Hi,

Thanks Alison and all the people who put effort into this. It looks very solid.

The Tor Project is frequently associated to a set of concepts which includes privacy, freedom of speech and anonymity. IMO the latter is as important as the others (and actually when you go to Tor Project's website it says: "Tor Project: Anonymity Online"), but I didn't have that feeling when I read the contract. In other words, I have the impression that the concept of anonymity has been put aside. Is this the case, or I'm just overthinking the way it was written?

Kind regards. --ilv

On Fri, Jul 29, 2016 at 02:25:00AM +0000, Alison wrote:

Addendum:

If you thought "but Sandstorm uses javascriiiiiiiiiiiiiiiiipt!!!!! (;ﾟ︵ﾟ;)(;ﾟ︵ﾟ;)(;ﾟ︵ﾟ;)(;ﾟ︵ﾟ;)", please accept my sincere apologies, and see attached txt file.

Alison

Alison:

...

Hello good people of tor-project@! I'm excited to present to you something that a number of us core members have been working on for some time now: the Tor Project Social Contract 1.0 [1]. Modeled after the Debian Social Contract [2], the Tor Project Social Contract is a set of promises to our community about what Tor stands for and why we create it.

I'm sharing it with all of you today so that we can work on ratification. I think that the best way to do this is as follows:

By 6 August at 00:00 UTC, please respond to me or to the list if you accept or object to this social contract so that we can ratify this through rough consensus [3].

If objecting: Please be specific about your objections so that we can discuss changes as needed. If you respond directly to me, I will assume that you don't want your name shared with the group, but please specify if you don't want your comments shared either. NB: THIS IS NOT AN INVITATION TO EDIT BY COMMITTEE. I'm interested in feedback like "this does not represent the Tor that I know" not "I'd like this sentence reworded". Please also be kind, because this was written by humans.

If accepting: your florid prose about why you love it and think it's an astonishing work of art that reflects the diligence and care exercised by the authors is quite welcome. A show of hands (writing an email that says +1) is also fine. Questions are welcome.

If this is successfully ratified, I will publish it on the Tor blog and in some other places: probably the "About Tor" section of the website and on the Community Team wiki. If you have great ideas for other places this should live, let me know!

Thank you for your feedback, and thank you to all of the Tor folks who worked on this, especially Lunar and Roger, who got it started.

Alison

[1] https://storm.torproject.org/shared/UleWiALOvWDnWxEqPcAfr49tkHaM-h7PlSmoHlRb... [2] https://www.debian.org/social_contract [3] https://en.wikipedia.org/wiki/Rough_consensus

THE TOR SOCIAL CONTRACT

At The Tor Project, we make tools that help promote and protect the essential human rights of people everywhere. We have a set of guiding principles that make that possible, but for a long time, those principles were more or less unspoken. In order to ensure that project members build a Tor that reflects the commitment to our ideals, we've taken a cue from our friends at Debian and written the Tor Social Contract -- the set of principles that show who we are and why we make Tor.

Our social contract is a set of behaviors and goals: not just the promised results we want for our community, but how we achieve them. We want to grow Tor by supporting and advancing these guidelines in our Tor time, while taking care not to undermine them in the rest of our time. The principles can also be used to help recognize when people's actions or intents are hurting Tor. Some of these principles are established norms, things we've been doing every day for a long time, while others are more aspirational -- but all of them are values we want to live in public, and we hope it will make our future choices easier and more open. This social contract is just one of several documents that define our community standards, so if you're looking for things that aren't here (e.g., something that might be in a code of conduct) bear in mind that content might be in a different document.

Social goals can be complex. If there is ever tension in the application of the following principles we will always strive to place highest priority on the safety and freedom of any who would use the fruits of our endeavors. The social contract can also help us work through such tensions -- for example, there are times when we might have a need to use tools that are not completely open (contradicting point 2) but opening them would undermine our users' safety (contradicting point 6). Using such a tool should be weighed against how much it's needed to make our technologies usable (point 1). And if we do use such a tool, we must be honest about its capabilities and limits (point 5).

Tor is not just software, but a labor of love produced by an international community of people devoted to human rights. This social contract is a promise from our internal community to the rest of the world, affirming our commitment to our beliefs. We are excited to present it to you.

1. We advance human rights by creating and deploying usable anonymity and privacy technologies

We believe that privacy, the free exchange of ideas, and access to information are essential to free societies. Through our community standards and the code we write, we provide tools that help all people protect and advance these rights.

2. Open and transparent research and tools are key to our success

We are committed to transparency; therefore, everything we release is open and our development happens in the open. Whenever feasible, we will continue to make our source code, binaries, and claims about them open to independent verification. In the extremely rare cases where open development would undermine the security of our users, we will be especially vigilant in our peer review by project members.

3. Our tools are free to access, use, adapt, and distribute

The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use. We do not restrict access to our tools unless it is for the security of all users, and we design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if the tools are free of cost and free to use, copy, modify and redistribute.

4. We make Tor and related technologies ubiquitous through advocacy and education

We are not just people who build software, but ambassadors for online freedom. We want everybody in the world to understand that their human rights, particularly of free speech, freedom to access information, and privacy, do not have to disappear when they use the internet, and we do this by teaching people why and how to use Tor. We are always working to make our tools both more secure and more usable, which is why we use our own tools and listen to user feedback. Our vision of a more free society will not be accomplished simply behind a computer screen, and so in addition to writing good code, we also prioritize community outreach and advocacy.

5. We are honest about the capabilities and limits of Tor and related technologies

We never intentionally mislead our users nor misrepresent the capabilities of the tools, nor the potential risks associated with using them. Every user should be free to make an informed decision about whether they should use a particular tool and how they should use it. We are responsible for accurately reporting the state of our software, and we work diligently to keep our community informed through our various communication channels.

6. We will never willfully harm our users

We take seriously the trust our users have placed in us. Not only will we always do our best to write good code, but it is imperative that we resist any pressure from adversaries who want to harm our users. We will never implement front-doors or back-doors into our projects. In our commitment to transparency, we are honest when we make errors, and we communicate with our users about our plans for improvement.

---

tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

...

The Tor Project is frequently associated to a set of concepts which includes privacy, freedom of speech and anonymity. IMO the latter is as important as the others (and actually when you go to Tor Project's website it says: "Tor Project: Anonymity Online"), but I didn't have that feeling when I read the contract. In other words, I have the impression that the concept of anonymity has been put aside. Is this the case, or I'm just overthinking the way it was written?

No backing off from anonymity here. This document is meant to supplement and not replace our mission statement.

Great, thanks for clarifying this.

+1

On Sat, Jul 30, 2016 at 08:09:10PM +0200, Lunar wrote:

ilv@torproject.org:

...

The Tor Project is frequently associated to a set of concepts which includes privacy, freedom of speech and anonymity. IMO the latter is as important as the others (and actually when you go to Tor Project's website it says: "Tor Project: Anonymity Online"), but I didn't have that feeling when I read the contract. In other words, I have the impression that the concept of anonymity has been put aside. Is this the case, or I'm just overthinking the way it was written?

The very first point of the social contract explicitely mention “anonymity and privacy technologies”:

...

...

1. We advance human rights by creating and deploying usable

anonymity and privacy technologies

We believe that privacy, the free exchange of ideas, and access to information are essential to free societies. Through our community standards and the code we write, we provide tools that help all people protect and advance these rights.

This one comes first because it more or less restates Tor mission statement. I'm left to wonder how you felt we put the concept of anonymity aside. :)

Yes, you are right. Also, it's the only occurrence of the word "anonymity" in the whole text. That was the reason for the wrong impression I had.

I am with pikachu! +1

Thank you for the great work community team! Like Teor said, it does a good job describe what we value.

On 07/29/2016 04:09 AM, isis agora lovecruft wrote:

Alison transcribed 2.8K bytes:

...

If accepting: your florid prose about why you love it and think it's an astonishing work of art that reflects the diligence and care exercised by the authors is quite welcome. A show of hands (writing an email that says +1) is also fine. Questions are welcome.

                          ----------------------------
                          |                          |
                          |                          |
                          |              1111        |
                          |    ++       11111        |
                          |    ++      11 111        |
                          | ++++++++      111        |
                          | ++++++++      111        |
                          |    ++         111        |
                          |    ++      111111111     |
                          |                          |
                          |                          |
                          ============================

quu..__ | | $$$b `---.__ | | "$$b `--. | ___.---uuudP `$$b `.__.------.__ __.---' $$$$" . "$b -' `.-' $$$" .'| ". ' d$" _.' | `. / ..." .' | `./ ..::-' _.' | / .:::-'| .-' .' : ::''| | _.' | .' .-. .-. | | .' | : /'$$| .@"$\ | |. .' _.-' .'|$u$$| |$$,$$| | || < _.-' | `:$$:' :$$$$$: | |`. `. .-' : `"--' | | | `-. \ :##. == .###. | | `. `. `\ |##: :###: ,'| |` | > > |#' `..'`..' `###': | |/ x: / / \ , | |xXX| / ./ \ . | |XX'| / ./ /`-. : | | `. / / : `- ..........., ; | | | / .' | ``:::::::' .. | | |< `. | ``` | |_| x| \ `.:``. | .' /' xXX| `:`M`M':. | | xXXX'| -'MMMMM:' `. .' |-'MMMM.-' | | .'MMM.-' `'`' |MMM< | |MMMM\ \ :MM.-' \ | .'' . `. / / .:::::::.. : / | .:::::::::::`. / | .:::------------\ / / .'' >::' / `',: : .' '''''

...

Thank you for your feedback, and thank you to all of the Tor folks who worked on this, especially Lunar and Roger, who got it started.

Also +1.

---

tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

Virgil Griffith:

Focusing on human rights gets you on the shit-list for most countries in both Southeast Asia and Africa. (Combined with China, this comprises ~44% of the world population per Wolfram Alpha.) Presumably, privacy naturally dovetails with human rights, but by explicitly stating we are primarily focused on human rights, Tor is likely to be banned in many countries in which it is sorely needed.

Can you show me some citations for this claim? You are the only person I've ever heard make the suggestion that half the world is so opposed to human rights that they ban any mention of it.

Alison

Dear Virgil:

I doubt our social contract is going to trigger international legal battles around Tor. What governments really don't like about Tor, despite what they might say, is that we prevent them from spying.

However, let's think a moment about human rights.

Here is Tor's official mission statement:

"To advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding."

Governments like to paint the idea of human rights as "Western" -- but that's not the opinion of people in those countries pushing for basic freedoms.

For example, Chinese activists working on health, legal, and environmental issues have told me, "The government says that human rights are a western value, but don't believe them. Human rights are universal." That was one of the first things one particular activist, a doctor, told me just after he was released from prison for advocating for healthcare for sick people in rural China.

Many people have risked their lives on this proposition--for instance, the original signers of China's Charter 08: https://en.wikipedia.org/wiki/Charter_08

Lu Xiaobo, the Nobel Laureate, is in prison in China for signing Charter 08 (and he signed it knowing that it would likely trigger his imprisonment). Many other people also went to jail for signing Charter 08.

The point of Charter 08 --which is based on the Universal Declaration of Human Rights--is to say--"Despite what you have been told by the government--people in China demand and deserve their human rights. Even now."

Lots of awful people hate human rights and so do the secret police. Tor must be an organization that doesn't accommodate them, but instead finds ways to side with and support the people they would like to oppress.

--Kate

Virgil Griffith:

This looks very lovely. Thank you Alison for drafting it!

The only part that concerns me is explicitly defining "We advance human rights" as part of Tor's core mission.

The problem is that many people who need Tor the most live in countries in which Tor's active alignment with liberal human rights advocacy would substantially (certainly non-negligibly) increase the chance of Tor being banned.

Focusing on human rights gets you on the shit-list for most countries in both Southeast Asia and Africa. (Combined with China, this comprises ~44% of the world population per Wolfram Alpha.) Presumably, privacy naturally dovetails with human rights, but by explicitly stating we are primarily focused on human rights, Tor is likely to be banned in many countries in which it is sorely needed.

For example, in Singapore they were discussing banning Tor but I was able to sway them to refrain because Tor is not just "human rights" (which the government does not care for), but is a privacy technology for many things, such as whistleblowing (which the government likes).

By pigeon-holing Tor into chiefly the human-rights category, it makes the argument to not ban Tor much more difficult. And Tor being banned is counter-conducive to human rights in these regions.

So here's the question:

** Would people support Tor Project aligning itself with explicit human rights advocacy even if that alignment is likely to obstruct the most-needy users' capacity to use Tor software? **

-V

On Fri, Jul 29, 2016 at 9:22 PM, Isabela isabela@riseup.net wrote:

...

I am with pikachu! +1

Thank you for the great work community team! Like Teor said, it does a good job describe what we value.

On 07/29/2016 04:09 AM, isis agora lovecruft wrote:

Alison transcribed 2.8K bytes:

If accepting: your florid prose about why you love it and think it's an astonishing work of art that reflects the diligence and care exercised by the authors is quite welcome. A show of hands (writing an email that says +1) is also fine. Questions are welcome.

                          ----------------------------
                          |                          |
                          |                          |
                          |              1111        |
                          |    ++       11111        |
                          |    ++      11 111        |
                          | ++++++++      111        |
                          | ++++++++      111        |
                          |    ++         111        |
                          |    ++      111111111     |
                          |                          |
                          |                          |
                          ============================

quu..__ | | $$$b `---.__ | | "$$b `--. | ___.---uuudP `$$b `.__.------.__ __.---' $$$$" . "$b -' `.-' $$$" .'| ". ' d$" _.' | `. / ..." .' | `./ ..::-' _.' | / .:::-'| .-' .' : ::''| | _.' | .' .-. .-. | | .' | : /'$$| .@"$\ | |. .' _.-' .'|$u$$| |$$,$$| | || < _.-' | `:$$:' :$$$$$: | |`. `. .-' : `"--' | | | `-. \ :##. == .###. | | `. `. `\ |##: :###: ,'| |` | > > |#' `..'`..' `###': | |/ x: / / \ , | |xXX| / ./ \ . | |XX'| / ./ /`-. : | | `. / / : `- ..........., ; | | | / .' | ``:::::::' .. | | |< `. | ``` | |_| x| \ `.:``. | .' /' xXX| `:`M`M':. | | xXXX'| -'MMMMM:' `. .' |-'MMMM.-' | | .'MMM.-' `'`' |MMM< | |MMMM\ \ :MM.-' \ | .'' . `. / / .:::::::.. : / | .:::::::::::`. / | .:::------------\ / / .'' >::' / `',: : .' '''''

Thank you for your feedback, and thank you to all of the Tor folks who worked on this, especially Lunar and Roger, who got it started.

Also +1.

---

tor-project mailing listtor-project@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

-- PM at TorProject.org gpg fingerprint = 8F2A F9B6 D4A1 4D03 FDF1 B298 3224 4994 1506 4C7B @isa

---

tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

N�n�r����)em�h�yhiם�w^��

I agree with what Katie said here:

"Lots of awful people hate human rights and so do the secret police. Tor must be an organization that doesn't accommodate them, but instead finds ways to side with and support the people they would like to oppress."

If we sanitize our message to exclude human rights, what's the limit of what we'll say to appease the powerful? Let them try to ban Tor; we seem to be pretty effective at circumventing their efforts. I'd rather us focus on building relationships with the people on the ground in those countries so that we can continue to build technology that assists them in their struggles for justice.

Alison

PS - For me personally, "human rights" already feels like a compromise from my actual politics, but I think that "no gods no masters no states no bedtimes" is probably not going to have mass appeal.

PPS - I just want to point out that all of your citations are in southeast Asia, and yet in your original email you named Africa as another place whose officials eschew human rights. Maybe you didn't intend for it to be read this way, but I bristle whenever I see someone treat that entire continent like one country, and then fail to provide any concrete examples relating to any of the countries within.

Alison

Virgil Griffith:

Everyone on this list, including me, is pro human rights. Moreover, we all wish for Tor to further privacy, particularly for those in countries whose governments restrict human rights.

The only question is which is the better tactic to more effectively "support the people they would like to oppress".

I make exactly two claims:

(1) that reducing obstacles to people using Tor is a more effective way to help people than the moral support in a mission statement.

(2) emphasizing human rights in the mission statement nonnegligibly increases the risk of tangible, concrete obstacles to most needy users using Tor, and I cited some examples of this.

One can disagree with either (1) or (2). But given both (1) and (2), I believe the conclusion follows.

-V

On Sat, Jul 30, 2016 at 12:23 AM, Kate ailanthus@riseup.net wrote:

...

Dear Virgil:

I doubt our social contract is going to trigger international legal battles around Tor. What governments really don't like about Tor, despite what they might say, is that we prevent them from spying.

However, let's think a moment about human rights.

Here is Tor's official mission statement:

"To advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding."

Governments like to paint the idea of human rights as "Western" -- but that's not the opinion of people in those countries pushing for basic freedoms.

For example, Chinese activists working on health, legal, and environmental issues have told me, "The government says that human rights are a western value, but don't believe them. Human rights are universal." That was one of the first things one particular activist, a doctor, told me just after he was released from prison for advocating for healthcare for sick people in rural China.

Many people have risked their lives on this proposition--for instance, the original signers of China's Charter 08: https://en.wikipedia.org/wiki/Charter_08

Lu Xiaobo, the Nobel Laureate, is in prison in China for signing Charter 08 (and he signed it knowing that it would likely trigger his imprisonment). Many other people also went to jail for signing Charter 08.

The point of Charter 08 --which is based on the Universal Declaration of Human Rights--is to say--"Despite what you have been told by the government--people in China demand and deserve their human rights. Even now."

Lots of awful people hate human rights and so do the secret police. Tor must be an organization that doesn't accommodate them, but instead finds ways to side with and support the people they would like to oppress.

--Kate

Virgil Griffith:

...

This looks very lovely. Thank you Alison for drafting it!

The only part that concerns me is explicitly defining "We advance human rights" as part of Tor's core mission.

The problem is that many people who need Tor the most live in countries

in

...

which Tor's active alignment with liberal human rights advocacy would substantially (certainly non-negligibly) increase the chance of Tor being banned.

Focusing on human rights gets you on the shit-list for most countries in both Southeast Asia and Africa. (Combined with China, this comprises

~44%

...

of the world population per Wolfram Alpha.) Presumably, privacy

naturally

...

dovetails with human rights, but by explicitly stating we are primarily focused on human rights, Tor is likely to be banned in many countries in which it is sorely needed.

For example, in Singapore they were discussing banning Tor but I was able to sway them to refrain because Tor is not just "human rights" (which the government does not care for), but is a privacy technology for many

things,

...

such as whistleblowing (which the government likes).

By pigeon-holing Tor into chiefly the human-rights category, it makes the argument to not ban Tor much more difficult. And Tor being banned is counter-conducive to human rights in these regions.

So here's the question:

** Would people support Tor Project aligning itself with explicit human rights advocacy even if that alignment is likely to obstruct the

most-needy

...

users' capacity to use Tor software? **

-V

On Fri, Jul 29, 2016 at 9:22 PM, Isabela isabela@riseup.net wrote:

...

I am with pikachu! +1

Thank you for the great work community team! Like Teor said, it does a good job describe what we value.

On 07/29/2016 04:09 AM, isis agora lovecruft wrote:

Alison transcribed 2.8K bytes:

If accepting: your florid prose about why you love it and think it's an astonishing work of art that reflects the diligence and care exercised by the authors is quite welcome. A show of hands (writing an email that says +1) is also fine. Questions are welcome.

                          ----------------------------
                          |                          |
                          |                          |
                          |              1111        |
                          |    ++       11111        |
                          |    ++      11 111        |
                          | ++++++++      111        |
                          | ++++++++      111        |
                          |    ++         111        |
                          |    ++      111111111     |
                          |                          |
                          |                          |
                          ============================

quu..__ | | $$$b `---.__ | | "$$b `--. | ___.---uuudP `$$b `.__.------.__ __.---' $$$$" . "$b -' `.-' $$$" .'| ". ' d$" _.' | `. / ..." .' | `./ ..::-' _.' | / .:::-'| .-' .' : ::''| | _.' | .' .-. .-. | | .' | : /'$$| .@"$\ | |. .' _.-' .'|$u$$| |$$,$$| | || < _.-' | `:$$:' :$$$$$: | |`. `. .-' : `"--' | | | `-. \ :##. == .###. | | `. `. `\ |##: :###: ,'| |` | > > |#' `..'`..' `###': | |/ x: / / \ , | |xXX| / ./ \ . | |XX'| / ./ /`-. : | | `. / / : `- ..........., ; | | | / .' | ``:::::::' .. | | |< `. | ``` | |_| x| \ `.:``. | .' /' xXX| `:`M`M':. | | xXXX'| -'MMMMM:' `. .' |-'MMMM.-' | | .'MMM.-' `'`' |MMM< | |MMMM\ \ :MM.-' \ | .'' . `. / / .:::::::.. : / | .:::::::::::`. / | .:::------------\ / / .'' >::' / `',: : .' '''''

Thank you for your feedback, and thank you to all of the Tor folks who worked on this, especially Lunar and Roger, who got it started.

Also +1.

---

tor-project mailing listtor-project@lists.torproject.orghttps://

lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

...

...

-- PM at TorProject.org gpg fingerprint = 8F2A F9B6 D4A1 4D03 FDF1 B298 3224 4994 1506 4C7B @isa

---

tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

N �n�r����)em�h�yhiם�w^��

---

tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

---

tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

Alison has a point about clients using bridges. Although imperfectly, yes, we can get clients through using bridges at some extra cost/bandwidth to the Tor network. For the sake or argument, let's assume we can get blocked users through at zero extra cost, 100% of the time.

Assuming this, I wish to modify my two claims. Pushing forward with making explicit human rights advocacy the center of their mission statement, it will also substantially increase the risk to Tor relay operators living in Southeast Asia. Because local operators are now involved, in no uncertain terms, in intentional, explicit, foreign political human rights advocacy.

So I wish to revise my two claims to:

/// Operator Version /// (1b) that reducing obstacles to *reducing risk to those operating Tor relays* is a more effective way to help people in these regions, and the network as a whole, than the moral support in a mission statement.

(2b) emphasizing human rights in the mission statement nonnegligibly increases the risk of tangible, concrete threats to those operating relays of immense service to the diversity and security of the Tor network, and I cited some examples of this.

Bluntly speaking, I claim that less tangible benefits gained from having human rights in the mission statement are outweighed by the increased risk to freedom-fighting operators. If adopted as-is, running a Tor relay within the local area would become a notably more precarious choice.

-V

Virgil Griffith:

The only part that concerns me is explicitly defining "We advance human rights" as part of Tor's core mission.

The problem is that many people who need Tor the most live in countries in which Tor's active alignment with liberal human rights advocacy would substantially (certainly non-negligibly) increase the chance of Tor being banned.

If we are going to think strategy, I suggest that we pause on a more pressing problem from my point of view. We really need to keep Tor legal in places where it has been embrassed or tolerated so far.

That means we need the general population and lawmakers of countries which signed the universal declaration of human rights to understand that you can't properly exercise articles 12 (privacy), 18 (freedom of thoughts), 19 (freedom of expression), 20 (freedom of association), 27 (knowledge sharing) in a digital world.

By reclaiming our narative on why we make Tor from the deep-dark-marina-abyssal web depicted by clickbait headlines, we give ourselves one more stand that should help us to keep doing what we do.

I see the writing on the wall.

I'll close that I think a pivot from Tor being an organization that is "foremost privacy" to a "foremost human rights" vastly increased the risk to run relays in PETS-needy regions. This is not a theoretical maybe. I've cited concrete, tangible evidence for this increase risk.

Bluntly, I think this pivot takes the 30% of the world population who constitute Tor's most needy users and operators, and throws them under the bus.

-V

On Sunday, 31 July 2016, Arthur D. Edelstein arthuredelstein@gmail.com wrote:

+1. Thank you to those who drafted this contract. I'm very happy that human rights are so prominently invoked.

On Thu, Jul 28, 2016 at 3:56 PM, Alison <macrina@riseup.net javascript:;> wrote:

...

Hello good people of tor-project@! I'm excited to present to you something that a number of us core members have been working on for some time now: the Tor Project Social Contract 1.0 [1]. Modeled after the Debian Social Contract [2], the Tor Project Social Contract is a set of promises to our community about what Tor stands for and why we create it.

I'm sharing it with all of you today so that we can work on ratification. I think that the best way to do this is as follows:

By 6 August at 00:00 UTC, please respond to me or to the list if you accept or object to this social contract so that we can ratify this through rough consensus [3].

If objecting: Please be specific about your objections so that we can discuss changes as needed. If you respond directly to me, I will assume that you don't want your name shared with the group, but please specify if you don't want your comments shared either. NB: THIS IS NOT AN INVITATION TO EDIT BY COMMITTEE. I'm interested in feedback like "this does not represent the Tor that I know" not "I'd like this sentence reworded". Please also be kind, because this was written by humans.

If accepting: your florid prose about why you love it and think it's an astonishing work of art that reflects the diligence and care exercised by the authors is quite welcome. A show of hands (writing an email that says +1) is also fine. Questions are welcome.

If this is successfully ratified, I will publish it on the Tor blog and in some other places: probably the "About Tor" section of the website and on the Community Team wiki. If you have great ideas for other places this should live, let me know!

Thank you for your feedback, and thank you to all of the Tor folks who worked on this, especially Lunar and Roger, who got it started.

Alison

[1]

https://storm.torproject.org/shared/UleWiALOvWDnWxEqPcAfr49tkHaM-h7PlSmoHlRb...

...

[2] https://www.debian.org/social_contract [3] https://en.wikipedia.org/wiki/Rough_consensus _______________________________________________ tor-project mailing list tor-project@lists.torproject.org javascript:; https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

---

tor-project mailing list tor-project@lists.torproject.org javascript:; https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

It's okay, I'm resigning over all connection with Tor over this.

There are three behaviors: * Living within an authoriarians state to locally improve lives. * Running a website that is a magnet for both lawsuits and law enforcement. * Engaging in activism that is explicitly prohibited by said authoritarian state of residence, and *regularly prosecutes accordingly*.

Many see themselves as brave for doing one of these. I'm willing to play more risky and will do any two. But doing all three all but guarantees a lengthy jail sentence, deportation, or both.

Nick Mathewson has commented on how few people from PETS-needy demographics are part of the Tor community. This policy will all but guarantee that to continue. Whereas privacy activism is considered at worst quirky, human-rights branding makes affiliation and interacting with Tor a substantial risk to the 1/3 of the non-white world who have the least.

This pivot is misguided, mission-damaging for global privacy, and will bring out the maximum panoply of forces against Tor and its important services. And frankly, it reaks of privilege to reap modest PR benefits in western jurisdictions at the expense of vastly increasing the risk to the most vulnerable.

If this goes forward as-is, Tor will gain traction in Asia when China becomes a democracy, or there's a return to the original privacy branding (with human rights being a frequent consequence of better privacy)---whichever comes first. It pains me immensely to see Tor cluelessly cause so much damage to global privacy while so self-righteously endangering the least empowered Tor users and operators.

Good luck, -Virgil

On Sunday, 31 July 2016, dawuud dawuud@riseup.net wrote:

Dear Alison and the other authors of Tor Project Social Contract 1.0,

Thanks for your hard work! +1 for the new social contract.

I find it VERY SUSPICIOUS that anyone would argue against human rights being specified especially if that person operates tor2web servers which allows them to be an intermediary for other people's communication. I think our commitment to human rights means that we should seek to eliminate these types of distributed systems that do not praise either the end to end principal or the principal of least authority. They create deep pockets of authority but instead we should seek to more widely distribute the authority among the many actors in the system.

No SPOFS (single points of failure) No admins!

David

On Sun, Jul 31, 2016 at 04:01:16PM +0800, Virgil Griffith wrote:

...

I see the writing on the wall.

I'll close that I think a pivot from Tor being an organization that is "foremost privacy" to a "foremost human rights" vastly increased the risk to run relays in PETS-needy regions. This is not a theoretical maybe. I've

cited

...

concrete, tangible evidence for this increase risk.

Bluntly, I think this pivot takes the 30% of the world population who constitute Tor's most needy users and operators, and throws them under

the

...

bus.

-V

On Mon, Aug 01, 2016 at 12:19:27AM +0800, Virgil Griffith wrote:

I want to be very clear. Under this branding, it gives authorities a pass to imprison someone for zer use of Tor software and/or running a relay (regardless of whether said use was related to human rights activism.) If said person is otherwise disliked, execution for things labeled as "human rights activism" is rarer these days, but it does still happen.

This is not branding. We're not trying to corner some market or increase our market share through the creation of this Social Contract. We are describing what the Tor community is/does/should be.

***This is not currently the case.*** But a branding akin to Human Rights Watch for Nerds makes the above scenario vastly more probable.

I yield this point to you. Indeed, currently Tor does not explicitly say it is a Human Rights community - but the Tor community doesn't explicitly officially say anything. These are the first formal documents the community is writing. Similarly, on the front page of torproject.org there is not a single mention of "human rights". This doesn't mean The Tor Project isn't a human rights organization. On the contrary, as it was already mentioned, it's in their mission statement. I know you do not have the naïveté needed for missing this and it seems we would all be naïve to believe regional authorities don't know this, too. The very fact tor is promoted and used as a censorship circumvention technology within the regions you described shows how our "Western" idea of freedom is already influencing these areas - and not only for whistleblowing.

I agree that there is some merit in the idea of forcing people to read between the lines when other people are risking their lives. Obscuring an idea or purpose does help in some instances (this is how censorship circumvention works, after all), however, by not labeling Tor as a tool that promotes human rights the Tor community is lying about what Tor does and why many of us volunteer our time, money, and energy in support of it.

It's disconcerting you feel that this puts you in danger. It's quite sad that Tor straddles such a fine line in this world, and it's amazing you've successfully run Tor relays without much incident in that region of the world. Thanks for being such a risk taker and standing up for human rights while it wasn't generally promoted as such.

As an aside, some of the submissions for the the "Report on encryption, anonymity, and the human rights framework" are interesting, too. http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx

I bet a Bitcoin that, within five years, someone will be executed in part due to this pivot. Any takers? I've lost bets before and I pay on time.

This is not a game and that bet makes me nauceous.

-V

On Sunday, 31 July 2016, Virgil Griffith i@virgil.gr wrote:

...

It's okay, I'm resigning over all connection with Tor over this.

There are three behaviors:

• Living within an authoriarians state to locally improve lives.
• Running a website that is a magnet for both lawsuits and law enforcement.
• Engaging in activism that is explicitly prohibited by said authoritarian

state of residence, and *regularly prosecutes accordingly*.

Many see themselves as brave for doing one of these. I'm willing to play more risky and will do any two. But doing all three all but guarantees a lengthy jail sentence, deportation, or both.

Nick Mathewson has commented on how few people from PETS-needy demographics are part of the Tor community. This policy will all but guarantee that to continue. Whereas privacy activism is considered at worst quirky, human-rights branding makes affiliation and interacting with Tor a substantial risk to the 1/3 of the non-white world who have the least.

This pivot is misguided, mission-damaging for global privacy, and will bring out the maximum panoply of forces against Tor and its important services. And frankly, it reaks of privilege to reap modest PR benefits in western jurisdictions at the expense of vastly increasing the risk to the most vulnerable.

If this goes forward as-is, Tor will gain traction in Asia when China becomes a democracy, or there's a return to the original privacy branding (with human rights being a frequent consequence of better privacy)---whichever comes first. It pains me immensely to see Tor cluelessly cause so much damage to global privacy while so self-righteously endangering the least empowered Tor users and operators.

Good luck, -Virgil

On Sunday, 31 July 2016, dawuud <dawuud@riseup.net javascript:_e(%7B%7D,'cvml','dawuud@riseup.net');> wrote:

...

Dear Alison and the other authors of Tor Project Social Contract 1.0,

Thanks for your hard work! +1 for the new social contract.

I find it VERY SUSPICIOUS that anyone would argue against human rights being specified especially if that person operates tor2web servers which allows them to be an intermediary for other people's communication. I think our commitment to human rights means that we should seek to eliminate these types of distributed systems that do not praise either the end to end principal or the principal of least authority. They create deep pockets of authority but instead we should seek to more widely distribute the authority among the many actors in the system.

No SPOFS (single points of failure) No admins!

David

On Sun, Jul 31, 2016 at 04:01:16PM +0800, Virgil Griffith wrote:

...

I see the writing on the wall.

I'll close that I think a pivot from Tor being an organization that is "foremost privacy" to a "foremost human rights" vastly increased the risk to run relays in PETS-needy regions. This is not a theoretical maybe. I've

cited

...

concrete, tangible evidence for this increase risk.

Bluntly, I think this pivot takes the 30% of the world population who constitute Tor's most needy users and operators, and throws them under

the

...

bus.

-V

---

tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

On Sun, Jul 31, 2016 at 7:30 PM, Matthew Finkel matthew.finkel@gmail.com wrote: [...]

Obscuring an idea or purpose does help in some instances (this is how censorship circumvention works, after all), however, by not labeling Tor as a tool that promotes human rights the Tor community is lying about what Tor does and why many of us volunteer our time, money, and energy in support of it.

+1, and I'd like to speak to this point a bit. The social contract document, as I understand it, is an expression of who we want to be as a community, and what we aspire to do.

The social contract document is *not*, as I understand it, a specification for our software; a description of who may run it; a synopsis of what it's good for; or a list of what goals and beliefs users and operators are all expected to share.

It would be a category error to read Rogaway's "The Moral Character of Cryptographic Work", and say "oh, that's what OCB does!" Similarly it would be foolish to read RMS's views, and conclude that emacs can't be used to write a software patent application -- or to read ESR's views on contemporary politics, and conclude that fetchmail is better for reading pro-gun email than reading anti-gun email.

And it's also a category error to treat the goals and ideals in this Tor-creating community's social contract as if they spread by a kind of magic contagion to everybody in the world who likes, uses, promotes, provides, downloads, uploads, modifies, inspects, discusses, or operates the software we make.

Sure, the Grand Inquisitors of the world will pretend to embrace this category error, and use our social contract as justification for declaring innocent people their enemies. But that's what grand inquisitors do! If it were not our social contract, they would find an excuse to persecute their targets based on our mission statement, a political cartoon, the cypherpunk manifesto, one of the Snowden leaks, a slashdot post, or some political statement some Tor developer made once [*].

We can't protect our users by pretending that we have no views or opinions that tyrants might disagree with. Would that really fool anyone? All we can do IMO is to be honest, to continue to broaden our userbase to, and do our best to encourage the understanding of who we are, who our users are, and the diversity of needs and values within our userbase.

[*] Never mind the fact that it would be logically impossible for a single person to agree with the political views of all Tor programmers.

dawuud:

Dear Alison and the other authors of Tor Project Social Contract 1.0,

Thanks for your hard work! +1 for the new social contract.

I find it VERY SUSPICIOUS that anyone would argue against human rights being specified especially if that person operates tor2web servers which allows them to be an intermediary for other people's communication. I think our commitment to human rights means that we should seek to eliminate these types of distributed systems that do not praise either the end to end principal or the principal of least authority. They create deep pockets of authority but instead we should seek to more widely distribute the authority among the many actors in the system.

No SPOFS (single points of failure) No admins!

David

Hi David, thanks for this message. I think the points you've raised above are *exactly* the kinds of things that social contract should make us discuss together. If the SC is who we are/what we want to be, what are the ways in which we are currently failing to meet those commitments? This is one of the ways I see this document being used.

Alison

Hi David,

I think this is a compelling idea and I love that you've given so many examples of research on human rights-focused design considerations. That said, one of the trickiest parts of the social contract was not overpromising or contradicting ourselves when it comes to design since sometimes we need to use or build tools that do not meet the requirements you outlined below -- tools for detecting bad relays came up in that previous conversation a bunch, just as one example. I think there could be a lot of value in a "design standards" document, but I think there should definitely be clarification in "things we use" vs "things we build" and also "things we need internally" vs "binaries we release to the public".

Alison

dawuud:

...

Hi David, thanks for this message. I think the points you've raised above are *exactly* the kinds of things that social contract should make us discuss together. If the SC is who we are/what we want to be, what are the ways in which we are currently failing to meet those commitments? This is one of the ways I see this document being used.

Alison

Hi Alison, Yes and I wonder if Tor project would want to publish a different kind of social contract specifiying software design principals and distributed system design considerations which are supportive of human rights and privacy. Surely the many years of experience gained from developing tor has resulted in these types of considerations for distributed systems.

here's an IRTF charter for an interesting research group, "Human Rights Protocol Considerations": https://datatracker.ietf.org/group/hrpc/charter/

In particular their charter states that: """ The research group takes as its starting point the problem statement that human-rights-enabling characteristics of the Internet might be degraded if they are not properly defined, described and sufficiently taken into account in protocol development. """

and

""" As evinced by RFC 1958, the Internet aims to be the global network of networks that provides unfettered connectivity to all users at all times and for any content. Open, secure and reliable connectivity is essential for rights such as freedom of expression and freedom of association. Since the Internet’s objective of connectivity makes it an enabler of human rights, its architectural design converges with the human rights framework. """

so far they've publish this document: https://www.ietf.org/id/draft-doria-hrpc-report-01.txt

Among many other things they mention the end to end principal, however i'm also inspired by the principal of least authority as described in Mark Miller's "The Structure of Authority": ( To me this paper reads like beautiful anarchist literature for software developers.. however I suspect some non-technologists will also appreciate it ) http://www.erights.org/talks/no-sep/ http://www.erights.org/talks/no-sep/secnotsep.pdf

Inspired by Tahoe-LAFS and the principal of least authority Dominic Tarr wrote a short paper about cryptographic handshakes which likens identity keys to cryptographic capabilities and discusses how not to leak them to passive network observers: https://github.com/dominictarr/secret-handshake-paper

And further I find "User Interaction Design for Secure Systems" by Ka-Ping Yee https://www2.eecs.berkeley.edu/Pubs/TechRpts/2002/CSD-02-1184.pdf

is also inspiring and relevant since Tor project is also involved and advocating for various tor friendly user facing applications such as Tor browser, ricochet etc. one of the principals it mentions is revocation:

""" Revocability. The interface should allow the user to easily revoke authorities that the user has granted wherever revocation is possible. """

For instance someone inspired by ricochet might design and implement a similar chat system with an identity onion revocation mechanism: perhaps Alice would be able to tell all her contacts except Bob of her new onion service thereby revoking Bob's access to her current onion.

No SPOFs No admins

sincerely,

David

---

tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

Hi Mike, I think that this is valid criticism. I'd really like it if we could at least clarify that we will always make most of our tools free of cost. I've added that line to your revision:

Mike Perry:

Here's an attempt to reword to capture my thinking:

3. Our tools are universally available to access, use, adapt, and distribute

The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use. We will always make most of our tools free of cost. We do not restrict access to our tools unless it is for the security of all users, and we design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute our tools.

I like it!

Alison

teor:

...

On 2 Aug 2016, at 10:51, Alison macrina@riseup.net wrote:

Hi Mike, I think that this is valid criticism. I'd really like it if we could at least clarify that we will always make most of our tools free of cost. I've added that line to your revision:

Can I suggest:

"We will make most of our tools free of cost."

I'm not sure if the "always" adds anything.

Tim

...

Mike Perry:

...

Here's an attempt to reword to capture my thinking:

3. Our tools are universally available to access, use, adapt, and distribute

The more diverse our users, the less simply being a user of Tor implies about any user, so we aim to create tools that anyone can access and use. We will always make most of our tools free of cost. We do not restrict access to our tools unless it is for the security of all users, and we design, build, and deploy our tools without collecting identifiable information about our users. We expect the code and research we publish to be improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute our tools.

---

tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

Tim Wilson-Brown (teor)

teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmmp: teor at torproject dot org

---

tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

...

3. Our tools are universally available to access, use, adapt, and distr=

ibute

Ok with the rewording here.

I would even mention "Free in the sense of Free Speech and Free Software's Four Freedoms -- which is where that list comes from.