Our Onions, Ourselves

Note: This was when Katie Krauss of the Tor Project interviewed me for the Tor blog. Because so many other pressing things needed to be written about, it didn't make it there, so I got permission to post it here. The original text is below, with no changes. -GB

Griffin Boyce and Paul Syverson, both associated with the Tor Project, wrote an article about the great properties of onions sites--for which Tor sees a bright future: “Genuine Onion: Simple, Fast, Flexible, and Cheap Website Authentication.” [1]

What lead you to write this article?

My co-author, Paul Syverson, and I had both been working with people and organizations using (or hoping to use) onion sites to quickly deploy websites without needing specialized domains or SSL certificates.

To set up a new domain and certificate for a conventional web site takes days. But a shell script can create a hundred hidden services in a few minutes, and it only costs your time. There are trade-offs with both approaches, and sometimes the best approach is to use both a certificate and an onion site. So we’ve tried to lay out all of the issues around these topics in the paper.

How did you get interested in anonymity software?

After a long illness, I found myself re-evaluating my life and career. I decided that instead of working with clients on commercial websites, I wanted to work on something that truly mattered to me. At that point, I’d had a long history of working as a volunteer on LGBT-related projects, and core tenets of those projects were privacy and the right to free expression. Working more directly on censorship and surveillance seemed like a natural extension of that work.

What are you working on these days?

My main project is Satori, a project to make it easy for censored users to download and verify security software. My second project is Stormy: I’m trying to make secure Tor hidden services achievable for people who aren’t systems administrators. Right now, you need strong technical knowledge to set up an onion site. To make matters worse, much of the technical information is only available in English and German. But once you know what to do, the process is extremely fast and simple. So the goal with Stormy is to break down that understanding barrier and guide users through the process of creating a hidden service that is useful for them.

I’ve also been spending time researching automated document analyses to accurately guess redacted content, with promising results so far. There seem to be few other researchers working on this topic, and it’s a great way to explore machine learning, pattern recognition, and typography. So it’s really fun for me.

What's your advice for people who want to work on freedom-making software?

Find an aspect that is fun for you, that you are passionate about, and just work on it. There are lots of projects that need help and lots of people who are happy to work with volunteers. There are also lots of people who could use help learning how to stay safe online. It’s worthwhile to reach out to local charities full of people who need online privacy as well as software projects.

“Once the project is released, it turns out that your community is much more diverse than you expected. This is obvious with Tor, whose users range from transgender military members to domestic violence survivors to bitcoin cooperatives to famous musicians.”

What are your views on user experience?

I’ve worked extensively with trainers and end-users, and I’m a developer focused on usability, so my views on user experience are pretty well-rounded. I can see the points where it gets frustrating for most users and also see use-cases that aren’t at the forefront of developers’ minds when they create software. When you’re building a piece of software, you might have a certain view of possible users (“user personas”) but typically once the project is released, it turns out that your community is much more diverse than you expected. This is obvious with Tor, whose users are everyone from transgender military members to domestic violence survivors to bitcoin cooperatives to famous musicians. None of these groups were specifically anticipated when the software was created, but all have benefitted in unique ways. It helps a lot to create diverse personas when designing software, but the big message to developers is Be Flexible and consider how existing software can be used in novel ways.

Who are your living information freedom heroes?

Kelley Misata is doing amazing research on privacy that will impact low-income individuals and people in crisis, which I’ve been really excited about. MC McGrath has been working in transparency for a few years and always has great ideas about analyzing datasets. Both are also really friendly and easy-going.

Favorite experience hacking?

██████ back in 1999, I ███████████ ██ ███████ switching office █████ ███ ! ██████ Beggs Telco █████. Later, we ██ ███ graffiti and ██████ ██ ████ Masonic Temple. ████████ ██████. That was pretty much the best. =)

What is the value of research into anonymity technologies? Why go there?

Everyone has the right to speak freely; to assemble peacefully; to protest injustices they see. To have privacy. Working on privacy, and on censorship, goes a long way toward helping people maintain these rights.

Some people care more about surveillance or privacy than censorship, but I see them as related. To censor someone, you must first invade their privacy to find out what they are saying (frequently with surveillance). As someone who likes his privacy, it’s natural for me to dislike surveillance, but I also want to help people speak freely and organize online without fear of arrest.

Fun facts about you?

I love surrealism, video games, and surrealist video games (Jazzpunk, Psychonauts). Sometimes I make art and put it up in public, unsigned.

[1] Sometimes called “hidden services,” or “the dark web.”

I'm looking for a new assistant


This is a paid position, to begin in October 2015. Telecommuting is okay. Must have a high tolerance for puns and memes.

I am seeking a part-time assistant to help me stay organized as the head of an anti-censorship software project. Rather than working for someone and taking on tasks that are unimportant, I'm looking for an assistant to work with me in keeping the project on-track to meet critical deadlines. While the project and field it is in are very high-stress, this position is not. I'm very affable and past contractors and assistants have found me very easy to work with. Because I work with at-risk activists in a politically-sensitive human rights project, sensitivity to confidential matters is of the utmost importance.

As my assistant, here are some things you would definitely have to do:

  • Take meeting requests and invitations from specific email inboxes and place them on the calendar
  • Flag emails for review
  • Remind me of calendar items and ongoing tasks
  • Place tasks on the Trello board
  • Proofread documents and website content as needed
  • Occasionally write emails and short blog posts
  • Review and provide feedback on presentation slides
  • Be accountable and very reliable in performing these duties with a past track record of reliability.

Because I travel fairly frequently, an assistant may also need to take on these tasks from time to time:

  • Turning (scanned) receipts into expense reports in Excel or OpenOffice, including conversion rates
  • Travel-related research: lodging, coffee, dance clubs =)

The successful candidate must be willing to learn (and follow) digital security best practices, and sign a non-disclosure agreement.

To apply, please provide a resume and a writing sample (business or persuasive) to Griffin via griffin@cryptolab.net, with [Assistant] in the title. Interest or background in free software, anti-censorship tools, or human rights is a plus.

  • Time required: 10 hours a week typically, up to 15 hours near project deadlines
  • Compensation: Negotiable, from $20 per hour
  • Location: Any
  • Employment status: Contractor
  • Position Begins: October 2015

Intermittent Fasting

Those of you who keep up with fitness may occasionally come across the term “intermittent fasting.” So what is it?

IF 1: Precise meal scheduling

For some, it makes sense to eat on a very specific schedule, leaving large blocks of time without a meal. 12-20 hours is quite common for this type of intermittent fasting. If one trains every day, this can be an ideal way to trim extra calories without eliminating the nutrients they need for a workout.

Examples: Alice eats all of her meals between 7am and 6pm, leaving a 13-hour window where she is fasting. Bob eats all of his meals between 7am and 1pm, skipping dinner in the process.

IF 2: Day-long fasting

For others, it makes more sense to take an entire day off from eating, resulting in 24-36 hours without a meal. While it seems like a frivolous change, if I were to fast two days per week, I’d reach my goal 4 weeks sooner.

Example: Carol eats dinner at 7pm on Monday and has her next meal at 7am Wednesday morning. This is a 36-hour fast. Dave eats breakfast at 6am Monday and has breakfast at 6am Tuesday -- a 24-hour fast.

Why do people fast this way?

Calorie restriction is implicit in all cases. With IF1, it simply makes a lot of sense for some people to restrict their intake to certain hours to reduce late-night snacking and ‘fourth meal’ shenanigans. Sometimes this can include skipping specific meals of the day.

Wait, is that it?

Calorie restriction is required, but with intermittent fasting it’s only half the story. For IF2, an entire day without eating can reduce one’s weekly calorie intake by quite a lot, leading to an extra half-pound or more lost for each day fasting. Certain groups of people find it easier to stick to, and more of those studied lost weight with intermittent fasting (65% vs 40%). Or as the WSJ says “Eating much less on some days and normally on others is as or more effective than reducing one's calories to between 1,200 and 1,500 calories daily, though continued research is needed, scientists say.” The current thinking is that in addition to helping eliminate the urge to snack, it puts additional stress on the body, causing the dieter to burn additional fat.

My take

Intermittent fasting is as much bro science as it is real science. Like everything in the weight loss space, there’s some amount of gimmick involved. But unlike many methods/products/sekretz promoted, IF is used by a surprisingly large number of people, but not actively monetized. Which makes some amount of sense. After all, it would be hard to write a book about this. “Condense all of your eating into an 8-hour window every day and see increased weight loss if you already have a caloric deficit and exercise regularly.” End of book.

There are strong indicators that it works when used as a supplement to an already-successful diet and fitness routine. But I’d caution against trying to do too much, too different, too quickly. If you’re switching to a ketogenic diet and restricting your calories severely and starting a new exercise plan and taking supplements and intermittent fasting… Not only are you going to crash quickly, but your body will not lose weight as quickly as maintaining a steady pace of smaller changes. Start slowly and add new elements as you progress.

Why you should go to CCC Camp, with Stefan

Stefan, just doing his thing

This summer's hottest conference is CCC camp. Located in an empty field north of Berlin, CCC camp has everything: stern Germans in black leather, expats on acid, Mitch Altman, a cat from a bodega, four hundred liters of grappa, Robot Snowden back for revenge...

The Great Migration

As I migrate old posts to the new blog system, expect thing to break occasionally.