But Tor’s tens of millions of new friends came with powerful enemies. In a gesture to the transparency of its inner workings, Tor publishes the IP address of every relay in its network. To prevent a government from simply blocking all those addresses, it maintains some semipublic relays that it calls “bridges,” publishing them on chat networks and social media sites. In 2009, China began crawling the entire Chinese-language Web looking for Tor node addresses and blocked nearly all of them.
Since then, Tor has been playing a game of cat and mouse with the authorities who seek to strangle it. And it’s often winning by only a move or two. That’s not enough to satisfy Dingledine. “We need to take big steps if we’re going to stay ahead,” he says grimly. “We need to win this arms race for a while.”
Tor has two aces up its sleeve. One is a plan to build a Tor home Wi-Fi router. The Wi-Fi hot spots, in theory, would sell for less than a hundred dollars each and run Tor by default, automatically pushing all the users’ traffic through the anonymity network. In exchange, it would function as a Tor bridge relay. Tor’s staff hopes those little boxes might add as many as ten thousand nodes, vastly strengthening its network.
Its other secret weapon is a small army of globe-trotting developers. One of them is Jacob Appelbaum. Since Appelbaum joined the nonprofit as a staffer in 2008, the young anarchist has served as one of Tor’s primary coders as well as one of its international evangelists, preaching the gospel of anonymity wherever he goes. In a one-month span just before we met in Boston, for instance, Appelbaum had traveled to Brazil, China, Turkey, Poland, Germany, and England, as well as several U.S. cities, giving talks, rallying like-minded hackers to run Tor nodes and volunteer for the organization, and distributing copies of Tor and bridge relay addresses.
If the users or developers he meets worry that Tor’s government funding compromises its ideals, there’s no one better than Appelbaum to show the group doesn’t take orders from the feds. He refers to capitalism as a “system of violence,” and in spite of Tor’s early navy funding, he speaks disdainfully of those who work with the military as “war profiteers.” In his role as an auto-mythologizing hacktivist, Appelbaum looks the part: His hair has taken the form, variously, of sculpted black spikes, a shaggy side-mop, or a bleached blond crop. His face is studded with piercings that periodically migrate, and tattoos have staked out a growing portion of his body. The largest, on his upper left arm, is a symbol of a peacock taken from the symbology of a group of Satan-worshipping animists he met while traveling in war-torn Iraq. (Several of his personal stories of radicalization—including a few from that trip—were, fittingly, unverifiable.)
But Appelbaum’s best evidence of Tor’s purity from Big Brother’s interference, perhaps, is his very public association with WikiLeaks, the American government’s least favorite website. In a surprise speech at the Hackers on Planet Earth conference in July 2010, Appelbaum gave a keynote address on behalf of WikiLeaks after Julian Assange decided that traveling to the United States spelled legal trouble. Since then, the U.S. government has expressed its displeasure with him by tasking Customs and Border Protection agents with harassing him every time he crosses the border, where the Fourth Amendment’s restrictions on searches and seizures abandon citizens. According to Appelbaum’s accounts, he’s often detained for hours, searched in intrusive bodily detail, and forced to miss any connecting flight.
In those detainment sessions, Appelbaum is separated from any phones, computers, or storage devices that he may be carrying, a painful security breach for a privacy-conscious cypherpunk. After abandoning several computers that he considered compromised, he no longer travels with a hard drive in his machines. How does that work? I ask. “Not very well,” he says.
He takes the harassment with a dose of humor, often live-blogging his run-ins with customs on Twitter and at least once leaving a spring-loaded snake inside a fake can of nuts for a customs agent to find. But the intimidation as he tries to reenter his own country serves as a constant reminder to Appelbaum of the looming threat of prosecution. When the agents interrogate him, he says the questions are always the same: “What’s your relationship to Julian Assange? What’s your association with WikiLeaks?”
Appelbaum usually responds to those questions with stony silence, and he won’t answer them for me either. But when I ask Appelbaum if Tor is in fact the powerful tool for anonymous whistleblowing that Assange and others believe it to be, he smiles. Then he quotes Assange quoting Oscar Wilde.
“Give a man a mask,” he says, “and he’ll tell you the truth.”
Appelbaum was born in Northern California to two poor, freewheeling, secular Jews who never married. To call the environment of his early childhood a dysfunctional family wouldn’t capture just how rarely it functioned at all: Appelbaum describes his mother as a paranoid schizophrenic who split with his father before Appelbaum was born—he would later hear stories that she believed his father had molested him while he was still in her womb. Appelbaum’s father was a heroin addict and, in the eyes of the court, was hardly more fit than his mother to care for their newborn son. The couple’s custody fight would last a full decade of his life.
During that prolonged legal battle, Appelbaum lived with his mother’s sister, but he says she wasn’t ready for parenthood. At the age of eight she sent him to live at the Sonoma County children’s home. One of his only happy memories of the next lonely years, he says, was a night when an older child at the home taught him to hack the building’s combination keypads by blowing chalk dust onto them, revealing the entry pattern in finger oils. Appelbaum remembers slipping out into the night and wandering an empty baseball diamond, for a moment free and in control of his life.
Appelbaum would spend another two years in the home and in foster care before his father won custody of him. Despite seeing him rarely for the first ten years of his life, Appelbaum still paints his father in heroic terms. An actor, director, and member of a band called the Tattooed Vegetables, Ricky Appelbaum ran in the same circles as Frank Zappa and the Lithuanian-American sculptor and dancer Vito Paulekas and was known to have sported half a beard on one side of his face and half a mustache on the other. According to his son, he also became a serial burglar for several years in the 1970s, mostly robbing pharmacies to feed his addiction.
The stories Appelbaum shares of his father’s exploits are legendary, if unconfirmable: how he learned to lift fingerprints from random surfaces, set them in latex, and plant them at the scenes of crimes; how he stole police cars, went joyriding, and crashed them; how, the night he was finally caught by the cops, he’d had a nervous breakdown and lain down behind the counter of a store he had broken into. (In fact, no legal records show any convictions.) Soon after moving in with his father, the young Appelbaum says his father showed him how to crack the safe he kept in his office, listening to its inner workings with a stethoscope.
Like his father, the younger Appelbaum slipped naturally into life on the fringes of society, cross-dressing, dying his hair, and begging for change on the street. As much as he idolized his father, living in his drug-fueled, anarchic world was often nightmarish. The family spent much of its time in homeless shelters or moving from house to house. When they did settle down temporarily, Appelbaum’s father would sublet most of the rooms of their home to fellow junkies to pay for his own habit, leaving Appelbaum with half of the kitchen as a bedroom and only a hanging sheet for privacy.
Appelbaum remembers the cast of housemates who inhabited that broken home: One lunatic who believed he was Anthony Burgess and spent his time rewriting The Doctor Is Sick in blue ballpoint pen. A small balding man who spat on the floor. Two Rastafarian junkies who once used the lightbulbs in Appelbaum’s “bedroom” to smoke mothballs; he woke up in the middle of the night to the sounds of their laughter, choking in the dark on the acrid fumes.
One morning, he walked into the bathroom before school to find a woman convulsing
in the tub with a syringe in her arm. Another day, Appelbaum came home from school and found his own father overdosing on the couch. He had written a note: “Dear Jake. Life is hard. Goodbye. I love you.” Appelbaum woke his father up, walked him around the house, and he survived.
Despite those experiences, Appelbaum doesn’t blame his father for his tarnished childhood. Ricky Appelbaum’s inability to kick drugs, he believes, stems in part from a childhood accident: The elder Appelbaum was hit by a drunk driver at the age of nine and for the rest of his life suffered from incurable pain. Appelbaum himself was hit by a car while crossing the street at the age of fourteen—he was wearing a black dress, black tights, and a purple wig—and still suffers from chronic back injuries. “We weren’t so different,” he says. “I chose computers instead of heroin.”
Appelbaum’s first PC, in fact, was a gift from his father, a Macintosh 7200/90 that was almost certainly stolen. (“Junkies don’t acquire things like that by buying them,” he explains.) A friend at school and a neighbor’s father taught him about networking protocols, the inner workings of operating systems, simple programming. He read the Cypherpunk Mailing List archives and rediscovered its lessons about the power of cryptography to counter authority and violence, how it “shifts the balance of power from those with a monopoly on violence to those who comprehend mathematics and security design.” And the digital world at large offered him an abstract realm free of the corruption of his psychotic and drug-addled home, a place unhooked from reality where he could reinvent himself at will.
Appelbaum had a knack for manipulating that world and its tools. But his formal education was cut short. At the age of twenty, he dropped out of Santa Rosa Junior College to take care of his father, who by then was suffering from cirrhosis of the liver, hepatitis C, and diabetes. To pay his bills and those of his ailing father, he took a job working in a nonprofit that refurbished old computers for charity. On the side, he began volunteering for activist collectives and NGOs, groups with names like Resist.ca, and the Ruckus Society.
In 2002, those gigs led Appelbaum to his first real job: an information technology administrator position at Greenpeace. It was a tougher and more practical education than anything he would have found at Santa Rosa Junior College. Appelbaum learned from a combative, grizzled Linux guru at the NGO who went by the hacker handle Shord. His mentor—and the rest of Greenpeace—took information security seriously. The group’s radical environmentalists often referenced the Rainbow Warrior, a ship Greenpeace used in its antiwhaling activities that was sabotaged and sunk by French intelligence agents in 1985, drowning one of the group’s photographers. “Greenpeace’s security issues are real,” says Appelbaum. “When things go badly, people die.”
Appelbaum’s induction into radical activism was also the beginning of his borderless lifestyle, flying around the world to participate in the group’s direct actions. He helped perform reconnaissance for a San Francisco stunt in which the group dropped a massive banner over the Wells Fargo building to protest its funding of Appalachian mountaintop-removal coal mining. At one point he flew to Amsterdam to meet the Dutch cypherpunk Rop Gonggrijp and his business associates, who handed over Pelican cases of CryptoPhones. Greenpeace was among the first independent organizations to test those encryption-enabled mobile devices, now widespread among intelligence agencies and those that fear them.
When he wasn’t working for Greenpeace, Appelbaum volunteered and contracted his computer skills to groups like the Rainforest Action Network, the Tactical Tech Collective, and the Open Society Institute. He met Roger Dingledine and Nick Mathewson at the Defcon hacker conference at the Bellagio Hotel in Las Vegas, and soon began volunteering for Tor, too, running Tor nodes on whatever PCs he had available. Dingledine, in return, became Appelbaum’s educator in all things anonymous. “Roger is the Gutenberg of anonymity. He taught me how to think,” says Appelbaum. “They were welcoming. They had a community. I joined it.”
Out of his shattered childhood, Appelbaum had assembled a life on the front lines of digital activism. And then it all fell apart again.
Ricky Appelbaum died four days before Christmas in a San Francisco hospital. The younger Appelbaum blames the junkies who had shared his father’s home. He says they had withheld his drugs, repeatedly injecting his legs instead with warm water. When Ricky Appelbaum died of cirrho – sis and infected abscesses in his legs, they left the apartment with practically everything he owned. The police, his son says, weren’t interested in investigating. He claims they told him that “no one cares about junkies” and instead threatened to arrest him for possessing his father’s drug paraphernalia.
“My hatred of authority was pretty much solidified,” he says.
After his father’s death, activism no longer felt like enough. Appelbaum wanted to escape American society, to “stop contributing to a world of bullshit evil,” as he would later describe it. He decided to leave the United States and visit an old friend from Greenpeace who had started a wireless infrastructure business in a place as far as possible from San Francisco and the ghost of his father: Iraq.
No military escort or even a visa; he would smuggle himself over the northern border with Turkey. “I guess I was tired of my first-world problems,” Appelbaum says. “I decided that I would either come back whole, or come back full of holes.”
In the months before Julian Assange dropped out of college in 2005 to pursue his antiauthoritarian dreams, he was plagued by ideas that seemed to have lodged in his mind, so deeply that when they emerged in discussions with fellow students, they burst forth almost as fully formed lectures.
One of the topics over which Assange obsessed was the Bourbaki, a circle of 1930s French mathematicians who all wrote under the name Nicolas Bourbaki. The Bourbakis’ goal was to create a new groundwork for mathematics out of solid and apparent first principles. Seeking to delete ego from their rigorous, systematic work, they assumed the Bourbaki name to expel all public identity beyond that of the group itself. Assange dreamed of a group that would apply the same ideas to journalism, building stories out of public documents available to all, and posting them under a single, pseudonymous byline.
Another of Assange’s idées fixes, one fellow student remembers, was onion routing. And over beers one evening in an Irish pub called Pugg Mahones at the edge of Melbourne University, he laid out Paul Syverson’s elegant idea to that friend in pedagogical detail: a wrapped ball of information shedding skins as it bounced between relays from secret origin to secret destination. The perfect conduit for Oscar Wilde’s masked truth-teller.
In 2005, Assange quit school and moved into a nearby house that became a proto-headquarters for what would become WikiLeaks. He covered the walls with blueprints for the site’s architecture, code, and mathematical formulas. He worked for long hours, installed a red lightbulb in his bedroom in an effort to regulate his sleep, and ate little. The house filled with fellow hackers and like-minded activists who would crash in the house rent-free in exchange for working on Assange’s project.
WikiLeaks, in its original conception, would use a wide variety of tricks to keep the world—and even itself—totally ignorant of its sources’ identities. It deployed Secure Sockets Layer encryption like any banking or e-commerce site to scramble its communication with all visitors and obscure its content from snoops. One of WikiLeaks’ initial advisers, Ben Laurie, had invented an open-source version of that protocol for the Web server software Apache, OpenSSL, that nearly half the world’s websites use today.
Encryption wasn’t enough, however. WikiLeaks didn’t want to simply hide what sources said, but rather completely obliterate any way of finding out who they were. The server that ran the site would keep no logs of any IP addresses of visitors; Assange would risk no Penet-type subpoena debacle. But WikiLeaks added another, unique trick to that end: a script that launched in the browser of any visitor to the site and generated commands that looked like ra
ndomly sized submissions to WikiLeaks’ secure server. To anyone snooping on WikiLeaks’ visitors, it would be impossible to distinguish between those who had come to the site to read its publications or make a donation and those who intended to drop secrets. Thanks to the cover traffic of spoofed submissions, everyone looked like a leaker.
But it was Tor, of course, that would become WikiLeaks’ core tool for protecting the anonymity of both its most sensitive sources and the site itself. The leaking site’s submission system would run a Tor Hidden Service, so that users could access it through rendezvous points in its volunteer network of relay nodes. The submissions server’s location would be just as hidden as that of the user. In theory, no one who wanted to launch a digital or legal attack on the site would even know where to begin, and sources would have the assurance from Tor that their identity was as anonymous as any Web communication could be.
In the early WikiLeaks developer communications leaked by John Young, Assange also describes physical drop-offs: mailing addresses where sources could anonymously send materials ranging from CDs to thumb drives to paper documents. Some would be “deniable” submissions addresses, in that the material would be encrypted with WikiLeaks’ public key, and the drop-off handler wouldn’t have the private key to unscramble the material. The uploader would never have any knowledge or responsibility for the leaked content. But other volunteers would accept unencrypted documents by post and even scan in reams of paper submissions and convert them to text files.
The postal system, for anyone careful with fingerprints, has the potential to be more anonymous than any means of digital communication. But aside from its snailish speed, physical mailings with no return address have an obvious bug compared with onion-routed digital leaks: They don’t provide a way to write back. In the United States, even setting up a post office box as a return address requires two forms of identification, hardly the ideal feedback channel for an anonymous leaker.
This Machine Kills Secrets Page 18
