goals: not just the promised results we want for our community, but the ways we seek to achieve them.
As a QA and document control guy, I can't read something like that without processing it like this:
"We are committed to transparency; therefore, everything we release is open and our development happens in the open. Whenever feasible, we will continue to make our source code, binaries, and claims about them open to independent verification. In the extremely rare cases where open development would undermine the security of our users, we will be especially vigilant in our peer review by project members."
It's even worse - that last sentence above could easily be read as follows (thanks for the mindset, Juan :) - "In rare cases, open development does undermine the security of our users (those who actually need Tor against TLAs, and all our open development lulling those lusers into a belief in safety which does not exist) and in these rare cases (which are the only ones we should be worrying about) we will be especially vigilant in our open development and peer review to work extra hard at bamboozling folks and fulling all our masters requirements for next version, and thereby avoiding those things which may actually help those who actually need Tor to actually do something effective with it besides sharing our Hollowood propaganda". (This one time, I had a weird moment of having read the (Tor propaganda) paragraph above as though it was your (Steve) 'response to Tor propaganda' - then, this one time, I read your next para below and said "what?!!" Then, I shoved a light bulb up my brain, twigged really hard and explained it to myself slow enough that I could understand it.)
Translation: We believe in and practice an open, accountable development process, except when we don't. The public is allowed to see how TOR works, except when the public is not allowed to see how TOR works. Trust us, what you don't know won't hurt you.
s/won't hurt you/we want you to think won't hurt you/
"We are not just people who build software, but ambassadors for online freedom. We want everybody in the world to understand that their human rights -- particularly their rights to free speech, freedom to access information, and privacy -- can be preserved when they use the Internet. "
"Especially the rights of Jacob Applebaum whom we have a monstrous hard on for at the moment - his rights are like, you know, really important all of us here at Tor Inc. We believe in a better, warmer, caring world full of justice, transparence and truth."
Edit to include: The TOR project believes in human rights, except the rights of persons accused of crimes to be held innocent until proven guilty, and to publicly confront their accusers in a neutral, public Court. The TOR Project believes in and exercises the rights of risk-averse employers to discipline and discharge victims of malicious office gossip and/or anonymous denunciation as an expedient conflict resolution method.
"And we absolutely believe in the right for those with a rigid anger against another, to take a firm hold of a vigilante community and thrust some righteous and vigorously anonymous arguments at the wall of innuendo, slurs and outright lies and coverups. Because, what's life without some serious and unethical backstabbing process thrown into the mix?"
"We never intentionally mislead our users nor misrepresent the capabilities of the tools,
(like those tools on our vigilante justice committee, the CIA guys who failed to cover their trackes well enough when apply to work with Tor Inc, and those CIA guys who did get through the gaping cracks we lubricate with TLA dollars - as we always say, "once you've had black (money), you'll never go back!")
nor the potential risks associated with using them.
(like the use of our vigilante justice system, which nearly got out of Public Relations control, but was saved at the 11th hour by our knight-ess in smoking black garter belts, Shari Steele)
Every user should be free to make an informed decision
to jump on our vigilante lynch mob band wagons, and
about whether they should use a particular tool
like Jacob Applebaum when the time is just right,
and how they should use it."
vigorously, relentlessly and cruelly - we call it: The Shari-ahh law way. Only thing we have not yet figured out is how to include more, how do we say this, physical consequences, as part of our detailed, torturous and dare we say, religious ways.
Edit to include: "The TOR Browser ships with NoScript installed but disabled. Users must enable it themselves to obtain protection against de-anonymization at will by any malicious or compromised website. We do this as a convenience for naive users who may not understand what NoScript is or what it does."
As well we do this and are up front about it when we say "we need more users to fill enough of the bandwidth to provide enough cover traffic for our special ops in Syria, Lybia, Iraq, Afghanistan, China and Russia, and disabling No-script by default would cause according to our estimations, quite a few millions of those useful naieve users to not stay.
With TOR, one can have exactly as much "freedom and security" as one can steal. Just like real life.
Yes I agree, that would be a fine ending to their propaganda - I'm just not sure they would include it - too much truth.
Steve, Thank you very much for taking time writing this "clarification" to the folks who still (might) trust the tor mafia.
participants (5)
-
bbrewer -
juan -
Steve Kinney -
Zenaan Harkness -
Александр