Tor is the pop star of privacy-protection tools. It's listed in virtually every piece of advice on how to protect your privacy online because, as The Tor Project website puts it, Tor "prevents people from learning your location or browsing habits".
That claim has never been completely true, of course. Tor can certainly help conceal your internet activities by bouncing your traffic around the internet at random. But to escape spook-grade surveillance, you also need excellent operational security to avoid revealing your identity or location in some other way, and you need to keep your computer well defended. One mistake and you're gone.
Hector Xavier Monsegur discovered that the hard way. Also known as "Sabu", Monsegur was part of the LulzSec hacker collective.
"Just once, he logged onto IRC [internet relay chat] without going through Tor, revealing to the FBI his IP address," wrote security researcher Robert Graham. Monsegur was turned and became an FBI informant, and the rest of LulzSec was eventually arrested.
The Edward Snowden revelations have rocked governments, global businesses, and the technology world. When we look back a decade from now, we expect this to be the biggest story of 2013. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices.Read now
Eric Eoin Marques discovered it the hard way, too. Authorities hacked the servers of the child pornography ring he was allegedly operating, and he was served spyware that uncovered him.
These two incidents might just have been lucky breaks for law enforcement — except the luck has been continuing unabated. We've seen the takedown of Silk Road, Silk Road 2.0, and 400 other sites — although that figure has been challenged.
How is this sort of thing possible?
Well, we've seen reports that 81 percent of Tor users can be de-anonymised by analysing router information. We've seen a rogue Tor node infecting Windows EXEs with malware. We've seen a presentation on how to break Tor pulled from the Black Hat conference, presumably because it revealed too much.
We've also seen, thanks to leaked documents, that the NSA's XKeyscore system apparently targets people who simply look at Tor. Other NSA systems can supposedly intercept selected communications streams in real time and modify them to insert malware, for example. Given the scale of NSA operations revealed by Edward Snowden and others, it's easy to imagine that many Tor nodes might be infected from the moment they're set up — if not most of them.
Back in July, Pando Daily's Yasha Levine joined even more dots in a well-researched piece bearing the provocative headline: "Almost everyone involved in developing Tor was (or is) funded by the US government". That's no secret, but it's something that The Tor Project plays down.
Levine tied together the documented facts about Tor's military origins and continued US government funding, reports of indifferent reactions to Snowden's revelations regarding Tor, and the words of Tor's own co-founder, Roger Dingledine, and others, to reach what seems to be a controversial conclusion.
Very early on, researchers understood that just designing a system that only technically anonymizes traffic is not enough — not if the system is used exclusively by military and intelligence. In order to cloak spooks better, Tor needed to be used by a diverse group of people: Activists, students, corporate researchers, soccer moms, journalists, drug dealers, hackers, child pornographers, foreign agents, terrorists — the more diverse the group that spooks could hide in the crowd in plain sight.
The US government spun out Tor into a public project to protect its own agents. If, as a side effect, they could also more easily intercept the traffic of bad guys who think Tor protects them, well, so much the better, right?
Given the evidence Levone assembled, his conclusion is unremarkable. But the Tor community has reacted with anger. Last Friday, Levine documented that angry reaction in another lengthy piece, "How leading Tor developers and advocates tried to smear me after I reported their US government ties".
One would've thought that an article warning about Tor's little-known dangers and conflicts of interest would've been greeted by the privacy and anonymity community — that they would be more interested in protecting the public and getting Tor right than in protecting Tor's brand. But instead of being welcomed by the privacy community or sparking a discussion about the aspects of Tor that have been swept under the rug, the article was met with a smear campaign. Surprisingly, the smears weren't waged by the usual fringe anonymous-troll types, but rather by some of the most prominent privacy and anti-surveillance names in the country.
When the attacks first started a few months back, I had thought maybe they were driven by a petty, defensive reflex: Many were vocal and public supporters of Tor and recommended it to others as an effective tool to protect them from government surveillance. Perhaps the article made them look or feel stupid — after all, no one likes being outed as a sucker. But as the attacks on my article rolled on, month after month, I began to realize there was something more going on, for the oldest reason in the books: Self-interest and money.
Most of the privacy activists who attacked him have spent their careers moving through the same little circle or organisations, Levine wrote, funded by the same network of government and non-profit organisations that fund Tor.
No wonder all these people are so upset by my reporting. They've branded themselves as radical activists fighting The Man and the corporate surveillance apparatus — while taking money from the US government's military and foreign policy arms, as well as the biggest and worst corporate violators of our privacy. By branding themselves as radical activists, they appear to share the same interests as the grassroots they seek to influence; exposing their funding conflicts of interests makes it hard for them to pose as grassroots radicals. So instead of explaining why getting funding from the very entities that Tor is supposed to protect users from is not a problem, they've taken the low road to discredit the very idea of reporting on monetary conflicts of interests as either irrelevant, or worse, a sign of mental illness.
OK, let's take a deep breath...
I don't think we should treat the US government as a single monolithic organisation with a single worldview. No, it's a constellation of competing agencies with different agendas, and with different bureaucracies to protect from budget cuts, all loosely gathered under the freedom-and-democracy banner. Receiving funds from the US State Department doesn't automatically mean you're somehow controlled by the NSA. The US funds all kinds of freedom-and-democracy programs, not just surveillance.
While Levine's argument is certainly compelling, I don't think it's proven. Yet.
Without a doubt, the good people who front The Tor Project seem to be dedicated to the defence of our freedoms — as they see them. But the flipside of intense focus is tunnel vision, inducing people to view the world purely through the prism of their own work. It's only natural for them to downplay Tor's weaknesses. It can also lead to righteous zealotry.
Take Tor Project developer and evangelist Jacob Appelbaum, for example — if for no other reason than he's someone I've met. As Levine wrote, Appelbaum considers volunteering for Tor to be "a valiant act on par with Hemingway or Orwell going to Spain to fight the Franco fascists on the side of anarchist revolutionaries".
When Appelbaum visited Australia in January 2012, he encouraged people to break the law.
"Sit outside [ASIO headquarters in Canberra], and photograph everybody that goes in and out. Find out people that are spying on civilians that are infiltrating... Find out all the licence plates of all the cars that park in the police parking lots. Find out where the undercover officers are that infiltrate peaceful activists, and f*** them up," he told a forum.
That is to say, Appelbaum publicly incited people to mount an illegal counter-intelligence operation against ASIO. He also told staff at internet service providers to reveal where the intelligence agencies' interception equipment is located, to "take photographs of them and tell the world".
I have no doubt that Appelbaum is sincere in his beliefs, as are others. A strong crypto-anarchist thread runs strong through the libertarian web of online privacy activism. Surveillance of almost any kind is equated with a police state. We must fight fire with fire, they believe. Personally, I don't think Western democracies have disintegrated quite that much yet, but we're all entitled to our opinions.
But if the police state is as all-pervasive as Applebaum and his compatriots believe, then why is he allowed to remain at large after committing repeated acts of incitement?
Perhaps it's because the authorities in Australia and the US have bigger fish to fry.
Perhaps it's because he, and many others in the Tor fan base, are performing the role that is so uncharitably described in political jargon as useful idiots. They present an image that's attractive to activists, dissidents, and other potential Tor users, and persuade them to use the honeypot. Or, if you don't like the Tor-as-honeypot theory, at least they're encouraging more activists, students, corporate researchers, soccer moms, etc to help conceal the spooks.
All this is pure speculation, of course, but at first glance, it would seem to fit the facts well enough to be worth a second glance — and of course that last part is my personal judgement. This is an opinion column. Your mileage may vary.
But I note that instead of deconstructing Levine's argument, Tor's supporters have merely attacked him and his motives — at least one even accusing him of working for the CIA.
Some, such as American Civil Liberties Union (ACLU) lawyer Christopher Soghoian, have criticised Levine for not making a technical argument.
"There are so many things you could have nailed Tor for, but instead, you went for lazy, low-hanging fruit about funding... There are many things about Tor worthy of criticism: A crappy user interface, no auto-security updates, no browser sandbox," Soghoian said.
But all that is irrelevant to a discussion of the politics of Tor. The questions Levine raises are about who Tor truly serves, and why.
Surely the arguments we should be seeing from Tor's supporters should be about corporate governance, transparency, and the like — a rational defence, not Gamergate-grade grief.