Write the storyboard/script for this video
Activity
You mentioned on IRC that the target audience is somewhere between a normal user and a tech savvy user. You may want to consider rewriting the script to target only one type of user.
Slide 1: You may want to consider introducing yourself by name, though this is not a requirement or anything.
Slide 2: The name Tor is not an acronym these days, just a name. You may want to try and simplify the first sentence, non-technical users will not necessarily understand what a "third-generation onion routing project" is. Instead of stating that the Tor Project is a 501(c)(3), perhaps just say that the Tor Project is a US-based non-profit organization.
Slide 3: You may want to simplify this statement and drop the part where you talk about directly connecting users. A user who is new to Tor may not understand what this means.
Slide 4: You may want to rephrase this first sentence (see the Why Anonymity Matters section on the front page of our website). Tor does not hide the fact that you are communicating. You should also rephrase the sentence which says that Tor encrypts all your data, we don't want users to think Tor does end-to-end encryption between the user and the destination website. Be careful about using words which you have not yet explained, such as the word relay and operator and Tor network.
Slide 5: The example on this slide needs some work; remember that the web server for the site you are visiting will also know who you are, non-technical users may not know what login credentials are, and this issue is bigger than just people knowing where you are on a map.
Slide 6: The blob of data that your Tor client sends to the guard relay is wrapped in three layers of encryption, the three relays in your circuit will decrypt one layer each. Your explanation as to why Tor can't encrypt the Internet end-to-end is a bit confusing, you may want to leave this out and just state the facts and what the user can do instead. Again, be careful about using words which you have not yet explained, such as exit node operator and HTTPS. Whether or not to include large scale surveillance and MITM depends on your target audience.
Slide 7: You may want to remind users to only use the Tor Browser for Tor-related things. You tell users to avoid login-over-HTTP, extra addons in the Tor Browser, and DOC/PDF documents, but do not tell them what they should do instead. This will probably leave a lot of users with more questions than answers.
Slide 8: You should explain what a relay is first, then go on to talk about all the awesome volunteers all over the world who contribute to the Tor network by running relays.
Comments on the updated script:
Slide 2: Perhaps say that Tor was originally developed by the U.S. Naval Research Laboratory, with the U.S. Navy in mind, for the purpose of protecting government communications. You should also mention when Tor was first released as a way to point out to viewers that Tor's been around for a long time. You should also introduce The Tor Project before you talk about it being a non-profit organization and all that.
Slide 3: You should make it clear that the user numbers are per day, and that we do not (and can not) track individual users (that is, we know 500k users are using Tor daily all over the world, but we can't tell whether or not Alice in Boston, USA is using Tor to browse torproject.org).
Slide 4: The image on this slide shows relays and bridges, but you only talk about relays in your script. Perhaps replace the image with one showing just relays? Consider rephrasing the sentence that says "No one really runs the Tor network". This would be a good time to define the word "relay operator".
Slide 5: Rephrase the sentence which says that Tor encrypts all your traffic, we don't want users to think Tor does end-to-end encryption between the user and the destination website. If you are going to talk about risks, such as one operator controlling a large portion of the network, you should also talk about operators sniffing traffic from exit relays -- or drop the topic completely.
Slide 6: Instead of saying that example.com and the ISP will know who you are, the pages you're visiting, when, and how often, can you think of a more concrete example? Non-technical viewers may appreciate a more concrete example than one with a fictional website. You may also want to consider mentioning data retention issues here.
Slide 7: You may want to define HTTPS to a non-technical audience (what does it look like? how do I know I'm secure? what if the site does not support it?). Consider naming the relays on this slide "guard relay", "middle relay", and "exit relay", and explain how much information each relay has about the user and the data/traffic.
Slide 8: You can probably drop the blurb about HTML5 to save a few seconds. Users who are concerned about being deanonymized by external resources (doc/pdf) should at the very least go offline before opening them - maybe also consider a vm or second laptop. This may or may not be too much information for a non-technical audience.
Slide 9: Use the term "relay" instead of "node", consider not mentioning bridges here. If the target audience is non-technical, leave out the "if you are a developer"-portion too. Actually, maybe consider swapping this "if you would like to help Tor"-slide for a "if you would like to learn more about Tor"-slide.
Comments on the updated script:
Slide 2: Roger is not the only person behind Tor. If you name one person, you should name the rest of the group as well.
Slide 3: I suggest you use a bigger timespan when generating the graphs. While 800,000 users in july-august of this year is great, going from 200,000 users to 800,000 users in a few years is better.
Slide 4: Same comment as above regarding the graph. You may want to rephrase your statement saying relay operators cannot monitor you or your traffic. A malicious exit relay operator can monitor your traffic, but can not link the data back to you. That is, no single relay in the circuit have enough information to figure out who you are and what you are doing.
Slide 5: Consider adding a sentence to the privacy-section to wrap this up nicely. You say that Tor can not encrypt the data between the network and the destination website, but you do not say anything about what the user should do to help with this.
Slide 6: The sentence about data retention does need some work, but you're on the right path.
Slide 7: You may want to define HTTPS to a non-technical audience; what does it mean? what does it do for me?
Slide 9: Looks like you still need to finish this part.
#7274 (closed) is finished, so I think this is done as well? Feel free to reopen.
Trac:
Resolution: N/A to fixed
Status: assigned to closed
