I’m not going to bury the lede. Yes, Tor is still the recommended method for journalists and others who need to search the Web anonymously. The debate over potential vulnerabilities in the technology has persisted in comment threads and forums over the past few months, and then escalated over the past week, but it’s clear now that Tor is as strong as it ever was.
CJR first covered Tor back in 2011 within the context of internet shutdowns during Egypt’s protests, but it has been around for much longer. Tor, which stands for The Onion Router, is open-source software run by a nonprofit foundation that blocks the identities of users by way of many layers of routing. While the average American Web user may not have heard of it, or indeed have any real use for it, Tor has become a vital tool ideal for hundreds of thousands of people around the world—including journalists, NGO workers, and Internet users in countries where they would otherwise be hindered by censorship. And, like any tech tool, it has also been used by less praiseworthy factions as well.
Back in June, alongside the very first Snowden scoops in The Guardian about the widening scope of NSA surveillance, came a public outcry for digital privacy protections. Many internet users began to learn about encryption and anonymizing tools like Tor for the first time. People wanted to know how these tools worked, and they wanted to know whether they were really safe. Many helpful FAQs and explainers blossomed across the internet.
As it happened, The Electronic Privacy Information Center, a nonprofit organization advocating privacy and civil liberty issues, had just submitted a FOIA request on May 31, seeking more information on the relationship between the government and Tor. In its rundown of the case on its website, EPIC pointed out various governmental departments’ past and ongoing funding of Tor: “In total, the Federal government’s contributions account for 60% of Tor’s annual $2 million budget.” The FOIA request was meant to determine whether the government had contributed any “vulnerabilities” (also known as “backdoors”) to Tor along with its funds.
There was a historical precedent for this line of concern. EPIC cited the Clipper Chip from the 1990s, “a cryptographic device purportedly intended to protect private communications while at the same time permitting government agents to obtain the ‘keys’ upon presentation of what has been vaguely characterized as ‘legal authorization.’” After widespread public criticism, the NSA sank the project. “Despite losing the public debate over the Clipper Chip, the NSA has introduced vulnerabilities into many of the encryption technologies used by Internet consumers,” EPIC continued.
On September 5, the scoop that the NSA had successfully cracked many of the encryption tools on the market through the use of such backdoors seemed to justify all of the growing suspicions about Tor. If the government could coerce independent, commercial companies into building holes into their services for the NSA to exploit, the logic went, why wouldn’t they want to do the same to Tor, which everyone already knew the government funded?
“The feds pay for 60 percent of Tor’s development. Can users trust it?” asked a widely-cited Washington Post headline following that revelation. But, the article went on to explain, the story wasn’t so simple. While certain branches of the government contributed funding to Tor, the NSA wasn’t one of them. “Don’t assume that ‘the government’ is one coherent entity with one mindset,” Tor Executive Director Andrew Lewman told Brian Fung at the Post. And in that same piece, Roger Dingledine, one of Tor’s founders, made the often-forgotten point that Tor is open-source software. Lots of people are working on Tor’s code, all the time, in the open. If the government (or anyone) had snuck in malicious code, someone would probably have noticed.
The results from EPIC’s FOIA request came back a few weeks later. A post went up on the EPIC website on September 25 with its conclusions that, while there was evidence that the NSA and FBI have targeted the communications of Tor users, this particular FOIA request “reveal[ed] no efforts by the NSA to undermine the security or reliability of the Tor network.” EPIC’s popular “Online Guide to Practical Privacy Tools,” updated and relaunched a week later, still featured Tor.
Then, last Wednesday brought news of the FBI’s Silk Road shutdown, an alleged drug market site only accessible via Tor. By busting Silk Road, the agency had finally taken down the “eBay for drugs” it had been chasing for years, and arrested Ross William Ulbricht, the man who (the FBI’s criminal complaint alleges) founded and ran the site.
Both the allegations against “the Dread Pirate Roberts” and the particulars of his entire story are bonkers—fake identities, multiple murder plots, and the shockingly dumb missteps that ultimately led to his downfall. (A ton of great reporting and writing have emerged from this saga over the past few days; I especially recommend the coverage by Ars Technica and The Verge.) But while the tech press and narrative yarn-spinners everywhere were busy sinking their claws into this juicy story, ex-visitors of the extant site were running around in cyber circles, worrying about what it all meant, and about, among other things, whether Tor was still safe.
Responding to the Silk Road bust, Dingledine addressed the situation in a Tor Project blog post that day, assuring Tor users that there was, thus far, no evidence that Tor had been compromised. The FBI’s criminal complaint against Ullrich cited old-fashioned detective work and full-time Web browsing—not cyberattacks.
In one response comment, a Tor user brought up the now-familiar “60% funding from the government” point as proof that Tor was some type of law-enforcement front (perhaps this user read the Post headline, but not the article below it?). Then the same user exclaimed, in time-honored Caps-Lock fashion, “ANYONE ELSE FEEL SAFE USING TOR AFTER FREEDOM HOSTING AND NOW SILK ROAD? ANYONE ELSE NOTICE IT’S THE ILLEGAL SITES GETTING NABBED? IF THAT’S NOT A CLEAR INDICATION THAT TOR IS INVOLVED WITH THE GOVERNMENT THEN I GOT A BRIDGE TO SELL YOU IN SAN FRAN.” Which sort of begs the question of why legal sites would get “nabbed,” but, all kidding aside, Tor users may be forgiven for feeling skittish, considering the circumstances.
Dingledine responded to the capslock commenter with a reminder that there is a difference between the FBI and the NSA, and that one simple solution always remains an option for the truly worried. “There are some serious adversaries attacking the Internet these days,” read his response. “It may be that Tor can’t protect you against the NSA’s large-scale Internet surveillance, and it may be that no existing anonymous communication tool can. ‘Stop using the Internet’ is a perfectly reasonable answer.’”
The tech press even got in on the hand-wringing. “Tor Can’t Always Keep You Safe; Just Ask Silk Road” scolded a particularly misleading PC Magazine headline on Thursday. While you can’t ask Silk Road anything these days, that doesn’t mean Tor can’t “keep you safe” if you use it correctly. It just might land you in jail if you use it to create a drug empire and order assassinations.
As that same Tor blog post notes, Tor is a tool for anonymization—but it “won’t keep someone anonymous when paired with unsafe software or unsafe behavior.” And even that caveat is directed more toward the websites using Tor’s “hidden service feature” and less toward the casual anonymity-seeking, Web-browsing individual.
Then, finally, the latest scoops in The Guardian and The Washington Post on Friday answered a lot of questions about the NSA and Tor. NSA documents provided by Snowden reveal many different attempts and strategies (some of them successful) to attack Tor users. The slideshow is called “The Tor Problem,” helpfully explaining that Tor is a big, big problem, because terrorism.) Emphasizing Andrew Lewman’s point from above, the documents demonstrate that the NSA has been trying to crack Tor since 2006, even though other government agencies—such as the State Department—have been funding it and actively promoting it as a tool of democracy and liberation for people living under dictatorship rule.
These latest files show that the NSA has been able to, for instance, spot a random Tor user, attack that person’s computer via vulnerable browser software, and then, through those attacks, monitor his or her online activities. One proposed technique turns out to be the same one that the Chinese government uses to block its citizens from accessing the censored Internet there.
However, according to these new documents, the NSA has not been able to target a specific person for a cyberattack. It also hasn’t figured out how to generalize this method in order to perform any kind of mass-Tor-surveillance. And, significantly, these revelations don’t hint at any new vulnerability in the overall Tor network itself—which seemed like a relief to the privacy experts interviewed by the Guardian and the Post. A lot of other attacks and attempts appear to be hypothetical or to have failed. (Technical details are available here, courtesy of longtime encryption master Bruce Schneier.)
Incidentally, yet another technique that the documents describe is the very same one that the FBI used this summer to take down Freedom
HouseHosting, which had provided hosting for the hidden services on Tor and had become associated with child porn. (Tor took pains to stress that Freedom HouseHosting was not affiliated with Tor, and that, again, the shutdown didn’t mean anything in particular for the security of Tor overall.) That particular episode, unlike the Silk Road bust, didn’t get much attention in the press. (Was it because host providers are less interesting than online marketplaces, or because child porn is an ickier topic than drugs? Unclear.)
In any case, the staff and volunteers at The Tor Project remain confident in the security of the system, despite, and in fact because of, these new revelations. The latest document drop has revealed just how little progress the NSA has actually made in its battle against Tor, while allowing Tor to patch whatever small breaches in the system the NSA has found. Above all, Tor’s Roger Dingledine once again reminded readers, Tor’s greatest asset is its transparency. “Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice,” wrote Dingledine in a statement he sent to The Guardian and posted on the Tor blog Friday. “So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.”
In the comments below that post, Dingledine also mentioned that at least one of the NSA documents appeared to be the work of a couple of college-aged interns, and did not necessarily represent NSA’s “master plan.” Good point. The presentation uses language like “Tor stinks,” and one slide features a ludicrous cartoon of “terrorist with Tor client installed”—he’s got a gun, he’s got a beard, and he’s wearing a bandit mask. And he’s apparently browsing the internet. Oh, and his desk chair is a giant onion.
Since Bruce Schneir has done so much important work in the area of encryption, and since he was so closely involved in the latest round of Snowden revelations on this topic, I’ll give him the final word for now. In the comment section of his personal blog on Saturday, one reader referred to the scoops from the day before and wrote, “I would be very worried if I depended on TOR for a critical site. It looks like the game is rigged.” Nope, wrote Schneier in response. “I think the moral of this story is that Tor is fundamentally secure.”