[tor-project] "Capture the onion" + Tor village at next Defcon

Tom Ritter tom at ritter.vg
Tue Sep 5 18:25:06 UTC 2017


On 1 September 2017 at 17:09, Roger Dingledine <arma at mit.edu> wrote:
> tl;dr I would like to (A) design a "capture the onion" contest to get
> people trying to break the next-gen onion service protocol and code,
> and run the contest at the next Defcon; (B) craft a funding proposal to
> help us do A well; and (C) run a Tor village at the next Defcon too.

I'm so glad you wrote this email. I lamented the lack of Tor exposure
at Defcon this year, but didn't feel I was in a position to say
anything.

While I was briefly at Defcon this year, I wandered around the vendor
area  - which, if you've never been, is part vendors selling things
like lockpicks and various hacking hardware like wifi pineapples and
part charities and organizations like EFF, Calyx, ACLU. I had the
overwhelming thought "Tor should be here."

---------

I am completely sold on the idea of getting more representation at
Defcon. I am not sold on the idea of a Capture the Onion contest being
the best way to do it.  Firstly, contests are a lot of work. I'm
wondering how much attention and time developing and testing and
reviewing it will detract from other efforts.

Secondly, while I think we could be creative in finding ways to hide
flags in a contest network, I think the number of flags that we would
be able to hide that are 'Tor-specific' would be dwarfed by the number
that are more general application-security or crypto-specific.  Maybe
the answer to this concern is just to brainstorm ideas for a few weeks
and see what we come up with though.

Thirdly - right now, the techniques used to perform attacks on .onions
are public, but the code is not (AFAIK.) If we run this contest, we
should expect this code to be published and expect to see an increase
in the amount of relays we have to detect and block. The lack of
public code is Security through Obscurity - obscurity doesn't provide
protection, but it does reduce the amount of attackers you have to
deal with. And we have to do manual work to counter each attacker.
This isn't a terribly strong point (maybe by next summer a whole suite
of attack tools on .onions will be published and it doesn't matter if
two more are floating around) - but I wanted to mention it. Especially
if we intend to keep the old-style onions limping along for multiple
years. (Alternately this would accelerate their obsolete.)

Fourthly, I am also worried about the maintenance of the contest
infrastructure. If we can't keep it up and running, and debug
problems, the contest will flop.

Finally, I'm worried about participation. Some people will play in the
contest, but the number of people who we reach with the contest will
be two or three order of magnitudes smaller than the number we reach
through efforts like a vendor table or the village. (And I think we
should direct our efforts appropriately.)

I like Part B2 - if the goal of the contest is to give a focus on
getting the new .onion code reviewed, I think it would be more
effective to do a Pwnium style contest/prize. Pwnium was Google's old
contest (which ran for months) giving enhanced payouts on certain
targets.

If the goal is to get more Tor mindshare at Defcon, I think a contest
would do that, but I'm not certain it hits the right balance of return
on investment.

---------

I love the idea of a village, especially an evening village (I'm
imaging something like 5 to 10 or 11.) I think we should definitely
make it more than a just 'hang out with Tor' space. I think we can
come up with a lot of things we could do here; and we should aim to
have both 'active' and 'passive' experiences.

Active would be something like "At 6PM we're going to do an hour long
(45min+questions) deep technical walkthrough of how the new .onion
design works". Passive would be something like "We have sketchbooks
and colored pencils. Are you artistic? Sketch some Tor/onion artwork
and we'll share it on our blog!"

---------

I am not sure if a Village satisfies the same purpose as a vendor
table though. Nearly everyone at Defcon will walk through the vendor
area once. Not everyone will go to Defcon in the evening or go to a
village they aren't directly interested in. I think we should have
both (and our own table, separate from Calyx/EFF), but I recognize it
means we would effectively need twice as many people at the conference
to staff the table and the village (since we couldn't expect the same
people to commit to doing both.)

I think we should bring a pile (a very large pile) of T-shirts to
sell, as well as other things (which we can brainstorm.) Free
pamphlets on how to use Tor (which I think we have) and ones on how to
run a relay (which we can make.) I'm also imagining a special
brand-new sticker design we can give out to relay operators who stop
by.

---------

I am completely psyched about this. I have a bunch of ideas I didn't
put in this email (and more details/ideas about what I did mention). I
am totally volunteering to do a lot of brainstorming, planning, and
logistics works. I am _hopeful_ I will be able to attend next year and
help staff everything.

-tom


More information about the tor-project mailing list