Since Tor employs the uniquely targeted scrambling of public key encryption, each layer of onion skin is wrapped in a way that can be unwrapped only by the next node. All the messengers have keys to a layer of the onion, but they can only open the layers specifically addressed to them. So that first node in the chain might see that an Iranian informant wants to visit a website, but it can only open the layer of encryption that tells it to pass the rest of the onion on to a node in Cupertino. Even if Iran’s secret police control that relay, they’ll never know that the data jumped from California on to Berlin and finally to the CIA website in Langley, Virginia.
But is Tor secure enough to stymie the CIA itself, along with its brainier cousin, the NSA? The typical answer to that question is one I hear from Chris Soghoian, a Soros Foundation fellow who lives in Washington, D.C., and spends his days fighting for stronger privacy and anonymity regulations. “Have you got a better alternative?”
Tor, as Soghoian and most other security researchers will tell you, is not secure. For those who have watched the world of cryptography long enough, nothing is. Every crypto-system has hidden weaknesses that another cleverer cryptographer will ferret out. And almost any scheme can be cracked with enough time and computing power. But “Tor has been torn apart and banged on for years,” says Soghoian. “Every year flaws are found and fixed. Because of that, it’s better than the rest. It’s the only solidly peer-reviewed anonymity system for real-time communications.”
In fact, Tor has been shown to be vulnerable to a slew of brilliant attacks, most found by Tor staffers themselves. One, for instance, involves a website feeding the user a sequence of data that can be recognized coming out the other side of the network to match up a user with his online activities. Another uses flaws in common file-sharing programs to reveal the IP addresses of the programs’ users and then extrapolate the addresses of others. A third depends on the temperature of the servers: Hotter computers run faster, and an attacker can start to recognize and analyze Tor Hidden Services based on fingerprinting those timing differences.
Whether those attacks could be performed at scale to identify a leaker remains an open question. If anyone could perform massive cryptographic and signals intelligence feats on large networks, it would be the NSA. For now, there’s no known real-world case of Tor being broken to identify a user. (All signs still indicate, for instance, that it was Adrian Lamo, not the NSA, that ultimately fingered Bradley Manning, the Tor user federal agencies would have liked to have identified more than practically any other.) Even many of those who are most skeptical of Tor’s security suggest that users seeking absolute anonymity should still use the tool along with other, commercial proxy services to create extra layers of defense.
But it can’t be denied that Tor has a fundamental flaw, and one that is also its greatest strength: Any agency or individual can set up a Tor node on a computer. By subtly starting up hundreds or thousands of nodes around the world, the U.S. government might be able to get access to a large enough fraction of the comings and goings of Tor users to map out their communications and find their endpoints. To do so, of course, would mean ingeniously disguising the nodes and competing with every other government that seeks to track the network, many of whom might not be keen on sharing their intelligence.
In fact, Tor’s community-built properties are fundamental to its functioning. They were, in some ways, the seed that germinated from an idea deep inside the military’s institutional mind into the public Tor Project as it exists today. And if onion routing’s inventors hadn’t needed to share the technology beyond the walls of the Pentagon to make that volunteer system work, it might never have become a software Frankenstein’s monster, directing mayhem directly back at the agencies that created it.
When Paul Syverson, the researcher known by many today as the “father of onion routing,” arrived at the Naval Research Laboratory in 1989, most of his degrees were in philosophical logic, not mathematics or computer science. As an undergraduate bumping up for the first time against ideas from epistemic logic—a field that seeks to rigorously answer formalized questions about what can be known—he pored over the puzzle books of Raymond Smullyan, the eccentric writer, pianist, and magic performer. (Smullyan once dazzled the audience on Johnny Carson’s Tonight Show with questions like this one: Say you have three opaque containers of coins, one full of nickels, one of dimes, one of both types of coin mixed together. All three have been mislabeled with one of the others’ names. How many coins do you have to pull at random from each jar to properly rearrange the labels? The surprise answer: just one coin from the container labeled “mixed.” Late night television audiences were clearly more entertained by epistemic logic puzzles in 1982 than they would be today.)
Smullyan would later sit on Syverson’s dissertation committee at the University of Indiana, and often wandered into the young graduate student’s office to pull cards out of Syverson’s ears or rehearse logical scenarios with the younger researcher. Smullyan’s books permutated ever-more-complex versions of a type captured by a well-known riddle, the one about asking directions from two men, one who always tells the truth and one who always lies. His increasingly tangled conundrums were populated by vampires who always lie, humans who always tell the truth, insane humans who think they’re telling the truth but lie, insane vampires who think they lie but actually tell the truth, and some in-between actors whose truth-telling is utterly unpredictable.
So it’s fitting that when Syverson approached the problem in 1995 of how to route the Web’s information anonymously, his solution would depend on tolerating many thousands of untrustworthy characters.
Syverson, with fellow NRL researchers David Goldschlag and Michael Reed, was determined to build a Mix Network for the Web. But they faced the same challenge that inspired Lance Cottrell’s Mixmaster e-mail anonymity program: Clever spies can correlate messages going in and going out of a network based on timing. “The bad guy watches three bytes go in and three bytes come out,” says Syverson. “When the data is moving in real time, it’s an analysis that’s easy to perform, and hard to defeat.” Lance Cottrell had solved that problem in Mixmaster by designing the program to collect individual messages for hours or even days, the better to obscure their timing. On the Web, where users hardly tolerate a second’s delay, that approach would fall flat.
So the researchers suggested a less-than-elegant fix: a network so big, with data going into and coming out of thousands of nodes, that matching up the head and tail of every connection in real time becomes a matter of finding two ends of a needle in a haystack full of bits of needles. “If your adversary is in a position to watch both ends of the communication, he wins,” says Syverson. “But if the adversary can’t see those ends, he doesn’t even know where to start looking.”
And the most practical way to expand the network? Invite everyone to join it. The NRL team imagined a volunteer network run by a diverse crowd of hosts, each controlling its own piece of the mix of relay nodes. In that populist system, no user can trust every node. But every user can be relatively sure that no single host—not even the system’s creator, the navy—is watching the entire network and tracing users’ paths. (Today Tor has more than three thousand nodes, each receiving and sending off data packets in unpredictable paths, and Tor’s organizers hope to someday broaden the network of relays to tens or even hundreds of thousands more.)
To work, that volunteer mix didn’t just need to be big. It needed to be diverse. Lots of unlikely bedfellows hosting nodes—everyone from the U.S. intelligence agencies to cypherpunks—attract a motley network of users. And without a diverse set of users, an anonymity network is hardly anonymous; if only the navy used Tor, it wouldn’t take much Smullyanian logic to figure that anyone using Tor would be part of the navy. For Tor to offer meaningful anonymity, the military had to set it free, to be both maintained and used by everyone from hackers to revolutionaries to criminals to G-men.
The Naval Research Lab’s idea of recruiting a volunteer network wasn’t Tor’s cleverest trick—just a formalization of what Mix Networks had already been doing since the early cypherpunk days. But to work at Web speed, Tor also needed a new, faster way to route data at Web velocity through its three-stop circuit. Chaum’s original idea used public key encryption to scramble the data it sent from one node to the next, a process that took as much as a thousand times too long for real-time traffic.
So the NRL team suggested a shortcut. Old-fashioned symmetric key encryption, where the same key is used to encrypt and decrypt data on both ends, is far faster than the public key encryption invented by MIT’s cryptographers in 1977. But symmetric key encryption is less secure, in that the keys have to travel to their destination and might be eavesdropped.
If, however, those symmetric keys are themselves encrypted with public key encryption and only decrypted once they reach the nodes in the network, they can be securely set in place, well guarded and ready to decrypt data far faster than public key encryption keys.
In Syverson’s system, each node would use slow, secure, public key encryption to generate public keys for encrypting and private keys for decrypting. Then the user’s software would triple-encrypt the first parcel of data with the public keys of three randomly selected nodes in far-flung places around the globe, just like any Mix Network. But the first message sent along that triple-bounce path wouldn’t be any real communication from the user. It would simply hold three more keys, of the old-fashioned symmetric key encryption sort. Only once those new, speedy private keys were placed safely in the three nodes around the globe, laying out a path to their destination, would the user start sending packets of real content bundled in three layers of symmetric key encryption that the relays could peel off, one after another, at blinding Web speed. (In fact, Tor today repeats that entire preparatory process every ten minutes, repeatedly laying down new paths with public key encryption to offer one more safeguard against surveillance.)
Syverson coined the term onion routing because the first data package to travel across the network was less like a triple-wrapped rock with a hard center of information than an onion, with nothing but layers all the way down. It would be a carefully wrapped envelope with no message inside. The crucial data held by that envelope, like the sweetness of a Georgia Vidalia, was in the skin itself.
Even with the navy’s innovations, Tor was still just an idea. But it bounced around Syverson’s brain for years like so many triple-encrypted data packets, well after Goldschlag and Reed had moved on to other research topics. So when Syverson received a grant from DARPA to revive the project in 2001, he needed help: The father of onion routing, despite his logical prowess, had never quite learned to code.
Syverson had met Roger Dingledine a year before at the Privacy Enhancing Technologies conference in Berkeley, where the recent MIT graduate was presenting his own digital-freedom-focused brainchild, a project Dingledine called Free Haven. Dingledine, a ponytailed and apple-cheeked savant with strangely unblinking eyes and a robotically logical manner of speaking, explained that Free Haven would function as a distributed, uncensorable publishing system. He pointed to examples like the property records that had been destroyed in the Kosovo refugee crisis in the late nineties: Kosovars displaced by Serbian attacks returned to their land to find that no one had any formal proof of who owned what. “Someone didn’t want those records around,” says Dingledine. “If Free Haven had existed, there might have been an archive of that data. And it wouldn’t have been vulnerable to political, social, or corporate pressure.”
Dingledine’s project, outlined in his master’s thesis at MIT, depended on distributing information among many anonymous volunteer publishers and constantly grading how reliably each node served up data. To Syverson, it sounded like a project near to Tor’s heart.
By the time Syverson found Dingledine, the young hacker had joined a Cambridge start-up called Reputation.com and was using ideas analogous to his Free Haven reliability system to grade the reputation of suppliers in business-to-business commerce. The system presaged the reputation network used by eBay to rate buyers and sellers, and offered plenty of intellectual challenge. But it lacked the political drive of Dingledine’s anticensorship work. So when Syverson asked Dingledine to help him implement a real-world tool for creating total anonymity, Dingledine was ready to jump. Syverson was soon using DARPA’s money to contract work from the younger researcher, and then convinced him to leave Reputation.com outright.
It wasn’t long before Dingledine’s role at Tor started to exert a gravitational pull on his closest college friend and co-worker at Reputation.com, Nick Mathewson.
A few years earlier, Mathewson and Dingledine had immediately bonded as freshmen at MIT. Mathewson had grown up watching and rewatching Tron on VHS, fiddling with PGP, and reading the Cypherpunk Mailing List archives. Dingledine, raised in North Carolina, had found early dial-up access to the Internet through the University of North Carolina at Chapel Hill’s VAX system and created an architecture for networked, text-based dungeon worlds where users could meet, talk, and embark on fantastical quests.
The two teenage hackers moved into MIT’s Senior House, a dormitory with a legendarily bizarre culture, captured best by its official emblem: a star-spangled-banner-emblazoned skull with the words “Only life can kill you” in its teeth and the motto “Sport Death” written below. That two-word phrase, once found written in pen in the MIT library copy of Hunter S. Thompson’s Fear and Loathing on the Campaign Trail ’72, denoted an attitude of pushing life to its limits, whether in politics, recreation, or hacking. “Sport Death” culture mixed MIT nerdery into a stew of anarchism, leather jackets, drugs, and polyamorous sex. Music blared at all hours, boxes of computer components often littered the hallways, and sleep was generally considered an occasional nuisance.
Mathewson painted the larger two walls of his room bright red, and the other two black. His theory was that the red walls’ psychosomatic effect would keep him alert and reduce his sleep requirements, with the black ones offering enough contrast to shock his brain into hyperactivity again every time he returned his gaze to the red. Mathewson and Dingledine spent much of their college lives in their rooms, hacking away at a half-dozen computers, each kept running constantly. Dingledine named his flock of PCs and servers after Lord of the Rings characters, while Mathewson named his after personae from the songs of Frank Zappa. “Most of the interesting things I did in college, I did in software,” says Mathewson.
Mathewson and Dingledine subscribed to Sport Death’s antiauthoritarian politics, and they lived by the mantra embodied by Tim May and Eric Hughes: “Cypherpunks write code.” Don’t spend your time arguing with politicians in the physical world about the rules of the digital one. Create the digital world and, with it, your own rules. “Network protocols are the unacknowledged legislators of cyberspace,” says Mathewson. “We believed that if we were going to change the world, it would be through code.”
So when Reputation.com suddenly found itself sinking into the quicksand of the dot-com bust, Mathewson was ready to join his comrade in digital progressivism at Tor. Funded by the navy and DARPA for the next three years, Dingledine and Mathewson took apart the tangled code-base developed by the NRL and rebuilt it from scratch. By 2004, there were still only about a hundred nodes on the nascent Tor network, mostly researchers who were curious about the project—Mathews
on and Dingledine, perhaps still living in an MIT-like bubble where everyone was an adept hacker, were distributing Tor as raw source code, tough to use for nongeeks.
The civil liberties group, the Electronic Frontier Foundation, on the other hand, saw Tor’s potential for mass adoption: They injected another round of funding for Tor to create Windows, Mac, and Linux versions that anyone could install, and Tor’s network quickly mushroomed out to several hundred more relays.
But it was only in 2006 that Tor’s value suddenly left the realm of computer science theory and jumped onto the world stage. That year, Dingledine and Mathewson started to get e-mails from users in countries like Iran and China, regimes that filter their Internet and monitor it to spy on opposition groups. Tor, unbeknownst to the hackers who created it, had accidentally become one of the world’s most effective censorship circumvention tools. By encrypting traffic and routing it indirectly to and from websites via foreign nodes, Tor stymied the digital filters in countries that weed out sites with antigovernment messages and pornography. And unlike other services that promise to skirt censorship—programs like Freegate, Ultrasurf, Hotspot Shield, and Psiphon—it doesn’t merely give users access to verboten content while potentially allowing the regime to track their online activity. Tor offers a portal to the Web that’s both censorship – and surveillance-free.
The Broadcasting Board of Governors, a little-known U.S. government agency responsible for U.S.-run media outlets like Voice of America, Radio Free Europe, Radio Free Asia, and the Persian-language Radio Farda, contacted Dingledine and asked whether he’d be interested in financial backing to make Tor sleeker and more usable for its censor-skirting audience. The State Department followed up with its own infusion of cash. The result was enough funds to pay the project’s entire small staff and develop a new incarnation of Tor known as the Browser Bundle, a program that can be installed with more or less two clicks. Tor incorporated as a nonprofit. Since then, both its number of nodes and users have exploded. The service added thirty-six million users in 2010 alone.
This Machine Kills Secrets Page 17
