For a little bit of fun: Try linking to https://www.torproject.org/download/download-easy.html.en on Facebook and marvel at the non-descript error messages. They depend on where you try to post it (timeline, comment). For example "could not be posted because of technical error, try again in a few minutes"...
Hi, my name's Alec, I work as a software engineer for Facebook. Apologies for what you observed, it was due to an automatic system miscategorising the Tor download site. We've fixed the issue, given our software a stern talking-to, and are working to ensure that it does not happen again.
I sent a message to FB noting the "mis-categorization" on May 26.
How long did it take to fix the issue? Assuming that it is a simple task to fix, then why was it not fixed when I reported it on May 26th nor when I reported it again on June 24th?
Hi there; I don't know the answer to that question yet, but I will be investigating the matter next week and will take action accordingly. Thank you for the details and for taking the time to do that, it's appreciated.
Note the irony of http://google.com/safebrowsing triggering a Facebook "unsafe link" security warning. Looks like the code is using a substring match, which might be incorrect logic.
Sorry, Alec. I'm not buying into the whole customer service corporate doublespeak routine. Your words sound like those of an uninformed pawn, a tool implemented by nobility, a means to an end.
Not true. An employee can adhere to a company policy without understanding the reason a given policy exists. It's certainly possible to carry out orders, and adhere to a script, with unquestioning obedience.
FB is a huge company now. Going through the reporting process, assigning to a dev, they get around to it after other assignments, goes to QA queue, it's tested, it'll get pushed out in a release. That'll take a month, easy. I don't smell conspiracy, I just smell software development.
Holy cow, it really doesn't work. I tried it once immediately as you posted, and then continuously via different people's accounts and different computers even. It really doesn't work, and it ain't just my computer or account. It isn't even a US thing.
I don't think there's a problem with parsing the URL because it clearly is able to load up the preview. All I can say is, MAN! They really don't want you helping people with Tor.
My facebook habits have shifted to posting almost exclusively NSA related materials. I've run into errors like this three times before. I don't know what the issue is.
"Worksforme" is a bad habit that we in the software industry need to get out of. When a user complains about something, they're almost never trolling, so we need to take the reports seriously.
The link times out for me on Verizon, but it works under Tor. For those who cannot access it, here is the text of the page:
We've been thinking of state surveillance for years because of our work in places where journalists are threatened. Tor's anonymity is based on distributed trust, so observing traffic at one place in the Tor network, even a directory authority, isn't enough to break it. Tor has gone mainstream in the past few years, and its wide diversity of users -- from civic-minded individuals and ordinary consumers to activists, law enforcement, and companies -- is part of its security. Just learning that somebody visited the Tor or Tails website doesn't tell you whether that person is a journalist source, someone concerned that her Internet Service Provider will learn about her health conditions, or just someone irked that cat videos are blocked in her ___location.
Trying to make a list of Tor's millions of daily users certainly counts as widescale collection. Their attack on the bridge address distribution service shows their "collect all the things" mentality -- it's worth emphasizing that we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country. Does reading the contents of those mails violate the wiretap act? Now I understand how the Google engineers felt when they learned about the attacks on their infrastructure.
The release of this source code does not match Snowden's modus operandi, which is to avoid releasing technical details which would allow other governments to construct similar surveillance systems. Bruce Schneier and Glenn Greenwald believe that there are now multiple NSA leakers [1].
I suspect the "second NSA leaker" is just Jacob Appelbaum with the same set of documents that Laura Poitras brought back to Der Spiegel. There's already several people in the infosec community doubting the veracity of some aspects of the Tor article[1][2][3], including from within the Tor developer community itself[4]. Though there's no confirmation, some have suspected that Julian Assange's most likely source for the Afghanistan revelation back in May[5] was Appelbaum[6].
Something is currently interfering with your secure connection to torproject.org.
Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.
If you were to visit torproject.org right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real torproject.org.
torproject.org has public-key pinning in Chrome, although without the "More" information I can't tell whether it's a pinning error or just that your ISP is blocking the site.
to get the certificates that are coming back. You can copy and paste a "-----BEGIN CERTFICIATE-----" ... "-----END CERTIFICATE-----" block into `openssl x509 -text -noout` to get a dump.
I would guess that it's a self-signed certificate fronting a "sorry, this site is blocked" page.
it's worth emphasizing that we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country.
We begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.
This should not actually be a complicated inquiry.
"...we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country."
I don't really know what to say to the NSA/Snowden/etc. stories any more. Intellectually, I understand that each new worst revelation is worse than its predecessor - emotionally though, none of it even surprises me any more.
...come on Fort Meade, I want to be surprised. Drop something really juicy. Something so diabolical that it's actually cool.
Well George Miller is my current congressional representative, and he scores an A on the EFF's scorecard, so I vote for him. Also, in a lot of the primaries that I've seen, there's at least one candidate who is anti-mass surveillance.
As it happens, I am not a US citizen. I have no recourse to the ballot box or indeed any other entity to affect the NSA's actions. I, and the other 6.5 billion of us, have very little option but to sit back and watch this story.
