Whither Tor? Building the Next Generation of Anonymity Tools (arstechnica.com)

← Back to Stories (view on slashdot.org)

Whither Tor? Building the Next Generation of Anonymity Tools (arstechnica.com)

Posted by EditorDavid on Sunday September 4, 2016 @03:45PM from the whither,-not-withered dept.

"Tor hasn't changed, it's the world that's changed," says Aaron Johnson, the lead researcher on a 2013 paper which reported that 80% of Tor users could be de-anonymized within six months, and that today's users may want protection from different threats. An anonymous Slashdot reader quotes Ars Technica: The most probable future we face is a world in which Tor continues to offer a good-but-not-perfect, general-purpose anonymity system, while new anonymity networks arrive offering stronger anonymity optimised for particular use-cases, like anonymous messaging, anonymous filesharing, anonymous microblogging, and anonymous voice-over-IP. Nor is the Tor Project standing still. Tor today is very different from the first public release more than a decade ago, [Tor project cofounder Nick] Mathewson is quick to point out. That evolution will continue.

"It's been my sense for ages that the Tor we use in five years will look very different from the Tor we use today," he says. "Whether that's still called Tor or not is largely a question of who builds and deploys it first. We are not stepping back from innovation. I want better solutions than we have today that are easier to use and protect people's privacy."
The article lists five projects that are "breaking new ground in developing stronger anonymity systems," including the Dissent Project, the Aqua and Herd projects (for filesharing and voice over IP), Vuvuzela/Alpenhorn (for anonymous chat), Riffle (filesharing), and Riposte (anonymous microblogging). Tor project cofounder Nick Mathewson is urging anonymity developers to begin using their own software. "What you learn about software from running it is like what you learn from food by tasting it... You can't actually know whether you've made a working solution for humans unless you give it to humans, including yourself."

46 of 89 comments (clear)

Min score:

Reason:

Sort:

Cause and effect by currently_awake · 2016-09-04 16:12 · Score: 1

If you make a completely safe and secure and anonymous communications system, the governments (all of them) will ban it. If you don't they will spy on you and you'll be worse off because you think you're safe.
Obvious by PopeRatzo · 2016-09-04 16:50 · Score: 1

Whither Tor?
Clearly, the answer is "thither".
Maybe "hither"

--
You are welcome on my lawn.
1. Re:Obvious by ls671 · 2016-09-04 16:58 · Score: 1
  
  They should just use this for up to three shades whither:
  http://tide.com/en-us/shop/typ...
  
  --
  Everything I write is lies, read between the lines.
2. Re:Obvious by SeriousTube · 2016-09-04 17:19 · Score: 1
  
  Stop getting worked up and in a tither.
3. Re:Obvious by mrbester · 2016-09-04 19:23 · Score: 1
  
  "getting worked up": also known as mither.
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
4. Re:Obvious by wonkey_monkey · 2016-09-04 20:55 · Score: 1
  
  All I ever see you do is blither.
  
  --
  systemd is Roko's Basilisk.
Re:corporate interests got us here by ls671 · 2016-09-04 16:51 · Score: 1

gobernments?
Wait, I see:
Top 25 Gobernment profiles | LinkedIn:
https://www.linkedin.com/title...
Liberal Gobernment archives:
http://aptn.ca/news/tag/libera...
Smart Gobernment. UA Smart University - Universidad de Alicante:
http://web.ua.es/en/smart/smar...
etc...
Dummy me, just googling for "Gobernment" made me realize that it is just another valid way to spell "Government"...

--
Everything I write is lies, read between the lines.
Re:Security cleared by negRo_slim · 2016-09-04 17:46 · Score: 1

Why not I2P or Freenet?

--
On the Oregon Cost born and raised, On the beach is where I spent most of my days
Re:Security cleared by Killall+-9+Bash · 2016-09-04 18:22 · Score: 1

Snowden didn't tell me anything I didn't know.

Remember Heartbleed? Tell me Robin Seggelmann isn't on the NSA payroll and I won't believe you. Tell me he's unemployed, and I might believe you. But he's not unemployed, after making the stupidest fucking mistake EVER.

And it goes deeper than one guy allegedly fucking up code in the most critical piece of security software in the world.

RFC6520-- WHY THE FUCK DOES THIS EXIST? Because it's too computationally expensive for clients to re-establish SSL sessions...?! Really? My dual core 2.15ghz smart phone begs to differ.

Highly suspicious that this RFC even exists, and then later is the source of the biggest FUCK UP in security coding history.

The fucking game is rigged. There is no privacy. There is no security.

--
"Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
Tor and VPN weakness is packet size. by adolf · 2016-09-04 19:05 · Score: 2

Maybe for TOR, and certainly for VPN (as-implemented), is a specific vulnerability for packet sizes.
If 208.230.30.20 sends packets of 9098, 3039, and 3030 bytes, and I receive similar packets of the same size (plus or minus VPN headers), then I am already identifiable.
Is this different for Tor?

--
Kid-proof tablet..
1. Re:Tor and VPN weakness is packet size. by AHuxley · 2016-09-04 19:35 · Score: 1
  
  The NSA and GCHQ seem to have 3 ways of breaking down anonymity and privacy on any emerging platform.
  Junk encryption standards allows a message to be collected even if anonymity can be assured.
  If privacy can be assumed then the anonymity is weakened to allow end to end tracking. Low quality server hardware and networks sold globally.
  If all that per application effort fails, just go for https://en.wikipedia.org/wiki/... and match up the start and end point.
  Once an interesting persons computer network is discovered, then the expected gov malware like efforts can collect on every keystroke. All efforts at strong encryption is then much harder.
  The real tell is the level of interest in getting a product banned at a national talking point political level or a push for export controls at an international level.
  If the security services are happy to see a service in use and the police can gain an ip with a per case federal budget that anonymity and privacy test is not passed.
  VPN is still sold globally even during national privacy, gov logs, digital rights, geo blocking conversations.
  Onion routing networks are still running in Western nations with NSA and NATO not really too unhappy about limitations on discovering the origin or end point of any user's data flow.
  The security services have set weak standards over generations at the OS level, wider telco network hardware level and within crypto developer communities. Even national police forces can get the original ip's and bring the result before open courts.
  
  --
  Domestic spying is now "Benign Information Gathering"
2. Re:Tor and VPN weakness is packet size. by dns_server · 2016-09-04 20:07 · Score: 2
  
  Tor works by setting up multiple layers of vpn's between nodes in laters in a way that traffic is passed between nodes without them knowing the contents.
  You want to connect to c so you set up a vpn between a and b then b and c and use both of those vpn to set up another vpn between a and c.
  That is the a kind of traffic analysis that can be done if you are a government and can monitor enough nodes.
  While any one node may not know what is being transmitted and to where you could see that a series of packets came through in to one node and a few seconds later a similar amount of data was transmitter do another node.
  If you are unlucky one of these bad nodes could also be an entrance or exit node and they would see what you are sending.
  There has also been research that showed that if you monitor a voip call transmitted through a vpn you can guess what they are saying by the traffic spikes as words are spoken.
3. Re:Tor and VPN weakness is packet size. by rrohbeck · 2016-09-04 21:24 · Score: 1
  
  They could pad the packets with random dummy data.
  
  --
  thegodmovie.com - watch it
4. Re:Tor and VPN weakness is packet size. by cryptizard · 2016-09-04 22:09 · Score: 1
  
  Yes TOR does not try to protect against those "traffic confirmation" attacks, not could it if it wanted to. If an attacker can observe everything going into the network and everything coming out of it, then the game is over because of simple information theoretic limits. Unless clients are willing to pad all their traffic to some fixed rate. This is not at all practical though, since you would have to have all clients match the bandwidth of the weakest client, making the network unusable.
5. Re: Tor and VPN weakness is packet size. by adolf · 2016-09-05 11:09 · Score: 1
  
  They could, but they don't.
  
  --
  Kid-proof tablet..
6. Re: Tor and VPN weakness is packet size. by cryptizard · 2016-09-05 11:33 · Score: 1
  
  No not really. How do you pick the randomness? If it's uniformly distributed then I can still extract averages over larger sequences of traffic. You don't have to have an EXACT match on size. For instance, imagine you are trying to catch someone that is exfiltrating a large amount of sensitive data. I don't care what you pad, if I can see both ends of the network I will notice one person transferring a huge amount of data that corresponds with data I see going into the "wikileaks" site (or whatever) on the other. The only way you could defeat this type of attack is if you rate limit all users to the same rate, and force them to transmit data even when they are idle (sometimes called the leaky bucket approach). And that would clog things up pretty quickly.
7. Re: Tor and VPN weakness is packet size. by adolf · 2016-09-05 13:53 · Score: 1
  
  I'm imagining a typical VPN host (eg airvpn). I'm assuming that an attacker is able to monitor both my encrypted and unencrypted traffic, or at least the metadata therein (which isn't particularly unlikely), at the point where the OpenVPN server connects to the Internet. There's a lot going on with one of these systems.
  Suppose I'm sending a bunch of stuff to Wikileaks over this connection using HTTP[S], and it's a pretty steady stream of ~1500 byte TCP packets coming in and going out. Easy enough to correlate who is doing this, even though it's a very busy system.
  Now suppose instead that some packets are 234 bytes, some are 1293 bytes, and some are 1023 bytes [...], selected randomly, as encrypted on the VPN. Let us further assume that we're willing to allow some overhead for additional padding, so we'll randomly add between 0 and 500 bytes of random to each of these packets, with random weighting over random time intervals to favor more or less padding.
  Now, neither the packet sizes coming in over VPN nor the total transfer-over-time directly correlate any longer with the stuff going unencrypted out of the VPN box.
  Efficiency took a dive, to be sure, but it's survivable.
  It can still presumptively be figured out, but your "leaky bucket" approach does take care of that neatly enough (even though I don't think that's the correct use of that term), and can be accomplished by also using the encrypted tunnel for other forms of communication at the same time (everyone seeds Linux ISOs, right?) for those who are particularly paranoid -- or who simply do multiple things at one time with a tunnel, perhaps by serving multiple users.
  Or, you know, random isolated noise packets sent to the VPN server to be discarded, but that seems dumb (unless it isn't: A lot can be hidden in an unending and constant stream of noise, and this would also mitigate timing-based attacks.)
  As I see it, we've made the two streams very difficult or impossible to correlate by comparison of packet sizes at this point. Efficiency is nowhere what it used to be, but anonymity has improved markedly....*especially* if everyone else is doing it, too.
  And, AFAICT, we haven't even broken TCP for the unencrypted half of the conversation (yet).
  (I used a VPN in this example, but this could be re-written with TOR and an exit node, or just TOR in and of itself in mind just as well.)
  
  --
  Kid-proof tablet..
8. Re: Tor and VPN weakness is packet size. by cryptizard · 2016-09-05 21:26 · Score: 1
  
  Now, neither the packet sizes coming in over VPN nor the total transfer-over-time directly correlate any longer with the stuff going unencrypted out of the VPN box.
  Why do you say this? Think of it this way, if I see a stream going to wikileaks and I want to track who it is coming from, consider the individual packets from that stream. Every packet I see, I look at the incoming traffic and think, "which client could have sent this?" I put some generous bounds on the network environment and what I know about your padding system and say, "any packet sent between this time and this time, between this size and this size, could have corresponded to that output packet". That results in a, potentially large, set of "suspicious" clients. Now over time I do this for many packets, one by one eliminating clients. Unless there is another person who is sending packets at the same rate as you, for the same duration, you will eventually be singled out regardless of padding.
9. Re: Tor and VPN weakness is packet size. by BundesSheep · 2016-09-06 04:10 · Score: 1
  
  This does help though by making the entire process take longer. If you've got a relatively small burst of data you need to send to wikileaks, for example, you might get it all sent before you can be statistically cornered, as it were. Maybe you'll never use that network ever again now that the job is done.
10. Re: Tor and VPN weakness is packet size. by cryptizard · 2016-09-06 07:51 · Score: 1
  
  Ok but then you are saying it is only secure for certain types of traffic. How do you quantify when you are secure? Is it 1 MB? 100 MB? It is a bad idea to have situations where you might not be secure and have no idea.
11. Re: Tor and VPN weakness is packet size. by adolf · 2016-09-06 16:35 · Score: 1
  
  We're already insecure, and we know it.
  The point is to decrease the signal-to-noise ratio so that finding good, reliable data as to whom is doing what is harder, which is pretty much all that encryption has gotten us so far anyway: It makes it harder.
  Anyone who believes that their data is secure in transit on a public network is a lunatic to whom I'd like to sell a bridge. I would also like to take this time to draw into question the sanity of anyone who chooses to think that there's no good reason to make the job of spoofing to be as difficult and drawn-out as possible.
  
  --
  Kid-proof tablet..
12. Re: Tor and VPN weakness is packet size. by adolf · 2016-09-06 16:38 · Score: 1
  
  s/spoofing/snooping/
  
  --
  Kid-proof tablet..
Re:Security cleared by Anonymous Coward · 2016-09-04 19:33 · Score: 1

Snowden didn't tell me anything I didn't know.
There is a difference between believing that the world is round and getting it proved.
Snowden didn't tell anyone anything that people didn't already suspected. The difference is that before Snowden one would be disregarded as a tinfoil hat rather than a realist.
What Snowden did was to give you credibility. You lacked it before, even if you didn't realize it.
When will people realise by Chrisq · 2016-09-04 20:21 · Score: 1

The only way to guarantee privacy is to disconne//....
Re:Wish there was a Tor Lite browser by NotInHere · 2016-09-04 20:31 · Score: 1

I'm afraid that TOR is your only really good alternative here. I use TOR specifically for that reason. Something that can protect journalists from repressive governments should be more than enough to protect me from data hungry companies. The issue here is that it doesn't depend on client software alone. Just alone your ip address can often be used to almost uniquely identify you. How many devices share your internet connection? Do you connect your phone to the WiFi? Then you've lost.
Maybe the need isn't as great? by jandersen · 2016-09-04 20:57 · Score: 1

"Tor hasn't changed, it's the world that's changed," says Aaron Johnson, the lead researcher on a 2013 paper which reported that 80% of Tor users could be de-anonymized within six months, and that today's users may want protection from different threats.
I think this is it: most people are simply not all that worried about anonymity or privacy. Perhaps they are stupid, but on the other hand, it could be that it is just bit too paranoid to go to enormous lengths to protect one's privacy. I can see why - with smartphones and smart tvs and all the other silly gadgets, as well as credit cards that we use all over the place, we leave an enormous trail everywhere we go, and we allow companies access to our privacy almost without limitations; so how much is it actually worth that we encrypt emails and use Tor?
Oh, and before you hit the button and mod me down because you are miffed that I have an opinion you don't like - how about thinking up a really good reply that will cut me right down to size? It ought to be easy, if I'm such an idiot ;-)
1. Re:Maybe the need isn't as great? by Larsen+E+Whipsnade · 2016-09-05 02:48 · Score: 1
  
  Other people's complacency should not be my responsibility.
  
  Let them be spied on if they're fine with that. But if it affects me, then a line has been crossed.
Re:TOR's already looking different, Nick. by AmiMoJo · 2016-09-04 21:24 · Score: 1

TOR is still the best option, and for the most part it works as advertised. It's possible to sometimes unmask users, usually relying on them making mistakes, but it's an expensive and time consuming process.
The issue is that it needs continuous development and scrutiny to keep it secure. Appelbaum really screwed the project but it's important that it manages to recover, because at the moment there is nothing else comparable.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:Security cleared by MartinG · 2016-09-04 21:46 · Score: 2

> RFC6520-- WHY THE FUCK DOES THIS EXIST? Because it's too computationally expensive for clients to re-establish SSL sessions...?! Really? My dual core 2.15ghz smart phone begs to differ.
No. It's not about CPU time, but about the time taken to establish a connection due to the TLS and TCP handshakes. I think it's only a single round trip for the TLS part (someone will surely correct me if not) but that's on top of the TCP 3 way handshake, which all adds up. You can't mitigate network latency with a faster CPU.
These are partly the same reasons for http2 by the way. Re-using a single connection means avoiding the TCP and TLS setup happening more than once.
Finally, keeping a connection open for a long time and re-using it goes some small way to avoid revealing as much metadata to snoopers, as does multiplexing a single TLS connection rather than creating many.

--
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
Re:Security cleared by cryptizard · 2016-09-04 21:59 · Score: 1

It is two round trips: client hello, server hello, client exchange, server finished.
Re:TOR's already looking different, Nick. by cryptizard · 2016-09-04 22:03 · Score: 2

What a bunch of baseless FUD. The new board was picked precisely because they are beyond reproach. If you think Bruce Schneier and Matt Blaze are government stooges then you might as well just give up trying because no researcher can be trusted.
Re:Tor has been forked by cryptizard · 2016-09-04 22:16 · Score: 1

Okay so people won't trust the Tor organization, with longstanding community heroes on the board like Bruce Schneier and Matt Blaze, but they will trust a random fork of Tor that is made by anonymous nobodies with a questionable agenda. Very smart.
Hiding Tor by grumbel5969 · 2016-09-04 22:17 · Score: 4, Informative

Focus an anonymity is all nice and good, but from my experience the biggest problem with Tor is that the exit nodes are so limited that the fact that you are using Tor is obvious for the server. Meaning websites will block you or become unusable due to requesting a CAPTCHA every few clicks. Thus you have anonymity, but your web access is so drastically limited that it becomes impractical to use Tor as every day Internet access, thus you switch back to a non-Tor browser and are left with no anonymity.
1. Re:Hiding Tor by Larsen+E+Whipsnade · 2016-09-05 02:45 · Score: 1
  
  This is a concern for me. It seems like exit nodes get blacklisted because they look like exit nodes. If we sculpted their traffic to look more vanilla we could get past this, and maybe reduce Tor's usability for spammers at the same time.
  
  The danger is it could also reduce usability for legit users as well, but CAPTCHA is already doing that anyway.
2. Re:Hiding Tor by Larsen+E+Whipsnade · 2016-09-05 02:52 · Score: 1
  
  Also, lots of sites block Tor outright. Not even the courtesy of a CAPTCHA. That's a troubling trend.
  
  Maybe if we force upstream-downrange ratios into a narrow range then we can avoid exit nodes looking distinct from ordinary client hosts. That will make it harder to upload large files, but I can live with that.
Trust? by kqc7011 · 2016-09-04 22:59 · Score: 1

Are they doing the work with help from the NSA?

--
Passionately Indifferent
HORNET, next gen Tor @ 93Gb/s by saibot834 · 2016-09-04 23:32 · Score: 3, Interesting

It's worth looking at HORNET, which is at this point not much more than a research paper, but it could point in the right direction. Instead of having anonymity for very few people (because of disadvantages to using anonymity tools, e.g. speed and latency), increase the anonymity pool by making anonymous communication less disadvantagous. With HORNET high throughput is achieved by providing Tor-like routing at the network layer (something which is currently not possible in the internet, but it might come with SCION, a BGP replacement that's in the works). I'm not saying that this will be ready anytime soon, but I think it's certainly an interesting idea. [full disclosure: I'm a researcher working on SCION]
I also think that Tor still is the best thing we have. The rumors about Tor's death are greatly exaggerated.
1. Re:HORNET, next gen Tor @ 93Gb/s by ewanm89 · 2016-09-05 02:51 · Score: 5, Informative
  
  The problem with Tor is not throughput but latency, and the latency issue in Tor exists as a protection against timing attacks. Basically, Tor nodes capture several requests to pass on, then wait, only sending in batches on a given interval, they also shuffle the order of the batches, 3 hops later and all these waits add up. Without this method, one could easily watch packets going into and coming out of the network and just match them up, as they come out in the same order a few milliseconds later, with the batching you have no idea which packet matches with which one going in.
2. Re:HORNET, next gen Tor @ 93Gb/s by allo · 2016-09-09 01:37 · Score: 1
  
  > the latency issue in Tor exists as a protection against timing attacks
  No, it does not, but it should (as idea of the tor devs). This means currently you have random relay based latency, which can make it even easier to fingerprint your connection. The plan (to be done when it's time) is to add random latency and padding to packets (generating overhead as well) to make fingerprinting harder.
Using Tor by Oswald+McWeany · 2016-09-04 23:56 · Score: 1

Using Tor only makes the government want to spy on you more; it will only help protect you from less sophisticated entities. Unfortunately, wanting to protect your privacy means the government will try even harder to spy on you.

--
"That's the way to do it" - Punch
Re:Tor has been forked by cryptizard · 2016-09-05 00:07 · Score: 1

For trust you need an open protocol specification that can be evaluated in itself. Then you can write your own implementation that you know is safe or you can use an open source alternative that may or may not be compromised or you can use a binary that may or may not be compromised. The protocol itself needs to be resilient against man in the middle attacks so that you aren't exposed just because a few other users are using version that are actively trying to figure out where the packets come from.
Literally all of those things are true of Tor, so I don't know wtf your point is here.
Making deanonymising hard... by John+Allsup · 2016-09-05 00:44 · Score: 1

A lot of the issues come down to a general type of problem, one I term 'NSA/GCQH problems', namely "is this meaningful data?" type questions.
For example, if trying to decrypt a file, if one alphanumeric password of length 16 characters ends up with something like passable HTML or English text, chances are you have the right password. Thus there are easy(ish) ways for an attacker/listener to verify whether or not they have the the correct password. I imagine future anonymity systems will need to look at means of effective communication which do not allow such easy verification of a correct attack. That requirement, rather than defining _how_ information is anonymously transmitted, will define _what_ can sensibly be anonymously transmitted, and what practical use can be made of what can sensibly be anonymously transmitted.
Much of this comes down to making things computationally 'vague' in some well-defined way, so that 'attack problems' (like e.g. find the password for this AES encrypted file) are, in general, poorly defined and open-ended (so that the search space is effectively infinite). This means harnessing computational complexity in different ways to current mainstream cryptographic methods (though probably using them in conjunction with mainstream crypto).
This begins with taking real-world communication scenarios, asking what basic problem is being solved, and what communication is necessary for solving this problem, and considering the whole space of possibilities.
Crypto like AES has the nice property of being easily implemented on small custom hardware. For important things, it is sensible to at least contemplate methods which would take large amounts of ram and processor power (e.g. if it took 5s and 1GB RAM on my i5 laptop to encrypt and decrypt a 4k textual message into, say, a 256k binary blob, for the kinds of things TOR was originally about, which was not selling drugs and spreading kiddie porn, this would be acceptable). Doing it in such a way as to make the 'false positive' rate for an attacker very high (so restricting the format of communication to a very computer-friendly and formulaic language format, such that many plausible but incorrect 'decryptions' are possible, and non-interactive verification is hard). Stuff like that.
A lot of this really requires thinking outside-the-box about what we need to communicate, rather than sticking with everyday communication conventions and throwing all our effort at _how_ to transmit that everyday communication anonymously. I did envisage, years ago, something I termed the 'schizophone', which would generally throw around pseudo-bullshit in the forms of spiritual poetry or whatever, reminiscent of a psychotic mental patient, but for which there were well-defined means to extract meaning. But modelling the communication language on the kind of crap people send round twitter these days, you get a kind of steganography-on-acid where attackers have a hard enough time figuring out what is even meaningful. (Then there is the fun of defining 'meaningful' in terms of mathematically hard language recognition problems of the NP-complete kind, where the 'certificate' functions as a filter, a little like the 'chaffing and winnowing' paper talked about a while back: if I have an NP-complete problem for a language L, where L is contained in some larger computationally efficient language L2 (by being much less stringent about what is in L2 than in L) and both an element of this language s, a certificate c, and many other elements of L2 all encoded in some blob, it is feasible to extract all possible candidates for elements of L2 from that blob, but without access to c, verifying which are elements of L is much harder, assuming P != NP, or that in the event that P = NP, there is still a significant gulf between the best 'solver' and a decent 'checker'.)

--
John_Chalisque
Re:Tor has been forked by cryptizard · 2016-09-05 02:34 · Score: 1

I didn't mean to trust Tor because of them, I meant their presence was not a reason to NOT trust Tor, as some people are claiming.
"currently not possible in the internet, but..." by Larsen+E+Whipsnade · 2016-09-05 05:26 · Score: 1

Deal breaker right there.

The whole point of freedom is to reduce dependency on other people. We do for ourselves,
Re:TOR's already looking different, Nick. by zedaroca · 2016-09-05 13:42 · Score: 1

I closed my node after reading those news. Jacob is a very outspoken enemy of the surveillance state. His speech To protect and infect part 2 was one of the best about the Snowden revelations.
Jacob was expelled from Tor based on several types of accusations made in a website, including rape, intense kisses and crude language (they went for all the audiences). His friends here sort of expelled too when they didn't believe all the accusations or pointed some of them were false (indirectly by claiming they were covering for a rapist and making personal attacks). They went after his other businesses and his doctorate too. It was textbook character assassination.

Write a blog purpoting to be one of their victims
Email/text their colleagues, neighbours, friends etc
For those who are interested on what happened to Jacob former face of Tor that is also involved with Wikileaks:
The weaponising of social (Analysis from some person on the internet)
What has this man done? (On the German Magazine Zeit online - in English)

"I am not a victim of Jake," she told Die Zeit. She says she told a friend about the intense kiss in confidence. This story was not merely used on the website without her permission – she says the story was also "heavily manipulated."

I should warn that they are very long reads.
Now there is an "ex-cia" agent working on Tor.
The person responsible for a questionable website with at least some false accusations and the exit of several developers holds a key position.
There is increased development on usage statistics (that does make sense and is a response on attacks being used against tor - I am being paranoid here, but I wasn't a paranoid enough before Snowden and was proven a fool).
Also, as much as I admire Schneier for his work and would like his addition if it was in other circumstances, something that always bothered me about him is that he always focused on the NSA violations against Americans and American companies. I don't remember him criticizing the NSA for spying on innocent foreigners and on other countries (despite international agreements and the fact that foreigners are people too), I would like to be shown otherwise, but if he did it was tangentially. His discourse has always been that they should do a better job at protecting American national security and companies (and not that such military powers shouldn't exist).
Re:TOR's already looking different, Nick. by zedaroca · 2016-09-05 14:12 · Score: 1

Yes, in principle no researcher can be trusted (Carnegie Mellon, RSA). Jacob was not there because he was beyond reproach, he was there because he was an activist. Now we have some people supposedly "beyond reproach".
But the new board is not beyond reproach, as the person that did make false accusations against Jacob is in it.
Anyone who is not being persecuted for their activism should raise an eyebrow, even Schneier, who chose a very strange moment to join the project.
Most of what we claimed before Snowden was FUD, but it was correct and incomplete.