Tor’s Branding Pivot is Going to Get Someone Killed

Aka, human rights activism meets the Cobra Effect

Three weeks ago, The Tor Project, Inc. published their Tor Social Contract. The media covered the contract but focused on the policy not to backdoor their own software (as though that were surprising?). Regrettably, the media missed a real story lying in plain sight — the first bullet:

1. We advance human rights by creating and deploying usable anonymity and privacy technologies.

This bullet is a continuation of Tor’s new mission statement adopted in August 2015 which reads:

“To advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.”

Collectively, these two policy documents pivot The Tor Project, Inc. from an organization that was foremost about privacy technology to an organization that is foremost about human rights (HR) where privacy technology is the chosen means to the end.

Naïve observers may see little difference, but this pivot has deep ramifications. In western liberal democracies (where Tor is overwhelmingly based, and by raw numbers, largely serves) human-rights advocacy has better optics than privacy. But the opposite is true in the regions that Tor aims to serve. Privacy empowers the individual. Empowering the individual naturally dovetails with human rights, so it’s plausible that greater human rights is a natural byproduct of privacy advocacy. However, Tor’s pivot from “Privacy Enthusiasts” to “Human Rights Watch for Nerds” substantially increases the risk of imprisonment to those operating a Tor relay or using the Tor Browser Bundle from less HR-friendly regions.

For example, in Singapore (where I live), the government absolutely does not care for what they term “Western human rights” and views them, at best, as a handicap in maximizing GDP, and at worst, as cultural imperialism. But despite their dim view of human rights, Singaporean authorities top-to-bottom are fanatical about reducing corruption. Most importantly, Singapore’s love of anti-corruption exceeds its apprehension about human-rights-laden privacy enhancing technologies. Tor’s rebranding from privacy to HR activism takes exactly the same activity — using Tor or running a Tor node — and makes it vastly easier for an enterprising authority to stretch it to be liable for indefinite detention without trial. Singapore’s attitude here is representative of the cultural terrain from China to Indonesia, which constitutes, I kid you not, about 1/3 of the world population.

The Internet’s core protocol, TCP/IP, was created for “message passing”, not “message passing for human rights”. Personally, if I were branding Tor, I would brand it along the lines of, “privacy-enhanced TCP/IP”, and then downplay any specific applications. This is a branding even China could support.

Pigeonholing a generic technology like Tor into the human rights category makes it immensely harder to justify using Tor as part of generic (non-human-rights related) communications. For example, say you’re a sysadmin at a local business wishing to further secure its comms. You propose running a Tor node or using Tor internally. This was just something you could do (if perhaps a bit overzealous), but if asked you justifiably reply defense against corporate espionage matters. After Tor’s pivot, you now have to justify why the company is using software explicitly designed for banned HR activism — why is this worth drawing the government’s ire? Using Tor is now an additional mild liability for all non-HR users.

In profound irony, Tor’s pivot especially hurts local users who would use Tor for human rights. Say you’re an Asian HR activist — choosing one, would you prefer:

A poignant mission statement and social contract saying Tor, unsurprisingly, supports your noble cause. A larger local anonymity set by including non-HR users, faster performance via local relays, and greater plausible deniability, so that your mere use of Tor is less suspicious?

To my surprise, Tor management believes (1) is more valuable than (2). Call me an idealist, but I believe that, for infrastructure like Tor, the greater efficacy of (2) takes priority over the emotional self-satisfaction of (1). Demonstrating how complete the transformation is within Tor, arguing this is deemed VERY SUSPICIOUS. And, I kid you not, that suspicion yields Tor management’s thumbs-up.

In terms of Tor’s sustainability, it is as the local Wushu Sifu say, the greatest enemy is within. (No offense to Roger!)

As a born-and-bred American, I get the human-rights motivation — I really do. But the “Human Rights Watch for Nerds” branding gives decidedly-unfriendly-and-opportunistic-authorities full license to do as they please with Tor operators or anyone who uses Tor (regardless of whether their usage is HR related!). Yet a large portion of Tor is so drunk on self-righteousness they can’t recognize they are wantonly increasing their users’ risks. Here’s a more familiar analogy illustrating the regional equivalent of what Tor has done. Imagine Tor canonized a new policy document stating:

“The Tor Project proudly advances drug-use by creating and deploying usable anonymity and privacy technologies so people around the world can circumvent local drug laws.”

Thereafter, anytime an authority sees anything Tor, any enterprising officer has full-authority to proceed for investigating a drug-crime whereas before ze did not. I do not know how to make this more clear.

During my undergraduate years (2002–2007), I admired Tor’s skillful treading on the tightrope separating three groups who rarely got along:

the military-industrial complex among its funders

the anarcho-capitalist cypherpunks among its early operators

the potpourri of left-wing activists among its most dedicated users

I’m sure it was a difficult balance—but I argue this uneasy balance was the secret sauce of Tor’s success, as Tor was perhaps the only thing these disparate groups could agree on! Unfortunately, modern Tor has firmly rejected the first group, rebuffed the second, and filled the resulting vacuum with one of the worst aspects of the third — purity politics and prioritizing virtue statements over mission efficacy.

Tor’s branding pivot is misguided, damaging for global privacy, and ironically, harmful to Asian human rights. Anonymity requires not just company, it requires diverse company, yet Tor has increased the barrier-to-entry for all local non-HR Tor users. This something Tor has brought upon itself, and they are knowingly throwing their most vulnerable users under the bus.

After seven years of proud service to Tor including: founding Tor2web, Roster, and Toroken, as well as writing a Tor Tech Report and running several high-performance relays, I am resigning because:

Given my residency in Southeast Asia, Tor’s pivot creates nonnegligible risk for me personally.

I do not trust an organization which prefers reaping modest public relations benefits within comparably cozy jurisdictions over the security of its neediest users taking the majority of the risk.

Tor is carefully positioning itself away from the efficacious privacy promotor it used to be. 💔

Addendums

1. Theory for the Pivot

In discussing this post, one of my colleagues opined that, from a management perspective, the pivot towards human rights is actually great for fundraising in the West. With modern Tor Project placing getting off defense-industrial funding at top priority, new funding must come in. And if a byproduct of that new funding demands throwing the most vulnerable users under the bus…well, that’s just the price for those users to pay.

So, lets take a step back. The primary reason for Tor to distance from defense money is so it’s not perceived to be a puppet of the West. The optics will look better to casual observers, but dropping defense funding for building products and pivoting towards human rights grants will, ideologically speaking, surprisingly have the opposite effect.

2. Keep using Tor? Yes please.

Togg_ remarks my argument is akin to,

Fair point!

To which I can only respond,

The claim is that Tor is recklessly endangering the most disadvantaged users — not that you shouldn’t use Tor. If strong human rights advocacy is kosher in your jurisdiction, Tor is your jurisdictional privilege to preferentially enjoy; so please do enjoy it!

3. “Following The Users” vs “Serving the Neediest”

Alec Muffet articulates a level-headed, sensible argument for the HR-pivot by asserting it’s an adaption to better serve Tor’s existing user base. And when breaking down the user counts, this means Tor should adapt to serve: United States, Russia, Germany, France, United Kingdom, Brazil, Japan, Italy, Span, and Canada. Aggregating across these jurisdictions, a pivot from “foremost Privacy” to “foremost Human Rights” is an immense win. So while yes, this pivot does shortchange Asia, but on the total number of users it’s a win. So deal with it.

To which I can only respond,

“Following the users” is a wholly satisfactory long-term strategy — but it is incompatible with Tor’s rhetoric of “serving the neediest in non-HR-friendly jurisdictions”, which may be okay! However, I take Tor’s rhetoric at face value, and I perhaps naïvely, presumed others do as well. If Tor wishes to follow its rhetoric, this pivot is likely to do long-lasting harm.

4. Can Tor still care about human rights? YES.

Dr. Bryan Ford and Kragen Sitaker opine:

Indeed.

Does Tor have to be completely mum about valuing of human rights? No!

Two responses:

The goal is to get world-wide deployment, not protest The Man. If TCP/IP had been branded as “robust communications for human rights activists”, it would have never been deployed outside the West and failed in greater unifying the world. Empirically speaking, in Asia, being foremost “Privacy” (of which HR is invariably a component!) has largely worked. But making human rights the utmost thing Tor foremost does hands officers full license to attack with prejudice, and moreover invokes the already established top-down incentives for officers to do so.

In short, no pretending required. Tor just needs to have a larger, louder, message (e.g., “Privacy”) which can encompass HR as component. This is what Tor had, and they are actively throwing it away.

Updates

I changed the final sentence from: “Anyone want to establish a foundation for the efficacious promotion of privacy? Because Tor is no longer it.” to “Tor is carefully positioning itself away from the efficacious privacy promotor it used to be. 💔”. The former was said out of frustration, and the latter better captures my true feelings.

Added subtitle: “Aka, human rights activism meets the Cobra Effect”

Removed the opening stanza, “There’s never been a better time to leave Tor. After a few weeks of unsuccessfully waiting for my views to mellow, I add my voice to the exodus.” This removal is in direct response to Meredith Patterson’s, and especially Alec Muffett’s feedback.

I might have a crush on Alec.