Sunday, February 9, 2014

Tor, the Best Internet Anonymity Tool the Government Ever Built


Features

The Inside Story of Tor, the Best Internet Anonymity Tool the Government Ever Built


The Inside Story of Tor, the Best Internet Anonymity Tool the Government Ever Built
Illustration by David Parkins after M.C. Escher
Last year, Edward Snowden turned over to the Guardian, a British newspaper, some 58,000 classified U.S. government documents. Just a fraction of the files have been made public, but they outline the National Security Agency’s massive information-collection system. They’ve thrown light onto the methods of an arm of the government used to working in the shadows and started an intense debate over national security and personal liberty. One of the earliest and most explosive revelations was the existence of Prism, a top-secret program giving the NSA direct access to the systems of Google, Facebook, and other U.S. Internet companies.
Snowden himself remains something of a mystery even as the U.S. government attempts to obtain his return from Russia, where he’s in hiding, and very possibly jail him for the rest of his life. As an infrastructure analyst for the NSA, he came to understand at a high level how information moves around the Internet. Snowden almost certainly relied on one very specific and powerful tool to cover his tracks. In photographs he’s often with his laptop, and on the cover of his computer, a sticker shows a purple and white onion: the “o” in the word “Tor.”
Tor, an acronym for “the onion router,” is software that provides the closest thing to anonymity on the Internet. Engineered by the Tor Project, a nonprofit group, and offered free of charge, Tor has been adopted by both agitators for liberty and criminals. It sends chat messages, Google (GOOG) searches, purchase orders, or e-mails on a winding path through multiple computers, concealing activities as the layers of an onion cover its core, encrypting the source at each step to hide where one is and where one wants to go. Some 5,000 computers around the world, volunteered by their owners, serve as potential hop points in the path, obscuring requests for a new page or chat. Tor Project calls these points relays.
Its users are global, from Iranian activists who eluded government censors to transmit images and news during the 2009 protests following that year’s presidential election, to Chinese citizens who regularly use it to get around the country’s Great Firewall and its blocks on everything from Facebook (FB) to the New York Times. In addition to facilitating anonymous communication online, Tor is an access point to the “dark Web,” vast reaches of the Internet that are intentionally kept hidden and don’t show up in Google or other search engines, often because they harbor the illicit, from child porn to stolen credit card information.
It’s perhaps the most effective means of defeating the online surveillance efforts of intelligence agencies around the world, including the most sophisticated agency of them all, the NSA. That’s ironic, because Tor started as a project of the U.S. government. More than half of the Tor Project’s revenue in 2012, or $1.24 million, came from government grants, including an $876,099 award from the Department of Defense, according to financial statements available on the project’s website.
Yet because of Snowden, we now know that the NSA has been working to unpeel the protective layers built by the Tor system. Along with evidence of the NSA’s mass data collection, Snowden leaked an agency presentation that demonstrated just how surveillance-proof the software is. It was titled “Tor Stinks.” The spooks, according to the slide deck, were thwarted by the software at every turn. Gaining access to some Tor relays, for example, didn’t work, because they had to control all three computers in a circuit to defeat the encryption. “We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users,” one slide reads. NSA spokeswoman Vanee Vines said in an e-mailed statement: “It should hardly be surprising that our intelligence agencies seek ways to counteract targets’ use of technologies to hide their communications. Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers, and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.”
Countering Tor is clearly frustrating for the NSA, and Internet users have taken note. Hits to Tor’s download page almost quadrupled last year, to 139 million. “Encryption works,” Bruce Schneier, a cybersecurity expert who helped the Guardian analyze the Snowden documents, said at a talk in New York in January. “That’s the lesson of Tor. The NSA can’t break Tor, and it pisses them off.”


Tor’s world headquarters occupies one room of a YWCA in Cambridge, Mass. Its neighbor is Transition House, which helps survivors of domestic abuse. Of 33 “core people” listed on Tor’s website, nine are full-time employees, and the majority work remotely. For the most part, the project is crowdsourced: Hundreds of volunteers around the world work on improving Tor’s software and solving technical challenges like staying ahead of censors in China, which has devoted enormous resources to shutting down anti-censorship tools, including Tor. A request to visit the office in person provoked some mild skepticism from Kelley Misata, who handles press for the group. “The Tor team is primarily virtual (and spread around the world),” she e-mailed, “so our office is made up of only a few members of the team working there on a regular basis.”

No comments: