Tor is Dead – Long Live Online Anonymity!

Or, Winning a Battle and Losing a War

The recent cases in which the US government spies took down some of the largest Tor services, Freedom Hosting and Silk Road, is, in my opinion, the death knell for Tor in its current incarnation. The US has proven that Tor’s triple encryption, anonymizing servers were no match for the long, strong arm of the law which employs tens of thousands of engineers to destroy the anonymity provided by the service. I should state that the underlying technology is probably still sound, but the damage done and the vulnerabilities shown by recent events demonstrate its fragility. Tor has an article on their position.

Here is Tor’s statement on their service:

Just using Tor isn’t enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications.

The US has even forced domestic providers of encrypted email services to shut down or face treason charges if they do not provide a way for the NSA, CIA and FBI to spy on their users.

While the government may have won the battle, we as a people have lost the war. Tor was a service that was used by reporters, dissidents, whistle blowers and even victims of domestic violence to communicate and learn without fear of discovery by hostile forces. The fact that those people can now be tracked down is a beacon of hope to repressive governments and terrorists everywhere, who had despaired of finding the leaks in their countries.

It’s also true that criminals were also using Tor to make money and advertise their services. In examining the balance of allowing some degree of crime versus ripping the lid off of online anonymity, the US government agencies decided that shutting down a website and a hosting service were more important.

Essentially, the proof of concept is there: Tor is dead. There is no way the service in its current incarnation can survive. Too many weaknesses have already been exposed. Privacy advocates and criminals are not going to sit and mourn, however. They are already on their way to building a better, stronger anonymous web. There are already new private networks out there such as I2P, Phantom, FreedomBox, and more that promise much stronger privacy controls.

In a statement, the EFF has said:

Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides….

Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that….

So yes, criminals could in theory use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things…

So the issue is clearly not that criminals are using and abusing these networks. Organized criminal networks already exist — in Mexico, at least one drug cartel had built their own, parallel cell phone network!

Stopping online anonymous networks won’t stop crime. It will only hinder small-time criminals and hurt whistle blowers and dissidents until a better platform comes along, and another after that until the US forces anonymous networks to become bulletproof. And that’s a good thing.

After all, in the words of V,

the people should not be afraid of the government. The government should be afraid of the people.

So there you have it. Tor is dead; long live Internet anonymity!