1 00:00:04,400 --> 00:00:07,800 Speaker 1: Welcome to Tech Stuff, a production from I Heart Radio. 2 00:00:12,039 --> 00:00:14,600 Speaker 1: Hey there, and welcome to tech Stuff. I'm your host, 3 00:00:14,720 --> 00:00:17,439 Speaker 1: Jonathan Strickland. I'm an executive producer with iHeart Radio and 4 00:00:17,480 --> 00:00:19,759 Speaker 1: I love all things tech and it's time for a 5 00:00:19,880 --> 00:00:26,079 Speaker 1: classic episode. This episode originally published on April six. It 6 00:00:26,200 --> 00:00:30,080 Speaker 1: is titled The Secrets of Tour and the Deep Web. 7 00:00:30,600 --> 00:00:33,440 Speaker 1: I've covered these topics a few times over the years. 8 00:00:33,479 --> 00:00:36,120 Speaker 1: This one was a pretty fun discussion. Hope you enjoy. 9 00:00:37,120 --> 00:00:40,680 Speaker 1: The Mighty Tour is one of the Avengers. He wields 10 00:00:40,720 --> 00:00:45,400 Speaker 1: the hammer Mjolner, and his brother is Loki. She's not 11 00:00:45,440 --> 00:00:48,240 Speaker 1: even growing her eyes, She's just staring me down this time. Okay. 12 00:00:48,280 --> 00:00:52,159 Speaker 1: So seriously, though, what tour is free software. It's an 13 00:00:52,159 --> 00:00:56,080 Speaker 1: open network, and it helps you defend against traffic analysis. 14 00:00:56,080 --> 00:00:58,640 Speaker 1: In other words, people trying to figure out what you 15 00:00:58,680 --> 00:01:02,120 Speaker 1: are doing and who you're commun ninicating with. Traffic analysis 16 00:01:02,160 --> 00:01:05,480 Speaker 1: is a form of network surveillance that threatens personal freedom 17 00:01:05,480 --> 00:01:09,560 Speaker 1: and privacy. Uh, it threatens confidential business activities and relationships, 18 00:01:09,560 --> 00:01:13,800 Speaker 1: and it threatens state security. Therefore, some folks got together 19 00:01:13,840 --> 00:01:15,360 Speaker 1: and said, hey, you know what we should do is 20 00:01:15,400 --> 00:01:18,320 Speaker 1: we should come up with the means to allow people 21 00:01:18,319 --> 00:01:22,240 Speaker 1: to communicate over the Internet, but do so in a private, 22 00:01:22,280 --> 00:01:25,960 Speaker 1: anonymous fashion, so that you can set up these anonymous channels. 23 00:01:26,160 --> 00:01:28,839 Speaker 1: Perhaps the most popular way to access this is through 24 00:01:28,880 --> 00:01:33,280 Speaker 1: a customized build a Firefox called the Tour Browser Bundle. Right, Yeah, 25 00:01:33,280 --> 00:01:36,760 Speaker 1: because just using Tour on its own is one thing 26 00:01:36,800 --> 00:01:38,559 Speaker 1: to do to to allow you to have a little 27 00:01:38,560 --> 00:01:42,800 Speaker 1: more of an anonymous presence, but it requires more than that, 28 00:01:42,880 --> 00:01:45,440 Speaker 1: because if you access Tour through some other means, if 29 00:01:45,440 --> 00:01:49,080 Speaker 1: you don't have say Flash disabled in your web browser, 30 00:01:49,520 --> 00:01:52,680 Speaker 1: then you're still kind of broadcasting where you are because 31 00:01:52,680 --> 00:01:57,800 Speaker 1: Flash often involves uh identification information in order for it 32 00:01:57,840 --> 00:02:00,640 Speaker 1: to work. So it is a and source. So if 33 00:02:00,640 --> 00:02:02,640 Speaker 1: you feel like getting in there and and doing your 34 00:02:02,640 --> 00:02:06,240 Speaker 1: own thing, you're absolutely able to um and uh and 35 00:02:06,240 --> 00:02:08,399 Speaker 1: And a lot of people do use it in one 36 00:02:08,440 --> 00:02:11,359 Speaker 1: form or another. At its peak, in more than half 37 00:02:11,360 --> 00:02:14,920 Speaker 1: a million people were using it every day. Yeah, oddly enough, 38 00:02:14,960 --> 00:02:17,919 Speaker 1: I think as I a call in that year, there 39 00:02:17,960 --> 00:02:23,880 Speaker 1: was some news that broke about government agencies. Yeah, Edward 40 00:02:23,919 --> 00:02:26,880 Speaker 1: Snowden had that leak about the n s A, and 41 00:02:27,000 --> 00:02:31,080 Speaker 1: suddenly people were thinking, you know, I was like it doubled. Yeah, Yeah, 42 00:02:31,160 --> 00:02:33,520 Speaker 1: it was one of those things where people began to 43 00:02:33,560 --> 00:02:36,679 Speaker 1: get very concerned. And it's not necessarily that these people 44 00:02:36,720 --> 00:02:39,280 Speaker 1: are doing anything wrong. In fact, that's not the point 45 00:02:39,320 --> 00:02:42,400 Speaker 1: at all. The point is that they have an expectation 46 00:02:42,560 --> 00:02:46,080 Speaker 1: to privacy and being able to hold this kind of 47 00:02:46,120 --> 00:02:52,040 Speaker 1: anonymous communication with other people. The communication itself isn't necessarily anonymous, 48 00:02:52,040 --> 00:02:55,760 Speaker 1: but the channels are. Uh, you know, that's just that's 49 00:02:55,760 --> 00:02:58,200 Speaker 1: just an expectation we have. It's not that, you know, 50 00:02:58,480 --> 00:03:01,280 Speaker 1: I'm planning something to Ferry. It's just if I want 51 00:03:01,280 --> 00:03:04,800 Speaker 1: to send a message to Lauren, and it's just for 52 00:03:04,919 --> 00:03:08,880 Speaker 1: Lauren's eyes, I don't think anyone else has the right 53 00:03:08,919 --> 00:03:11,560 Speaker 1: to look in on that. So yeah, and in normal 54 00:03:11,600 --> 00:03:15,880 Speaker 1: internet traffic, that's absolutely a possibility. Yes, Because we've talked 55 00:03:15,880 --> 00:03:19,000 Speaker 1: a lot about how information travels across the internet. You know, 56 00:03:19,080 --> 00:03:21,919 Speaker 1: it all gets divided up into these little packets. Then 57 00:03:21,960 --> 00:03:24,880 Speaker 1: the packets go across the network and then get put 58 00:03:24,919 --> 00:03:27,640 Speaker 1: together Willy Wonka style on the other side, so that 59 00:03:27,680 --> 00:03:29,480 Speaker 1: you get whatever it is you were trying to send, 60 00:03:29,600 --> 00:03:32,480 Speaker 1: which is unfortunately probably not a delicious chocolate bar no 61 00:03:32,880 --> 00:03:36,080 Speaker 1: or Mike TV either. It's not neither of those things. 62 00:03:36,080 --> 00:03:37,560 Speaker 1: What it might be like if I, if I were 63 00:03:37,640 --> 00:03:40,440 Speaker 1: to send that email to Lauren, and it's a sizeable email, 64 00:03:40,720 --> 00:03:43,960 Speaker 1: that email gets divided up into numerous packets. The packets 65 00:03:44,240 --> 00:03:47,160 Speaker 1: go across the Internet, not necessarily taking the same path, 66 00:03:47,720 --> 00:03:50,720 Speaker 1: and they eventually reassemble on the other side and then 67 00:03:50,800 --> 00:03:53,240 Speaker 1: Lauren can read it. But in order for that to happen, 68 00:03:53,560 --> 00:03:56,160 Speaker 1: these packets have to have little bits of information so 69 00:03:56,200 --> 00:03:59,560 Speaker 1: the routers know where to send the information onto next. 70 00:04:00,080 --> 00:04:03,400 Speaker 1: So it's kind of like an address on a piece 71 00:04:03,440 --> 00:04:06,720 Speaker 1: of mail. So let's say that you've got a snoop 72 00:04:06,800 --> 00:04:11,960 Speaker 1: in your neighborhood and this person is getting into everybody's business. 73 00:04:12,040 --> 00:04:14,480 Speaker 1: And the way this person does it is they look 74 00:04:14,520 --> 00:04:17,760 Speaker 1: at all the mail that's going in and out of 75 00:04:17,800 --> 00:04:20,840 Speaker 1: a person's mailbox. And even if they're not opening that 76 00:04:20,960 --> 00:04:23,480 Speaker 1: mail and and reading all of it, just just the 77 00:04:23,480 --> 00:04:26,480 Speaker 1: fact that you're sending it to particular people at particular 78 00:04:26,560 --> 00:04:29,720 Speaker 1: times can tell that snoop a lot about what's going on. Right, 79 00:04:29,760 --> 00:04:33,080 Speaker 1: So if you're sending out, uh, you know, envelopes to 80 00:04:33,440 --> 00:04:37,719 Speaker 1: say a medical facility, that could give a lot of 81 00:04:37,760 --> 00:04:40,720 Speaker 1: information to a snoop if they're seeing that stuff from 82 00:04:41,160 --> 00:04:44,120 Speaker 1: various insurance companies is coming into you that could you know, 83 00:04:44,120 --> 00:04:46,640 Speaker 1: I'm going with a medical thing here, but really this 84 00:04:46,720 --> 00:04:50,720 Speaker 1: applies to any sort of communication. So so what we're 85 00:04:50,720 --> 00:04:53,440 Speaker 1: saying is that it's not enough for the content of 86 00:04:53,480 --> 00:04:56,720 Speaker 1: what you send over the internet. Uh necessarily, I mean 87 00:04:56,760 --> 00:04:59,680 Speaker 1: you are hypothetical, you maybe you're fine, it's not enough 88 00:04:59,680 --> 00:05:03,200 Speaker 1: for you to encrypt the content, but the actual transfer 89 00:05:03,279 --> 00:05:06,800 Speaker 1: of the content in some cases needs to be encrypted exactly. 90 00:05:06,920 --> 00:05:09,880 Speaker 1: And there are a lot of legitimate cases where you 91 00:05:09,880 --> 00:05:12,920 Speaker 1: would want that to happen. I mean, let's talk about 92 00:05:13,200 --> 00:05:16,480 Speaker 1: journalists for example. So you might have a journalist who 93 00:05:16,680 --> 00:05:22,039 Speaker 1: is pursuing some major story, perhaps they're in unfriendly territory 94 00:05:22,120 --> 00:05:24,520 Speaker 1: to do so, and they want to be able to 95 00:05:25,000 --> 00:05:28,680 Speaker 1: contact sources that might be in danger otherwise if there 96 00:05:28,760 --> 00:05:32,560 Speaker 1: if if this communication were publicly known or really anything 97 00:05:32,600 --> 00:05:36,480 Speaker 1: that could endanger the journalist, a source, or the story itself, 98 00:05:36,920 --> 00:05:38,880 Speaker 1: then you would want to have a way of securely 99 00:05:38,960 --> 00:05:42,760 Speaker 1: communicating and making sure that no one's really snooping in 100 00:05:42,839 --> 00:05:46,440 Speaker 1: on you. Well, that's that's a perfectly legitimate source. There 101 00:05:46,440 --> 00:05:49,120 Speaker 1: are governments that use this kind of thing in order 102 00:05:49,200 --> 00:05:53,440 Speaker 1: so that they can gather information and disseminate information. Uh, 103 00:05:53,600 --> 00:05:55,960 Speaker 1: you've got companies that use this kind of stuff in 104 00:05:56,080 --> 00:06:01,080 Speaker 1: order to have secure communications about upcoming products or services 105 00:06:01,120 --> 00:06:03,320 Speaker 1: that are not part of the public knowledge and don't 106 00:06:03,320 --> 00:06:05,280 Speaker 1: need to be oh sure, I mean even if you're 107 00:06:05,320 --> 00:06:07,720 Speaker 1: just doing r and D about something you know, like 108 00:06:07,720 --> 00:06:10,599 Speaker 1: like let's say that you're the example that you used 109 00:06:10,640 --> 00:06:12,280 Speaker 1: and in our notes here is Apple. Like if here, 110 00:06:12,320 --> 00:06:15,320 Speaker 1: if you're creating a new product and you start researching 111 00:06:15,400 --> 00:06:20,000 Speaker 1: patents online, um, the right person could could find your 112 00:06:20,000 --> 00:06:22,960 Speaker 1: searches and figure out what you were looking for, and 113 00:06:23,400 --> 00:06:26,360 Speaker 1: that sucks for you. Yeah, yeah, if you had the 114 00:06:26,440 --> 00:06:29,640 Speaker 1: next big idea and you were waiting, because you know, 115 00:06:30,160 --> 00:06:33,159 Speaker 1: like the company of Apple, they get a lot of 116 00:06:34,240 --> 00:06:37,800 Speaker 1: a boost from folks whenever they announced something brand new 117 00:06:37,839 --> 00:06:41,719 Speaker 1: that surprises everyone, which of course is exactly why you 118 00:06:41,760 --> 00:06:46,800 Speaker 1: have so many news agencies scrutinizing everything Apple does in 119 00:06:46,880 --> 00:06:50,279 Speaker 1: order to try and guess what's coming next. So the 120 00:06:50,360 --> 00:06:53,000 Speaker 1: more you're able to keep that secret, the bigger the 121 00:06:53,040 --> 00:06:57,159 Speaker 1: impact is when you unveil it. Because the worst, the 122 00:06:57,200 --> 00:06:59,920 Speaker 1: worst feeling is when you tune into an Apple of 123 00:07:00,040 --> 00:07:02,360 Speaker 1: that and it ends up being exactly what you expected. 124 00:07:02,360 --> 00:07:05,080 Speaker 1: It was. Time to be right. Every everyone still tunes 125 00:07:05,120 --> 00:07:07,520 Speaker 1: in but then they're like, oh, but that's exactly what 126 00:07:07,560 --> 00:07:10,120 Speaker 1: they were talking about last week. I know, and you 127 00:07:10,240 --> 00:07:16,360 Speaker 1: read what they wrote last week, so stop it me. Sure, 128 00:07:16,520 --> 00:07:19,760 Speaker 1: and and lots of other people who could generally be 129 00:07:19,960 --> 00:07:23,080 Speaker 1: considered to be working for for non nefarious purposes, but 130 00:07:23,400 --> 00:07:27,080 Speaker 1: nonetheless would like a little bit of secrecy, uh, for example, 131 00:07:27,120 --> 00:07:30,760 Speaker 1: activists or whistleblowers, um or you know Chinese citizens who 132 00:07:30,760 --> 00:07:32,680 Speaker 1: really just want to use Facebook or read news from 133 00:07:32,680 --> 00:07:35,680 Speaker 1: other countries. Sure, and we've seen plenty of examples also, 134 00:07:35,800 --> 00:07:38,840 Speaker 1: things like the Arabs Spring. You know, places in the 135 00:07:38,880 --> 00:07:42,600 Speaker 1: world where you have people who are trying to enact 136 00:07:42,720 --> 00:07:47,080 Speaker 1: change in a very harsh environment where if their activities 137 00:07:47,120 --> 00:07:51,120 Speaker 1: were picked up on by official sources, government sources, state 138 00:07:51,200 --> 00:07:56,080 Speaker 1: sponsored sources, they could face some serious consequences. And it's 139 00:07:56,080 --> 00:07:58,400 Speaker 1: not necessarily the again, like you said, that they're doing 140 00:07:58,440 --> 00:08:01,200 Speaker 1: anything nefarious, it's just they can't do it at all 141 00:08:01,240 --> 00:08:05,640 Speaker 1: without fear of some form of consequence unless that can 142 00:08:05,720 --> 00:08:07,960 Speaker 1: remain secure. So you've got to figure out how do 143 00:08:08,000 --> 00:08:11,640 Speaker 1: we make this secure. Also, we have to figure out 144 00:08:11,960 --> 00:08:14,200 Speaker 1: how do we frame this in such a way where 145 00:08:14,240 --> 00:08:18,880 Speaker 1: we also admit some people do use it for nefarious purposes. Oh, sure, 146 00:08:18,880 --> 00:08:21,760 Speaker 1: of course. I mean there are plenty of people out 147 00:08:21,800 --> 00:08:24,320 Speaker 1: there who are going to use this kind of anonymous 148 00:08:24,320 --> 00:08:28,800 Speaker 1: connection in order to conduct illegal or otherwise illicit activities. 149 00:08:28,920 --> 00:08:31,760 Speaker 1: We've talked about some of them in previous episodes, in fact, 150 00:08:32,080 --> 00:08:35,679 Speaker 1: and we'll mention some more as we go along. So again, 151 00:08:35,679 --> 00:08:37,800 Speaker 1: it's one of those things where you would probably argue 152 00:08:37,800 --> 00:08:42,000 Speaker 1: that it's a relatively small percentage of the population using 153 00:08:42,000 --> 00:08:44,240 Speaker 1: it for these purposes, but they're the ones who get 154 00:08:44,280 --> 00:08:48,520 Speaker 1: the most press, uh, and so therefore it kind of 155 00:08:48,720 --> 00:08:51,719 Speaker 1: creates this public perception that people who use tour are 156 00:08:51,840 --> 00:08:55,360 Speaker 1: up to something. Also, you know, we mentioned the fact 157 00:08:55,440 --> 00:09:00,040 Speaker 1: that in a normal Internet communication, the you know what, 158 00:09:00,040 --> 00:09:03,840 Speaker 1: what amounts to the the address on the label is 159 00:09:04,080 --> 00:09:06,319 Speaker 1: perfectly visible because it needs to be so that it 160 00:09:06,400 --> 00:09:08,840 Speaker 1: can route across gets to the place it's gone. Yeah, 161 00:09:08,960 --> 00:09:11,400 Speaker 1: and Tour they had to figure out a way around 162 00:09:11,440 --> 00:09:14,400 Speaker 1: that so that you could have it be ob you skated, 163 00:09:14,520 --> 00:09:17,960 Speaker 1: so that if someone were to snoop in on communication, 164 00:09:18,040 --> 00:09:20,360 Speaker 1: they would not be able to determine what the origin 165 00:09:20,480 --> 00:09:26,040 Speaker 1: nor destination were. And that is pretty amazing stuff because 166 00:09:26,040 --> 00:09:27,959 Speaker 1: you gotta you gotta figure out a way of implementing 167 00:09:28,000 --> 00:09:30,400 Speaker 1: that where it can still work, Like, how do you 168 00:09:30,520 --> 00:09:33,520 Speaker 1: disguise the address and still hope that it gets to 169 00:09:33,559 --> 00:09:36,560 Speaker 1: where it's going, Because if we did that to the 170 00:09:36,720 --> 00:09:40,640 Speaker 1: to the US Postal Service, our stuff would never get anywhere. 171 00:09:41,720 --> 00:09:44,040 Speaker 1: And it wouldn't be their fault either, because you just 172 00:09:44,080 --> 00:09:46,079 Speaker 1: wouldn't be following the rules. Oh sure, Yeah, if you 173 00:09:46,080 --> 00:09:48,680 Speaker 1: don't write your address on something, then how does it 174 00:09:48,679 --> 00:09:53,840 Speaker 1: get to that place? So here's another funny thing, Lauren, Um, 175 00:09:53,920 --> 00:09:58,199 Speaker 1: who was it that came up with this whole tour idea? 176 00:09:58,240 --> 00:10:01,520 Speaker 1: I mean it must have been like, um, like hackers, 177 00:10:01,920 --> 00:10:05,920 Speaker 1: you know at def con convention, who all got together 178 00:10:05,960 --> 00:10:07,560 Speaker 1: and so we don't want the government looking in on 179 00:10:07,600 --> 00:10:10,080 Speaker 1: our stuff, right, you know? It was the government. It 180 00:10:10,160 --> 00:10:13,079 Speaker 1: was the it was it was the U. S. Naval 181 00:10:13,120 --> 00:10:17,920 Speaker 1: Research Laboratory UM back in back in actually, which makes 182 00:10:17,920 --> 00:10:21,720 Speaker 1: it extra hilarious that that the n s A has 183 00:10:21,800 --> 00:10:24,360 Speaker 1: kind of been trying to crack trying to crack it 184 00:10:24,400 --> 00:10:27,680 Speaker 1: because you've got a government agency doing its best to 185 00:10:27,720 --> 00:10:31,600 Speaker 1: figure out how to intercept information that goes across a 186 00:10:31,600 --> 00:10:37,800 Speaker 1: tour network, and another government US government entity that's responsible 187 00:10:38,280 --> 00:10:41,360 Speaker 1: in large part for the creation for its creation and furthermore, 188 00:10:41,480 --> 00:10:44,719 Speaker 1: other governmental agencies that are responsible for funding it. As 189 00:10:44,760 --> 00:10:48,640 Speaker 1: of one point two four million dollars, half of tours 190 00:10:48,679 --> 00:10:52,920 Speaker 1: revenue UH came from government grants, including a large part 191 00:10:53,000 --> 00:10:56,120 Speaker 1: from the Department of Defense. So this is an example 192 00:10:56,200 --> 00:10:58,960 Speaker 1: of two different parts of the United States government working 193 00:10:59,000 --> 00:11:02,160 Speaker 1: at odds against each other, one part saying this is 194 00:11:02,200 --> 00:11:05,800 Speaker 1: absolutely necessary for us to be able to operate in 195 00:11:05,840 --> 00:11:09,199 Speaker 1: a secure way, and the other part saying, we want 196 00:11:09,240 --> 00:11:11,559 Speaker 1: to be able to see what's going on here. So 197 00:11:11,559 --> 00:11:13,439 Speaker 1: so so yeah. But but this all got its start 198 00:11:13,480 --> 00:11:17,400 Speaker 1: back with the U. S. Navy and UM. It was 199 00:11:17,760 --> 00:11:22,640 Speaker 1: part of an onion rooting project. Routing project, Yeah, rooting. 200 00:11:22,679 --> 00:11:25,120 Speaker 1: If you're in England, it's routing. Here in the US, 201 00:11:25,160 --> 00:11:28,720 Speaker 1: it's usually routing either way. Why would you even call 202 00:11:28,800 --> 00:11:32,319 Speaker 1: it an onion It's because it relies upon quote a 203 00:11:32,440 --> 00:11:36,400 Speaker 1: layered object to direct the construction of an anonymous, bidirectional 204 00:11:36,480 --> 00:11:39,760 Speaker 1: real time virtual circuit between two communicating parties and initiator 205 00:11:39,800 --> 00:11:42,720 Speaker 1: and responder. And that's as clear as day. Yeah, we 206 00:11:42,760 --> 00:11:45,120 Speaker 1: can just end the podcast now, guys, don't worry. We're 207 00:11:45,120 --> 00:11:47,840 Speaker 1: going to explain the whole layered thing a little bit 208 00:11:47,920 --> 00:11:51,840 Speaker 1: later on. So we will. We will make sure that 209 00:11:51,880 --> 00:11:55,720 Speaker 1: you understand why an onion It's actually a pretty clever 210 00:11:56,280 --> 00:11:59,760 Speaker 1: way to describe what's going on. But the project had 211 00:12:00,240 --> 00:12:04,960 Speaker 1: specific goals to research and develop and build anonymous communication systems, 212 00:12:05,240 --> 00:12:09,560 Speaker 1: to analyze other anonymous communications systems, and to create low 213 00:12:09,720 --> 00:12:14,400 Speaker 1: latency Internet based systems that resisted traffic analysis, eavesdropping, at 214 00:12:14,400 --> 00:12:19,240 Speaker 1: other attacks from outsiders as an Internet routers or insiders 215 00:12:19,280 --> 00:12:22,719 Speaker 1: as an onion routing servers. I have more to say 216 00:12:22,760 --> 00:12:25,360 Speaker 1: about the secrets of tour. The deep Web got a 217 00:12:25,360 --> 00:12:28,679 Speaker 1: lot of layers to peel off that onion. But before 218 00:12:28,720 --> 00:12:38,600 Speaker 1: we get to that, let's take a quick break. So 219 00:12:39,000 --> 00:12:42,959 Speaker 1: the ideal was to create some form of distributed system 220 00:12:42,960 --> 00:12:45,720 Speaker 1: where you could have two parties communicating with one another 221 00:12:46,200 --> 00:12:48,199 Speaker 1: and no one would be able to know that those 222 00:12:48,200 --> 00:12:51,280 Speaker 1: two parties were in communication. They would know the communication 223 00:12:51,400 --> 00:12:53,800 Speaker 1: is going on because traffic is moving across the network, 224 00:12:54,200 --> 00:12:56,760 Speaker 1: but because of the network's design, they would have no 225 00:12:56,800 --> 00:13:00,000 Speaker 1: way of knowing what to end parties were actually communicating 226 00:13:00,040 --> 00:13:01,920 Speaker 1: with one another. Because, just as we were saying with 227 00:13:02,000 --> 00:13:05,359 Speaker 1: that snoop, even if you can't see what the information 228 00:13:05,400 --> 00:13:08,640 Speaker 1: itself is, just knowing who is talking to whom gives 229 00:13:08,640 --> 00:13:12,880 Speaker 1: you a lot of info right because of this, and 230 00:13:12,920 --> 00:13:15,280 Speaker 1: funnily enough, the Navy actually had to step back from 231 00:13:15,320 --> 00:13:18,120 Speaker 1: the project in order to make it actually useful because 232 00:13:18,120 --> 00:13:21,280 Speaker 1: the network needs to be open, right. Um. So, I 233 00:13:21,320 --> 00:13:23,160 Speaker 1: mean if if you know, if you can see that 234 00:13:23,280 --> 00:13:27,920 Speaker 1: everything is coming through, if if only the Navy used it, 235 00:13:28,160 --> 00:13:31,319 Speaker 1: then you would know whenever communication was happening that the 236 00:13:31,400 --> 00:13:34,880 Speaker 1: Navy was communicating with people like you would. You would 237 00:13:34,880 --> 00:13:37,680 Speaker 1: have limited the number of people that could possibly be 238 00:13:37,760 --> 00:13:41,240 Speaker 1: the ones communicating by making it open and say this 239 00:13:41,280 --> 00:13:44,240 Speaker 1: is a playground where everyone can come in. Suddenly you 240 00:13:44,320 --> 00:13:47,240 Speaker 1: can't tell who's communicating with whom because there's so many's 241 00:13:47,240 --> 00:13:49,880 Speaker 1: too much noise and not in the traffic, right. Um. So, 242 00:13:50,000 --> 00:13:53,080 Speaker 1: the project incorporated as a nonprofit in two thousand six, 243 00:13:53,160 --> 00:13:55,840 Speaker 1: and it currently depends a whole lot on crowdsourcing. UM. 244 00:13:55,880 --> 00:13:58,839 Speaker 1: There are only nine full time tour employees as of 245 00:13:58,960 --> 00:14:03,960 Speaker 1: this podcast, which we are recording on April. By the way, 246 00:14:04,280 --> 00:14:07,160 Speaker 1: um and uh, the rest of the development is spread 247 00:14:07,160 --> 00:14:10,480 Speaker 1: across dozens of part time assistants and hundreds of volunteers. 248 00:14:10,760 --> 00:14:14,200 Speaker 1: The code is open source, which actually makes it harder 249 00:14:14,240 --> 00:14:16,360 Speaker 1: to mess with. Um. You know, like if someone say, 250 00:14:16,559 --> 00:14:20,480 Speaker 1: say the n s A tried to create a vulnerability deliberately, 251 00:14:20,840 --> 00:14:24,320 Speaker 1: then anyone could catch it, right, Yeah, it's not like 252 00:14:24,520 --> 00:14:26,880 Speaker 1: it's hidden the way behind closed doors. In that way, 253 00:14:27,240 --> 00:14:29,760 Speaker 1: it gets overlooked and you suddenly have this back door 254 00:14:29,920 --> 00:14:32,920 Speaker 1: entrance into the Tour network. No, it's it's it's much 255 00:14:32,960 --> 00:14:34,720 Speaker 1: more likely for someone to catch it if lots of 256 00:14:34,720 --> 00:14:37,160 Speaker 1: people are looking. Yeah exactly. Yeah, you've got lots of 257 00:14:37,160 --> 00:14:39,920 Speaker 1: people checking on it all the time. So it's actually 258 00:14:39,920 --> 00:14:42,440 Speaker 1: more secure by being in plain sight in that way. 259 00:14:42,520 --> 00:14:45,520 Speaker 1: So here's how it used to work. Because you know, 260 00:14:45,600 --> 00:14:49,320 Speaker 1: I mentioned that tour was had an onion in the oh, 261 00:14:49,480 --> 00:14:52,880 Speaker 1: but it doesn't really involve onions anymore. And then we've 262 00:14:52,920 --> 00:14:55,720 Speaker 1: mentioned onions. Yeah, so yeah, so we're gonna we're gonna 263 00:14:55,760 --> 00:14:58,360 Speaker 1: go back to how it worked originally because the way 264 00:14:58,400 --> 00:15:00,280 Speaker 1: it works now is not that much different, but it 265 00:15:00,320 --> 00:15:04,680 Speaker 1: doesn't involve the onion metaphor anymore. So, first of all, 266 00:15:04,720 --> 00:15:08,880 Speaker 1: to achieve anonymity, the Tour Network uses something called privoxy filters, 267 00:15:08,960 --> 00:15:13,440 Speaker 1: which prevent client information from reaching servers. So this means 268 00:15:13,480 --> 00:15:16,200 Speaker 1: that a client, you know, that's that's your computer. When 269 00:15:16,200 --> 00:15:19,840 Speaker 1: you are trying to access anything, Let's say you're using 270 00:15:19,880 --> 00:15:22,960 Speaker 1: your your browser to access your email, because I love 271 00:15:23,000 --> 00:15:25,840 Speaker 1: that example. It's easy one. So your your computer is 272 00:15:25,880 --> 00:15:29,480 Speaker 1: the client. It's sending a request to another computer. It's 273 00:15:29,560 --> 00:15:34,240 Speaker 1: asking for data from this computer that hosts the the 274 00:15:34,320 --> 00:15:38,360 Speaker 1: email service that you use, and that is called the server. Now, 275 00:15:38,400 --> 00:15:41,720 Speaker 1: normally the server receives information that can identify the client, 276 00:15:42,080 --> 00:15:46,280 Speaker 1: so you have some sort of address that identifies this 277 00:15:46,360 --> 00:15:49,200 Speaker 1: is the machine that's asking for that information. So then 278 00:15:49,240 --> 00:15:52,800 Speaker 1: the server knows exactly who it's talking to. Well, privoxy 279 00:15:52,880 --> 00:15:56,000 Speaker 1: filters prevent that from happening, so it's possible for a 280 00:15:56,080 --> 00:16:00,400 Speaker 1: client's identity to remain unknown to the server and also 281 00:16:00,480 --> 00:16:03,120 Speaker 1: to the rest of the network as these requests go 282 00:16:03,200 --> 00:16:06,280 Speaker 1: across the network. Also, one of the other things that 283 00:16:06,320 --> 00:16:08,200 Speaker 1: has and we'll talk more about this in a bit, 284 00:16:08,800 --> 00:16:12,440 Speaker 1: is the ability to create hidden services. But you know, 285 00:16:12,480 --> 00:16:14,920 Speaker 1: I'm not going to spoil that because the discussion we 286 00:16:14,960 --> 00:16:17,160 Speaker 1: have later on will really kind of bring that to 287 00:16:17,320 --> 00:16:19,640 Speaker 1: light and it will make much more sense after we 288 00:16:19,680 --> 00:16:24,000 Speaker 1: talk about exactly how this communication occurs. Yes, so it's 289 00:16:24,360 --> 00:16:28,400 Speaker 1: possible to use onion routing software to send information completely anonymously. 290 00:16:28,400 --> 00:16:30,560 Speaker 1: In other words, you could use it so that you 291 00:16:30,600 --> 00:16:33,720 Speaker 1: could send an anonymous message to someone else, they would 292 00:16:33,720 --> 00:16:35,880 Speaker 1: not know the identity of that person. But that's not 293 00:16:35,920 --> 00:16:39,400 Speaker 1: the purpose of tour. The purpose, like I said before, 294 00:16:39,560 --> 00:16:44,080 Speaker 1: is to allow anonymous channels of communication. So you and 295 00:16:44,160 --> 00:16:47,040 Speaker 1: the person with whom you're communicating know each other's identity, 296 00:16:47,240 --> 00:16:50,120 Speaker 1: but nobody else does, right, So this allows you to 297 00:16:50,280 --> 00:16:54,320 Speaker 1: have that honest, open expression of information without fear of 298 00:16:54,360 --> 00:16:57,880 Speaker 1: someone else snooping in on you or any other consequences 299 00:16:57,920 --> 00:17:01,200 Speaker 1: apart from whatever consequences come from just that communication between 300 00:17:01,200 --> 00:17:04,720 Speaker 1: two parties. If you tell someone that they dressed like 301 00:17:04,720 --> 00:17:06,840 Speaker 1: a slab, there's going to be consequences. What I'm saying 302 00:17:07,080 --> 00:17:10,480 Speaker 1: doesn't have to be someone snooping in on you. Good point. 303 00:17:10,800 --> 00:17:15,360 Speaker 1: I get that a lot. Uh. So it uses proxy servers, 304 00:17:15,400 --> 00:17:18,280 Speaker 1: and a proxy server acts as an intermediary between a 305 00:17:18,359 --> 00:17:21,560 Speaker 1: client and some other server. So you can kind of 306 00:17:21,560 --> 00:17:23,800 Speaker 1: think of it as this is the go between. So 307 00:17:24,000 --> 00:17:28,200 Speaker 1: if I were to send a request to get my email, 308 00:17:28,320 --> 00:17:30,560 Speaker 1: but I wanted to go through a proxy server, I 309 00:17:30,560 --> 00:17:33,920 Speaker 1: would log into the proxy server. The proxy server would 310 00:17:33,920 --> 00:17:38,800 Speaker 1: then send my request onto the email server, and from 311 00:17:38,800 --> 00:17:41,440 Speaker 1: the email servers perspective, it looked like the proxy server 312 00:17:41,640 --> 00:17:44,520 Speaker 1: was the origin of that request, it isn't able to 313 00:17:44,560 --> 00:17:50,120 Speaker 1: see back to exactly there's a hop missing there. So 314 00:17:50,640 --> 00:17:55,080 Speaker 1: that's really important in this. And uh, the communication part 315 00:17:55,320 --> 00:17:57,320 Speaker 1: is the tricky part. Like I said, So you've got 316 00:17:57,359 --> 00:18:01,800 Speaker 1: this information, it's passing between nodes or little routers within 317 00:18:01,840 --> 00:18:05,200 Speaker 1: the tour network. Okay, so think of these nodes as 318 00:18:05,240 --> 00:18:09,280 Speaker 1: rest stops between the client, the sender, and the recipient 319 00:18:09,359 --> 00:18:12,679 Speaker 1: the server. Right. Each node only knows the identity of 320 00:18:13,280 --> 00:18:15,760 Speaker 1: the node before it and the node after it, right, 321 00:18:16,119 --> 00:18:18,119 Speaker 1: So uh, and the note before it and after it 322 00:18:18,200 --> 00:18:21,760 Speaker 1: completely is dependent upon when you're sending the message, because 323 00:18:22,119 --> 00:18:24,639 Speaker 1: you're you're going to create new pathways every time you 324 00:18:24,720 --> 00:18:27,359 Speaker 1: create a connection, so it's not like you have a 325 00:18:27,520 --> 00:18:31,280 Speaker 1: set path each time. It's like the Internet. It's very flexible. 326 00:18:31,680 --> 00:18:34,440 Speaker 1: So when you send a message, and let's say it's 327 00:18:34,480 --> 00:18:37,680 Speaker 1: going through letters A through G, we're just designating these 328 00:18:37,720 --> 00:18:39,760 Speaker 1: nodes as A through G and for some reason it's 329 00:18:39,760 --> 00:18:41,560 Speaker 1: going into a B, C, D, E F G order. 330 00:18:42,040 --> 00:18:45,560 Speaker 1: So node D only knows about nodes C and E. 331 00:18:46,200 --> 00:18:48,399 Speaker 1: The information came from C. It knows it has to 332 00:18:48,440 --> 00:18:51,480 Speaker 1: send the information onto E. It has no awareness of 333 00:18:51,560 --> 00:18:55,840 Speaker 1: a B or you know, effor G. So that's it. 334 00:18:56,080 --> 00:18:59,800 Speaker 1: And that means that if you were to intercept information 335 00:19:00,000 --> 00:19:02,520 Speaker 1: passing between two nodes, you would just know which note 336 00:19:02,520 --> 00:19:04,119 Speaker 1: it came from and which node it went to. You 337 00:19:04,119 --> 00:19:06,600 Speaker 1: wouldn't know the actual person who sent it, nor would 338 00:19:06,600 --> 00:19:09,040 Speaker 1: you know the person to whom it went. Ultimately, on 339 00:19:09,200 --> 00:19:12,800 Speaker 1: top of that, the nodes encrypt the communication as it's 340 00:19:12,840 --> 00:19:15,479 Speaker 1: passed along. Yes, and this is where you get that 341 00:19:15,600 --> 00:19:19,280 Speaker 1: layer and layer and layer of encryption. And because there's 342 00:19:19,280 --> 00:19:22,560 Speaker 1: so many layers of encryption, well, what else has lots 343 00:19:22,560 --> 00:19:25,439 Speaker 1: of layers? An onion? I was going to think of 344 00:19:25,520 --> 00:19:28,000 Speaker 1: Game of Thrones, but yes, Onion is right. Onion is 345 00:19:28,040 --> 00:19:30,199 Speaker 1: exactly the thing that they went with because Game of 346 00:19:30,200 --> 00:19:33,360 Speaker 1: Thrones really wasn't that popular. Also, it's proprietary. I mean, 347 00:19:33,400 --> 00:19:36,080 Speaker 1: you know, yeah, that probably would have George R. Martin 348 00:19:36,440 --> 00:19:38,560 Speaker 1: gotten a little upset about that. But yeah, so so 349 00:19:38,640 --> 00:19:41,360 Speaker 1: Onion is in fact what they went with because there's 350 00:19:41,359 --> 00:19:44,560 Speaker 1: so many different layers of encryption. Still a little bit 351 00:19:44,560 --> 00:19:46,280 Speaker 1: more to talk about with the secrets of tour in 352 00:19:46,320 --> 00:19:48,320 Speaker 1: the Deep Web, but before we get to that, let's 353 00:19:48,359 --> 00:19:59,520 Speaker 1: take another quick break. Okay, so here's my example, and 354 00:19:59,600 --> 00:20:02,200 Speaker 1: I think it's a doozy of an example. Because it's 355 00:20:02,240 --> 00:20:06,720 Speaker 1: completely believable. I decided to use as an example two 356 00:20:06,800 --> 00:20:09,679 Speaker 1: of our beloved co workers here at how stuff works. 357 00:20:09,960 --> 00:20:12,879 Speaker 1: Uh And when you start thinking to yourself, who would 358 00:20:12,960 --> 00:20:16,200 Speaker 1: be so paranoid that they would need an incredibly secure 359 00:20:16,240 --> 00:20:21,159 Speaker 1: communication process? Two names leap to mind from the shadows 360 00:20:21,320 --> 00:20:23,600 Speaker 1: and then back into the shadows, because that's where they belong. 361 00:20:24,200 --> 00:20:26,600 Speaker 1: One of them wearing a gremlin mask. Yeah, and maybe 362 00:20:26,600 --> 00:20:28,479 Speaker 1: a fedora on top of it. It's not a fedora, 363 00:20:28,560 --> 00:20:31,439 Speaker 1: I know, Ben Dora. No, it's a trill Bey, I'm 364 00:20:31,440 --> 00:20:33,399 Speaker 1: going to call it a fedora anyway. So Ben Bolan 365 00:20:33,800 --> 00:20:36,199 Speaker 1: and Matt Frederick so stuff they don't want you to 366 00:20:36,240 --> 00:20:39,199 Speaker 1: know hosts. Yes, and if you've never ever listened to 367 00:20:39,240 --> 00:20:42,840 Speaker 1: that show, go check it out. Watched the show. Yeah, 368 00:20:42,880 --> 00:20:45,639 Speaker 1: that's great. So so let's say that Ben wants to 369 00:20:45,720 --> 00:20:48,399 Speaker 1: contact Matt and he wants the communication to be secure, 370 00:20:48,440 --> 00:20:50,960 Speaker 1: so he sends it across the Tour network using this 371 00:20:51,040 --> 00:20:54,480 Speaker 1: freely available software. He's got the Tour bundle installed and 372 00:20:54,560 --> 00:20:57,480 Speaker 1: he sends the message along. So here's what happens. Ben 373 00:20:57,520 --> 00:21:01,080 Speaker 1: would contact a proxy server on the TORN network. Now, 374 00:21:01,200 --> 00:21:05,080 Speaker 1: that proxy server would then determine the route of nodes 375 00:21:05,560 --> 00:21:07,520 Speaker 1: or the number of hops that it will take to 376 00:21:07,600 --> 00:21:11,480 Speaker 1: get from the proxy server to Matt's computer. So for 377 00:21:11,600 --> 00:21:16,000 Speaker 1: argument's sake, let's say again that it's just uh five nodes, 378 00:21:16,119 --> 00:21:18,960 Speaker 1: So it's a B, C, D E. Those are the 379 00:21:19,119 --> 00:21:22,439 Speaker 1: Those are the nodes that it's going to go through. Now, 380 00:21:23,280 --> 00:21:27,639 Speaker 1: each hop becomes an encryption layer on this onion, and 381 00:21:27,680 --> 00:21:31,040 Speaker 1: the core of the onion is Ben's original message to Matt, 382 00:21:31,160 --> 00:21:34,440 Speaker 1: So that's the very center. Now Ben's proxy server starts 383 00:21:34,480 --> 00:21:38,720 Speaker 1: to construct layers of encryption based upon the path that 384 00:21:38,880 --> 00:21:42,560 Speaker 1: this onion is going to take journeying from the proxy 385 00:21:42,600 --> 00:21:46,000 Speaker 1: server all the way to Matt's computer, and the innermost 386 00:21:46,119 --> 00:21:49,320 Speaker 1: layer will be the encryption for Matt's proxy. Yes, so 387 00:21:49,359 --> 00:21:52,440 Speaker 1: the next layer out would be the node just before 388 00:21:52,640 --> 00:21:55,920 Speaker 1: it gets to Matt's proxy. The next layer out would 389 00:21:55,920 --> 00:21:57,520 Speaker 1: be the node before that, and so on and so 390 00:21:57,600 --> 00:22:00,240 Speaker 1: forth until you got to the first node that the 391 00:22:00,280 --> 00:22:03,919 Speaker 1: proxy server sends this onion onto. Now, every time the 392 00:22:03,960 --> 00:22:08,000 Speaker 1: onion travels to a new node, it decrypts that layer. 393 00:22:08,200 --> 00:22:12,040 Speaker 1: The corresponding layer strips of encryption. Yeah, so that that 394 00:22:12,160 --> 00:22:14,679 Speaker 1: layer of the onion gets pulled away, and that's how 395 00:22:14,720 --> 00:22:19,000 Speaker 1: the node knows where to send it onto. Next, so 396 00:22:19,240 --> 00:22:22,199 Speaker 1: proxy service sends it on to node A. Note A 397 00:22:22,320 --> 00:22:24,960 Speaker 1: strips away that encryption and sees that needs to send 398 00:22:24,960 --> 00:22:28,720 Speaker 1: it on to Node B. Node B gets this onion. 399 00:22:29,359 --> 00:22:32,320 Speaker 1: Now Node BE only knows that Note A set the onion, 400 00:22:32,359 --> 00:22:34,879 Speaker 1: doesn't know where the onion originally came from, and it 401 00:22:35,359 --> 00:22:38,720 Speaker 1: decrypts that. Next layer strips it free UH, finds the 402 00:22:38,760 --> 00:22:41,480 Speaker 1: identification of Notes C and send it along. Yep. Node 403 00:22:41,520 --> 00:22:44,000 Speaker 1: C doesn't know about Node A, just notes knows about 404 00:22:44,040 --> 00:22:46,040 Speaker 1: Node B, so so on and so forth till it 405 00:22:46,080 --> 00:22:47,960 Speaker 1: gets to Matt. By the time it gets to Matt, 406 00:22:48,000 --> 00:22:49,960 Speaker 1: all those layers of encryption have been stripped away and 407 00:22:50,000 --> 00:22:53,200 Speaker 1: that can actually read what the messages. Therefore, anyone who's 408 00:22:53,200 --> 00:22:55,520 Speaker 1: trying to analyze all of this traffic would would just 409 00:22:55,560 --> 00:22:59,560 Speaker 1: see a message passing between two seemingly random routers with 410 00:22:59,560 --> 00:23:02,920 Speaker 1: with no way of knowing either where that information came 411 00:23:02,960 --> 00:23:05,800 Speaker 1: from or what the ultimate destination is. Yep. And because 412 00:23:05,840 --> 00:23:08,560 Speaker 1: you've encrypted it so many times, they probably can't even 413 00:23:08,640 --> 00:23:11,400 Speaker 1: tell what the information. They can't read it, they don't 414 00:23:11,400 --> 00:23:14,360 Speaker 1: know where it's going. They're in the dark. So to them, 415 00:23:14,400 --> 00:23:16,760 Speaker 1: it's just all they know is that traffic is going 416 00:23:16,800 --> 00:23:18,959 Speaker 1: across this network, but they don't have any way of 417 00:23:19,240 --> 00:23:24,360 Speaker 1: deriving meaning from that. Now, once Matt's proxy receives that onion, 418 00:23:24,840 --> 00:23:27,919 Speaker 1: a virtual circuit forms along the notes. Think of it 419 00:23:27,960 --> 00:23:34,280 Speaker 1: as like a temporary pathway that solidifies between uh Ben's 420 00:23:34,320 --> 00:23:39,680 Speaker 1: proxy and that's final computer, and it allows for encryption 421 00:23:39,760 --> 00:23:42,879 Speaker 1: to pass both ways. So you have two different kinds 422 00:23:42,880 --> 00:23:45,840 Speaker 1: of encryption. You've got one kind whenever Ben sends a 423 00:23:45,920 --> 00:23:49,360 Speaker 1: message to Matt, and essentially you have the inverse of 424 00:23:49,400 --> 00:23:52,800 Speaker 1: that when Matt sends it to Ben. So unless you 425 00:23:52,880 --> 00:23:55,560 Speaker 1: have the key to that encryption, you can't figure out 426 00:23:55,680 --> 00:24:00,119 Speaker 1: what's going on either. So it's it's pretty secure or 427 00:24:00,200 --> 00:24:05,399 Speaker 1: now there are some la Mainly we're talking about vulnerabilities 428 00:24:05,400 --> 00:24:07,680 Speaker 1: when you send it from your computer to that proxy 429 00:24:07,720 --> 00:24:11,440 Speaker 1: server and when that last proxy sends it to the destination, 430 00:24:11,760 --> 00:24:15,040 Speaker 1: because this is when you don't have the protection of 431 00:24:15,080 --> 00:24:17,399 Speaker 1: the network itself. It's when it's you can think of 432 00:24:17,400 --> 00:24:19,920 Speaker 1: it as the information is leaving the network to get 433 00:24:19,960 --> 00:24:24,720 Speaker 1: to wherever it's going or entering. Yeah, and again, if 434 00:24:24,720 --> 00:24:28,400 Speaker 1: you're using a browser that still has certain things enabled 435 00:24:28,440 --> 00:24:32,280 Speaker 1: like Flash or Java, then you may end up having 436 00:24:32,680 --> 00:24:35,720 Speaker 1: sending along some information that people could identify you on 437 00:24:35,840 --> 00:24:40,080 Speaker 1: based on that, but within the network itself, it's incredibly secure, 438 00:24:40,640 --> 00:24:43,280 Speaker 1: right And and so this, this circuit that that you've created, 439 00:24:43,280 --> 00:24:45,439 Speaker 1: well will last as long as both parties want it to. 440 00:24:45,520 --> 00:24:47,639 Speaker 1: You can you can send a command to collapse it 441 00:24:48,119 --> 00:24:50,840 Speaker 1: at the end of your session, you say destroy, and 442 00:24:50,920 --> 00:24:53,919 Speaker 1: it collapses. This uh, this virtual circuit, and then if 443 00:24:53,920 --> 00:24:55,800 Speaker 1: you wanted to create a new one, you could, and 444 00:24:55,920 --> 00:24:59,119 Speaker 1: it would be a new virtual circuit, probably taking a 445 00:24:59,160 --> 00:25:01,879 Speaker 1: totally different hathway through the nodes. And you know, I 446 00:25:02,200 --> 00:25:05,320 Speaker 1: made the example of ABC D E that kind of stuff, 447 00:25:05,640 --> 00:25:08,960 Speaker 1: but really, you know, it could be any order. You know, 448 00:25:09,040 --> 00:25:12,520 Speaker 1: it's it's and it will be any order, right, that's all. 449 00:25:12,640 --> 00:25:14,040 Speaker 1: That's one of the whole points because if it were 450 00:25:14,080 --> 00:25:16,240 Speaker 1: the same pathway each time, then you would ultimately be 451 00:25:16,280 --> 00:25:18,320 Speaker 1: able to determine who sent it and who it went to. 452 00:25:18,760 --> 00:25:21,200 Speaker 1: So it has to be uh, you know. And of course, 453 00:25:21,240 --> 00:25:24,120 Speaker 1: the more the more routers you have available, the more 454 00:25:24,119 --> 00:25:26,960 Speaker 1: of these relay nodes you have, the more secure the 455 00:25:26,960 --> 00:25:31,120 Speaker 1: communication becomes, so that's also really important. Then there's also 456 00:25:31,160 --> 00:25:34,199 Speaker 1: a concept called loose routing, which adds another layer of 457 00:25:34,200 --> 00:25:36,520 Speaker 1: security on this because like I said, you know, you 458 00:25:36,640 --> 00:25:41,240 Speaker 1: ultimately you have these proxies that no way more information 459 00:25:41,240 --> 00:25:43,480 Speaker 1: than all the nodes do. They have to in order 460 00:25:43,480 --> 00:25:45,920 Speaker 1: to be able to make that layer of encryption and 461 00:25:45,960 --> 00:25:48,480 Speaker 1: have this onion pass from one spot to the next. 462 00:25:49,400 --> 00:25:52,520 Speaker 1: So one thing you could do with loose routing is 463 00:25:52,560 --> 00:25:56,920 Speaker 1: that the proxy ends up sending the onion on to 464 00:25:57,400 --> 00:26:00,000 Speaker 1: the first node. But that's all the proxy knows about 465 00:26:00,160 --> 00:26:03,000 Speaker 1: the probably and then the first nodes responsibility is to 466 00:26:03,040 --> 00:26:06,080 Speaker 1: create the rest of that pathway. So even that first 467 00:26:06,080 --> 00:26:09,640 Speaker 1: stop isn't aware of where, how, what path it's gonna 468 00:26:09,680 --> 00:26:12,520 Speaker 1: take to get to its destination. It just knows this 469 00:26:12,600 --> 00:26:14,679 Speaker 1: is the first step of that path, but beyond that, 470 00:26:14,760 --> 00:26:17,440 Speaker 1: I don't know. So it adds another layer of security 471 00:26:17,440 --> 00:26:19,080 Speaker 1: to it that way. Now, again, if you were able 472 00:26:19,160 --> 00:26:21,840 Speaker 1: to target that first node, you might be able to 473 00:26:21,840 --> 00:26:23,560 Speaker 1: figure some stuff out, but really you just know that 474 00:26:23,640 --> 00:26:26,520 Speaker 1: it came from a proxy. You wouldn't know who sent 475 00:26:26,560 --> 00:26:29,480 Speaker 1: the information to the proxy in the first place. But yeah, 476 00:26:29,560 --> 00:26:33,280 Speaker 1: so we've got these these endpoints that have some vulnerabilities, 477 00:26:33,320 --> 00:26:36,320 Speaker 1: but other than that, it's it's pretty secure. Uh, I've 478 00:26:36,359 --> 00:26:38,119 Speaker 1: got to We've got a great little bit about how 479 00:26:38,160 --> 00:26:40,399 Speaker 1: secure it is, and a little in just a little while. 480 00:26:40,480 --> 00:26:44,399 Speaker 1: But today nodes or relays within the system still don't 481 00:26:44,400 --> 00:26:47,639 Speaker 1: know the origin or ultimate destination of information, and you 482 00:26:47,680 --> 00:26:51,480 Speaker 1: still create virtual circuits between the initiator and the recipient 483 00:26:51,840 --> 00:26:54,600 Speaker 1: for encrypted anonymous channels. But there's no more use of 484 00:26:54,600 --> 00:26:58,840 Speaker 1: this onion metaphor. I mean, it's not it's not the 485 00:26:58,880 --> 00:27:02,080 Speaker 1: same implementation. You get the same result, but it's a 486 00:27:02,119 --> 00:27:05,159 Speaker 1: different implementation that does it. But it's this, you know, 487 00:27:05,520 --> 00:27:07,560 Speaker 1: it's following a lot of the same philosophies. And you've 488 00:27:07,600 --> 00:27:10,480 Speaker 1: got a Tour directory that keeps track of all the 489 00:27:10,520 --> 00:27:13,560 Speaker 1: available nodes that are on the system at any given moment. 490 00:27:14,000 --> 00:27:17,800 Speaker 1: As of January, there were about five thousand computers around 491 00:27:17,840 --> 00:27:20,960 Speaker 1: the world operated by those volunteers that I mentioned serving 492 00:27:21,000 --> 00:27:23,560 Speaker 1: as potential nodes in this system. Right, And when you 493 00:27:23,600 --> 00:27:26,040 Speaker 1: send a message to a recipient across the Tour network, 494 00:27:26,200 --> 00:27:31,200 Speaker 1: your tour browser or whatever consults this directory, which then 495 00:27:31,960 --> 00:27:34,880 Speaker 1: gives it a route of nodes, and then you can 496 00:27:34,880 --> 00:27:38,119 Speaker 1: send the encrypted information across and each node further encrypt 497 00:27:38,160 --> 00:27:41,040 Speaker 1: the message again and only knows the note immediately before 498 00:27:41,040 --> 00:27:43,520 Speaker 1: and after, kind of like the previous version we just 499 00:27:43,600 --> 00:27:46,840 Speaker 1: talked about. So it's not that different. It's just this 500 00:27:47,119 --> 00:27:50,600 Speaker 1: whole layer metaphor is kind of no longer as accurate. 501 00:27:50,960 --> 00:27:53,760 Speaker 1: But um, yeah. One thing you've got to remember is 502 00:27:53,800 --> 00:27:56,600 Speaker 1: that because you've got this extra layer of encryption going 503 00:27:56,680 --> 00:28:01,320 Speaker 1: on and it's purposefully obvious, skating the the origin by 504 00:28:01,560 --> 00:28:05,760 Speaker 1: hopping around a lot, communication is not as quick, right. 505 00:28:05,800 --> 00:28:08,080 Speaker 1: It's going to take a longer necessarily, So if you're 506 00:28:08,160 --> 00:28:11,360 Speaker 1: using tour in order to send instant messages, your definition 507 00:28:11,359 --> 00:28:13,639 Speaker 1: of instant maybe a little different than what it normally 508 00:28:13,680 --> 00:28:16,439 Speaker 1: would be. It may just be pretty darn quick, but 509 00:28:16,520 --> 00:28:20,920 Speaker 1: not as instant as this other method. Yeah. Um. Furthermore, 510 00:28:20,960 --> 00:28:23,760 Speaker 1: it is not the most secure thing that you can do. No. 511 00:28:24,520 --> 00:28:27,439 Speaker 1: I actually read a great article on the best way 512 00:28:27,480 --> 00:28:31,359 Speaker 1: of using tour as as part of an approach to 513 00:28:31,520 --> 00:28:35,199 Speaker 1: securely using the Internet and maintaining your anonymity, and I 514 00:28:35,240 --> 00:28:38,080 Speaker 1: thought about including it in this podcast. I really did, guys. 515 00:28:38,320 --> 00:28:41,479 Speaker 1: I was gonna go all into the tips this guy had, 516 00:28:41,520 --> 00:28:44,200 Speaker 1: and then I realized that it was so in depth 517 00:28:44,240 --> 00:28:46,520 Speaker 1: and there was so much to keep tak into consideration 518 00:28:47,080 --> 00:28:49,560 Speaker 1: that really we could just do a full podcast just 519 00:28:49,680 --> 00:28:51,600 Speaker 1: on that, and perhaps in the future we will. If 520 00:28:51,640 --> 00:28:55,000 Speaker 1: you guys in particular, want to know. Seriously, I want 521 00:28:55,040 --> 00:28:58,000 Speaker 1: to be as anonymous and secure as possible. Tell me 522 00:28:58,040 --> 00:29:00,840 Speaker 1: what I need to do. Well, we'll we'll give you podcast. 523 00:29:00,880 --> 00:29:02,920 Speaker 1: We should we should do that episode. UM, I'll tell 524 00:29:02,960 --> 00:29:05,840 Speaker 1: you right now. It's crazy, but but right because because 525 00:29:05,840 --> 00:29:08,000 Speaker 1: even if you're using the most recent version of Tour 526 00:29:08,200 --> 00:29:11,080 Speaker 1: I mean, which, as we have just detailed, is an 527 00:29:11,120 --> 00:29:16,920 Speaker 1: incredibly uh complex and encrypted process, a determined party could 528 00:29:16,920 --> 00:29:21,320 Speaker 1: exploit vulnerabilities and Firefox itself, which which Tour is based in. UM, 529 00:29:21,400 --> 00:29:24,440 Speaker 1: it could attempt to set up monitoring nodes in the network, 530 00:29:25,120 --> 00:29:28,080 Speaker 1: or it could just methodically work on key decryption in 531 00:29:28,160 --> 00:29:32,640 Speaker 1: order to spy on your activities so stuff can still happen. Yeah, 532 00:29:32,720 --> 00:29:35,960 Speaker 1: we'll think about doing a full security episode. I mean, 533 00:29:36,280 --> 00:29:38,240 Speaker 1: I kind of think we'll have to pull Ben in 534 00:29:38,320 --> 00:29:40,000 Speaker 1: for that one. Oh, that would be great. We should 535 00:29:40,040 --> 00:29:42,440 Speaker 1: totally do more classovers. We'll we'll see if we can 536 00:29:42,480 --> 00:29:45,280 Speaker 1: get Ben to be available for an episode where we 537 00:29:45,400 --> 00:29:48,040 Speaker 1: really talk about and you know it's going to sound 538 00:29:48,080 --> 00:29:51,160 Speaker 1: paranoid and crazy, but the thing is technology in order 539 00:29:51,160 --> 00:29:54,560 Speaker 1: for it to work, UH needs to have certain information 540 00:29:54,720 --> 00:29:57,680 Speaker 1: so I can allow you to have this communication. But 541 00:29:57,760 --> 00:30:00,440 Speaker 1: because it needs that certain information. It means at your 542 00:30:00,720 --> 00:30:03,080 Speaker 1: anonymity is at risk, so you've got to do these 543 00:30:03,120 --> 00:30:07,560 Speaker 1: kind of crazy things. Also they're wacky bugs like heartbled 544 00:30:07,720 --> 00:30:10,800 Speaker 1: Yeah actually, um okay, go ahead and mention this so 545 00:30:10,880 --> 00:30:13,720 Speaker 1: heart bleed. If you listen to our previous episode, we 546 00:30:13,800 --> 00:30:17,000 Speaker 1: talked all about this vulnerability that was an open SSL 547 00:30:17,480 --> 00:30:20,840 Speaker 1: versions one point zero point one through one point zero 548 00:30:20,880 --> 00:30:24,560 Speaker 1: point one f and UH and how that ended up 549 00:30:24,640 --> 00:30:28,360 Speaker 1: meaning that people who use the heartbeat method could get 550 00:30:28,640 --> 00:30:32,480 Speaker 1: access to encryption keys and thus see everything that's going 551 00:30:32,520 --> 00:30:35,240 Speaker 1: across the server. So you might wonder does this work 552 00:30:35,440 --> 00:30:39,280 Speaker 1: on the tour network, this crazy relay node network, And 553 00:30:39,320 --> 00:30:42,280 Speaker 1: the short answer is, technically it works, but it doesn't 554 00:30:42,320 --> 00:30:46,720 Speaker 1: help anybody out because even if you were to see 555 00:30:47,240 --> 00:30:50,800 Speaker 1: the information moving across a node, it still has multiple 556 00:30:50,840 --> 00:30:55,560 Speaker 1: layers of encryption, so it's not as vulnerable. Vulnerable, Yeah, 557 00:30:55,960 --> 00:30:58,760 Speaker 1: although I mean toward toward being toward did say that 558 00:30:59,040 --> 00:31:00,760 Speaker 1: you know, if you if you only want to be secure, 559 00:31:00,800 --> 00:31:02,240 Speaker 1: you might just want to stay off the internet for 560 00:31:02,280 --> 00:31:04,560 Speaker 1: a few days, right, And they did say that they 561 00:31:04,560 --> 00:31:08,280 Speaker 1: had planned on rolling out patches of the open ssl 562 00:31:08,920 --> 00:31:13,400 Speaker 1: UH software because the upgrade the newest patch does patch 563 00:31:13,440 --> 00:31:17,280 Speaker 1: that vulnerability. So they are going to be fixing up 564 00:31:17,320 --> 00:31:20,000 Speaker 1: those nodes over time anyway. In fact, by the time 565 00:31:20,040 --> 00:31:23,040 Speaker 1: this podcast comes out, most of them may already be addressed. 566 00:31:23,600 --> 00:31:26,640 Speaker 1: But yeah they said that, Um that worst case scenario, 567 00:31:26,720 --> 00:31:32,000 Speaker 1: you're probably still pretty okay, you know in the grand 568 00:31:32,080 --> 00:31:36,320 Speaker 1: scheme of things. That herd bleed story was a real 569 00:31:36,360 --> 00:31:39,480 Speaker 1: eye opener. Yeah. Then we have the other thing we 570 00:31:39,480 --> 00:31:42,680 Speaker 1: alluded to earlier, oh right, hidden services, and that's where 571 00:31:42,680 --> 00:31:45,479 Speaker 1: that dark net or deep web kind of thing comes in. 572 00:31:45,680 --> 00:31:49,080 Speaker 1: Um okay. So, so tour also provides a way to 573 00:31:49,080 --> 00:31:51,480 Speaker 1: to offer up access to a server or to run 574 00:31:51,560 --> 00:31:54,680 Speaker 1: an entire service without revealing your IP addressed to your 575 00:31:54,760 --> 00:31:58,800 Speaker 1: users and from behind a firewall. Um, sites and services 576 00:31:58,800 --> 00:32:01,440 Speaker 1: set up like this are are off the beaten Internet path. 577 00:32:01,480 --> 00:32:04,480 Speaker 1: You can't even find them using Google or other web searches. 578 00:32:04,560 --> 00:32:06,920 Speaker 1: You have to be using tour in order to find them. 579 00:32:07,280 --> 00:32:09,480 Speaker 1: And um they're they're all using what's called the dot 580 00:32:09,560 --> 00:32:13,959 Speaker 1: Onion extension because onions. Um okay. So, so basically how 581 00:32:14,000 --> 00:32:17,920 Speaker 1: this works. The hidden service has a public to tour listing, 582 00:32:18,320 --> 00:32:21,000 Speaker 1: and so when a client wants to access that service, 583 00:32:21,040 --> 00:32:23,960 Speaker 1: the client sets up a rendezvous node and sends along 584 00:32:24,000 --> 00:32:28,720 Speaker 1: an access request via the usual tour encryption routing process 585 00:32:29,080 --> 00:32:33,080 Speaker 1: UM through a random introduction node that the service has 586 00:32:33,120 --> 00:32:36,800 Speaker 1: set up UM, and then the client and service can 587 00:32:36,840 --> 00:32:40,000 Speaker 1: contact each other through that rendezvous node, again using the 588 00:32:40,040 --> 00:32:43,680 Speaker 1: usual tour circuits UM. It's it's like the introduction and 589 00:32:43,720 --> 00:32:47,400 Speaker 1: the rendezvous nodes are translators, right. It protects the service 590 00:32:47,480 --> 00:32:50,520 Speaker 1: and the client because neither knows where the other is. 591 00:32:50,560 --> 00:32:54,040 Speaker 1: That the translators are the recipients for each party's communications. 592 00:32:54,160 --> 00:32:59,920 Speaker 1: And so this this deep web or darknet hosts law 593 00:33:00,120 --> 00:33:03,080 Speaker 1: of different stuff, some things that are definitely in the 594 00:33:03,120 --> 00:33:07,240 Speaker 1: nefarious category, like the Silk Road, although Silk Road still 595 00:33:07,320 --> 00:33:11,800 Speaker 1: has some legit. Sure of the stuff that was on 596 00:33:11,840 --> 00:33:17,200 Speaker 1: Silk Road was completely legal, the other not so much. Yeah, 597 00:33:17,280 --> 00:33:19,160 Speaker 1: so a silk Road, of course that got shut down, 598 00:33:19,560 --> 00:33:23,680 Speaker 1: but it existed on tour and this kind of hidden 599 00:33:23,680 --> 00:33:26,640 Speaker 1: web because you know, you wouldn't want it to be 600 00:33:26,680 --> 00:33:31,360 Speaker 1: easily accessible, uh, and then everything would come crashing down, 601 00:33:31,560 --> 00:33:34,080 Speaker 1: you know, ultimately came crashing down anyway, but it was 602 00:33:34,200 --> 00:33:36,600 Speaker 1: hidden better than just sitting there and on the web. 603 00:33:37,400 --> 00:33:40,600 Speaker 1: So yeah, that's that's definitely one of the other issues. 604 00:33:41,120 --> 00:33:43,160 Speaker 1: And again there are other things that are on this 605 00:33:43,240 --> 00:33:45,800 Speaker 1: deep net, this this dark net or rather or deep 606 00:33:45,840 --> 00:33:50,320 Speaker 1: web that again not nefarious at all. They have very 607 00:33:50,400 --> 00:33:53,920 Speaker 1: legitimate purposes for existing. It's completely legal, but it's also 608 00:33:54,320 --> 00:33:56,800 Speaker 1: designed in such a way as to protect the identity 609 00:33:56,840 --> 00:33:59,480 Speaker 1: of the people who need to use the services. So 610 00:33:59,760 --> 00:34:03,360 Speaker 1: it again, just because we have some really high profile 611 00:34:03,440 --> 00:34:09,000 Speaker 1: examples of naughtiness doesn't mean that the entire network is naughty, 612 00:34:09,080 --> 00:34:11,960 Speaker 1: just like there are other services that people have used 613 00:34:12,200 --> 00:34:14,760 Speaker 1: where some people are using it in order to get 614 00:34:14,920 --> 00:34:19,120 Speaker 1: like illegal downloads of whatever content they want, but most 615 00:34:19,160 --> 00:34:21,560 Speaker 1: people aren't. A lot of the focuses on the people 616 00:34:21,560 --> 00:34:24,320 Speaker 1: who are the pirates, and thus the entire service gets 617 00:34:24,760 --> 00:34:28,040 Speaker 1: painted as yeah, yeah, it's I I read a really 618 00:34:28,040 --> 00:34:29,719 Speaker 1: great quote and I don't have it open right now, 619 00:34:29,760 --> 00:34:33,000 Speaker 1: and um. Bloomberg business Week did a really great article 620 00:34:33,080 --> 00:34:38,080 Speaker 1: in January about about tour in general and the kids 621 00:34:38,080 --> 00:34:39,640 Speaker 1: who are running it and all that kind of stuff, 622 00:34:39,680 --> 00:34:42,400 Speaker 1: and uh, the the example that I think they used 623 00:34:42,480 --> 00:34:46,000 Speaker 1: was that, you know, you don't hear about someone who's 624 00:34:46,080 --> 00:34:48,920 Speaker 1: stalker couldn't find them. You you hear about the kid 625 00:34:48,960 --> 00:34:53,640 Speaker 1: who got drugs or the child porn rang or something, right, Right, 626 00:34:53,680 --> 00:34:57,800 Speaker 1: So you know, there are some very very the Navy 627 00:34:57,880 --> 00:35:01,239 Speaker 1: wouldn't have been interested in making this uh in order 628 00:35:01,360 --> 00:35:04,359 Speaker 1: just to have crime happened, because as low as your 629 00:35:04,360 --> 00:35:06,880 Speaker 1: opinion of the Davy, maybe depending on if you're a 630 00:35:06,960 --> 00:35:10,840 Speaker 1: Marine or not, it's it's really not in that business. No. 631 00:35:11,360 --> 00:35:14,000 Speaker 1: But but certainly the fact that this kind of illegal 632 00:35:14,080 --> 00:35:17,120 Speaker 1: activity can go on means that it attracts attention from, 633 00:35:17,320 --> 00:35:21,360 Speaker 1: for example, the n s A. Yes, uh, I love 634 00:35:21,560 --> 00:35:24,200 Speaker 1: the stories about the n s A and Tour because 635 00:35:24,840 --> 00:35:27,960 Speaker 1: they're both infuriating and funny at the same time. So 636 00:35:28,080 --> 00:35:31,279 Speaker 1: infuriating in that uh, the n s A has attempted. 637 00:35:31,680 --> 00:35:33,719 Speaker 1: We know the n s A has attempted to try 638 00:35:33,800 --> 00:35:37,839 Speaker 1: and crack because some of those slides that have come 639 00:35:37,840 --> 00:35:42,799 Speaker 1: out from Standon's League as specifically mentioned Tour yep and UH. 640 00:35:43,040 --> 00:35:46,000 Speaker 1: One of the documents within the n s A is 641 00:35:46,080 --> 00:35:50,400 Speaker 1: titled Tour Stinks. And the reason they say Tour stinks 642 00:35:50,440 --> 00:35:53,200 Speaker 1: is because it's so gosh darn't hard to figure out 643 00:35:53,520 --> 00:35:57,920 Speaker 1: what information is within the Tour network. Now, they do 644 00:35:58,040 --> 00:36:01,320 Speaker 1: note that if you are able to target those points 645 00:36:01,440 --> 00:36:04,319 Speaker 1: where information is coming into the network are coming out 646 00:36:04,400 --> 00:36:06,680 Speaker 1: of the network, then you are more likely to be 647 00:36:06,719 --> 00:36:09,640 Speaker 1: able to determine what is going on and who was 648 00:36:09,640 --> 00:36:13,320 Speaker 1: talking to whom. But if it's within the network itself, 649 00:36:13,719 --> 00:36:16,640 Speaker 1: there's no report that has leaked so far that has 650 00:36:16,680 --> 00:36:19,280 Speaker 1: indicated the NSA has been able to crack that, which 651 00:36:19,320 --> 00:36:22,880 Speaker 1: has not stopped a whole lot of theorists from saying 652 00:36:23,160 --> 00:36:26,480 Speaker 1: that they have totally cracked it, and that the reports 653 00:36:26,480 --> 00:36:28,600 Speaker 1: saying that they haven't cracked it are just so that 654 00:36:28,640 --> 00:36:32,040 Speaker 1: people feel, yeah, that they people will feel a false 655 00:36:32,080 --> 00:36:35,719 Speaker 1: sense of security using Tour. Here's the thing about conspiracy theories, 656 00:36:35,719 --> 00:36:37,439 Speaker 1: and again, I wish we had been on here right now. 657 00:36:37,840 --> 00:36:39,919 Speaker 1: Uh you know, you can. You can have a lack 658 00:36:39,960 --> 00:36:42,560 Speaker 1: of evidence and that becomes evidence, or if you have 659 00:36:42,560 --> 00:36:46,360 Speaker 1: a denial, then that becomes hard evidence. You know. So 660 00:36:47,160 --> 00:36:50,040 Speaker 1: I I think, I really do think, because I don't 661 00:36:50,080 --> 00:36:52,640 Speaker 1: think the n s A ever intended for all the 662 00:36:52,680 --> 00:36:55,440 Speaker 1: information to leak out based upon I don't know everything 663 00:36:55,480 --> 00:36:59,360 Speaker 1: that's happened since then. Uh so I'm pretty willing to 664 00:36:59,400 --> 00:37:03,919 Speaker 1: believe that they have not yet cracked how to get 665 00:37:04,080 --> 00:37:06,399 Speaker 1: look at information in a meaningful way on the Tour 666 00:37:06,440 --> 00:37:09,360 Speaker 1: network itself. In general, I would say that Tour seems 667 00:37:09,960 --> 00:37:13,719 Speaker 1: for many purposes pretty secure. Now keep in mind you 668 00:37:13,760 --> 00:37:18,319 Speaker 1: still have to uh practice good internet security on your own, 669 00:37:18,600 --> 00:37:21,960 Speaker 1: even if you're using tour. UH And like I said, well, 670 00:37:21,960 --> 00:37:23,719 Speaker 1: maybe we'll do a full episode on that. If you're 671 00:37:23,760 --> 00:37:25,920 Speaker 1: interested in that, let's no because you know maybe that 672 00:37:25,960 --> 00:37:28,760 Speaker 1: our listeners are thinking, wow, they did a heart bleed 673 00:37:28,760 --> 00:37:31,480 Speaker 1: episode in a tour episode. Go back to talking about 674 00:37:31,600 --> 00:37:35,960 Speaker 1: Nintendo and that wraps up this classic episode from hope 675 00:37:36,000 --> 00:37:38,680 Speaker 1: you enjoyed it. If you have any topics that you 676 00:37:38,719 --> 00:37:41,000 Speaker 1: think I should tackle for future episodes of tech Stuff, 677 00:37:41,280 --> 00:37:43,239 Speaker 1: or maybe there's one that you've listened to and you 678 00:37:43,239 --> 00:37:47,040 Speaker 1: think that really needs an update it's seriously overdue. Let 679 00:37:47,080 --> 00:37:48,759 Speaker 1: me know the best way to do that is over 680 00:37:48,800 --> 00:37:52,000 Speaker 1: on Twitter. The handle I use is tech stuff hs 681 00:37:52,200 --> 00:38:00,319 Speaker 1: W and I'll talk to you again really soon. Tech 682 00:38:00,400 --> 00:38:03,839 Speaker 1: Stuff is an I Heart Radio production. For more podcasts 683 00:38:03,880 --> 00:38:06,640 Speaker 1: from I Heart Radio, visit the i Heart Radio app, 684 00:38:06,760 --> 00:38:09,920 Speaker 1: Apple Podcasts, or wherever you listen to your favorite shows.