W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Jacob Appelbaum <jacob@appelbaum.net>
Date: Sat, 5 Dec 2015 15:02:24 +0000
Message-ID: <CAFggDF3-CKcydZ-x7AapQLp2mbCSfqrhjqCv2fpjFHkTO3LM6Q@mail.gmail.com>
To: ietf-http-wg@w3.org
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>
On 12/5/15, Willy Tarreau <w@1wt.eu> wrote:
> A bit off-topic, but since it was brought here...
> On Sat, Dec 05, 2015 at 03:51:11AM +0000, Jacob Appelbaum wrote:
>> If I was a betting person, I'd bet they continue to work - except Tor
>> Project, I expect that to be blocked if it isn't already. Here is our
>> user graph for the entire year of 2015 for Kazakstan:
>> https://metrics.torproject.org/userstats-relay-country.html?graph=userstats-relay-country&start=2015-01-01&end=2015-12-05&country=kz&events=off
> I always find it a bit funny that the infrastructure that provides you
> with a supposedly safe network respecting your privacy openly collects
> data based on your source address and phones home to feed statistics
> that are presented to the public.

By calling Tor "supposedly safe" and then stating various
unsupportable things about the statistics, I think this email is
likely a waste of effort. I hope I'm incorrect. None the less for
others on the list, I'll say the following:

The generalized statistics are documented here:


A great deal of questions and general information is here:


The reason that this data is available openly is because we are trying
to ensure everyone has access to whatever data we might be able to
see. We want to make sure that we're not keeping anything secret
beyond say, bridge IP addresses which need to be kept private to
ensure that they're not blocked by censors. The relay operators are
the only ones that see user IP addresses, not us.

>  When you look at small places such
> as Niue, you see between 0 and 1 user basically, so the deployment is
> probably so small that everyone there knows exactly who's the person
> being using Tor and can monitor his/her internet usage in real time :
> https://metrics.torproject.org/userstats-relay-country.html?graph=userstats-relay-country&start=2015-01-01&end=2015-12-05&country=nu&events=off
> It may be a kid supposed to work on his lessons and whose parents are
> monitoring from their workplace using this graph, knowing when he's
> wasting his time on the net instead of working.

I think you should read our design for privacy preserving statistics -
it is a rather off-list topic, so I won't bore the list. But claims of
"real time" monitoring are just completely wrong. If you'd like to
talk off list, I can point you at the same papers listed on the

> This kid would have
> remained unnoticed by *not* using Tor and maybe he doesn't understand
> how his parents know he lies!

The graph does not confirm that it is him. Your assertion is baseless.
Also, I believe that the number one on that graph is actually
somewhere between 0-7 as per the way that our statistics are

> That's always the problem when one
> starts to get many users, it becomes hard to resist to the temptation
> to collect data, it might be in human nature :-/

The data is collected by nodes in the network and those who want to
help provide a very reasonable dataset that includes no PII other than
a general bucket with a fuzzy mapping of IP->country. To call that
collecting data on users is a bit of a strech when in fact, the relay
does all of the work, converts it and then only sends data when it
reaches a threshold that is considered safe. Relays can choose if they
want to be part of the metrics project.

All the best,
Received on Saturday, 5 December 2015 15:02:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC