Tor Can Protect You, But the Way it Works Leaves a Few Holes Open
In the quest for online privacy and anonymity, few services are as prominent as Tor. Which is why two recent stories — on the NSA’s attempts to crack the Tor network, as well as the FBI’s arrest of alleged Silk Road-mastermind and Tor-operator Ross Ulbricht, a.k.a. “Dread Pirate Roberts” (DPR) — must be causing dismay among users, human rights activist and drug peddler alike.
But the news isn’t all that bad. In terms of Tor’s overall efficacy, the reports are pretty good press. The prevailing wisdom holds that Tor has not broadly been cracked and DPR was outed by his own foibles.
Some questions still linger: How safe is Tor, really? And what do these revelations mean for the future of online privacy? To best answer these, one must understand the technology at hand.
Tor is an acronym for "The Onion Router." As the name suggests, Tor is premised on the concept of “onion routing” (OR). OR works by wrapping data with consecutive layers of encryption that can be peeled back, so to speak, as it passes through a series of proxy computers around the world (“onion routers”, also referred to as “nodes” or “relays”) toward the destination. Each layer "peeled," or decrypted, contains information on where to send next, with the original message being known to the sender, the exit node, and the recipient at most. The only link in the chain where the data is unencrypted rests between the exit node and receiver.
Tor uses OR to encrypt user information for online browsing, i.e., the identifiable personal data that you send when visiting a website (“IP address X is requesting a connection with website Y”). Encryption as it is typically understood, such as in the use of PGP email, simply puts the message content under lock and key. Ergo, if you’re sending an encrypted email without accessing your mail server anonymously through Tor, the email metadata will compromise your identity but not the message.
Slides obtained from a top secret NSA presentation via Edward Snowden outline the agency’s chagrin in its attempts to crack the Tor network. If the NSA were able to control the first and last nodes in a message’s “circuit” (the chain of nodes a message must pass through: entry, relay[s] and exit node) then they could potentially decrypt the identification data passing in between. But Tor changes the circuit path every 15 minutes, so it’s hard to predict which nodes will be used. NSA apparently has access to a few Tor nodes, but not enough to make any dent in the overall security of the network. If the NSA or its affiliates were able to gain access to a majority of Tor nodes however, that would be cause for alarm.
But the agency still has a grab bag of short cuts for unmasking individual Tor users, such as hacking their computer through features in Firefox, the web browser used in the Tor Browser Bundle.
To do this, NSA finds Tor users based on the agency’s ability to monitor huge swathes of web traffic through its infrastructure of data-sweeping machines placed at fiber optic 'chokepoints' around the country. Even though you aren’t personally identifiable to the NSA when using Tor, the agency can detect when a user is communicating with the Tor network, which distinguishes your net presence from, say, your aunt across town trying to stream Murder She Wrote. Think of a massive protest in which 30% of the people are wearing Guy Fawkes masks. A police drone can spot them, but can’t snap a picture of their face for identification purposes.
NSA is able to then exploit services within your Firefox browser such as scripts and Flash to potentially infect your computer and send identifying information back to its data farms.
So, is Tor safe?
Kind of. It takes a hell of a lot more effort on NSA’s behalf to unmask someone using the service. But Tor users must be very attentive in how they conduct their browsing habits and in what services they allow to operate through the browser bundle. Plus even when as dutiful as Dexter in covering your tracks, NSA can still correlate your traffic patterns when entering and exiting the Tor network to discover your identity. But requiring that amount of work at least removes the “blanket” from “blanket surveillance,” restoring individualized suspicion as a prerequisite for eavesdropping. If a warrant were required on top of that it would almost be like the Fourth Amendment was in effect or something!
As Edward Snowden famously said: “Encryption works.” He’s right, but it’s important to keep in mind that all current encryption or anonymizing methods can be defeated if enough resources are thrown at it. Insofar as programs like Tor succeed in making it harder to spy on the public however, expect their use to grow.