WEBVTT
00:00:01.973 --> 00:00:03.173
Thank you very much, everybody.
00:00:04.813 --> 00:00:06.983
I appreciate the invitation. I love seeing everybody here.
00:00:11.513 --> 00:00:14.298
Thank you all for having—for your attention
00:00:14.398 --> 00:00:16.853
and giving me an opportunity to talk to you about this.
00:00:17.350 --> 00:00:21.066
I am going to quickly copy and paste this link,
00:00:22.103 --> 00:00:24.483
just in case you want to click on any of the links or follow any of the references.
00:00:24.583 --> 00:00:27.833
These are just the same talk visuals that I'm going to show you.
00:00:31.973 --> 00:00:38.213
So the title of the talk today is "Against the 'arms race'", "arms race" in quotation marks.
00:00:38.453 --> 00:00:40.733
"Against the so-called arms race", if you like.
00:00:42.023 --> 00:00:46.876
And I meant this talk, at least the title, to be a little bit provocative and challenging
00:00:46.976 --> 00:00:53.313
because I think keynotes should be, but I think you'll see that this is ultimately going to be very constructive.
00:00:53.446 --> 00:00:56.498
And what I'm trying to do is maybe provoke some different ways of thinking
00:00:56.664 --> 00:00:59.948
about how we think about censorship and censorship resistance.
00:01:00.048 --> 00:01:02.663
It's mainly that topic area that I'm going to be working in here.
00:01:07.253 --> 00:01:08.843
So the core of this
00:01:12.053 --> 00:01:19.804
is that censorship and circumvention are often described as an "arms race" or a "cat-and-mouse game".
00:01:20.019 --> 00:01:21.745
These are very frequently used phrases.
00:01:22.292 --> 00:01:27.020
And this talk is kind of an attempt to get to the bottom of why
00:01:27.318 --> 00:01:30.055
I wince slightly when I hear those terms.
00:01:30.155 --> 00:01:33.803
Why I don't love those terms as a characterization of the kind of work we do.
00:01:36.773 --> 00:01:39.413
Let me define what I understand by these terms.
00:01:40.403 --> 00:01:44.487
So by an arms race, what I think of is, there's two competing parties and they're
00:01:44.587 --> 00:01:47.937
working against each other and one of the makes an advancement and then
00:01:48.037 --> 00:01:52.067
another one makes a counter advancement and they keep on going on, one-upping each other.
00:01:52.349 --> 00:01:55.583
And it builds on to infinity. There's no ceiling in an arms race.
00:01:57.473 --> 00:02:00.858
A cat-and-mouse game is kind of similar, in that there's no fixed resolution,
00:02:00.958 --> 00:02:05.255
there's no permanent advantage for either side, but this doesn't have the same notion of escalation.
00:02:05.355 --> 00:02:10.693
It's more like hide-and-seek. One party, usually the weaker party, the mouse, makes a move,
00:02:10.793 --> 00:02:14.113
and then the stronger party reacts to it, and then a mouse makes a move,
00:02:14.213 --> 00:02:16.283
and the stronger party reacts, and they just kind of go in circles,
00:02:16.383 --> 00:02:18.293
and they kind of stay on the same level.
00:02:20.543 --> 00:02:24.653
I don't think precise definitions of these terms are necessary
00:02:25.673 --> 00:02:27.113
for what I'm going to be talking about today.
00:02:28.313 --> 00:02:30.617
Perhaps it would be better if we had a better common understanding
00:02:30.717 --> 00:02:32.641
of what we actually mean when we say these terms.
00:02:33.023 --> 00:02:37.568
And maybe you understand these terms differently, and maybe you'll disagree with my thesis in this talk
00:02:37.668 --> 00:02:41.123
for that reason and that's totally fair. And I'd like to talk to you about that, if that's the case.
00:02:41.753 --> 00:02:43.703
But anyway, that's what I understand by these terms.
00:02:47.663 --> 00:02:51.916
Let's look at some of the examples. I claim that these are commonly used terms .
00:02:52.016 --> 00:02:54.323
And so what I did as they went to CensorBib
00:02:54.570 --> 00:02:57.921
and I looked at the last few years of PDFs,
00:02:58.021 --> 00:03:02.168
and I just did a Ctrl-F for "arms" and I did a Ctrl-F for "mouse"
00:03:02.268 --> 00:03:04.763
to see how many, to see how often this was, to see if it's
00:03:04.863 --> 00:03:06.978
actually as much as my impression was.
00:03:07.360 --> 00:03:11.075
And to be honest, it's not quite as high a fraction as I would have thought.
00:03:11.391 --> 00:03:16.943
For the years 2024 and 2023, it's about 22% of papers that are on CensorBib
00:03:17.753 --> 00:03:21.923
use the phrase—describe censorship as an arms race or as a cat-and-mouse game.
00:03:23.453 --> 00:03:30.085
And I'm not counting in that, one paper that used the term "arms race" but I think used it correctly and appropriately.
00:03:30.566 --> 00:03:33.884
That one, I want to use that example. We'll come back to that later.
00:03:34.132 --> 00:03:38.363
I'll show you how that paper used the phrase "arms race". But I'm not counting that in the 22%.
00:03:39.833 --> 00:03:41.183
Let's look at a few of the examples.
00:03:41.993 --> 00:03:45.694
We have here: "The arms race between Internet freedom advocates and censors."
00:03:46.059 --> 00:03:50.604
We have, "This has led to an ongoing arms race between adversaries and free speech activists."
00:03:50.754 --> 00:03:53.623
"The ongoing arms race between the GFW and Tor."
00:03:54.021 --> 00:03:59.678
"Since circumvention is an arms race between covert communications systems and nation-state adversaries."
00:04:00.209 --> 00:04:04.793
"A promising way forward in the cat-and-mouse game between censors and censorship resistors."
00:04:08.243 --> 00:04:13.462
Now, I don't mean this to be a criticism of the papers that I drew these examples from.
00:04:13.562 --> 00:04:17.743
Because I think this is very natural understandable why a phrase like this would
00:04:17.843 --> 00:04:20.963
be so commonly used and why it would be so, why would recur so often.
00:04:21.653 --> 00:04:25.693
It's natural to look at the writing style of other authors,
00:04:25.793 --> 00:04:29.693
to look at some common practices in the field, and sort of pick up on these habits.
00:04:30.563 --> 00:04:34.763
But I also think it's good for us to take a step back once in a while and reexamine these assumptions that we bring.
00:04:35.723 --> 00:04:39.043
You'll notice that the way these examples are phrased—and quite often, this is the very
00:04:39.143 --> 00:04:43.685
first sentence in the paper—the way these are phrased, it presupposes the truth of the claim.
00:04:43.785 --> 00:04:48.173
It presupposes that there is indeed an arms race, and that censorship circumvention is an arms race.
00:04:51.863 --> 00:04:54.949
It's good to critically examine, once in a while, do we really believe
00:04:55.098 --> 00:04:58.980
these statements that we constantly recite? What justifies them?
00:05:05.603 --> 00:05:09.795
So, my central problem when I hear these phrases, why think they're not entirely appropriate,
00:05:09.895 --> 00:05:13.909
it's not that they are incorrect. Because there is a strong basis of truth
00:05:14.240 --> 00:05:17.724
to calling, to characterizing the field as an arms race.
00:05:17.824 --> 00:05:21.443
There is a strong kernel of truth to calling it a cat-and-mouse game.
00:05:22.493 --> 00:05:25.918
It's not for nothing that these terms emerged. But I think they're overly simplistic.
00:05:26.018 --> 00:05:28.373
They don't tell the whole truth. They're just incomplete.
00:05:28.655 --> 00:05:33.565
And I think it's a mistake to use this as a characterization of the whole field and all the kinds of research we can do.
00:05:33.997 --> 00:05:37.480
So while there are arms-race aspects to some things that we do,
00:05:37.580 --> 00:05:41.543
I don't think that's the whole story, and if we only think in those terms, it's somewhat limiting.
00:05:42.203 --> 00:05:46.985
So it limits us, researchers and developers and practitioners,
00:05:47.184 --> 00:05:50.352
in the way that we model problems and the way we approach problems.
00:05:50.452 --> 00:05:54.615
and it also limits our external communication, which affects the way that people outside the field
00:05:54.715 --> 00:05:59.333
understand the work that we do. The way they understand Internet censorship.
00:06:01.883 --> 00:06:07.105
Now, I want to make a disclaimer that I'm really not trying to put a taboo on these terms.
00:06:07.205 --> 00:06:10.913
I have this premonition of somewhere in some writing room somewhere
00:06:11.723 --> 00:06:13.376
one colleague is going to say to another,
00:06:13.476 --> 00:06:16.283
"Oh, David said we can't write 'arms race'; anymore. Better not put that in there."
00:06:17.423 --> 00:06:25.133
That would be the kind of reflexive and uncritical thinking that is exactly the opposite of what I want to encourage.
00:06:26.993 --> 00:06:29.665
Most of all, what I want is for you to speak your own truth.
00:06:29.765 --> 00:06:36.267
I want you to critically examine your own beliefs and come to a conclusion, and represent that honestly and faithfully.
00:06:36.616 --> 00:06:39.054
That's number one. I think that's the most important thing.
00:06:39.253 --> 00:06:42.604
So if you disagree with my thesis, and you say, no, I've examined the evidence,
00:06:42.704 --> 00:06:45.374
and I really do think that censorship circumvention is an arms race, then
00:06:45.557 --> 00:06:48.923
please, by all means, describe it that way with my blessing.
00:06:49.793 --> 00:06:54.113
I think that really representing yourself faithfully is the most important thing.
00:06:55.823 --> 00:07:01.103
But furthermore, I also believe that there are aspects of censorship and circumvention that are accurately characterized
00:07:01.343 --> 00:07:05.013
as being an arms race or a cat-and-mouse game, and when you're talking about those aspects,
00:07:05.113 --> 00:07:11.749
it's entirely permissible and advisable to use those terms, because they're accurate descriptions.
00:07:11.948 --> 00:07:14.104
If you're using the terms, and you've thought about them, and you say
00:07:14.204 --> 00:07:16.643
they really apply, go ahead and use those terms.
00:07:18.113 --> 00:07:22.013
I say, let's try and reserve those terms for the places where they fit, and otherwise
00:07:22.113 --> 00:07:26.543
give ourselves some latitude to think about things more broadly. And perhaps describe them more precisely.
00:07:29.423 --> 00:07:32.623
and if you're someone who's been reading a bunch of censorship papers and you see this phrase
00:07:32.723 --> 00:07:35.503
repeated over and order, "arms race", "arms race", "arms race",
00:07:35.768 --> 00:07:38.543
and you thought to yourself, "I don't quite buy it",
00:07:39.473 --> 00:07:41.213
let this be a little bit of validation for you.
00:07:41.723 --> 00:07:45.240
Feel free to seek out your own interpretation and your own understanding.
00:07:45.787 --> 00:07:51.263
I remember, I think it was in 2014, I was watching the PETS presentation for the CloudTransport paper,
00:07:51.593 --> 00:07:56.702
Brubaker et al., and they used the word, almost in passing, but they used the word "entanglement".
00:07:58.043 --> 00:08:00.799
And for me, that was kind of a magical enlightening moment.
00:08:01.114 --> 00:08:06.193
It struck a new way of thinking in me, or it vibed really well with thoughts I had already been thinking,
00:08:06.293 --> 00:08:09.823
or something, but that really stuck with me and it was an important moment for me.
00:08:10.337 --> 00:08:13.877
And I'm hoping ideally to be able to strike a similar moment of satori
00:08:13.977 --> 00:08:19.643
in someone of you in the audience today by presenting an alternative point of view
00:08:23.603 --> 00:08:25.823
All right. I want to take a brief literary interlude here.
00:08:26.843 --> 00:08:28.943
And you'll understand in a moment where this is coming from.
00:08:31.703 --> 00:08:36.762
The American writer and poet Edgar Allan Poe was a fan of cryptography.
00:08:37.193 --> 00:08:41.843
The kind of thing that we would today call "classical cartography", substitution ciphers and things like that.
00:08:43.793 --> 00:08:49.136
And he had a short story called "The Gold-Bug", and a ciphertext actually plays a part in the story.
00:08:49.352 --> 00:08:52.463
They find this parchment where these symbols are written, and one of the characters deciphers it.
00:08:52.563 --> 00:08:56.723
It turns out to be a map to buried treasure and they go and they dig up the treasure.
00:08:58.223 --> 00:09:01.279
Another character asks the one who deciphered and said, "How are you able to do that?"
00:09:01.810 --> 00:09:08.713
and the character responds, well, there's a procedure you can follow and it leads you decrypt ciphers,
00:09:08.813 --> 00:09:13.123
and I've never seen a cipher that I can't crack, so I think it's impossible for
00:09:13.223 --> 00:09:17.723
any human being to create a ciphertext that another human being cannot decipher.
00:09:19.133 --> 00:09:22.823
And we know, in fact, that this was Poe's own opinion, he was putting his own words into the
00:09:22.923 --> 00:09:27.355
mouth of the character, because Poe himself wrote, in another, nonfiction venue,
00:09:27.952 --> 00:09:33.803
"It may be roundly asserted that human ingenuity cannot concoct a cipher which human ingenuity cannot resolve."
00:09:36.023 --> 00:09:42.593
So Poe saw this, he saw cryptography of his era, he saw it as a cat-and-mouse game or an arms race.
00:09:43.193 --> 00:09:47.210
Someone would create a cipher, someone would break it. First person would make the cipher a little bit cleverer,
00:09:47.310 --> 00:09:50.528
the second person would think a little harder, and then they would break the cipher.
00:09:50.744 --> 00:09:55.343
But there will be no fixed endpoint no decided long-lasting advantage.
00:09:58.618 --> 00:10:03.351
We know now that Poe was just wrong about this. With the advent of
00:10:03.451 --> 00:10:06.538
what we call "modern cryptography" in the 1970s and 1980s, we know,
00:10:08.578 --> 00:10:12.590
based on security proofs and reductions to computational complexity assumptions that we have,
00:10:12.855 --> 00:10:16.538
quite robust assumptions, that yes, you can create a ciphertext and
00:10:16.638 --> 00:10:18.928
no one will be able to decrypt it without knowing the key.
00:10:20.848 --> 00:10:23.986
But you can't blame Poe for sort of being a product of his era.
00:10:24.478 --> 00:10:28.664
He can only describe the things that he knew, that he saw, or he understood,
00:10:28.796 --> 00:10:30.388
and to him, this was a cat-and-mouse game.
00:10:33.328 --> 00:10:34.948
As I was preparing this talk,
00:10:37.918 --> 00:10:42.863
I thought that I was being really clever by looking up this Poe reference here about cryptography,
00:10:43.095 --> 00:10:47.790
but then I did a search and seems like, it turns out people have used this over and over and over as an example.
00:10:47.939 --> 00:10:52.318
Usually in the field of cryptography making a point about provable security.
00:10:52.484 --> 00:10:57.718
But here's one example. I want to quote this. this is from a recent textbook called The Joy of Cryptography.
00:10:59.008 --> 00:11:02.748
They cite the exact same line that I did and say: "Whenever someone would come up
00:11:02.848 --> 00:11:05.804
with an encryption method, someone else would inevitably find a way to break it,
00:11:05.904 --> 00:11:08.218
and the cat-and-mouse game would repeat again and again."
00:11:10.738 --> 00:11:13.733
Interesting to me that they use the exact same phrase that is commonly used
00:11:14.758 --> 00:11:16.648
to describe censorship and circumvention, "cat-and-mouse game".
00:11:21.808 --> 00:11:29.193
Now I think maybe something similar happened in the early days of censorship research.
00:11:29.392 --> 00:11:33.140
So you can't really blame Edgar Allan Poe because that's all he knew,
00:11:33.240 --> 00:11:36.425
all he saw was a sort of cat-and-mouse game with regard to cryptography,
00:11:36.525 --> 00:11:39.928
and in the early days of censorship something similar may have happened.
00:11:40.798 --> 00:11:44.128
So, I'm going to give you two examples of early forms of circumvention.
00:11:45.538 --> 00:11:47.218
One of them is mirror sites.
00:11:49.108 --> 00:11:53.062
The idea behind a mirror site is really simple. You get your website blocked, just copy everything,
00:11:53.162 --> 00:11:56.878
move it to a new server, a new domain name, a new IP address, and
00:11:56.978 --> 00:11:59.151
tell people to access the information there instead.
00:11:59.251 --> 00:12:02.038
The original site is blocked, but they can still access all the things they need to.
00:12:03.838 --> 00:12:08.821
Now, looking at that with the benefit of hindsight, with the benefit of more systematization
00:12:08.921 --> 00:12:11.458
like we have now, we think, well, there's a problem with that.
00:12:12.478 --> 00:12:14.998
How do you inform your readers of the mirror site
00:12:15.688 --> 00:12:18.492
without also informing the censor of the new mirror site?
00:12:18.940 --> 00:12:21.760
Right? This really truly is a cat-and-mouse game.
00:12:22.241 --> 00:12:26.056
You set up a new mirror site, people use it for a while, it gets discovered, it gets blocked.
00:12:26.156 --> 00:12:30.203
You set up another mirror site, people use it for a while, it gets discovered, it gets blocked.
00:12:30.485 --> 00:12:33.778
Nothing ever really advances. I think this is a quintessential cat-and-mouse game.
00:12:34.438 --> 00:12:38.563
And it would be natural, if you looked at this, to say, yes, censorship is a cat-and-mouse game.
00:12:40.288 --> 00:12:42.727
Another example is this document here.
00:12:42.827 --> 00:12:46.194
I think this is a pretty little-known document, and I like it a lot.
00:12:46.294 --> 00:12:49.992
It's really interesting. This is this just a page on the Tor bug tracker wiki.
00:12:50.142 --> 00:12:53.398
Really old, more than ten years old, written by Nick Mathewson.
00:12:54.268 --> 00:12:56.744
This is before even pluggable transports existed.
00:12:57.175 --> 00:13:00.868
This is around the same era that Tariq and I first met.
00:13:02.518 --> 00:13:06.118
This document is really short. But it's about the kinds of things that Tor did
00:13:07.048 --> 00:13:10.246
to help resist blocking in the time before pluggable transports.
00:13:10.346 --> 00:13:14.443
So this is when they were in the mode of changing the way that they use TLS
00:13:15.322 --> 00:13:21.358
in order to avoid getting blocked. This was at the very beginning of the introduction of bridges versus relays.
00:13:22.558 --> 00:13:27.382
And they admit themselves, in this document, "please don't judge our missteps too harshly".
00:13:27.482 --> 00:13:30.931
Right? They realized that a lot of this, in hindsight, was a mistake, and
00:13:31.708 --> 00:13:34.678
the would have liked, they would have liked things to have evolved differently.
00:13:35.458 --> 00:13:40.108
But here's an example of the kinds of things Tor did, in those early days, to try and evade censorship.
00:13:41.098 --> 00:13:44.788
One, "we had an unusual cipher list, we had funny-looking certs, so we switched to an approach
00:13:44.888 --> 00:13:49.618
where we would begin by sending a list of ciphers hacked to match the list sent by Firefox."
00:13:50.788 --> 00:13:55.558
"We started generating bogus domain names and sticking them in the commonName part of the certificates."
00:13:56.758 --> 00:13:59.529
They got blocked based on some Diffie–Hellman parameters,
00:13:59.629 --> 00:14:04.252
so they changed those Diffie–Hellman parameters to one used by more common implementation.
00:14:04.590 --> 00:14:08.353
If you look at this, this really does look like an arms race. This is something that's escalating.
00:14:08.711 --> 00:14:14.086
There's a a more sensitive detection, and then so there's more capable evasion,
00:14:14.186 --> 00:14:15.899
and it is going on and on, and building and building.
00:14:16.200 --> 00:14:19.436
And in fact, this document, at the end, ends with, "we know we're in an arms race".
00:14:19.831 --> 00:14:22.616
This presupposes that this process will just go on forever.
00:14:22.917 --> 00:14:26.755
Once you take care of all the byte-oriented, protocol-oriented ones,
00:14:26.855 --> 00:14:31.108
you're still gonna have to worry about packet sizes, timings, segment boundaries, and things like that.
00:14:34.438 --> 00:14:37.800
Now, it's also natural, if you have looked and lived through this history, to think,
00:14:37.900 --> 00:14:42.538
well, this was an arms race, and all of censorship circumvention is going to be an arms race.
00:14:43.108 --> 00:14:48.093
And that's something that I, in my research, have tried to push back on.
00:14:48.337 --> 00:14:52.270
And I worry that if we just presuppose and think about things in these ways,
00:14:52.477 --> 00:14:56.372
it will change the way that we approach problems and become a self-fulfilling prophecy.
00:14:56.485 --> 00:14:58.678
If that's all we're looking for, that's all we're going to see.
00:15:03.928 --> 00:15:08.282
When I wrote my PhD thesis, I was really trying to make this point.
00:15:08.715 --> 00:15:12.685
And if there is a singular main point in my thesis, it is this: that I think
00:15:12.785 --> 00:15:17.722
there is more than a cat-and-mouse game, there is more than an arms race to censorship research.
00:15:17.822 --> 00:15:23.728
Kind of everything that I put into that thesis was meant to underpin that one key idea.
00:15:24.748 --> 00:15:29.519
I wrote: "I hope to change the perception that the censorship problem is a cat-and-mouse game
00:15:29.619 --> 00:15:32.788
that affords only incremental and temporary advancements."
00:15:34.678 --> 00:15:39.048
I also had a section here on reflecting on, again, how this situation might have arisen,
00:15:39.148 --> 00:15:44.028
this common perception and I think it might have something to do with the difficulty of
00:15:44.128 --> 00:15:49.888
actually evaluating a circumvention system in practice, because you can only really truly evaluate a system
00:15:50.971 --> 00:15:54.408
against a real censor. And to do that, you actually have to deploy it,
00:15:54.508 --> 00:15:58.438
and then see how the censor reacts. It's an expensive test. It's hard to do.
00:16:00.088 --> 00:16:04.071
"The true test arises only after the system has begun to scale and the censor to fight back.
00:16:04.504 --> 00:16:08.399
This phenomenon may have contributed to the unfortunate characterization
00:16:08.499 --> 00:16:12.388
of censorship and circumvention as a cat-and-mouse game: deploying a flawed circumvention system,
00:16:12.488 --> 00:16:17.581
watching it become more popular, and then get blocked, then starting over again with another similarly flawed system.
00:16:18.165 --> 00:16:24.118
In my opinion, the cat-and-mouse game is not inevitable, but is a consequence of inadequate understanding of censors.
00:16:26.518 --> 00:16:29.749
So as I say, this was kind of the main point that I was trying to make,
00:16:29.849 --> 00:16:32.638
and in retrospect I wish I had made it even more forcefully.
00:16:35.338 --> 00:16:37.528
Speaking of points I wish I had made more forcefully,
00:16:39.050 --> 00:16:41.553
why did I leave this as a comment in the source code?
00:16:42.098 --> 00:16:44.998
I meant to make this into text. Why'd I chicken out?
00:16:47.398 --> 00:16:48.448
But that's another story.
00:16:51.358 --> 00:16:55.245
I'm not the only one who had a little bit different opinion on this as well.
00:16:55.345 --> 00:17:00.595
So I was reading the thesis of our esteemed co-chair Cecylia Bocovich, and
00:17:01.065 --> 00:17:08.171
in her thesis she writes: "We can deploy"—"We can design and deploy usable Internet freedom tools
00:17:08.271 --> 00:17:12.354
that stand the test of time, despite open knowledge of their operation and use,
00:17:12.628 --> 00:17:16.946
and despite technological improvements that enhance the traffic analysis abilities of the censor."
00:17:17.717 --> 00:17:23.608
So what she's saying is that it is possible to gain ground in this arms race and not give it up.
00:17:24.778 --> 00:17:28.828
And therefore it's not truly an arms race. It is possible to gain some lasting advantage.
00:17:29.158 --> 00:17:33.928
Maybe not everything that you do will have that property, but it is possible to do that with some things.
00:17:35.291 --> 00:17:41.482
Not only will they stand the test of time, it's written here, but they're resistant even to
00:17:41.689 --> 00:17:47.668
technological advancement. They're resistant even to the steps that the adversary might make in response.
00:17:54.898 --> 00:18:00.748
Okay, so one of the reasons that the arms race idea makes me uncomfortable
00:18:01.738 --> 00:18:05.453
is that to me it's a little too close to the claim that we can do
00:18:05.886 --> 00:18:11.458
no better than security by obscurity in circumvention.
00:18:12.238 --> 00:18:16.408
And to me, those are almost kind of synonymous terms, arms race and security by obscurity.
00:18:20.488 --> 00:18:23.358
If you'll indulge me for a moment here, I realize that I'll be preaching to the choir
00:18:23.458 --> 00:18:26.978
for people with security training in the room. But I know that's not everybody.
00:18:27.078 --> 00:18:34.072
I want to give some background on kind of the way that security people think about modeling things and evaluating things.
00:18:34.448 --> 00:18:38.588
There's two important principles that everyone knows. There's Kerckhoff's principle.
00:18:38.889 --> 00:18:44.158
He's talking about encryption algorithms, ciphers. He says "the cipher should not require secrecy".
00:18:46.798 --> 00:18:49.258
And what that means is that the cipher algorithm itself
00:18:50.278 --> 00:18:52.948
should not have to be secret in order for the system to be secure.
00:18:53.848 --> 00:18:58.588
The only thing that should have to be secret is the key. But the actual operation,
00:18:58.688 --> 00:19:02.988
the algorithm, the way you manipulate the numbers, that should not be required to be secret.
00:19:04.438 --> 00:19:09.238
In other words, you shouldn't have to rely on obscurity for your security.
00:19:10.888 --> 00:19:14.278
Related to that is Shannon's maxim: "The enemy knows the system being used".
00:19:16.318 --> 00:19:19.926
Again talking about encryption algorithms. And here he's saying that
00:19:20.547 --> 00:19:25.364
you give the enemy, the adversary, the benefit of knowing which encryption algorithm you're using.
00:19:25.464 --> 00:19:29.598
They don't have to guess. They don't have to guess which have many encryption algorithms you may be using.
00:19:29.843 --> 00:19:32.968
That part isn't secret. Again, the key is the only part that's secret.
00:19:35.368 --> 00:19:40.530
Now, why do we make these assumptions? why are these like universal and ubiquitous
00:19:40.630 --> 00:19:43.823
among people who are trained to think about security?
00:19:43.923 --> 00:19:46.888
These are pessimistic assumptions. These are worst-case assumptions.
00:19:47.518 --> 00:19:50.578
It may be that the enemy in fact does not know the system!
00:19:52.318 --> 00:19:54.905
Why don't we try to model that and take advantage of that?
00:19:55.005 --> 00:19:58.179
That can only be helpful to our side, if we have a little bit of obscurity.
00:19:58.706 --> 00:20:03.658
Why do security-trained people almost instinctively turn away from modeling things that way
00:20:04.213 --> 00:20:05.213
It's not for no reason.
00:20:07.926 --> 00:20:10.993
Well, one reason is it's kind of hard to model that kind of knowledge, you know,
00:20:11.093 --> 00:20:14.123
whether someone has guessed what algorithm you're using, or something like that.
00:20:15.713 --> 00:20:18.503
But moreover, I think it's a form of just mental discipline.
00:20:19.853 --> 00:20:25.983
It's a way of not giving ourselves what when it might otherwise be a convenient cushion to fall back on
00:20:26.083 --> 00:20:29.954
if we're not thinking rigorously about the core of the system we're designing.
00:20:30.054 --> 00:20:35.548
If we're not prepared to make strong claims about it, we might try and fall back on
00:20:36.083 --> 00:20:42.265
this sort of mental refuge of obscurity and that leads to fuzzy thinking and ultimately less secure systems.
00:20:42.434 --> 00:20:44.633
So we just don't permit ourselves to do that.
00:20:46.763 --> 00:20:50.933
It is true that sometimes obscurity is on your side. And sometimes it's to your advantage.
00:20:51.353 --> 00:20:54.401
Nothing wrong with that. It can help you.
00:20:54.834 --> 00:20:57.863
We just don't permit ourselves to rely on it.
00:21:00.473 --> 00:21:04.643
So, as a thought experiment, what if we did something similar with "arms race"?
00:21:05.933 --> 00:21:12.032
What if we took away "arms race" as this convenient mental fallback for the problems that we're modeling?
00:21:12.523 --> 00:21:19.313
What if we just prohibited ourselves from saying "the outcome of this might be an arms race".
00:21:19.853 --> 00:21:23.353
What if we just weren't allowed to consider the possibility? Even if in the back of our mind,
00:21:23.453 --> 00:21:26.891
we say, well, that actually could be a possibility, just as normally we would say,
00:21:26.991 --> 00:21:30.189
well, you might actually, you might have a little bit of it obscurity on your side.
00:21:30.716 --> 00:21:32.483
But what if we just ignored that possibility, and said
00:21:33.413 --> 00:21:36.593
"what if an arms race couldn't happen?" What outcomes could we achieve?
00:21:38.153 --> 00:21:41.803
I don't know, is that a sort of liberating thought? Would that helped spark different directions?
00:21:41.903 --> 00:21:46.766
Would it require you to think more rigorously about your own system? Maybe.
00:21:50.183 --> 00:21:56.287
There's this interesting idea of a "thought-terminating cliché" and what that is, is it's like
00:21:56.569 --> 00:22:02.423
a set phrase, or common phrase, that people use to resolve a discussion, you know,
00:22:03.413 --> 00:22:06.579
pr terminate a discussion. But it doesn't really resolve things.
00:22:06.899 --> 00:22:11.829
All it does is end the discussion and it saves the speaker from having to think about some idea
00:22:11.929 --> 00:22:15.563
that maybe they're uncomfortable with, or that maybe they haven't thought through all the way.
00:22:17.123 --> 00:22:24.548
And I think that "arms race" has become a little bit of a thought-terminating cliche in censorship circumvention.
00:22:25.073 --> 00:22:28.943
It's something that people will say, oh, it's an arms race, and then they don't have to think about it any further.
00:22:31.223 --> 00:22:35.123
When I was in grad school, I remember having a conversation with a colleague,
00:22:35.223 --> 00:22:38.547
and I was talking about some censorship and circumvention topic,
00:22:38.849 --> 00:22:43.816
and I was trying to communicate the nuance of, well, you know, the censor has got these resources and limitations,
00:22:43.916 --> 00:22:46.583
it's also got incentives which are hard to predict,
00:22:47.543 --> 00:22:54.713
the circumventor can take advantage of various things, like, you know, entanglement of different protocols ,
00:22:56.123 --> 00:22:59.490
and at the end the conversation, I remember my colleague said,
00:22:59.590 --> 00:23:01.913
"Well, at the end of the day, it's just Whac-A-Mole."
00:23:03.113 --> 00:23:06.323
I remember feeling kind of crestfallen at that because, gosh,
00:23:07.403 --> 00:23:11.173
that's sort of the opposite of what I wanted you to understand from our conversation.
00:23:11.273 --> 00:23:18.293
That it's not just Whac-A-Mole, it's more complicated to model than that. There is a lot more nuance than that.
00:23:21.293 --> 00:23:24.515
And by the way, if you don't know what Whac-A-Mole is, I realize that
00:23:24.615 --> 00:23:27.983
may not be a universal piece of knowledge, Whac-A-Mole is this game.
00:23:34.193 --> 00:23:35.993
This little kid is really bad at Whac-A-Mole.
00:23:38.543 --> 00:23:41.782
But you can see why this game would be used as a metaphor for all sorts of like,
00:23:41.882 --> 00:23:45.803
never-ending and futile situations, kind of like the cat-and-mouse game.
00:23:47.843 --> 00:23:52.403
If you want a picture of the future, just imagine a rubber mallet smashing a mechanical mole, forever.
00:23:55.883 --> 00:23:59.423
You see this kind of thinking also, sometimes, in lay attitudes to security.
00:24:00.002 --> 00:24:03.727
People who don't really know security very well will say things like,
00:24:03.953 --> 00:24:10.463
"Well, if they want to hack me bad enough, they're going to hack me anyway—therefore I'm okay to reuse passwords".
00:24:11.423 --> 00:24:15.353
And it's like, you know, there is a germ of truth in what you're saying,
00:24:15.683 --> 00:24:18.818
but I fear it has led you to an incorrect conclusion.
00:24:19.232 --> 00:24:21.713
And I think "arms race" does that for us a little bit.
00:24:25.343 --> 00:24:27.233
All right, while we're doing thought experiments, here's another one.
00:24:29.513 --> 00:24:32.002
Even suppose we are in an arms race,
00:24:32.102 --> 00:24:34.463
even suppose a cat-and-mouse game exists,
00:24:36.893 --> 00:24:39.503
do you see yourself as the cat or as the mouse?
00:24:43.013 --> 00:24:47.079
Now if you're anything like me, you think, oh, I'm the mouse, surely. Right?
00:24:47.211 --> 00:24:52.498
I'm the smart, wily, adaptable, intelligent one, but under-resourced,
00:24:52.598 --> 00:24:56.903
and then the censor is the large, relatively lumbering but more powerful competitor,
00:24:57.653 --> 00:25:02.734
and that's sort of, like, naturally how it fits. That seems pretty natural to me.
00:25:03.083 --> 00:25:08.573
And I think that's probably a pretty fair characterization of censorship in some places, where we're always
00:25:08.693 --> 00:25:13.647
kind of on the back foot, you know, reacting to a censor that's relatively more powerful.
00:25:15.413 --> 00:25:16.763
But it may not be the case everywhere.
00:25:17.873 --> 00:25:23.903
I think there are some censorship situations, some countries, where it's actually us calling the shots.
00:25:24.323 --> 00:25:30.293
We're the cat and the censor is the mouse. The censor makes some action, blocks some protocol,
00:25:30.533 --> 00:25:32.896
we're able to react and defeat their blocking.
00:25:33.329 --> 00:25:38.063
Censor does something else, does some blocking action. We're able to react and adapt and overcome it.
00:25:39.053 --> 00:25:43.253
And all of a sudden it's sort of like, us, who are the powerful ones in the exchange.
00:25:44.603 --> 00:25:47.516
So again, this is just a thought experiment, this is just a mental exercise, but
00:25:47.723 --> 00:25:50.658
give yourself the luxury of thinking of yourself as the powerful one
00:25:51.495 --> 00:25:53.843
in this sort of binary relationship once in a while.
00:25:59.483 --> 00:26:03.584
All right. So I have proposed that the arms race metaphor is overused,
00:26:03.739 --> 00:26:07.306
and that we should try and use alternative models when possible.
00:26:07.669 --> 00:26:10.665
So. If that's true, what are some of those alternative models?
00:26:10.831 --> 00:26:14.252
And what are some other ways to think about these things?
00:26:16.913 --> 00:26:19.193
I started this off with an example from cryptography,
00:26:21.443 --> 00:26:24.763
so you might think that I'm going to propose, oh, we should have some formal definitions,
00:26:24.863 --> 00:26:29.067
and we should have reductions and security proofs, and things, for circumvention.
00:26:29.212 --> 00:26:32.633
And, I'm not actually going to advocate for that. There are a few reasons.
00:26:33.533 --> 00:26:36.521
One is that I don't think that kind of thing is actually necessary.
00:26:36.621 --> 00:26:41.456
I don't think it's a prerequisite to accomplishing the good that we want to accomplish.
00:26:41.622 --> 00:26:44.063
To doing good in the world that we want to do.
00:26:46.013 --> 00:26:53.843
This is a really special and important field in that a lot of it is driven by people's own altruism.
00:26:54.893 --> 00:27:00.262
A lot of people are working on this, myself included, because they see some injustice in the world,
00:27:00.594 --> 00:27:04.253
and they're trying to do something to right it. They're trying to do something about it.
00:27:05.453 --> 00:27:08.243
That's really important and that's really beautiful to me.
00:27:08.933 --> 00:27:09.933
And I think that
00:27:11.663 --> 00:27:15.036
for that reason, it's not necessary for us to be excessively abstract.
00:27:15.136 --> 00:27:18.841
We are very strongly rooted in the real world, really strongly rooted in empiricism,
00:27:18.941 --> 00:27:24.413
even when we're designing abstract models, or designing for future adversaries that may not exist today.
00:27:26.273 --> 00:27:28.313
It's also just kind of hard to model
00:27:30.653 --> 00:27:33.623
censorship circumvention in the same way as modeling cryptography,
00:27:34.703 --> 00:27:40.643
because we're fundamentally dealing with trying to predict the behaviors of
00:27:41.483 --> 00:27:44.933
fundamentally irrational actors—governments, censors—right?
00:27:45.516 --> 00:27:46.615
And that's kind of tricky.
00:27:47.009 --> 00:27:49.684
Now I don't want to discourage anyone from
00:27:50.753 --> 00:27:54.795
doing research into this idea of actually formally modeling these.
00:27:54.895 --> 00:27:58.248
There are some research papers you'll find on CensorBib
00:27:58.348 --> 00:28:01.463
that do things in this direction, which I like a lot.
00:28:02.443 --> 00:28:03.443
I think that…
00:28:04.373 --> 00:28:08.243
I'm not gonna propose that as being necessary for all circumvention research, though.
00:28:09.341 --> 00:28:12.503
One thing I think we can do, that's a step in that direction,
00:28:13.523 --> 00:28:17.063
is to be explicit about the assumptions were making
00:28:18.053 --> 00:28:22.313
and, to the extent possible, make those assumptions falsifiable and testable.
00:28:23.393 --> 00:28:26.996
So for example, we may make a claim that, in order to block the system,
00:28:27.096 --> 00:28:29.603
a censor would have to do X, Y, and Z.
00:28:31.403 --> 00:28:35.993
And furthermore, we believe that a censor is unlikely to do X, Y, and Z, for the following reasons.
00:28:37.853 --> 00:28:41.417
And assuming like that actually gives us two hypotheses, two testable hypotheses.
00:28:41.517 --> 00:28:46.993
One is that, well, X, Y, and Z, that may be sufficient to block it, but is it also necessary?
00:28:47.093 --> 00:28:50.593
Is there some other way to block it, that isn't X, Y, and Z? Right?
00:28:50.693 --> 00:28:52.943
That's something you can test, that's something you can investigate.
00:28:54.773 --> 00:28:58.068
Also the claim that a censor will be unlikely to do X, Y, and Z,
00:28:58.586 --> 00:29:02.993
that's also a testable hypothesis. That's something that can be, to some extent, evaluated in reality.
00:29:04.133 --> 00:29:07.440
So I think it's good when we do that, and I think we should encourage ourselves to do that.
00:29:07.689 --> 00:29:12.727
Rather than trying to design against some sort of abstract, unknowable entity, instead
00:29:12.827 --> 00:29:19.373
what we can design is, against a hypothetical adversary, but with the hypotheses explicitly stated.
00:29:20.543 --> 00:29:23.136
I also think that we should try to be bold about making hypotheses
00:29:23.236 --> 00:29:25.448
even when that may turn out to be false in the long run,
00:29:25.548 --> 00:29:27.803
because I think that's a good way of making progress.
00:29:30.923 --> 00:29:34.789
Here's an example from the recent Lox paper on bridge distribution.
00:29:34.889 --> 00:29:37.613
It's a really good paper from PETS last year. You should read it.
00:29:40.103 --> 00:29:44.669
This is about bridge distribution, this about how you distribute a scarce resource
00:29:44.769 --> 00:29:49.614
like IP addresses of proxies to legitimate users without them being immediately discovered by censors.
00:29:49.714 --> 00:29:53.453
It's kind of like that mirror site situation I described earlier.
00:29:54.472 --> 00:29:55.472
They write:
00:29:56.303 --> 00:30:00.994
"This forces the censor to make a tradeoff between gaining trust in order to cause greater damage,
00:30:01.094 --> 00:30:03.953
and keeping bridges unblocked for longer periods of time."
00:30:05.803 --> 00:30:10.343
So this is great. I really love this. They say we're forcing a censor to make a tradeoff.
00:30:11.076 --> 00:30:14.601
On the one hand, you can discover bridges and block them right away.
00:30:14.897 --> 00:30:17.598
Just immediately grab that utility. But if you do that,
00:30:17.959 --> 00:30:22.843
it makes it harder for you learn about more bridges in the future, because
00:30:23.713 --> 00:30:27.583
Lox is based on trust levels. It's based on how long your bridges remain unblocked.
00:30:29.893 --> 00:30:33.273
On the other hand, a censor could learn about some bridges and and hold onto them,
00:30:33.373 --> 00:30:36.482
keep them unblocked for a long time, in order to learn about more bridges,
00:30:36.582 --> 00:30:38.053
in order to block them all later.
00:30:40.183 --> 00:30:44.533
Now, a censor may be able to find some optimum some equilibrium in the middle of those two extremes,
00:30:45.223 --> 00:30:47.353
and optimize for some metric of their own,
00:30:48.283 --> 00:30:52.471
but the point is that they're forced to make a tradeoff. The censor cannot have it all.
00:30:53.323 --> 00:30:56.593
It's more than just a simple arms race. It's more than a simple one-upsmanship.
00:30:59.143 --> 00:31:01.913
Similarly, in the upcoming Snowflake paper…
00:31:02.119 --> 00:31:08.503
Uh, Snowflake is a circumvention system based around WebRTC and browser proxies.
00:31:11.803 --> 00:31:16.835
"Snowflake is blockable by any censor that is willing to block WebRTC. We would not try to argue otherwise.
00:31:17.298 --> 00:31:22.559
Indeed, we believe the way that to present a circumvention system is not to argue for its absolute unblockability,
00:31:22.778 --> 00:31:26.689
actions by censor would be necessary to block it—or more to the point,
00:31:26.789 --> 00:31:30.303
what sacrifices a censor would have to make in order to block it.
00:31:31.183 --> 00:31:33.545
Advancing the state of the art of censorship circumvention
00:31:33.645 --> 00:31:36.283
consists in pushing blocking out of the reach of more and more censors.
00:31:39.733 --> 00:31:41.662
So here I think this is more than an arms race.
00:31:41.762 --> 00:31:45.583
If you're forcing a censor to make a fundamental sacrifice, to give up something
00:31:46.280 --> 00:31:49.983
in order to advance the arms race, well, then, it's not really an arms race anymore.
00:31:50.083 --> 00:31:55.130
It's no longer an infinite escalation. It may in fact someday reach some equilibrium, and
00:31:55.349 --> 00:31:58.123
maybe you get some ratio of blocked to unblocked traffic.
00:32:00.403 --> 00:32:02.443
But it's not something that's ever-escalating.
00:32:04.063 --> 00:32:06.386
And I think it's good to think about this in terms of sacrifices.
00:32:06.486 --> 00:32:11.233
And in fact, this may serve as a working definition of what is a cat-and-mouse game.
00:32:12.403 --> 00:32:15.789
Let's see what you think about this: when the sacrifices the censor have to make—
00:32:16.329 --> 00:32:21.133
when the sacrifices the censor has to make are trivial, then it's a cat-and-mouse game.
00:32:22.093 --> 00:32:24.755
But it they're not trivial—if the censor has to actually give something up, or
00:32:24.855 --> 00:32:27.433
make some difficult decision—well then, it's something else.
00:32:34.723 --> 00:32:38.223
All right. And I'll add here that this, "costs and tradeoffs", this is a kind of modeling that
00:32:38.323 --> 00:32:42.153
is pervasive in my own thinking and I think it may even
00:32:42.253 --> 00:32:45.620
be a bit of a mental blind spot for me, personally, that I'm waiting for someone
00:32:45.774 --> 00:32:49.093
to shake me out of, and raise me to a higher plane of enlightenment on,
00:32:49.193 --> 00:32:51.493
but anyway, if you haven't thought about things in these terms yet,
00:32:52.393 --> 00:32:55.033
I think that this is a productive way to think about things.
00:33:00.253 --> 00:33:05.957
I would also like to reiterate that doing research on the arms-race aspects of censorship
00:33:06.111 --> 00:33:08.893
still is a legitimate and worthy and noble activity.
00:33:09.643 --> 00:33:12.943
I have done some of it myself, and also I think the topic is just fascinating.
00:33:13.513 --> 00:33:16.814
The last thing I want to do with a talk like this is chill research
00:33:17.020 --> 00:33:20.583
into these aspects of circumvention, because I think they're really fascinating and interesting,
00:33:20.683 --> 00:33:22.603
and I think there's a lot of good work to be done there.
00:33:25.423 --> 00:33:28.159
I mentioned earlier in the talk that there was one paper I looked at in CensorBib
00:33:28.340 --> 00:33:31.337
that used "arms race" and I think used it appropriately.
00:33:31.813 --> 00:33:35.286
Here is that citation right here. It's from the very recent
00:33:35.389 --> 00:33:38.823
"On Precisely Detecting Censorship Circumvention in Real-World Networks".
00:33:38.923 --> 00:33:40.650
Another really good paper. You should read it.
00:33:42.283 --> 00:33:48.561
"We play out one iteration of this hypothetical arms race, and design a tweaked obfs protocol which we call obfs★."
00:33:49.933 --> 00:33:54.787
What it like out this is, it doesn't presuppose that everything about censorship and circumvention is an arms race,
00:33:55.019 --> 00:34:00.257
they're saying this specific, hypothetical but realistic model, that we're proposing is an arms race.
00:34:00.357 --> 00:34:02.814
(And I agree. I think that they characterize it correctly.)
00:34:03.174 --> 00:34:07.573
And what would happen if we were to deploy this in practice? What are the arms-race aspects
00:34:07.903 --> 00:34:10.095
if we were to deploy this protocol? And they worked that out.
00:34:10.313 --> 00:34:15.313
I think that's a good piece of modeling, and I think that's an absolutely appropriate use of the term "arms race".
00:34:18.013 --> 00:34:19.993
I myself, in that very same thesis
00:34:21.073 --> 00:34:24.313
where I made such a big deal about not wanting to do cat-and-mouse stuff,
00:34:24.917 --> 00:34:29.892
have a whole chapter that's basically on what is fundamentally a cat-and-mouse style of research.
00:34:30.882 --> 00:34:35.413
I was looking into how long it takes the Tor default bridges to be blocked.
00:34:35.513 --> 00:34:39.462
The default bridges are the bridges whose IP addresses are hard-coded in the source code.
00:34:40.080 --> 00:34:43.604
They're trivial to discover. It seems like they should all be blocked instantly.
00:34:43.874 --> 00:34:45.408
There's no difficulty at all to discover them.
00:34:45.508 --> 00:34:48.133
The cost—the sacrifice, if you like—is zero.
00:34:49.153 --> 00:34:53.683
I wrote: "Any reasonable threat model would assume that default bridges are immediately blocked.
00:34:54.463 --> 00:34:56.738
and yet in practice we find that they are often not blocked,
00:34:56.838 --> 00:34:59.169
even by censors that otherwise block Tor relays.
00:34:59.787 --> 00:35:04.663
We face a paradox: why is that censors do not take blocking steps that we find obvious?
00:35:05.683 --> 00:35:10.123
There must be some quality of censors' internal dynamics that we do not understand adequately."
00:35:11.623 --> 00:35:16.393
I think this is totally fascinating. And when you've identified an aspect that is an arms race,
00:35:17.083 --> 00:35:19.687
there's actually more to the story there's more to be learned about that.
00:35:19.787 --> 00:35:25.113
Because even in a simplistic arms race there is inertia, there is friction, there are limitations on the actions
00:35:25.213 --> 00:35:29.708
that both sides can take. There are perhaps some irrational explanation.
00:35:29.808 --> 00:35:32.773
There are human and bureaucratic factors that that go into all of it.
00:35:33.553 --> 00:35:35.923
So I think this is still a very worthy the topic of research.
00:35:42.463 --> 00:35:46.031
And also we should be mindful about the limitations of modeling, or perhaps
00:35:46.147 --> 00:35:50.143
the trains of thought that conventional models lead us into.
00:35:51.823 --> 00:35:54.853
Models are, of course, necessary for doing research, for doing science.
00:35:56.173 --> 00:35:58.813
"All models are wrong, some models are useful", that kind of thing.
00:35:59.833 --> 00:36:02.150
This is a model that I kind of constantly have in my mind.
00:36:02.355 --> 00:36:06.793
I call this the "border firewall model" where, you know, you have some censored clients,
00:36:06.893 --> 00:36:10.627
and they've got a ring of firewalls around them that interfere with their access to the outside world,
00:36:10.727 --> 00:36:12.775
and some destination on the outside.
00:36:14.503 --> 00:36:16.494
This is a good model. It's pretty succinct.
00:36:16.596 --> 00:36:21.073
It captures a lot of aspects of censorship and circumvention. But it doesn't capture everything.
00:36:23.983 --> 00:36:28.417
For example, things can change based on your assumptions about what is cooperating with you.
00:36:28.517 --> 00:36:31.303
What is cooperating with the client, and perhaps the destination?
00:36:32.563 --> 00:36:36.277
When you think that, well maybe these router nodes, maybe these links here,
00:36:36.377 --> 00:36:39.163
maybe they're cooperating with us. Maybe they're willing to help in circumvention.
00:36:40.183 --> 00:36:44.503
When you start thinking in that direction, then you make breakthroughs like refraction networking. Right?
00:36:47.623 --> 00:36:52.243
And we should always remember that all these things are more than just links in an abstract graph, right?
00:36:52.343 --> 00:36:57.669
These are these are cables, these are firewalls, this is hardware that sits on racks in buildings.
00:36:57.926 --> 00:37:04.126
And the people who make these—people who design and build and maintain censorship systems,
00:37:04.705 --> 00:37:08.590
they're beings of flesh and blood just like you and me. People perhaps with consciences,
00:37:08.719 --> 00:37:12.403
perhaps caught up in a situation that's not of their own choosing.
00:37:14.413 --> 00:37:17.443
Some of these systems of oppression may have weaknesses
00:37:17.852 --> 00:37:21.556
that are not captured by a model like this. You know?
00:37:22.405 --> 00:37:25.753
There are other forms of activism other than the purely technical.
00:37:26.713 --> 00:37:29.648
So we do have to make models in order to make progress in science.
00:37:30.239 --> 00:37:33.507
Models are a productive activity. But again let's also step—
00:37:33.607 --> 00:37:36.941
Models are also a form of making assumptions, and it's good
00:37:37.041 --> 00:37:40.607
for us to step back once in a while and reexamine those assumptions.
00:37:41.563 --> 00:37:44.749
There's a quotation from the Hyphae paper that I like a lot.
00:37:44.849 --> 00:37:46.873
This is another paper on bridge distribution.
00:37:48.703 --> 00:37:54.037
"Censors are more capable, more determined, and have more resources and more human hours than any legitimate user.
00:37:54.500 --> 00:37:58.243
They can solve CAPTCHAs, purchase scarce resources, or solve proofs-of-work.
00:37:59.143 --> 00:38:01.153
But legitimate users have friends."
00:38:02.863 --> 00:38:06.505
This is really beautiful, and it's the kind of thing you would not immediately appreciate
00:38:06.605 --> 00:38:09.493
if all you're thinking of is dots on a diagram.
00:38:18.253 --> 00:38:23.913
As a final note, I want to express my gratitude for everybody who is in this community.
00:38:24.013 --> 00:38:28.723
and especially for making it such a positive and welcoming community.
00:38:31.020 --> 00:38:36.823
It's so full of good will, cooperation, collaboration, and to me it's sort of a…
00:38:37.843 --> 00:38:40.693
It's like a minor miracle that this exists.
00:38:41.263 --> 00:38:47.012
it would be so easy for this sort of human association to just sort of crumble.
00:38:47.112 --> 00:38:50.791
It's a beautiful thing, and perhaps fragile, and I just want you all to know that
00:38:51.229 --> 00:38:54.020
I appreciate your work. I'm glad to have you as friends and colleagues.
00:38:54.341 --> 00:38:57.193
I'm proud to know you, and I think you are doing important work.
00:38:59.413 --> 00:39:02.113
This is a community that matters a lot to me, and
00:39:03.103 --> 00:39:05.473
I want you to know that I appreciate it as I see it.
00:39:07.663 --> 00:39:10.153
Something I read recently that was making me think in that direction
00:39:11.143 --> 00:39:13.753
was again another quotation from "On Precisely Detecting…".
00:39:15.103 --> 00:39:19.033
If you naively read this paper, you might say, oh, this is an attack paper.
00:39:19.243 --> 00:39:23.272
This is discovering flaws, vulnerabilities in censorship circumvention tools.
00:39:23.372 --> 00:39:25.201
It's finding ways to defeat them.
00:39:26.203 --> 00:39:28.829
But so much depends on the spirit in which it's offered.
00:39:29.009 --> 00:39:31.933
And they have a sentence here towards the end that says,
00:39:33.133 --> 00:39:36.290
"The goal of our work is to move censorship research in new directions
00:39:36.390 --> 00:39:39.403
that will lead to the development of stronger circumvention systems."
00:39:41.773 --> 00:39:44.983
I think this is the key. We have to keep our eyes on the goal and,
00:39:46.483 --> 00:39:49.217
arms race or no, this helps us with our mental modeling.
00:39:49.423 --> 00:39:53.745
When you read a sentence like this, you realize that this is not attack paper,
00:39:53.845 --> 00:39:56.353
this is just another way of working together.
00:40:01.513 --> 00:40:03.792
All right. That's all I have you today.
00:40:03.892 --> 00:40:06.013
Now I'll look forward to your questions. Thanks very much.