The war on encryption
“Nothing to hide, nothing to fear” doesn’t work in the digital age.
Certain schools of thought would have us believe that Tor and other privacy/anonymity services are the preserve of terrorists, drug dealers, paedophiles and organised crime rings. These “four horsemen of the infopocalypse” (a term coined by Cyphernomicon author and Intel veteran Tim May) undoubtedly use Tor, and all manner of other privacy tools too, but one should be careful about vilifying those tools rather than the criminals themselves.
Exactly what proportion of Tor users are engaging in these sorts of crimes is hard to estimate, but many thousands of people use Tor for entirely different reasons. Facebook operates a hidden service at facebookcorewwwi.onion which helps about a million people each month like, comment and share cat pictures. And decoded:Legal can be found at decodedsbwzj4nhq.onion. We talked to Mansour (name changed), a UK-resident who’s family fled Iran in the 80s: “Because the Iranian Revolution happened so close to the fall of the Soviet Union, a lot of Marxistinspired idealogies sprung up around that time. Some of these were more communist, some more socialist, it’s hard to classify, but a number of left-leaning groups appeared. Some of those groups had factions that used militant tactics. My parents were on the fringes of one of these groups, and when that group’s activities became unacceptable to the Ayatollah, we had to flee”. Under Sharia law dissidents face charges of ‘waging war on God’, which is punishable by execution. Their families can become targets, too. Mansour still has family there, and uses Tox running on Tails to keep in touch with them. “During the Green Movement, back in 2009, Iran pretty much shut down the Internet. This tactic worked okay back then, but now so much of the country’s economy depends on it that censors have to be more selective.” Social media sites are regularly blocked during protests, and the Cyber Security Command Centre heavily monitor their use at other times. Iran and other repressive regimes (Belarus, Turkey
turkeyblocks.org, Russia and China) have managed to block Tor traffic in the past. The list of Tor relays is available in a public directory, so it’s just a question of keeping on top of this. In response to such tactics, the Tor Project introduced Bridges: unlisted relays that stymied users can connect to. A random list of three bridges is available from
https://bridges.torproject.org/bridges, or by sending email to bridges@torproject.org. As long as users can access these services they can circumvent state blacklisting. The Tor
BrowserBundle also ships with a list of preconfigured bridges, but obviously these are subject to the same censorship.
Malicious nodes
A malicious VPN has the potential to spy on all of its users’ unencrypted traffic. Assuming those users provided valid names and addresses with their payment details, then the VPN can deanonymise them trivially (this in itself is a case for paying with cryptocurrency). A malicious Tor exit node can spy on all the traffic passing through it, but this traffic will come from multiple users, none of whom can be readily identified since they’re hidden behind two other relays.