To hackers, spies, and cyber-criminals these days, calling Tor “secure” is a bit laughable. There are so many exploits and workarounds, along with unavoidable weaknesses to side-channel attacks performed in the physical world, that in some cases the false sense of cyber-security can end up making relaxed use of Tor less secure than paranoid use of the regular internet. If you’re someone looking to buy some weed on the internet (or communicate securely with your mistress), Tor is probably alright for you. If you’re looking to sell some weed on the internet, get in contact with a government informant, or share sensitive information between foreign activists, it probably isn’t. Tor is looking to change that.
This is coming specifically in the wake of recent revelations of wide-ranging vulnerabilities in Tor’s anonymity protocols. A high-profile expose accused researchers at Carnegie Mellon of accepting a government bounty (reportedly a cool million dollars) to de-anonymize certain Tor users (those specifically mentioned in the expose include a child porn suspect and a Dark Market seller). Their attack vector and others are just what cynical hacker-forum users have been prophesying for years, things like malicious Tor nodes and directory servers that exist solely to suck up the personal info of those Tor users they serve.
One major initiative involves the algorithm governing the selection and use of “guard nodes,” which are the first anonymizing nodes used by a Tor hidden service, and thus the only nodes interacting with the legitimate IP, directly. Right now, a Tor connection might use multiple guard nodes and as a result open itself up to more vulnerability than necessary — now, the developers want to make sure that Tor connections use the minimum possible number of guard nodes, and preferably just one.
Another push hopes to reinforce the wall between dark web domains, the crawlers used by search engines, and specialized server-finders. One of the strengths of a hidden service is that it’s hidden — not just the physical location of the server hosting the service, but the digital address of the service itself, unless you’re specifically handed the randomly generated onion address. Keeping hidden services off of search engine results means that a private service can remain private, used only by those people specifically handed the address. Should an attacker find that address, Tor’s anonymity protocols should protect it. But attackers can’t even try to access services they have no idea exist.
If you’re up to delving a bit deeper into the Dark Web, and you don’t mind looking at 99 useless sites for every interesting one, boot up the Tor Browser and take a look at this ingenious hidden service indexing tool for an idea of the level of crawling that can currently be done on the Deep Web.
The Tor Project exists to provide anonymity — that is its main function, and all other functions are in service to that. So, to attack the security of a Tor user (even a legitimately horrible criminal) is to attack Tor itself. It’s a tough principle to stand behind, at the end of the day — to get mad about police efforts to catch child pornographers. Yet, the security world is united; security researcher Bruce Schneider has called Carnegie Mellon’s alleged collaboration “reprehensible,” as did numerous other academic security researchers.
Their reasoning is sound. There is simply no way to attack the availability of anonymity to bad people without also undermining the availability of anonymity to good ones. We also need to have a class of disinterested researchers who can interface with the criminal/quasi-legal cyber underground and have meaningful, honest conversations — we need this for social understanding, the maintenance of free speech, and effective law enforcement.
That’s not a perspective that seems to exist in the government, to any extent. The recent terrorist attacks in Paris have led to sustained attacks on encryption and anonymity, even before the investigation produced any evidence that the attackers had used encryption, and certainly in absence of any evidence that if they had not used encryption that they would have been detected reliably by French or international security agencies. The New York Times, which broke the story of an alleged encryption aspect to the attacks, has since pulled the story from their website.
Of course, the hacker/security community will take some time to win back, and may never return to the fold. There’s a significant number of people who still believe that Tor is an elaborate government honeypot with zero real security from government spying. That’s unlikely, but ultimately it’s the perception that counts. Can the Tor Project win back the hardcores? Perhaps not. But with its continuing, aggressive updates, it could keep us normies safer as we browse drug-lists without buying, stare uncomprehendingly at ISIS statements posted in Arabic, and just generally indulge the extremes of our intellectual curiosity.
In other words, it could keep the basic tenets of liberty alive just a little bit longer.