Dishonest Tor relay math question - tor-talk is to lazy

grarpamp grarpamp at gmail.com
Tue Dec 6 15:02:16 PST 2022 

> "Tor Stinks  -- NSA, known since before 2012"

Tor Project: Still Infested With Many Conflicts Of Interest, and with
many problems that have been outlined for decade, not weeks,
that Tor Project and its minions still put users at risk by refusing to mention,
not least because it wouldn't be good for business.

People should write code for new overlay networks to route around them.


The Role of the Tor Project Board and Conflicts of Interest

https://blog.torproject.org/role-tor-project-board-conflicts-interest/

by isabela | October 3, 2022

Over the last couple of weeks, friends of the Tor Project have been
raising questions about how Tor Project thinks of conflicts of
interest and its board members, in light of the reporting from
Motherboard about Team Cymru. I understand why folks would have
questions, and so I want to write a bit about how the board of
directors interacts with the Tor Project, and how our conflict of
interest process works.

The Role of the Board

First off, a word about non-profit boards of directors. Although every
non-profit is unique in its own way, the purpose of a board of an
organization like The Tor Project, with a substantial staff and
community, is not to set day-to-day policy or make engineering
decisions for the organization. The board's primary role is a
fiduciary one: to ensure that Tor is meeting its obligations under its
bylaws and charter, and “hire/fire” power over the executive director.
Although staff members may consult board members with relevant
expertise over strategic decisions, and board members are selected in
part for their background in the space, the board is separate from the
maintenance and decision-making on Tor's code, and a board seat
doesn't come with any special privileges over the Tor network. Board
members may be consulted on technical decisions, but they don't make
them. The Tor Project's staff and volunteers do. The Tor Project also
has a social contract which everyone at Tor, including board members,
has to comply with.

When we invite a person to join the Board, we are looking at the
overall individual, their experience, expertise, character, and other
qualities. We are not looking at them as representatives of another
organization. But because Board members have fiduciary duties, they
are are required to agree to a conflict of interest policy. That
policy defines a conflict as “...the signee has an economic interest
in, or acts as an officer or a director of, any outside entity whose
financial interests would reasonably appear to be affected by the
signee's relationship with The Tor Project, Inc. The signee should
also disclose any personal, business, or volunteer affiliations that
may give rise to a real or apparent conflict of interest.”

Handling Conflicts of Interest

Like most conflict processes under United States law, non-profit
conflicts rely on individuals to assess their own interests and the
degree to which they might diverge. The onus is often on individual
board members, who know the extent of their obligations, to raise
questions about conflicts to the rest of the board, or to recuse
themselves from decisions.

It also means that conflicts, and perceived conflicts, change over
time. In the case of Rob Thomas's work with Team Cymru, the Tor
Project staff and volunteers expressed concerns to me at the end of
2021, spurring internal conversations. I believe it is important to
listen to the community, and so I worked to facilitate discussions and
surface questions that we could try to address. During these
conversations, it became clear that although Team Cymru may offer
services that run counter to the mission of Tor, there was no
indication that Rob Thomas's role in the provision of those services
created any direct risk to Tor users, which was our primary concern.
This was also discussed by the Board in March and the Board came to
the same conclusion.

But of course, not actively endangering our users is a low bar. It is
reasonable to raise questions about the inherent disconnection between
the business model of Team Cymru and the mission of Tor which consists
of private and anonymous internet access for all. Rob Thomas's reasons
for choosing to resign from the board are his own, but it has become
more clear over the months since our initial conversation how Team
Cymru's work is at odds with the Tor Project's mission.

What's Next

We at Tor, me, the board, staff and volunteers, will continue these
conversations to identify how to do better from what we have learned
here.

I have been working with the board to see where things can be done
better in general. One of these initiatives is changing the Tor
Project's board recruitment process. Historically, recruitment for
board slots has been ad hoc - with current board members or project
staff suggesting potential new candidates. This selection process has
limited the pool of who has joined the board, and meant that we do not
always reflect the diversity of experiences or perspectives of Tor
users. For the first time we are running an open call for our board
seats. Although this may seem unrelated to the idea of conflicts, we
believe that more formalized processes create healthier boards that
are able to work through potential conflict issues from a number of
different angles.

Finally, let's talk about infrastructure for a moment. Our community
has, rightly so, also raised concerns regarding the Tor Project usage
of Team Cymru infrastructure. Team Cymru has donated hardware, and
significant amounts of bandwidth to Tor over the years. These were
mostly web mirrors and for internal projects like build and simulation
machines.

Like all hardware that the Tor Project uses, we cannot guarantee
perfect security when there is physical access, so we operate from a
position of mistrust and rely on cryptographically verifiable
reproducibility of our code to keep our users safe. As we would with
machines hosted anywhere, the machines hosted at Cymru were cleanly
installed using full disk encryption. This means that the set up with
Team Cymru was not different from any other provider we would be
using. So the level of risk for our users was the same when we used
other providers.

But given the discussion of conflicts above, it's not tenable to
continue to accept Team Cymru's donations of infrastructure. We have
already been planning to move things out since early 2022. It is not a
simple, or cheap task to move everything to some other location, so
this process is going to take some time. We've already moved the web
mirrors away, and are working on the next steps of this plan to
completely move all services away from Team Cymru infrastructure. We
thank the community for its patience with this process.

We encourage respectful, on-topic comments. Comments that violate our
Code of Conduct will be deleted. Off-topic comments may be deleted at
the discretion of the moderators. Please do not comment as a way to
receive support or to report bugs on a post unrelated to a release. If
you are looking for support, please see our FAQ, user support forum or
ways to get in touch with us.

1 reply

Without wishing to sound ignorant, could somebody please tell me what
the disagreeing specifically surrounds?

More information about the cypherpunks mailing list