Everyone has the right to freedom
of opinion and expression; this right
includes freedom to hold opinions
without interference and to seek,
receive and impart information and
ideas through any media and
regardless of frontiers.
– Article 19, The Universal Declaration of Human Rights
I make no secret of the fact that I use Tor, and that I run a Tor Relay. Admittedly I don’t use Tor as often as I perhaps should – but a lot of my browsing is on websites where I have an account that’s already associated with ‘real-world’ me, thus negating the purpose of Tor. Given the recent headlines, I figured now would be a good time to explain what Tor is, and why I encourage its use.
What is Tor?
Tor is software developed by the Tor Project that aims to ensure that your ISP and middle-men cannot correlate who you are with what you’re doing on the internet. The idea is that you download the Tor Browser Bundle – a one-click package of everything you need. Then when you browse the internet using the provided browser (a modified Firefox) you are routed through 3 volunteer relays in a way that guarantees forward secrecy, before the last node actually sends your request to the website in question. The way the encryption is set up means that when using Tor the ISPs, and anyone listening before your data reaches the first Tor node knows only that you’re running Tor, but not what you’re doing. The 3rd ‘exit’ node, and anyone listening to the connection between them and the destination website can only see your data, but not the original source. As far as the website is concerned your IP is that of the exit node. When you combine this with HTTPS connections secured with SSL even the exit node can only see the site you’re visiting, without seeing any of the data being passed back and forth. The EFF has a nice diagram summarising this.
Thanks to this it provides a way to secretly access websites that you may not be able to. In Turkey for example, it can bypass their web firewall so users can read news about what is really happening. Tor’s usage skyrocketed during the height of the recent Egyptian revolution.
A second feature of Tor are its ‘Hidden Sites’ these are websites who accept connections directly from Tor without having traffic go back over the ‘clear net’. This way there is no ‘exit’ node to spy on your data or site. Your connection is fully encrypted. There are Wikileaks mirrors for those wishing to view that data. There’s an e-mail service so you can send and receive emails (even interacting with clear web email addresses) entirely anonymously. The New Yorker has an anonymous document submission/communication platform as a Hidden Service (the second link won’t work unless you are using Tor).
What’s a Relay?
A Tor Relay is a computer with the Tor Software installed that has volunteered to be one of the middle-men in other peoples Tor connections. They provide the bandwidth that can make the Tor experience faster and more stable. An ‘Exit Node’ is a special kind of Tor Relay that has additionally volunteered to be the last Tor node before a connection jumps out onto the clear net. By running a normal relay I can help ensure that whistleblowers and dissidents can access the information they need to do their job.
Any downsides?
Like anything, it’s not perfect. There are known attack models – if all three of the relays you route through are run (or have traffic logged) by the same organisation, they could in theory perform timing analysis to work out which data stream is yours. There’s also the fact that it is significantly slower – streaming data is out of the question (even more so because Tor is TCP and doesn’t innately support UDP). And naturally like all privacy preserving tools, it can be used by the bad guys as well – Tor semi-often hits the headlines because of the Silk Road – a drug marketplace that operates as a Tor Hidden Service. But humanity is mostly good. Some people can do terrible things, but in the grand scheme of things I believe that the good it enables, and that humanity uses it for, greatly outweighs the possible negatives.
So who the heck is funding this?
One last point. The Tor Project makes no secret of the fact that they were originally founded and are funded by the US Navy. But as you can see, there is now a wide diversity of funding coming in. And if that isn’t enough, Tor’s Projects are entirely Open Source (including the core Tor code) – you can download the code, submit patches (please do that!), and check there are no back doors.
Did I see mention of a free T-Shirt?!
Yes. Yes you did. I have my free t-shirt. Get yours for running a 500KB/s relay for two months. Or a 100 KB/s exit that allows Port 80 (HTTP) traffic. (I do the former).
—–
Privacy is important. Especially for those whose governments are actively stopping their own people from being well-informed. You can make a difference. ^_^
Update: I finally found a link I was looking for, but couldn’t find. I’ve added it to the Hidden Sites discussion.
I’m interested in running a Tor relay – any comments on which ISP would be better for a UK home user? Given “traffic management” (i.e, your ISP will penalise you for running something like a busy Tor relay) and terrible upload speeds for most consumer broadband lines (i.e. your upstream will probably suck, slowing down the Tor circuits that use you as a relay), I’d appreciate your input.
I run a Tor node (non-exit) on my BT Unlimited Broadband domestic connection. I advertise a node bandwidth of 100KB/s (approx. 100×1024 bytes/s or 800×1024 bits/s) in my torrc file. This is within the (restricted) upload speed of my broadband connection.
My contract says it allows “Totally unlimited usage” as far as the amount of data I can download/upload in any period. In fact, much to my annoyance, BT recently removed the usage monitor page I regularly used. In answer to “Why can’t I check my broadband usage any more?”, BT says that “We don’t want our customers wasting time monitoring usage when there’s no need to. Having unlimited broadband means you don’t need to worry about your internet usage: you won’t pay any usage charges no matter how much you use.”
Furthermore, my broadband contract AUP says nothing that precludes running Tor nodes, even exit nodes.
I had a 5-year old high-end professional laptop lying around so installed Ubuntu linux and the latest version of Tor on it and had the whole package up and running within an evening.
I hope this info is of help.
Quentin