On Friday, Russia’s Ministry of the Interior (MVD) awarded a contract for $110,000 to an unnamed Russian contractor with top security clearance to uncloak Russian users of the surveillance-evading Tor browser. This is the Russia’s Federal Security Service’s (FSB) response to the surge of Russian Tor users from 80,000 to 200,000 due to the restrictions by the Russian government on free use of the internet, such as the new law that requires all Russian bloggers to register.
The NSA and the FSB want to puncture Tor anonymty and expose the identities of the people using it because the Tor browser erases identifying browser fingerprints. Almost everyone who uses the internet has a unique traceable fingerprint. An Internet user can check his or her own internet uniqueness in a few seconds with Panopticlick, a one-click test created by the Electronic Freedom Foundation (EFF). Most people find themselves to be pretty unique; 1 in 4.5 million to be exact. Go ahead, try it.
This fingerprint identifies the user from unique plugin configurations and digital traces left from his or her ramblings through the internet. The Tor browser is a replacement for common browsers, such as Chrome, Firefox, and Safari, and doesn’t create a fingerprint. It also hides users’ network access location through a changing encrypted web called the Onion Network. It hides users’ IP address, protecting their location or device from detection. The user’s session is hidden by sending packets through three Onion Network routers before reaching the open internet, each only knowing the address of the next router, and none logging traffic.
The Tor browser was downloaded 150 million times in the last year, doubling year over year with over 2 million daily users, according to Andrew Lewman, Executive Director of the Tor Project. He attributes the spike in downloads partly to revelations that the NSA had arbitrarily collected and retained personal data on virtually every U.S. citizen. Using Tor is like hiding a needle in a haystack. The NSA and the FSB want to prevent the Tor haystack from growing larger because scale will make it even harder to find one individual needle.
Compared to the significant resources that the NSA has devoted to unveiling Tor users, which Lewman estimates to be $100 million, the Russian contract seems anemic. According to Eric Michaud of Rift Recon:
“The amount at stake in the Russian competition might not nearly be enough to completely undermine TOR. But the amount is conspicuously close to the going rate for buying high quality exploits on the ‘black hat’ and government markets directed to infect a browser. Then again it is enough to exploit human error combined with an infected browser to expose TOR users for public prosecution as the basis for a publicity campaign to stem the growth of Russian Tor use. For example a Tor Project website replica could be created on this budget that encourages users to download an update to the Tor browser with an infected version that identifies or ‘stains’ the user like the one recently found by a computer science student.”
The NSA and the FSB’s approaches are very different. The NSA doesn’t telegraph its plans for the Tor network. For example, earlier this summer German public broadcasters NDR and WDR published details from an NSA program named XKeyscore Rules that secretly monitors personal communications. Among other online activities, the program records the identities and personal information about people searching for and downloading the Tor browser and other anonymizing software.
Unquestionably, there are legitimate and illegitimate uses of the Tor network’s anonymity. Tor provides open access to blocked internet sites from within censorship states, such as China, Iran, and Russia, and protects dissidents and journalist operating in areas of conflict. Personal privacy is also a legitimate use. Using Tor is the same as drawing the shades in one’s home to block the prying eyes of neighbors and peeping Toms; Tor blocks the prying eyes of nation states, criminal actors, and internet advertising companies from collecting personally identifiable information. Illegitimate uses, as one can imagine, are crime and terrorism. For example, Inspire Magazine, an English language journal of Jihadist dogma, terrorism, and bomb making, is distributed on the Tor network.
Bruce Schneier, security expert and Berkman Fellow at Harvard Law School, spoke to me recently about the legitimate and illegitimate uses of the Tor network:
"Like highways, telephones, and any other part of society's infrastructure, Tor can be used by good and bad people. Tor provides anonymity to dissidents and criminals alike, and society shouldn't eliminate it any more than they should remove highways because bank robbers use them to get away. This is all part of the bargain of living in a free society."
A top-secret NSA presentation (pdf) dated January 2007 reported by the Guardian last October revealed:
“We [NSA] will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users. However, no success de-anonymizing a user in response to a TOPI request/on demand.”
When asked if he thought this status had changed since 2007, Schneier said:
“I don’t think it has. The Chinese government has been in a tug of war with the Tor Project, the Chinese blocking it and the Tor Project unblocking it. Had the Chinese undermined Tor and could identify its users, it would pursue them rather than block them. Also, the recent publication of the FBI’s penetration of the Tor network in an investigation of a hidden pedophile website ring reveals that the Bureau succeeded in gaining access due to an administrator’s human error. He forgot to change the default password on a hidden server, giving the FBI unfettered access to plant surveillance software that identified users. If the Tor network had been compromised, the Bureau would not have relied on human error to discover the identities of the individuals involved. I don’t know how the FBI and NSA share information, but had either developed a method of instantly identifying Tor users, they would have shared the results, which means that since the FBI can’t subvert Tor anonymity and privacy except for human error, the NSA probably can’t either.”
Another security analyst, who did not want to be identified by name, responded to the same question by saying, "I wouldn’t use it to plan an assassination of a president," emphasizing that Tor’s security could be broken in individual cases.
Though the FBI and NSA are working against Tor, it was originally funded by the U.S. Navy Research lab and part of its funding now comes from the U.S. Department of State and the National Science Foundation. Lewman claims that:
"many government agencies and law enforcement use the Tor Network to protect their investigations and sources."
Diana Dolliver, a Ph.D at the University of Alabama Criminal Justice Department who is working on a funded study on the Tor network and law enforcement, confirmed that although many in law enforcement are trying to de-anonymize Tor, many others rely on its anonymity to conduct their own investigations.
The Tor Project could be the target of National Security Letters and Court Orders, so the tasks of developing Tor software and operating the network is divided and distributed. The Tor Browser and Onion Network software is maintained by the Tor Project of Cambridge, Massachusetts, a 501 c. (3) non-profit on an annual budget of approximately $3 million. The Onion Network is operated separately by volunteers throughout the world that contribute about 6,000 servers and network resource that Jens Kubieziel, of the independent Tor server operator torserver.de in Germany, estimates to be valued at roughly $2 million to $2.5 million per year.
If internet privacy advocates such as the EFF get their way, Tor-like technologies could be employed on the open internet at some point in the future to improve personal privacy. In the meantime, internet users have two alternatives: knowingly live in an electronic fishbowl, or use the Tor browser and Onion Network.