Pando

Tor Project: The super secure anonymity network that will definitely keep you safe (as long as hackers don't break the rules)

By Yasha Levine , written on December 18, 2015

From The Security Desk

BERLIN — It’s about 11 pm and I’m sipping a beer in Room 77, a trendy cyber-libertarian bar famous for being the world’s first bar to accept bitcoins — at least according to the bar’s proprietor.

Looking around, I can see this place is serious about its bitcoins. A neon B sign hangs in the window, while an electronic marquee over the bar flashes the current bitcoin market value — $419.10. The walls are plastered with all sorts of libertarian bitcoin propaganda. Stuff like: “I Believe in Honest Money: Gold, Silver and Bitcoin” and “Debt Is Over.” A giant poster voices solidarity with the Tor Project’s infamous martyr. “Free Ross Ulbricht,” it declares.

I take a big gulp of my beer and take out my notebook. This is the perfect place to sit down and collect some of the thoughts I’ve had about the Tor Project, the super “secure” Internet anonymity tool that’s endorsed and promoted by Edward Snowden.

A lot has happened to Tor since I last reported on it, and I can’t say that any of it is particularly good.

First the crowdfunding campaign. In December, Tor launched an ambitious crowdfunding campaign to, in the words of Tor’s co-founder Roger Dingledine, “become more sustainable financially and less reliant on government funding.” The campaign lined up an impressive procession of counter-culture celebrities, including Laura Poitras and Molly Crabapple. It’s also featured a bizarre donation-doubling challenge from a real live cyber-libertarian rabbi, who explained his decision to generously match people’s donations to Tor up to $18,000 in politico-religious terms: "The internet cannot heal itself in the face of tyrants," said Rabbi Rob Thomas. "Tor is the salve that heals that wound; Tor is what allows us to route around tyranny.”

It’s not clear how much cash this crowdfunding campaign reeled in so far. What is clear is that Tor’s pleas for help from the public come at a very awkward time for the organization.

The reason? Tor was officially forced to admit that it was basically useless at guaranteeing anonymity— and that it required attackers against the Tor network to behave with “ethics” in order for it to remain secure.

First a a bit of background.

Back in 2014, I published several articles that explored the conflicted history and relationship between Tor and various branches the US National Security State. Tor had always maintained that it was funded by a “variety of sources” and was not beholden to any one interest group. But I crunched the numbers and found that the exact opposite was true: In any given year, Tor drew between 90 to 100 percent of its budget via contracts and grants coming from three military-intel branches of the federal government: the Pentagon, the State Department and an old school CIA spinoff organization called the BBG.

Put simply: the financial data showed that Tor wasn’t the indie-grassroots anti-state org that it claimed to be. It was a military contractor. It even had its own official military contractor reference number from the government.

In 2004, Tor’s co-founder Roger Dingledine admitted that he worked for the federal government: “I contract for the United States Government to built anonymity technology for them and deploy it,” he said back then. Now, 10 years later, not much has changed.

The tight-knit cyber-libertarian community surrounding Tor was not ready for such honesty. They answered my reporting with a vicious smear and harassment campaign against me, as well as my colleagues at Pando. We were called neo-Nazis, CIA agents, and child rapists. Tor contractors — people drawing six figure salaries from Pentagon funds — called for my death. The Anonymous movement joined in the attacks. The harassment widened beyond me to include regular readers and social media users — anyone who had the nerve to discuss and question Tor’s military and intel funding. Tor went so far as to dox an anonymous Twitter user — exposing his real identity and contacting his employer in the hopes of getting him fired. The campaign was ferocious. Its aims were clear: to discredit my reporting and discourage anyone from questioning the official Tor story. As ZDNet wrote at the time: Tor's feral fans are its own worst enemy.

While this harassment was going on, the Tor Project came out with a technical defense that was supposed to invalidate my reporting. The official line was that it didn’t matter where Tor got its funding. The reason? Because of math — math and open source software.

Tor was open source and powered by math, which made Tor infallible and nullified anything and everything that the powerful US surveillance state threw at it — including its deeply conflicted military funding.

Micah Lee, The Intercept’s technologist and former EFF security whiz who helped Edward Snowden communicate securely with Laura Poitras and Glenn Greenwald, outlined this thinking in a post called “Fact-checking Pando’s smears against Tor.” Aside from making a ridiculous accusation that my reporting was driven a malicious desire to harass female Tor developers, Lee conceded that my facts about Tor’s military and intel funding were right. But he argued the facts didn’t matter:

…of course funders might try to influence the direction of the project and the research. In Tor’s case this is mitigated by the fact that 100% of the scientific research and source code that Tor releases is open, that the crypto math is peer-reviewed and backed up by the laws of physics.

Yep, that’s right. Tor might be a Pentagon contractor funded almost entirely by the NatSec State, but it doesn’t matter because Tor runs on “scientific research” and “the laws of physics” — you know, like gravity ‘n stuff.

Writing here in Pando, Quinn Norton echoed the same argument with more eloquence — and none of the smears:

I want to say immediately that when Yasha Levine went looking at the project's funding, he was following a tradition of vital and good journalism. "Follow the money" is a maxim of investigation that will rarely lead you wrong, especially in matters of political policy. There are only a few places where funding can't influence the contents of the outcome – maybe fundamental physics, and math, and not much else. Math is as far from policy as human endeavor gets. Math either works or it doesn't work, and that is true for everyone in this galactic cluster, at the very least. What makes Tor different from the usual thesaurus-full of government projects is that Tor is essentially a very elaborate math trick, using layers of math puzzles to create a network-within-the-network. That math is being implemented in front of a global audience of millions of sophisticated watchers. It is likely the most examined codebase in the world. It has been subjected to multiple public audits. The math, well known and widely standardized, will work for everyone, or it will not, whoever pays the bills.

In short: Tor is above conflict of interest. It is above institutional capture, corruption, job security, careers, mortgages, car payments, food and all the other icky human elements that silently influence us mere mortals. Tor is pure math.

This argument was repeated so often and came from so many different quarters that you could forgive people for believing it.

But last month, this whole facade came crumbling down, and forced Tor to admit that it needs something else to run securely: trust and ethics from people who might want to hack it.

In November, Vice’s Motherboard dropped a bomb. It reported that a small group of researchers at Carnegie Mellon University had figured out a cheap and easy way to crack Tor’s super-secure network with just $3,000 worth of computer equipment, and that this information was then used by the FBI to mount an international raid that punched holes in Tor’s defenses and shutdown several hundred anonymous drug and kiddie porn markets.

Tor’s Roger Dingledine lashed out at the Carnegie-Mellon University researchers, accusing them of selling their ethics to the FBI.

"The Tor Project has learned more about last year's attack by Carnegie Mellon researchers on the hidden service subsystem. Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes,” he wrote, accusing the researchers of taking $1 million from the FBI.

“Such action is a violation of our trust and basic guidelines for ethical research. We strongly support independent research on our software and network, but this attack crosses the crucial line between research and endangering innocent users.

It was weird to see Tor get angry at researchers for taking government funding. After all, Tor is a military and intelligence contractor that gets 90 percent of its budget from US military and intelligence agencies.

But Tor did something even weirder: it published a guideline for people who might want to crack or hack Tor  — so that, you know, they would hack Tor ethically and with a clear conscience.

Research on humans' data is human research. Over the last century, we have made enormous strides in what research we consider ethical to perform on people in other domains. For example, we have generally decided that it's ethically dubious to experiment on human subjects without their informed consent. We should make sure that privacy research is at least as ethical as research in other fields.

Tor’s ethical hacking guide was very detailed. It included guidelines like: 
“Only collect data that is acceptable to publish” and “Only collect as much data as is needed: practice data minimization.” It was all very interesting and proper. I just hope they cc’ed a copy of the guide to the NSA — and bcc’ed Russian, Chinese, French and British intelligence agencies as well. They’re all trying to hack Tor, and I’m sure they’re all willing to comply.

Tor’s supposed to be an iron-clad Internet privacy system. So all this talk about ethics and trust in Tor “research” must come as an alarming surprise to Tor’s dedicated fan base. In particular: all the crypto-libertarians who’ve been naive enough to buy into Tor’s sales pitch and launched highly illegal internet businesses peddling drugs, assassinations, child porn and guns.

Interestingly, while Tor supporters called on CMU to investigate these researchers for violating academic research guidelines, there were no such calls for holding the Tor Project accountable for making false claims about the safety of using Tor to break the law.

There have been plenty of people dumb enough to believe Tor — and some of them have paid for it with their freedom. Just ask Ross Ulbricht, proprietor of Silk Road, who’s smiling down at me right now from a poster on the other side of the bar. Ulbricht will probably spend the rest of his life behind bars. To some he’s a martyr. To me, he’s a sad example of what happens when you mix toxic libertarian ideology, military technology and the snake oil promises of techno-liberation.

The Tor Project is looking to clean up its act by hiring a high profile executive director: Shari Steele, who ran EFF for more than a decade and is highly connected in Silicon Valley and Washington DC. But even this high level management shakeup won’t fix the core problem of the Tor Project: that it runs on deception, false promises and heaps of libertarian bullshit. If anything, this new hire will only make it worse.

But that’s it for now. Time to call it a night.

I’m slowly making my way to Hamburg to attend 32c3, the annual Chaos Computer Club conference. Think of 32c3 as the Hacktivists’ Davos — a place where the Tor Project reigns supreme, and where I am definitely not welcome. More on that very soon.