Tor and Anonymous Communications
Facilitated by Roger Dingledine, The Tor Project
What do the Department of Defense and the Electronic Frontier Foundation have in common? They have both funded the development of Tor (torproject.org), a free-software anonymizing network that helps people around the world use the Internet in safety. Tor's 1500 volunteer servers carry traffic for several hundred thousand users including ordinary citizens who want protection from identity theft and prying corporations, corporations who want to look at a competitor's website in private, aid workers in the Middle East who need to contact their home servers without fear of physical harm, and ordinary people in China, Iran, Belarus, etc who want to reach all the sites on the Internet.
I'll give an overview of the Tor architecture, and talk about why you'd want to use it, what security it provides, and policy and legal issues. Then we can open it up for discussion about open research questions, wider social implications, and other topics the audience wants to consider.
Sesssion notes:
Tor (torproject.org; tor.eff.org)
participant goals for the session:
- providing the service. running tor server
- learn more. what can i do to provide tor server, do syncs over tor with indymedia to overcome seized servers
- learn more. have choice to be tracked or not
- curious about data security for org and clients
- large scale security, strengthening systems, privacy
what is tor?
- run it on your computer
- sends your web browsing, messsaging through it
- 1500 tor relays route the traffic through relays
- connection only sees what hte last hop is
- people watching locally can't see where you're going
- people in the middle can't tell source or destination
source of project: onion routing project
a top focus: overcoming blocking of connections to tor network
int'l broadcasting bureau: funder who wants people to see their websites without being blocked
stakeholders:
- law enforcement
- civil rights
- corporate
- research orgs
better to have lots of stakeholders than just one.
vocabulary used at different times, to different audiences:
- anonymity
- security
- privacy
There are lots of corporate data breaches and potentially some of that could be curtailed by a tool like Tor that could disguise where data is coming from (still doesn't get around the fact that it should be encrypted outside the Tor network).
australia & china's filtering are basically the same, just with different political approaches.
- china: doing it anyway
- australia: asking population if they want it, then doing it anyway
Brazil isps sniff packets & report to IP gov agencies and there is another law coming up that is making it a lot worse.
aol published millions of search queries
- removed ip address but used same identifier for each ip - searches by same ip could be located by the context of the query "pharmacies near 123 main st, oakland" can be linked to all other queries from same ip
things are encrypted within the tor network but not when it exits
tor client doesn't store anything but... the application (ie firefox) might. developing firefox extension to limit info firefox stores.
tor is one of many ways to keep safe:
- properly configured firefox
- safe browsing habits
- use ssl when logging into anything
- if you want to be anonymous, don't make yourself identifiable in your data, computer name, etc.
how configurable is tor?
- 150 config options - but is it best to use them?
- if the goal is to have everyone blending together, do different configurations expose communications to an adversary.
- default configuration is fine. if you're in a country that blocks tor, some config might be necessary.
is the # of hubs configurable? no
- by default tor picks 3 hubs. # of hubs doesn't make you safer
- the vulnerability is someone watching the beginning and end. complexity in the middle isn't important beyond the # of available hubs.
latency
- bounces around the world - 3 hops
- there's some delay at each relay - 100,000s of user going through 1,500 nodes
- low bandwidth relays are slow >> congestion
- load balance isn't ideal
- congestion mgmt needs to be improved
file sharing clogs the system, VOIP over Tor would be really tough
- solution in Sweden: a encrypted VPN file sharing service called relakks
- Sweden doesn't have data retention laws
Tor is great for IRC & SSH
how important is it for people who aren't as concerned about the info they're transmitting? does it help to have more "noise" going through the network?
- no
routing questions
is it asynchronous?
- tor builds a circuit/chooses a path. tcp stream always goes through that path.
tor is limited to tcp
tor is transparent
- documentation on how tor works, how to build your own tor server
- different from non-free software orgs who just want clients to trust them
- users are surprised at the transparency
every tor client can be a tor server