Tor project

06-01-2013

Wow! That’s really great. Hi! So, thanks for having me here, although I can’t see any of you at all. I’m here today to talk about Tor, and I want to talk a little bit about anonymity in general, and circumvention, as well as Internet filtering, or blocking, Have you guys ever experienced blocking on the Internet? Or filtering of any kind? Anybody here? Raise your hand if you have.

Oh man, is this too loud? It sounds really loud.

Anyway, so I wanted to give you an overview that sort of shows why you might care about Tor, or what about Tor might be interesting to you.

So, I have a bunch of text on the slide which you can read. But the short version is that we’re a nonprofit, because I don’t think that you can save the world by being a for-profit corporation. And it’s pretty hard to trust a for-profit corporation with your privacy. So we built this big peer-to-peer network, and the idea is that if you use it, you have the ability to be private by design. So, we have about 2500 people at any given point in time that are running Tor servers, of which anyone can be a Tor server. And we have about 250,000 people using Tor at any given point in time during the day, or night. And the network is like a huge amount of bandwidth, considering that it’s passing traffic for everyone. And, we’re probably the only project, as a free software project, that’s been funded by both the US Department of Defense, and the Electronic Frontier Foundation. It’s a very strange thing.

And, we’re probably the only project, as a free software project, that’s been funded by both the US Department of Defense, and the Electronic Frontier Foundation. It’s a very strange thing.

But it turns out that when you work on anonymity, you need people from all sides to join. Otherwise you have the network that’s just used by these people or just used by those people. And then you don’t actually have anonymity, right? So if it was only people in Serbia that used it, it wouldn’t be anonymity. But if people from every country in the world used, you can’t really learn about a person simply by seeing someone using this network. So, depending on who I’m talking with I might -god, these lights are so bright, it’s amazing- I would phrase it kind of differently. I’m mostly interested in talking about “censorship resistance”. So, businesses don’t really care about our privacy at all, we pretty much know this as a given. So if you phrase this for business, you might call it “network security”, or if you talk to a government you call it “traffic analysis resistance”. But your grandmother doesn’t know what any of those things are. So you can’t call it that, you have to just say privacy, because she understands the idea of curtains and window. That’s like a really easy privacy analogy for her. The same with my grandfather, too, right? But I don’t want to talk about those things so much, I just want to talk about circumvention.

So, if you want to get around Internet filtering, the easiest thing to do is to try to use a basic proxy. Have any of you guys ever used a proxy? Raise your hand if you have. Ok. So Tor is exactly that. It’s a proxy. But instead of being a proxy that’s somewhere out on the Internet, you run it locally on your computer, so it provides a proxy. You just tell your browser to use the local proxy, and it does a bunch of really awesome stuff. So Tor will make sure that someone who is watching you can’t see what it is you’re saying, and you make sure that when you’re communicating with someone over the Tor network, that’s exactly what you think it is. Someone on your local network isn’t going to be able to tamper with it. So, if your ISP in, say like Tunisia, is the state telecom, and they monitor everything you do, and they use of bunch of Western products to screw your Internet connection, if you’re using Tor, and Tor is actually functional, then their tools aren’t going to be very useful. They won’t be actually able to change data without you being alerted. Even if the sites you’re visiting don’t support security at all, the fact you can connect to Tor will provide you with some security. And of course, if you happen to be involved in a somewhat complicated lawsuit, maybe, where people want to know where you’re connecting from, using Tor, would be a really powerful way to thwart anyone getting that data. Because even if they were able to get that data, they would just end up with a Tor IP address in their log file. So, this is a bunch of more text if you really care about technical details about Tor, this is like the super-duper crash course. But instead of having an hour and a half for something, I have about 30 min, I’m not going to read that. Just say, the idea is that, when you use Tor, you have an IP address which is out in the Tor network itself, so you never actually connect to a server from the IP address that’s on your local Internet connection, like your DSL modem or something like that. You can think of it as if it were a cloud of some sort, and you connect into and out of it. And so, what people see is the Tor cloud, and what people see is you talking to Tor as a network, but they don’t see anything else. When you, of course, leave the Tor network, the Tor network can see things that you’re doing online, so you want to use, say, HTTPS to make sure the Tor network can’t see the things that you’re doing, but maybe you don’t care about that anyway.

and what people see is you talking to Tor as a network, but they don’t see anything else

For example, if you want to look at a website which talks about medical information, but you don’t want your ISP, or the government, to know about that, using Tor is perfectly fine even if you don’t use encryption. Because what you’re trying to do is to compartmentalize the risk that you have, and what you’re trying to say is “the local people here, they’re the ones I’m worried about. I don’t care about the Tor network watching what I’m doing at all”. So even then, you don’t have to worry so much about trusting anybody, because the main piece of the puzzle is that you wanted some sort of free, virtual, private network service, and what comes with though, is a bunch of nice stuff, like the anonymity that comes with it is something that a virtual private network doesn’t actually support, and can’t really support. And so the way that this works is a little bit complicated, but rather than go into the super-duper details about it, I’ll just say that any person in this room can become a Tor relay. So every person here can go home and install Tor on their computer, and they are the Tor network. That’s all there is to it. Now, if you’re a client, and you want to install Tor, you do the same thing as installing a Tor server, but you basically don’t say that you want to help. You just start it and you’re done. And now you have a proxy on your local computer. And you’ll come up as coming from Germany, or you’ll show up as coming from Holland. There is one Tor server right now in Serbia, it is running on a Windows machine, which I thought was very strange. I was hoping that one person this audience would agree to run a Tor server, so you could double the number of Tor relays in your country. But basically you start Tor on your phone, or you start it on your computer, and it connects to some of the Tor servers, and you get the big picture of all the different Tor servers in the world. An then you just choose, on your client, where you’d like to route through. So, the basic idea is that you start the client, and it takes care of everything for you, but in detail you would connect to these different peers in the network, and you would learn things about them, and it grows as it’s a peer-to-peer network. And if you want to, you can learn about these details because we have a specification which we publish. So all of these details are, like, very technically specified, and then at a higher level, if you just want to read the higher-level stuff. But basically, we wanted to make sure that when we built this network, you wouldn’t be able to subvert it with some legal threats. Because it turns out that the law is nice, but maybe it’s not always being applied equally, or maybe it’s not always reasonable, and in some places the law isn’t actually very just. So the idea here is that you guys are Alice. Any of you that want to use Tor are Alice, alright? And so you connect to the first relay and you basically encrypt your connection to that relay, and this looks like Firefox talking to a Web server. So someone watching you won’t know instantly that using Tor, just by looking at what the protocol looks like, because we try to look like HTTPS, or like, secure banking or whatever, right? And then you connect to the second relay, but the first relay doesn’t know where you’re going other than the first relay and the second. The second knows you are going to the third, and to the first, but it doesn’t know where you’re going on the Internet. And then the third relay doesn’t know you’re coming from Serbia. So even if you go to the house of the person that runs the third relay and you beat them with a hose, you don’t know anything, right?

Strong cryptography and the design actually create privacy, so even if that third relay or the first relay is logging all the data, they have to collude. And so as long as Alice doesn’t reveal which one she chooses out of the thousands of Tor servers available, Alice is actually in pretty good shape. And she just has to pick one that does the right thing-and since there are three that she picks out of thousands, the chances of her picking one are pretty good and so far we haven’t heard about people being in somewhere, like, compromise through this design-which I think is pretty good news. There’s a lot of pressure on the Tor network for various reasons, and so I would expect that if bad stuff is happening, we would be hearing about it quite frequently. But this is this concept that the Canadians like to call “privacy by design”, and the idea really just comes down to the fact that you have a choice in privacy and security, which is basically black-and-white, and I don’t like to frame things in black-and-white terms, but your promises that people say they will keep, and that’s nonsense almost all the time, because when they’re given a different set of instant incentives they will just break those promises. Sometimes they break those promises without realizing it: someone breaks into your computer or something like that. And there are other circumvention systems- they log all the data that goes through their system, and they promise they won’t reveal it. Well that that promise is only as good as we are at securing computers, which is probably not very good at all. And then of course, if they’re telling the truth about it, when will they will reveal it? And it createsall these really weird legal issues, too, where if they have the data now, maybe they will have to give it up. So we solve that by 1) not collecting the data, and 2) segmenting the value of it. Andthen, you know, a big block of text there (points to the screen) if you want to read about that. But basically, the issue is that if you have a single hot proxy, or a single entity, they can just log everything and then, you know, they can give you out. So there is a guy in the audience here -I think he left just now -but he was using a single hot proxy tool, and he criticized the tool, and so they cut off his access while he was in the field, in the Middle East. So that’s another really interesting problem, which is the single hot proxy also allows the owner of the tool to identify you.

When someone abuses the Tor network, there is nothing we can do about it, right, because at the end of the day, they’re anonymous, we don’t have log-ins and passwords, we don’t know who’s using the tool, and it’s free, so we don’t even have a money trail. And the idea is sort of built on these anarchist principles of mutual aid and solidarity. So if you use the Tor network a lot it, would be really nice if you ran some Tor servers, but we don’t have any method for enforcement, obviously. So one of the key things is that we’re in an arms race right now, but if you have pretty severe Internet filtering, you find that it’s easy to see Tor locked, because -this is actually happening in China, for example, and I’ll talk about that a little bit later, but basically you have this list of directories -those things I mentioned before when you start Tor- it fetches all of the other possible Tor computers in the network. Well, a censor just does that, too, right? They just block all the possible Tor relays that exist, and then, just like they block websites, now you can’t reach them anymore. That’s sort of a pain in the ass. We try to fix this in a couple different ways. One is that we want people to be able to get a copy of Tor, and so in China, and Iran, and, well I don’t know, it depends on which country you’re in -even in Canada, the Tor website is sometimes blocked. So we do is, we will actually use a different overlay network, which is that we all send an e-mail.

sometimes we’ll see it spike up to 500,000 users -this again is usually correlated with political events

And the idea here is that spam filtering is really hard, right? It’s a really difficult problem, and if you can send e-mail, we will confirm that you actually asked for it, so we won’t send spam. But since they can’t easily filter spam, it sort of lends some credence to the idea that they can’t easily filter us delivering Tor via e-mail, either. If they could match it very easily, that would be a problem, but so far we haven’t noticed anyone even trying to filter these. Whereas they do blockout access to websites. So you just send an e-mail, will send you a copy of Tor. So now you have the first part done, which is you have this thing that does all these magical crypto-things for you, and you’ve got it on your computer. But when you actually want to run it, it won’t work, because they blocked out access to all of the Tor servers that are actually in the world. We actually saw in the beginning of January, like, we had this spike: whenever we graph interesting features of the Tor network, we find that you can correlate the spikes with political events. So I’m not exactly sure what political event this was, but we had, you know, basically five times the normal number of Tor fetches over e-mail in a very short period of time. It’s like about a week or something like that, so for about a week we had five times the normal traffic. It’s pretty crazy. So we know that people are using this to get around blocking. And so when they’re blocking all these different Tor relays, they are usually doing it because they have an IP address and a port number -and this is the same way that they do website blocking, usually. And it’s not usually done by keyword, like, if you use a sensitive keyword, like Falun Gong in China, then all of a sudden your Internet connection just has major problems, right?

So, we encrypt all this data, and we don’t have, like, a keyword that easy to filter on. So, instead what they will do is just pick the list of IP addresses. And that’s sort of a pain, right? And we’re not really sure exactly to fix this, but we came up with a couple of ideas. We had expected this event to occur for about two years and finally happened on the 60th anniversary of some guy taking power in China. And so when that happened we switched to a thing which we call “bridges”,  and the idea is that you have a Tor relay -everyone in the room can be a Tor relay- and instead of becoming a public one, if you become a private one, and you say to your friends here is the IP address of my computer. You can also check a box that will send it to us, and we will hand it out to people through a special distribution strategy. But the basic idea is the same, which is that we stop giving it out to everyone. Because that’s basically an unsolvable problem, right? The idea is that we have to give everyone a list of all the Tor relays, and that means the Chinese censors, the American censors, the Canadian censors, whoever, right? And we basically took that and we said “we will give everybody a list of all the Tor relays, but we will give some people a way to get into the Tor network that we won’t share with everyone else. So that’s a, we went from a totally intractable problem to just a mostly intractable problem, and that’s kind of nice. And it works a little bit. It doesn’t work as well as we would like it, because it turns out that a lot of these governments actually put a lot of resources into trying to pretend that thy’re users. And so, we’ve been experimenting a little bit with social networks, so for example, using Twitter, you can only be given these IP addresses on Twitter if you happen to personally know some of the people that hand out the addresses. That doesn’t scale very well for the general perception of Tor’s functionality, but it does mean that people who really need to be able to connect to Tor will still be able to connect to Tor, so there’s some value in it, and it’s, at the moment, pretty similar to what other circumvention systems are doing, but we’re pretty open about it.

So, this has problems, but we would like to figure out some solutions to it. Mostly, what’s a better way than just friend-to-friend scaling of information sharing, I’m not really sure. Trying to automate this always results in someone writing some programs and posting things online. And so it’s basically a darknet, right? The idea is that you have this public network which everyone knows about, and then you have this private set of relays which only your friends know about. The thing about a darknet, though, is that it’s sort of a binary thing: if people know that it exists, and are given an IP address, then it’s not really very dark anymore. And so, I mean, this is a tough one, right? This is probably the hardest problem in the circumvention community right now. Because even if you have, like, the biggest anonymity network in the world, and you have, like, 1 million people participating in it, if no one can connect to it, it’s not very useful to them. So, if you have some ideas about darknet design, or a better way that we can make sure that people can reach the actual public Tor network, we’re certainly open to hearing about it. There are some other designs that exist out there. Most of the other designs, the way that they stay secure is that no one uses them, and no one cares about them, and so, no one’s tried to block them, really. Or they’re very dynamic and they don’t work very well in that situation anyway. And a lot of them are usually closed source software. There is maybe one or two notable exceptions that aren’t closed source. But the basic idea is still the same for all of the circumvention systems that are out there. Some of them provide pretty good crypto, some of them provide no crypto at all, some of them have crypto, but then they log all the data.

And it’s a little bit depressing to think about that way, because, I mean, the lesson that we can learn is that these Internet filters are similar to the way that we have perceived other borders and walls, they are going to have people that will get across them, but the majority of the people around will be oppressed by them

So, this is the number of Tor users that exist in public right now, it appears -so just to be clear about these graphs- these are all statistical graphs,  these are not absolute numbers, these are rough estimates. Because it’s an anonymity network we can’t say “oh, yeah, we have a million users, no problem”, because we don’t have, like, a list of logins and passwords. We don’t know exactly how many unique users we have. But roughly, there’s about 250,000 people using Tor everyday. I mean, it goes up and down, sometimes we’ll see it spike up to 500,000 users -this again is usually correlated with political events, like you’ll note that big spike right there, on the right-hand side of the graph is around the, just past March 11, and there’s a whole bunch of crazy stuff that’s happened in the last month, and I’m guessing that the extra hundred thousand-ish users is related actually to some political events in the world. So I’m going to take us back in time, a couple months here, this is a pretty fantastic graph because it tells us of a lot of, you know, five times the normal number of Tor users all of a sudden. Well that pretty much correlates perfectly with good January 25 events happening in Egypt. And I was pretty active at the time in helping people in Egypt get access to Tor, and you know, trying to get more Tor relays set up to add capacity to network, and setting up bridges and things like that. And I also had access to a bunch of computers inside of Egypt that I was using to test their Internet filtering. So, you can see, for example, that Twitter was blocked, and you could see that it was blocked directly at the DSL modems connection point, so that the actual computer didn’t have a filter on it, but one hop upstream had filtering. And so you can actually see, also on the graph on the far right side, it goes flat at the bottom. That’s when Mubarak’s dictatorship decided it would be a great idea to pull the plug on the Internet, you guys remember that? So we saw that a bunch of people started getting around the filters, and word was getting out the people were getting around the filters, and they pulled the Internet. So, using these graphs we can actually tell a lot of information about what’s happening inside of these countries, in all countries around the world, and it’s pretty fascinating, especially in countries with a pretty high Internet penetration rate, you can start to learn a bunch of interesting things like, when I show you some graphs about South Korea, there’s a really strange pattern that exists there, and I’m not sure if it has to do with, like, really ,like, serious power consumption goals or something. But here you can see that this is probably directly tied to the political events that are occuring, with at least the flat line. And we also saw that the number of people connecting with bridges was under 50, and then around the time that they were up just before pulling the Internet, we saw that one up to like 350-ish or something. And because these are statistical samples it’s worth noting that this number is probably like wildly low, and the reason is that if you set up a private bridge to help someone in Egypt, we don’t get those statistics all, because we don’t ask for information. You have to tell us you want to give it to us.

So, I mentioned earlier that on the 60th anniversary of some dude taking power in China, they started blocking things on the internet, and this is that graph that shows that, so we had been waiting for years for this to occur, so we implemented the bridge design, and we thought “oh, hopefully, it will never happen. Hopefully, they’ll never try to block Tor”. And we trained people -and we said- if ever Tor should become blocked or it ever stops working, just add a bridge and you’ll be back online. So, just about the 60th anniversary, we saw this. And that graph shows that we had about 10,000 users in China on a regular basis, and then we had zero, and then -do you see that little bump on the right-hand side of the graph?- that bump is actually where their filter messed up. And so they were, like, “oops! Forgot to block that”. And so it’s fascinating because this is the server that I run in Amsterdam, and the way that this works is, when you connect to the server I just look up and say what country you’re from, with the geo-IP database, and I don’t log anything, right? And just, I just keep a record of the fact that someone from China connected in a 24-hour period of time, nothing else. And so if you broke into my computer, Tor would store less information than my computer normally would, actually. So, basically, we see that this droped-off. It’s fascinating though, this server didn’t change at all, and the bump stayed the same, so it went down and then back up. So they just had some weird hiccup in their filter. And another really interesting thing here is that, remember where they get all of that information? They get it from us, so I’ve always thought that it would be fantastic to add IP addresses for, like, all of the Chinese visa sites, so that if they wanted to travel outside of China, then one day they would have a blocking event, and then boom! There would be no more ability for them to reach those sites. I don’t know. It might be some kind of cyberwar.

Bahraini government was shooting unarmed protesters in the head. You see that there’s a spike in Tor usage.

So, this is what happened at about the same time, which is that people started using bridges and so you can look back at that graph and you can see, basically, I mean one as in absolute numbers of statistical numbers rather, it’s not even absolute in that case. And neither is a percentage, but basically we went to 7000% of the normal number of bridges which probably correlates pretty closely to the number of users that we lost directly connecting. You know, today it’s not going so well. There’s about a 1000 people connecting from China with direct connections, so those are probably actually the censors. Which is a really weird thing. Which is that a lot of special people get unfiltered Internet connections, and I’ve had the pleasure of meeting some of the people that work on Internet censorship in different countries, and it’s really a strange experience. But basically, those people don’t have a filtered Internet connection, generally. So they experience this other Internet, like a special privilege. It’s kind of like when the Berlin wall was up, the people that lived in the apartments right next to the wall, they were, like, the trusted party members, so they would get access to even be able to see what the West was like. Or people, you know, like, living in whichever area that didn’t necessarily have to be in Berlin, but in similar areas where the border was somehow, like, not particularly strong, so they reinforce it by putting special people in there, that are more inclined to do state-sponsored positive things, lets say. And so, you can actually see that this is happening again, history is repeating itself again, with the way that we control the Internet.And it’s a little bit depressing to think about that way, because, I mean, the lesson that we can learn is that these Internet filters are similar to the way that we have perceived other borders and walls, they are going to have people that will get across them, but the majority of the people around will be oppressed by them. And so, I mean, I think it’s important to know “I should resist this, right? We’ve gotta tear down these walls”. So, Libya, you can remember the political unrest in Libya, so you can actually see a spike in this, you can also see that the Internet connection in that country probably had some major issues because there was a point in which there was, like, 300-ish people or 300-ish machines, and it went to zero almost overnight. And you know, that’s pretty bad. And then, of course, it’s come back, but it’s very limited. And from what I understand about Internet connections in Libya, a lot of people are not using satellite modems, so it’s really hard to be able to say “OK, this is the number of people that are coming from Libya, because they’re no longer using Libyan Internet connections, they’re now using, like, international satellite modems”. And those are really expensive, like $7 per megabyte, if you can imagine that. But people are pretty desperate to get out, like, the war crimes that Gadhafi is currently committing. So, they’ll do that, but that means they won’t show up on this graph. But we know that there were a lot of people that, for a period of time, you know, like five times as many people as that on average, have started to use these tools, because they perceive some danger, the perceive some need for protection, and so they use them. And it also gets around filtering, it also gets around a bunch of other stuff. So, you can also see the same thing happening in Bahrein around the time that the Bahraini government was shooting unarmed protesters in the head. You see that there’s a spike in Tor usage. I actually did a Skype training -I really loathe to use Skype- but some people from Bahrein called me and said “hey, we really don’t understand cryptography, we don’t understand any of this stuff. Can we walk through it? Can we talk about it?” and so, we did. And the number of Tor users there basically jumped, spy-like 200 or 300 total. And so word-of-mouth spread. And a sad outcome, though, is that you have to be very careful about talking to people in situations like this, because just making contact with them makes them a target. And that’s a pretty scary thing. Someone here was actually telling me that some of the people in Bahrein have had really serious problems, some of them had had to leave their country, actually. And that the training that I did, where I explained how Tor works, and how to use encrypted stuff that’s important, like how to encrypt a hard drive, how to use off-the-record messaging, to chat securely. Some of those people were probably tortured, and as a result they talked about things that they were learning, and then the people that were connected to them were subsequently either arrested or tortured. So, it’s a pretty serious thing, and it’s actually quite difficult to know how to exactly be involved with helping people in this situation, because, I mean, it’s not like a fictional, you know,  thing.

It has a pretty serious impact on everyone’s lives. Interestingly, the number of people in Saudi, which is pretty impressively large for the Tor network, has almost at some point in the last month doubled, and this also correlates with the political instability events that were current inside of Saudi, and around the Middle East. And you can basically see that there’s just this giant spike, where, like, there are twice as many Tor users there. But in absolute numbers, there is, you know, more new Tor users in Saudi than in all the other graphs, almost combined, actually. So, that’s a fascinating thing. I’m not entirely sure of the political contexts in Saudi, but it’s interesting to know that the way that the Saudi filtering works is at this backbone level, so doesn’t happen right at the DSL modem as it was in Egypt. It happens further out and that further out part of the backbone doesn’t filter toward all. Except our website. So, this is people that, like, 4000 new people maybe got via e-mail Tor, or got somewhere else and they were able to connect.

And you can see again, something similar happening in Syria, and it’s exactly, like, it’s pretty interesting because someone leaks me some documents about the Syrian Internet and about the way that the Internet filtering net works, and what I found is that, it was mostly American companies and they are basically, they have like a filter room, probably in Damascus, and that filter room just does a bunch of Internet filtering but somehow it doesn’t block Tor. Now, this is an interesting problem though, because if you know that such a filtering room exists, you have to ask yourself if you want to connect to any network, or anywhere. Because if they’re logging that data, it’s very scary. So, using bridges to connect to the Tor network makes it a lot harder for someone to know that you’re using Tor, at least because they can’t get a list of all of the IP address automatically, just by running Tor. They have to go out and discover it. And if you have a friend that set up a bridge then, again, it’s a lot harder for them to actually discover, you know, who it is that you’re talking to, and what you’re doing on the Internet. Of course, if you’re downloading lots of files, they use a device called the Packeteer, here, I’ve been told. I don’t, I obviously haven’t been to Syria lately, if ever, and so I don’t know exactly what the room is. But, supposedly, they use this device called the Packeteer, and you know, this Packeteer devices have the ability to classify traffic in different ways. And one of the ways they can classify traffic is they can say “this person is, like, a top talker”. And so if you’re doing a bunch of stuff even if they don’t know you’re using Tor, they will be able to know that you are talking a lot on the Internet. And so, that might be enough to get a visit to your house. So, that’s a really serious problem also, right? Because basically nobody has solved that problem. You can try to change your IP address all the time, but that might not be the level at which they record the traffic. They might record the traffic just at the ISP, they might record it further upstream, maybe you can’t change your IP address, maybe it’s not, like, connection. So there’s all this extra stuff you have to go through.

in North Korea, it’s like 35 or something, and here it’s like 5000, going up to 30-something-thousand

Just to show you that I’m not going to just harp on the Middle East, and, like, worry about dictatorships in the Middle East, I wanted to talk a little bit about Korea. So, I was fascinated to find out that there are people in North Korea using Tor. I’m sure that that’s not great for Tor, in some ways. I’m not sure exactly. But it’s interesting because you can probably guess that the people using Tor here are the political elite, or people who can actually get access to the Internet. Right, this isn’t a country that has, like, a huge amount of Internet connections for their population. So, who knows how they got a copy of Tor, probably the same way as everybody else. But it’s also possible that this is like a mistake in out geo-IP records or something like that, but I was fascinated to find out. So, to give you an idea about relative wealth and prosperity and political differences, if this is the political elite in North Korea, which we don’t know for sure, but we can say that based on the amount of wealth that the general population has, this is South Korea. So, it should give you an idea that the lowest it ever gets is about 5000 users. So, in North Korea, it’s like 35 or something, and here it’s like 5000, going up to 30-something-thousand. And it’s really strange the way that this graph is drawn. I thought maybe it was a mistake, but I don’t think it’s actually a mistake. And if you were to zoom in on the graph, you would see that these are periods of time where, like, for several days, many people use Tor, and then they don’t. And in several days they do use Tor, and then they don’t. And it isn’t the same people, so it’s not that you have 5000 people constantly using Tor, it’s just that you always have at least 5000 people that are using it. So, it could be that 5000 people are using it, and then 10,000 people turn on their computers, and then the original 5000 turned it off, and it drops. We don’t know for sure.

But it’s totally fantastic to see that, and it’s also interesting to note that obviously they have some perception about needing this. I mean there’s a ridiculous number of people in South Korea using Tor. So, that was basically it, a quick tour through different countries using Tor and stuff like that. But I wanted to take some questions, if anyone has any? And I wanted to advocate that if every person in this room were to go home and run a Tor relay, you would grow the number of Tor relays in Serbia by a ridiculous amount, because there’s still, as of this talk still only one in this country. And it would be fantastic because one of the things that gives Tor security is geographic diversity, right? If your first hop, that first relay in the network, goes through Serbia and your country can’t wiretap Serbia, you’ve just escaped a lot of the monitoring, potentially, so when I use Tor, I would leave the United States, usually, and I visit sites outside of America. But if I have to go through only Tor servers in America, then obviously the NSA, the AT&T collusion project would pretty much screw me. They’d be able to watch that. So what we need is a network that has Tor relays of abundance in every country, so that wiretapping is basically impossible to do on a large scale. And if they get that data, even with data retention it is worthless. And so Tor actually multiplexes connections. So, even if you have some data retention, there are many Tor connections the will go over one connection, so Tor will bring up connections between different Tor servers, and the timestamps in the data retention log will not be directly correlated with the connections you make inside of Tor. So, that’s like a really, really fantastic thing that, if we can add more capacity, we may be even able to resist data retention, which is, in most cases, not very democratically shoved on to the population. Mostly by media companies but also by a lot of, you know, police and other thieves.

So, yeah, thank you very much for having me, I really appreciate it.