The Tor Project, the foundation of the crime-infiltrated "dark Web," is trying to soften its public image — but without backing away from the anonymous Web-surfing technology that has made it so controversial with law enforcement and intelligence agencies.
For about a decade, the Massachusetts-based nonprofit has provided free software that lets activists and political dissidents visit websites and exchange messages outside the scrutiny of oppressive governments. But the same software has allowed hidden markets for child pornography, guns, illegal drugs and stolen credit card information to flourish, while heightening U.S. intelligence agencies' worries about technology providing an unbreakable wall of anonymity for leakers, spies and terrorists.
The result has been a flurry of unflattering headlines — "'Dark Web' Hides Pedophiles," one NBC affiliate in California reported, while CNN declared that the "Pentagon hunts for ISIS on the secret Internet" — in news stories that specifically mentioned Tor as a tool for wrongdoers. FBI Director James Comey likewise dropped Tor's original name, "The Onion Router," during a Sept. 10 hearing in which he warned that "we see fraudsters of all kinds, whether it's health care or just trying to steal your banking transactions, trying to operate in a way that we can't see." And Sen. Chuck Schumer (D-N.Y.) mentioned Tor last year while pressing the Justice Department to step up its efforts to shut down online drug markets.
Meanwhile, Tor has an unlikely source of funding for a group run by techno-anarchists who denounce U.S. Internet surveillance: Almost all its money comes from the federal government. Those ties have stoked accusations from critics who say government funding assuredly means government spying.
So the Tor Project is trying something new: engaging in the soft-power fight of shaping its own narrative before a barrage of accusations causes permanent damage to its reputation. The organization brought on its first full-time communications director in March. And its leaders are reaching out to journalists, including a rare interview in which communications director Kate Krauss and co-founder Roger Dingledine candidly discussed the future of Tor.
“I can imagine a failure mode where ... Tor has been smeared so thoroughly so that everybody knows that ‘anonymity is for bad people,’” Dingledine said.
But rather than illicit drug marketplaces like the now-shuttered Silk Road, whose founder was sentenced to life in prison in May, or even “the dark Web” itself (a term Dingledine finds offensive), Tor backers say the project should be known for its contributions to privacy and human rights.
“People are not necessarily using Tor as their go-to tool to be bad,” said Krauss, whose hiring is Exhibit A in Tor’s pilgrim’s progress to a warmer, more proactive self. Ordinary people use Tor, she said. Whistleblowers and advocates use it. On any given day, the Tor Project is communicating with activists in China, Iran and Saudi Arabia.
Even police officers use Tor during investigations when online anonymity matters. “Everyone deserves the right to privacy,” Krauss said.
As part of the new openness, Dingledine and Krauss envision outreach to untapped audiences, tutorials for journalists, an expanded social media profile and an attempt to shift the conversation about Tor away from criminality. But their efforts will run into skeptics like former FBI agent Christopher Tarbell, who contributed to a wave of press coverage branding Tor a criminal paradise when he helped unmask Silk Road mastermind Ross Ulbricht in 2013.
“What do they say about child pornography?” Tarbell asked in a separate interview about Tor.
“People have died because they can buy drugs in their basement" through websites hidden by Tor network, he added. “As a parent, I want to say 'Yes, the technology should be stopped.'"
Dingledine said he’s untroubled by the fact that bad elements may take comfort from his life’s work of building Tor. He says the service benefits activists and ordinary, privacy-seeking citizens more than it enables criminals, terrorists, child abusers or anyone else in the parade of unsavories who have tarred Tor in the public mind.
“The bad guys are doing great on the Internet right now," Dingledine said. "The good guys have very few options."
For example, he said, criminals and terrorists can set up a system to communicate anonymously that lasts just two weeks, with law enforcement none the wiser for it, then can take it down and move to something else. “It doesn’t necessarily have to scale, it doesn’t have to have peer review, it doesn’t have to last," Dingledine said. Only Tor has set up a long-term system that’s also in reach of any member of the public.
Until recently, Tor didn’t think it needed to explain itself in public, viewing itself as already radically transparent. Its software is open source, and many of its internal communications are posted online. If you want to get to know the Tor Project, the thinking went, just read the website.
But in one of the many paradoxes that permeate Tor, those reams of searchable but jargon-filled missives can make Tor look like it's doing what it lets others to so well: hide information.
That naive belief in transparency backfired significantly in late 2014, when Silicon Valley online news site PandoDaily set off a minor Internet firestorm with a series of accusatory articles that attacked Tor over its federal funding. Tor is “almost certainly a giant honeypot,” presumably keeping logs on its users’ activity, the articles charged. As proof, PandoDaily cited not only Tor’s dependency on federal dollars but its origins in military intelligence.
The series was “a smear,” Dingledine said, one “designed to undermine confidence in the system.”
PandoDaily was right, however, about the funding and history. Without the State or Defense departments to support it, the Tor Project would go bankrupt — its more than 2 million worldwide users stuck without an effective way to hide their identities online. About 95 percent of its $2.7 million annual budget comes from U.S. agencies through Internet freedom and research grants.
Dingledine readily acknowledges those facts. “It’s on our website,” he said, repeating the old mantra because some habits die hard.
It’s also true that Tor is the product of research funded by the Naval Research Laboratory in the 1990s with the express intent of constructing technology for evading online detection. Spies use it to this day, their Internet traffic hidden side-by-side with furtive chatter among Iranian dissidents.
“We’re grateful for the government funding we get,” Krauss said.
But some avowed critics of the U.S. surveillance state are also Tor fans: NSA leaker Edward Snowden touts it, and close Snowden ally Jacob Appelbaum — who lives in self-imposed exile in Berlin — is a paid Tor developer. Other hackers and privacy advocates with noted reputations have done turns on staff.
Why the paradox? In a nutshell, the same government that funnels billions of dollars each year to the NSA for digital surveillance also spends a few million annually to make dodging the spy agency possible — because even the federal government needs a way for people be anonymous online.
About one-third of Tor’s funding comes through a government-incorporated nonprofit called the Open Technology Fund, established during the “Internet Freedom” push at the State Department under then-Secretary Hillary Clinton. So long as access to an open Web is a government priority, it will need Tor or something like it to allow human rights activists to evade their own homegrown surveillance agencies.
It needs anonymity for itself, too, since the federal government isn’t the only entity that monitors the Internet.
“A few years ago I presented at a conference run by the FBI,” Dingledine said. "At the end of the conference one of the FBI agents took me aside and asked, ‘Surely you have some sort of way of tracking your users?’ When I pointed at his FBI colleagues in the room who had told me they use Tor every day for their work, and asked if he'd be comfortable if we had a way of tracing them, I think he got it."
Using Tor to reach websites requires a modified browser that navigates an encrypted circuit of three to six specially configured servers. The Tor Project doesn’t own or control those servers — they’re maintained by volunteers spread out across the globe. As a result, Dingledine and the Tor Project have no idea who’s using Tor.
He also has no way to block or summarily take down illegal websites that take advantage of Tor to hide their true location. Getting to those websites requires going through a circuit of six servers, and the information for reaching them is published to six servers that change each day.
“So I guess you could go to the operators of these six relays and try to persuade them why it's important to censor this hidden service,” Dingledine said. "But you'd have to get all six to agree, or the service would still be reachable. And the next day it would be a new six."
Anyone trying that would also trip up against the international distribution of Tor servers. Would a Russian Tor server owner listen to a request from the FBI to stop routing to a hidden website? “How about the American relay operator listening to the Russian feds?” Dingledine asked.
Dan Meredith, principal director of the Open Technology Fund, has one take on the controversy surrounding Tor: This is what happens when a progressive but niche technology transits into the mainstream, as the Internet itself once did. “No one thinks that the Internet had any controversy and problems behind it. But it did — it was military funded,” he said.
“They’re still in the startup phase,” said Andrew Lewman, who stepped down in April after six years as the Tor Project's executive director. “It’s been a long process. It’ll continue to be a work in progress.”
Dingledine said he’s confident Tor will mature as an organization. “There are a lot of people who want to use Tor,” he said. Still, embedded into Dingledine’s faith is a plea showing how far Tor has yet to evolve as an organization.
“Please, can we fight on the value of our technology, not on the ability to do press releases?” he said.
For about a decade, the Massachusetts-based nonprofit has provided free software that lets activists and political dissidents visit websites and exchange messages outside the scrutiny of oppressive governments. But the same software has allowed hidden markets for child pornography, guns, illegal drugs and stolen credit card information to flourish, while heightening U.S. intelligence agencies' worries about technology providing an unbreakable wall of anonymity for leakers, spies and terrorists.
The result has been a flurry of unflattering headlines — "'Dark Web' Hides Pedophiles," one NBC affiliate in California reported, while CNN declared that the "Pentagon hunts for ISIS on the secret Internet" — in news stories that specifically mentioned Tor as a tool for wrongdoers. FBI Director James Comey likewise dropped Tor's original name, "The Onion Router," during a Sept. 10 hearing in which he warned that "we see fraudsters of all kinds, whether it's health care or just trying to steal your banking transactions, trying to operate in a way that we can't see." And Sen. Chuck Schumer (D-N.Y.) mentioned Tor last year while pressing the Justice Department to step up its efforts to shut down online drug markets.
Meanwhile, Tor has an unlikely source of funding for a group run by techno-anarchists who denounce U.S. Internet surveillance: Almost all its money comes from the federal government. Those ties have stoked accusations from critics who say government funding assuredly means government spying.
So the Tor Project is trying something new: engaging in the soft-power fight of shaping its own narrative before a barrage of accusations causes permanent damage to its reputation. The organization brought on its first full-time communications director in March. And its leaders are reaching out to journalists, including a rare interview in which communications director Kate Krauss and co-founder Roger Dingledine candidly discussed the future of Tor.
“I can imagine a failure mode where ... Tor has been smeared so thoroughly so that everybody knows that ‘anonymity is for bad people,’” Dingledine said.
But rather than illicit drug marketplaces like the now-shuttered Silk Road, whose founder was sentenced to life in prison in May, or even “the dark Web” itself (a term Dingledine finds offensive), Tor backers say the project should be known for its contributions to privacy and human rights.
“People are not necessarily using Tor as their go-to tool to be bad,” said Krauss, whose hiring is Exhibit A in Tor’s pilgrim’s progress to a warmer, more proactive self. Ordinary people use Tor, she said. Whistleblowers and advocates use it. On any given day, the Tor Project is communicating with activists in China, Iran and Saudi Arabia.
Even police officers use Tor during investigations when online anonymity matters. “Everyone deserves the right to privacy,” Krauss said.
As part of the new openness, Dingledine and Krauss envision outreach to untapped audiences, tutorials for journalists, an expanded social media profile and an attempt to shift the conversation about Tor away from criminality. But their efforts will run into skeptics like former FBI agent Christopher Tarbell, who contributed to a wave of press coverage branding Tor a criminal paradise when he helped unmask Silk Road mastermind Ross Ulbricht in 2013.
“What do they say about child pornography?” Tarbell asked in a separate interview about Tor.
“People have died because they can buy drugs in their basement" through websites hidden by Tor network, he added. “As a parent, I want to say 'Yes, the technology should be stopped.'"
Dingledine said he’s untroubled by the fact that bad elements may take comfort from his life’s work of building Tor. He says the service benefits activists and ordinary, privacy-seeking citizens more than it enables criminals, terrorists, child abusers or anyone else in the parade of unsavories who have tarred Tor in the public mind.
“The bad guys are doing great on the Internet right now," Dingledine said. "The good guys have very few options."
For example, he said, criminals and terrorists can set up a system to communicate anonymously that lasts just two weeks, with law enforcement none the wiser for it, then can take it down and move to something else. “It doesn’t necessarily have to scale, it doesn’t have to have peer review, it doesn’t have to last," Dingledine said. Only Tor has set up a long-term system that’s also in reach of any member of the public.
Until recently, Tor didn’t think it needed to explain itself in public, viewing itself as already radically transparent. Its software is open source, and many of its internal communications are posted online. If you want to get to know the Tor Project, the thinking went, just read the website.
But in one of the many paradoxes that permeate Tor, those reams of searchable but jargon-filled missives can make Tor look like it's doing what it lets others to so well: hide information.
That naive belief in transparency backfired significantly in late 2014, when Silicon Valley online news site PandoDaily set off a minor Internet firestorm with a series of accusatory articles that attacked Tor over its federal funding. Tor is “almost certainly a giant honeypot,” presumably keeping logs on its users’ activity, the articles charged. As proof, PandoDaily cited not only Tor’s dependency on federal dollars but its origins in military intelligence.
The series was “a smear,” Dingledine said, one “designed to undermine confidence in the system.”
PandoDaily was right, however, about the funding and history. Without the State or Defense departments to support it, the Tor Project would go bankrupt — its more than 2 million worldwide users stuck without an effective way to hide their identities online. About 95 percent of its $2.7 million annual budget comes from U.S. agencies through Internet freedom and research grants.
Dingledine readily acknowledges those facts. “It’s on our website,” he said, repeating the old mantra because some habits die hard.
It’s also true that Tor is the product of research funded by the Naval Research Laboratory in the 1990s with the express intent of constructing technology for evading online detection. Spies use it to this day, their Internet traffic hidden side-by-side with furtive chatter among Iranian dissidents.
“We’re grateful for the government funding we get,” Krauss said.
But some avowed critics of the U.S. surveillance state are also Tor fans: NSA leaker Edward Snowden touts it, and close Snowden ally Jacob Appelbaum — who lives in self-imposed exile in Berlin — is a paid Tor developer. Other hackers and privacy advocates with noted reputations have done turns on staff.
Why the paradox? In a nutshell, the same government that funnels billions of dollars each year to the NSA for digital surveillance also spends a few million annually to make dodging the spy agency possible — because even the federal government needs a way for people be anonymous online.
About one-third of Tor’s funding comes through a government-incorporated nonprofit called the Open Technology Fund, established during the “Internet Freedom” push at the State Department under then-Secretary Hillary Clinton. So long as access to an open Web is a government priority, it will need Tor or something like it to allow human rights activists to evade their own homegrown surveillance agencies.
It needs anonymity for itself, too, since the federal government isn’t the only entity that monitors the Internet.
“A few years ago I presented at a conference run by the FBI,” Dingledine said. "At the end of the conference one of the FBI agents took me aside and asked, ‘Surely you have some sort of way of tracking your users?’ When I pointed at his FBI colleagues in the room who had told me they use Tor every day for their work, and asked if he'd be comfortable if we had a way of tracing them, I think he got it."
Using Tor to reach websites requires a modified browser that navigates an encrypted circuit of three to six specially configured servers. The Tor Project doesn’t own or control those servers — they’re maintained by volunteers spread out across the globe. As a result, Dingledine and the Tor Project have no idea who’s using Tor.
He also has no way to block or summarily take down illegal websites that take advantage of Tor to hide their true location. Getting to those websites requires going through a circuit of six servers, and the information for reaching them is published to six servers that change each day.
“So I guess you could go to the operators of these six relays and try to persuade them why it's important to censor this hidden service,” Dingledine said. "But you'd have to get all six to agree, or the service would still be reachable. And the next day it would be a new six."
Anyone trying that would also trip up against the international distribution of Tor servers. Would a Russian Tor server owner listen to a request from the FBI to stop routing to a hidden website? “How about the American relay operator listening to the Russian feds?” Dingledine asked.
Dan Meredith, principal director of the Open Technology Fund, has one take on the controversy surrounding Tor: This is what happens when a progressive but niche technology transits into the mainstream, as the Internet itself once did. “No one thinks that the Internet had any controversy and problems behind it. But it did — it was military funded,” he said.
“They’re still in the startup phase,” said Andrew Lewman, who stepped down in April after six years as the Tor Project's executive director. “It’s been a long process. It’ll continue to be a work in progress.”
Dingledine said he’s confident Tor will mature as an organization. “There are a lot of people who want to use Tor,” he said. Still, embedded into Dingledine’s faith is a plea showing how far Tor has yet to evolve as an organization.
“Please, can we fight on the value of our technology, not on the ability to do press releases?” he said.
No comments:
Post a Comment