Below are notes from strategy-related workshops held at the Tor 2015 Winter Dev meeting in Valencia, Spain. These notes are from sessions facilitated by Sue Gardner.

The strategy groups had fairly wide-ranging conversations about strategy -- e.g., what is the purpose of developing strategy, does Tor want to do it, what might the process for doing it look like. I also asked people to help me work through four questions: 1) what are Tor's values 2) what are things that are currently going well & want to be preserved/furthered 3) what are things that are broken and need fixing in order for Tor to do its work 4) who are people that would definitely need to be consulted in the development of a strategy for Tor.

If you want to add, feel free. Just please put any additions at the end of the existing bulleted list.

1) Values. The prompt: People were asked to use post-it notes to capture what they felt were Tor's most important values. (This was just a brainstorm: not intended to be definitive or official in any way; we did more work on this the next day.) Here's what they wrote:

  • free speech x5 (including 'free speech no exceptions', including 'freedom of expression', including 'anonymous speech = free speech')
  • diversity x3 (including 'diversity - extrapolate from benefits of relay/network diversity to people')
  • freedom x3
  • human rights x3 (also 'human rights online', also 'digital human rights')
  • anti-harassment
  • autonomy
  • being in control of computer (instead of being controlled)
  • empowerment
  • freedom of information
  • free software
  • freedom of association
  • freedom of information
  • free to use for everyone
  • our code and work should make people's lives better
  • privacy
  • self-determination
  • strong, provable, carefully engineered
  • technology excellence
  • transparency

2) What's working. The prompt: People were asked what things about Tor were currently going well & want to be preserved/furthered? People did this on stickies too; here are the major themes, plus the content of the transcribed stickies. (Note theme grouping is a little fuzzy: there's overlap.)

Tor's work is important. It's helping lots of people.

  • social change
  • Tor is not a job but rather more
  • anonymous speech is free speech
  • location anonymity
  • free
  • enabling free speech
  • enables intellectual freedom
  • free as in beer, open as in source
  • gratis to use
  • wide user base
  • many use cases
  • wide support base and use case
  • expanding user community -- interest in using Tor
  • responsive to events in the world

Tor is open and transparent.

  • open source x6 (including 'source open')
  • open/free source and spec
  • openly available datasets
  • open standards / protocol documentation
  • values x3
  • transparent
  • openness/transparency
  • transparency wrt code, research, Tor the business
  • open discussion forums, IRC, mailing lists.
  • open

Tor is a resilient, robust technology that's successful because of its developer community.

  • resilience/robust service: it works
  • world-class security thinkers
  • excellent tech -- current software
  • incredibly carefully designed and engineered solutions
  • "it works as advertised" and is reasonably secure
  • it's the best that we have
  • active developers
  • very motivated community
  • dedicated developer community
  • bad-ass developers
  • the techie people we attract
  • proposal process for spec changes
  • community
  • dev meetings
  • technical proficiency
  • Roger
  • Jake
  • strength
  • great underlying technology
  • thorough and serious technical work
  • metrics
  • Tor leads in secure dev process (developers are increasingly under attack)
  • Tor works on mobile and the next 6B net users are mobile
  • powerful community
  • dedicated community
  • tight-knit community
  • passionate leaders and volunteers
  • smart people
  • volunteers

Tor values diversity.

  • diversity in people
  • (all kinds of) diversity
  • multi-language support
  • enjoy working
  • fun people
  • everyone here

Users trust Tor, and they are right to trust it because we behave with integrity.

  • ethics x3
  • trust
  • nearly unanimous support from the hacker community
  • reputation for integrity
  • public reputation that Tor works and does help give users a sense of privacy and anonymity
  • strong reputation
  • trust by core users -- reputation


  • advertiser tracking
  • outreach and collaboration with universities and researchers
  • not a serious company

3) What's not working. The prompt: people were asked to name things that they feel are problem areas, where things are not working well / may be holding Tor back / need to be fixed.

The funding model should be rethought/revisited.

  • funding model
  • funding
  • does not have a sustainable business model
  • vulnerability due to very few large donors (i.e., diversify funding)
  • funding diversity
  • traditional funders don't fund important projects
  • funder-driven
  • development is funder-driven
  • very American (funding and reputation around the world)
  • funding diversity and consistency
  • gap between fundraising and developers
  • funding is intermittent and scatterbrained
  • lack of sustainable funding while appearing to be supported mainly by USA entities
  • less government and business funding

The external environment is changing in a way that's bad for Tor and Tor users.

  • Tor is becoming outlawed in "democracies" and "universities"
  • more and more ISPs are blocking/disallowing Tor relays/exits
  • general movement against anonymity
  • resistance to website etc. fingerprinting

The Tor organization needs to be better-functioning.

  • tendency towards homogenous thinking
  • unsure who is doing what
  • understaffed/underfunded/overworked
  • the organization is broken
  • proposal process needs more discussion before implementation (with affected parties)
  • more employees, less contractors
  • balancing funding among employees/contractors is challenging
  • not 100% transparent

There's ambivalence/discomfort about vision and leadership.

  • leadership: do we have it, do we need it, do we want it, does it work
  • lack of vision
  • lack of joint vision as an organization
  • "But that's what Roger wants" filter on technical choice for progress / blocking on change
  • most of our actions are bottlenecked on Andrew/Roger
  • the multiple incompetencies of Tor's current executive director
  • management is broken
  • hierarchy/internal discussions
  • CEO lowers morale with "travel reports"

There's unhappiness about the way people treat each other

  • too little care for needs of humans
  • fix interpersonal issues. HR++ Tom!
  • too much drama
  • drama
  • recognition of contributions

People want Tor to focus more on the product, end users, usability.

  • transition from consultancy to product company
  • mobile [doesn't get] enough attention
  • too radical; not product oriented
  • focus on mass market adoption, less niche
  • constantly hear from our audience that Tor is too slow
  • usability
  • Tor is hard to use by ordinary users
  • website is hard to navigate
  • need mobile support
  • performance/latency drives away users

People want Tor to be more international and diverse.

  • [lack of] diversity of core membership both gender and ethnic/culturally
  • [we need more] outreach/diversity
  • too much English (not organized with national community)
  • too US-centric -- leadership, funding, culture
  • multi-language support

People are worried about Tor's public reputation.

  • hidden services
  • controversial
  • child porn / Silk Road / drugs
  • partners/users -- we need to tell their stories better
  • hard to trust if [you are] completely outside ecosystem - naturally suspicious - government support


  • 10-year timeframe too long for strategic planning and one-year is too short
  • accept Tor's inherent political-ness and use it as an advantage
  • there are no contenders to the throne (competition in the space)
  • easy for people to feel left out due to distributed workforce
  • [we need] more research on traffic analysis (E2E correlation; website fingerprinting) and Tor path selection (make it aware of AS/ISP)
  • [we need] more legal advice/help
  • [we need to] promote to academia

4) People. The prompt: Who are people that would definitely need to be consulted in the development of a strategy for Tor. I asked people to name anybody who they thought was particularly wise/thoughtful/knowledgeable about Tor and what it should be doing. Okay to name internal people (including yourself) and external people/thought leaders, etc.

  • Mike Perry x6
  • Roger x4
  • Karsten x4
  • Moritz x4
  • Ian Goldberg x3
  • Edward Snowden x2
  • George Danezis x2 ('for threat modeling')
  • Jacob x2
  • Leif x2
  • Lunar x2
  • Nathan x2 (including 'Nathan Frietas (mobile)')
  • Paul Syverson x2
  • Weasel x2
  • Alex Stamos (CISO Yahoo)
  • Arturo
  • Cory Doctorow
  • Nick Mathewson
  • Wendy
  • Claudia Diaz ('Kul, for anonymity', COSIC)
  • Günes Acar ('for device fingerprinting, also Kul, COSIC)
  • Andrew
  • Isis
  • Ximin
  • Naif
  • Yawning
  • David Fifield (Note: presumably he is the guy from NMap?)
  • John Gilmore
  • "The people at TAILS"
  • Eleanor Saitta
  • Dr. Eric Novotny (Note: presumably from USAID?)
Last modified 4 years ago Last modified on Mar 3, 2015, 11:19:00 PM