Who goes there?: Tor Project
Misperceptions about Tor - and who is using it - are preventing its wider acceptance, says security researcher Runa Sandvik. Adam Greenberg reports..
Misperceptions about Tor – and who is using it – are preventing its wider acceptance, says security researcher Runa Sandvik.
Quick! When someone mentions Tor, what are the first impressions that come to mind? If you say drug dealers and criminals traveling the dark, seedy underbelly of the internet, anonymously and up to no good, then you wouldn't be alone. As Tor advocates try to legitimize the browser quite possibly the biggest obstacle to mainstreaming Tor is the perception within the general populations that it's a tool used only by criminals, says Runa Sandvik, an independent privacy and security researcher focusing on technology, law and policy; a core contributor to the Tor Project; and a technical adviser to the Freedom of the Press Foundation and the TrueCrypt Audit project. After all, there are many, many reasons that legit internet travelers would like to work behind the cloak of anonymity – journalists, whistleblowers, anyone wanting to avoid unwarranted surveillance.
At its core, Tor is an anonymity network designed to defend users against network surveillance and traffic analysis. The free Tor Browser Bundle contains a modified version of Firefox and when the browser (currently on version 4.5) is used, web traffic is directed through thousands of relays, making internet tracking nearly impossible.
Tor also gives users access to parts of the World Wide Web that are not traditionally indexed by standard search engines – the so-called deep web or dark web where nefarious businesses or black markets, like the infamous (and now defunct) Silk Road, set up shop. Any website only accessible via Tor, referred to as a Tor hidden service, can typically be reached using an onion address, or pseudo top-level domain not part of the Domain Name System (DNS).
OUR EXPERTS: Anonymity matters
Jacob Appelbaum, security researcher; developer; core member, Tor Project
Jasper Graham, SVP of cyber technologies and analytics, Darktrace; former NSA technical director
Kate Krauss, director of communications, Tor Project
Cooper Quentin, staff technologist, Electronic Frontier Foundation
Runa Sandvik, independent privacy and security researcher; core contributor to the Tor Project; technical adviser, Freedom of the Press Foundation and the TrueCrypt Audit project
Although awareness of Tor has jumped in recent years, largely due to whistleblower Edward Snowden's use of the browser to correspond with journalists as he leaked documents related to NSA surveillance, as well as the takedown of the Silk Road underground marketplace, the tool has not yet garnered mainstream appeal. While many users do see the potential for widespread growth, Tor remains a niche tool with even many in the information security industry unaware of not only the browser's full potential but even of its very existence.
At RSA Conference 2015, a random verbal survey of about 20 attendees found that only half a dozen had heard of it and just one had used it. However, nearly everyone questioned had heard of the deep web or dark web. Those who had heard of Tor, were not completely convinced that it was secure to the extent that they could browse using Tor and maintain the anonymity that it is designed to provide. When asked if Tor is predominately used by “good” or “bad” users, two came down in favor of the former, while four claimed the latter. Another four said “both,” with the remainder unable to say for sure and unwilling to even hazard a guess.
More to Tor
The idea that Tor is primarily being used by criminals and other types of “bad guys” is a big – and potentially damaging – misconception, according to Sandvik, that stems from more people reading about drug dealers using Tor than about students using the tool for added privacy while conducting research.
“When Tor was initially created, the overall thought was that it would help you preserve your privacy when browsing online,” Sandvik says, explaining that journalists, for example, had a tool that they could use to investigate and communicate – without fear of someone prying. “Later on, in 2006, it became clear that Tor could also be used for censorship circumvention,” she says. This is particularly useful to individuals in countries, such as China, where the internet is highly regulated and many people – including some journalists – are serving jail time for various activities, including signing online petitions and speaking out against corruption.