wiki:org/meetings/2017Amsterdam/Notes/UserSupport

How do we support users?

  • Informing their threat model?
  • How do we help them threat model?
  • How do we support different types of users around the world in different environments.
  • Documentation could help !
  • Documentation in video forms?
  • Role-documentation; user stories??
  • Easy-to-understand documentation, easy to follow
  • "Demystifying tor"
  • how does everything compare, how does everything work
  • explaining documentation, tor, etc
  • Visuals, animations, diagrams, etc
  • LOCALIZED CONTENT; need local organization
  • Document how to write documentation
  • Seed documentation
  • How much documentation do we need ? Can we avoid it?
  • Talk to tor users in different places and in different roles; find out how they use tor and what they need it for.
  • Localized legal threat model: ask local lawyers in different places for help. See what OONI does.
  • What do our users actually _want_; could they use a survey?
  • Should we also be looking at non-users who we think would benefit and ask them why not?
  • More mobile work would help a lot.
  • How to contact Tor to get help: having a support channel would be great.
  • Need integrated security trainings to happen

Scenarios!!!

  • A is in a country with lots of surveillance; they're trying to organize vs the surveillance state.
  • B targetted by local government
  • C doesn't have any idea what their threat model is; they've just heard that the internet is dangerous, and Tor can help.
  • D is in a censored country and can't use signal or see the BBC.
  • E is in an an abusive relationship trying to get out; their adversary is inside their home, monitoring their network, installing spyware, etc.

  • F is a whistleblower in a government that doesn't tolerate that.
  • G wants to research information that people would be angry at them for being interested in.
  • H just doesn't like being watched on the internet.

Let's mainstream Tor!

  • Encourage use for fun stuff
  • Youtube videos that are location blocked?
  • Recreation

  • youtube-dl + tor + UI.
  • Promote use for low-needs casual users.
  • Reach to orgs and invdividuals who can help promote tor
  • Encourage pro-tor news, documentaries, etc
  • Contextualize positive tor use cases
  • "Powered by Tor"
  • Explain Tor in context of ISP and internet provider tracking?
  • Stack overflow site? Wiki about Tor and privacy? Knowledge silo of some kind?

  1. Tor Researchers' Network?
  1. Tor Advocacy Network
  1. Tor Trainers' Network

Forums? Mailing lists?

Should be run by people in the groups they serve


FEEDBACK LOOPS!

Designers and developers should sit in on trainings sometimes to get a better understanding of user needs and difficulties.

Help desk gave useful feedback this way

But how to reach nonusers?

"Install tor booths" in a public square

"Ten things to be more secure"

Tor browser could teach you how to use it! Friendly introduction wizard when you start it.

"Hi, are you new to tor browser? Would you like a quick introduction?"

Introduce promotional campaigns to use tor.

  • Show people the information you have on them.
  • Gameify client aquisition?

Widget that shows what sites know about you! "You're not using Tor, so we can see that you're coming from Massachusetts, that you've been on Facebook in the last X hours, that ...etc. Click here to install Tor!"

(Panopticlick-in-a-widget)

piwik may be interested! (Theyr'e a libre google-analytics-like tool)

======================= Growing the Tor network =======================

Goal: Cool/random/weird ideas to increase the size of the network (relays, exits)

We want to be able to handle the traffic of all the users. How can we expand it to cover the needs of our users?

Postits =======

Notes:

  • Good relationships with ISPs (e.g. abuse-wg@ripe) (wg=working group) The idea to explain ISPs how to deal with abuse from Tor, and Tor in general (Chat with ISPs at international meetings?)
  • Partnerships with ISPs, (transit? hosting?) for running exits
  • Easy to run a relay at home (non exit, for non tech users)
  • Bridge authority is distributed.
  • Funding pipeline through torservers.net to relay-running nonprofits Right now if Google dumped up a lot of money on us, there is a way to get money to local non-profits that can use it to run relays
  • We need relay-running non-profits. Not just in Europe/US, but also in, for example,South Africa. And it is not just about running relays, but also about making the countries better.
  • Be able to handle IoT email delivery and other traffic growing into the network.
  • Getting every sysadmin to run a relay (wherever: in Universities, companies, etc)
  • We need a directory design that scales to 1 million relays
  • Taking load off of the directory authorities, it seems that is one of the bottlenecks. (Discuss about how loaded the directories are, Roger states that currently it's not so bad, but it would get bad if we get a lot relays) Roger says we could multiply the amount of relays by 10, but then it would get back. (Question about how much the fallback directories are helping; teor says it is somewhat hard to find the extra load on them, estimate if a few GB per month) Suspect that about half the load on the dirauths is from relays getting consensus/bootstrap, the other half from users.
  • Turn (home)routers in obfs bridges (for example: work with ISPs)
  • "Adopt a node". We know a lot of technical people who like Tor, and want to run a relay. The idea of to have people adopt a relay, but not actually run it ('we' -local non profits- would run it for them) "Friends of the onion" in Luxembourg is doing something like this
  • Relays should not need IPv4 addresses. It would be really cool to run a relay behind a NAT.
  • Speed up circuit selection and building. Some things in this do not scale very well.
  • Templaying for new relays. (There is a minimal amount of bandwidth that we usually require, so maybe we should have a set of configurations - torrcs - that people can use)
  • Excellent support for relay operators. (Help them run/manage relays)
  • Geographic diversity vs bandwidth ; we need better ways of using relays on the distant edges of the network, that means better path selection so users in Latin America can safely use nearby relays
  • Manage upgrades of a relay in place (ensure that the relays stay up to date)
  • More organisations helping operators with legal stuff.
  • We need governments running relays for precendent as much as for bandwidth. Shows that running relays is not scary.
  • We able to support one billion chrome users who Tor for tiny things like certificate transparency. (They just/only want to use it to send 100 bytes per day) [Our bootstrap mechanism doesn't really make this easy]
  • Sustainable bad relay management (how do we deal with possibly increasing bad relays). Nobody is doing this 'full time', it's mostly ad hoc.
  • Super restrictive exit policies to lower abuse complaint barrier. (We have exits that specialise in something specific that are easy to run)
  • Make it easier to run exit relays.
  • Move more huge websites to onion sites so they load the exits. (Also: Measure which sites are the huge sites in a privacy preserving manner)
  • Eliminate relays below 1MB/s
  • Train cops to not investigate exit operators.
  • Make IPv6 work automatically on clients/relays exists (Not just IPv4)
  • Automatic and adaptable network contribution for relays (Make it easier to people to run a relay at home without it interrupting them too much)
  • Expanding the network, on-demand infrastructure to spin up a lot more immediately - companies/orgs could do this. (A quick: How to unblock your company A in country B guide)
  • Provide stronger community incentives to keep their relay going (peer pressure). T-shirts is an easy example, but what else? Ensure that people who run relays know each other
  • Better scaling for onion services (for huge companies)
  • Make exits more resilient to traffic analysis so they can be centralised.
  • We need ways to use tiny relays usefully. If you run a tor cient, option to also a run a small (probably middle) relay.
  • Collaboration with cloud providers across different countries (large companies should be competing to run the most/fastest relays.
  • Spread out relays around the world operating systems etc - more heterogenous.
  • We need proper packages for other OSes to scale to 1M relays: Windows, OS/X, iOS, Android
  • Relays on phones -- Smartphones
  • Internet map -- how diverse is the network right now, and how to make it more diverse (in terms of internet locations)
  • Cisco has asked how/if they can relays in their routers/images.

More blue sky:

  • Relays on sattelites.
  • Cars/Fridges/TVs/Alexa/Amazon (should they use Tor)
  • Come up with a reason why running a relay would make you safer
  • Make it so that running a relay would make you safer
  • Google to run relays on their balloons - they are doing to bring anonimity closer to everyone there.
  • How to make a mesh-network Tor network safe (the localness of the network is an issue)
  • Japan and Korea have really fast internet, but have almost no relays -- why not?
  • Perhaps something like free wifi / freifunk? (Also run relays on there)
  • Another thing: Verizon offers gigabit ethernet, but they don't want you to run services on it. We need to take the ethernet and fix their policy.
  • Convince governments and corporations and public groups that internet access is starting to be seen as a public service, and state that safe internet access and anonimity is really important. Try convince ACLU run exit nodes. (Talk to DKG?)
  • So many relays are from individual hackers who think Tor is good (that is a good way to start running relays). But the good way to -keep- running relays is to build a (local) community on top of that. If that is not part of the growth, we are creating a fragile and unsustainable network.
  • Atlas is great for this, for example (Gamification)
  • Relay operating meetups help / we need more of them. (Perhaps some instructions on how to do that)
  • One of the things that worked really well for gamification for something like @HOME projects is a screensaver.
  • Bandwidth limit schedules - fast at the night, slow during the day. It's possible, but the bandwidth autorisaties make this difficult somtimes.
  • A 'home' router that runs as relay for non-tech people at home, they just set up a port forward, and the update/upgrades are signed by a group of people. Can team up with Ooni people -- produce a 'magical onion box' that we can actually trust/endorse.
  • Large corporations should run more relays, and show that to the public, much like their fuzzing services.
  • There are a lot of people who have a lot of spare bandwidth, it would be nice to have them run relays and use up that spare bandwidth.
  • Exit policies on a per country/AS level, for bandwidth costs/reasons
  • We need universities running relays -- it should be normal for all universities to run relays.
  • More libraries and public administrations should run relays.
  • U.N. should run (exit) relays. (They used to run one in 2003/2004)
  • China should decide that government transparency is a good thing, and government accountability is also a good thing, and they need services to allow people to anonymously report things.
  • People should run Tor relays with a lot of different users in mind, not just their local users.
  • Governments/Law-enforcement/military should tell people to use Tor at work and at home so they see the internet the way everyone else does it.
  • What prevents having us from having 5 millions relays -- what parts do not scale very well. We need to understand the bottlenecks to scale the network.
  • Interplanetary Tor network
  • (Magical) Onion box that automatically gives you a hidden service (to work around NAT issues)
  • QoS on packets (IM/VOIP should be realtime, file sharing not so much). (The client can do this, the client can know which application is what, and give the traffic a certain priority)
  • Better congestion control and better DoS prevention (imagine the most popular bittorrent client uses Tor by default, how do we ensure that those users do not break the network for non-bittorrent users)
Last modified 10 months ago Last modified on Mar 27, 2017, 6:40:00 PM