Tor Project Confirms Sexual Misconduct By Developer Jacob Appelbaum

An anonymous reader quotes a report from The Verge: The Tor Project, a nonprofit known for its online anonymity software, says it has verified claims that former employee Jacob Appelbaum engaged in "sexually aggressive behavior" with people inside and outside of its organization. "We have confirmed that the events did take place as reported," Shari Steele, Tor's executive director, tells The Verge. In a blog post today, Steele says that Tor began an investigation into Appelbaum's behavior after several people came forward with allegations of misconduct in late May. In a statement made in June, he said the allegations were "entirely false." He resigned from the Tor Project in May. "I want to thank all the people who broke the silence around Jacob's behavior," Steele writes. "It is because of you that this issue has now been addressed. I am grateful you spoke up, and I acknowledge and appreciate your courage." Steele says that Tor is now implementing a new anti-harassment policy, as well as a process for submitting complaints and having them reviewed. The changes will be put in place this week. Tor also announced last month that it would replace its entire board of directors.

Re:Rule of thumb: believe the man

[ChunderDownunder]

OP has obviously never backpacked, where mixed gender shared rooms are common.

Re:"Sexual mistreatment"?

[MightyMartian]

A company doesn't need to wait for formal legal proceedings to terminate someone, particularly if they have an existing set of policies surrounding sexual misconduct.

Re: Rule of thumb: not so much.

[MightyMartian]

The only troublesome events I've had with other coworkers was in some of the management positions I held where I had to take some disciplinary action for tardiness or poor work. Once I had to terminate someone, and I have to say that of all the hard things I've had to do in my professional and personal life, that was just about the hardest thing I ever had to do. The individual was a very nice person, someone who I personally liked a lot, but for a lot of reasons, some of them not their fault, they just couldn't do the job, and after multiple chances, the management team decided they had to go, and I, being direct supervisor, was the lucky recipient of that task.

Now I have seen some pretty deplorable behavior between other workers. I've seen bullying, both subtle and not so subtle, and have seen two coworkers enter a sexual relationship. None of these were my supervisors, and I wasn't their's, so it did not affect me personally, but I'd say that good people and shitty people are pretty much evenly divided between men and women.

The worst boss I ever had was a man, however. A petulant, ill tempered asshole who took out his shitty marriage on his employees, to the point where, after a ten minute session of the most vile berating because she had forgot to make a new pot of coffee, she just ran out the door in tears. She came back an hour later, and actually fucking apologized to that creep, mainly because she was a single mother with a young child, and couldn't afford to be unemployed. That certainly taught me a good deal about situations of relative power and impotence, and while not sexual abuse, was a kind of hostility and abuse where I did see people stick with the job, simply because they needed to pay the bills.

Steele's husband works for the NSA!

[_Mr_Dude_123]

Did anybody wonder if there is something funny with Shari Steele? - her husband is working with the NSA. and probably works/worked for the NSA: https://bvass.wordpress.com/ta... https://en.wikipedia.org/wiki/...

Re:Cui Bono and To What End?

[gweihir]

Tor is now shit, because the good people were chased away.

Complete bollocks. Name some of these "good people" who have left. The project founders and all the major technical contributors are still there, as well as many new ones.

Indeed. Methinks that there is a PsyOps campaign running to make people go to less secure alternatives. If you cannot break it, try to make everybody believe it is broken instead.

Re:Hatchet jobs aside

[Kjella]

Tor is secure. Where people have been located, it was due to bugs on the bundled browser and not following best security practices like disabling Javascript and not using a maximized browser window (to thwart canvas based fingerprinting). But the underlying network itself is secure.

That or share too much information about yourself or your other online activity or download malicious content. It doesn't even have to be malware as such but say an MP3 where your media player tries to download cover art, any kind of functionality that could lead to non-TOR traffic. Or socially engineer you to visit a popular YouTube video in your ordinary browser using a special URL. It could be they have a exploit on core TOR, but in that case I'm guessing it's in the NSA vaults along with the AES backdoor.

People don't understand the power of profiling and combinatorics. For example say you look at my posting history, I've probably casually mentioned my age a few times - let's say you have my birthday pinned down to a month even though I never said when it was. My sex too in some context, I presume. And I've at one point mentioned my country, my hometown (>150k) and that I used to live in the capital (>600k). If you have a post saying "I'm moving back home soon" that's enough to pinpoint me, if you have access to the right registry.

How does that work? Well you have ~145k registered domestic moves. Only ~49k are between different parts of the country. In total there's about ~9k for my hometown, those are all public statistics. So about (49/145)*9k = 3k long-distance moves to my town, for argument we'll assume all are from the capital. If average lifespan is 80, my month is roughly 1/(80*12) of the total population so ~3 moves of people my age and ~1.5 if you add sex. If soon means the coming month you're down to 1.5/12 = ~1/8. Even with some non-uniformity and whatnot it'll probably be one, at most two.

People don't stop to think about these things, particularly when it appears to happen in "private", but services get compromised. Or are honeypots to begin with. And even if you use PGP or some other secure channel, what used to be a buddy today can be compromised tomorrow. And this gets more and more important as we leave more and more "real world" electronic traces, like that concert you were at - were you also tagged on Facebook? In the past it would have been almost useless information, today a few such tidbits of information can easily lead to just having a handful of suspects to investigate closer.