More people use Tor for nefarious means in freer countries

A recent academic study shows that 'malicious' Tor users are still in the minority.

By Chris Stokel-Walker , written on December 9, 2020

From The Freedom Desk

One of the first quantifiable analyses of how people use Tor shows that the freer a country’s political debate, the more likely people are to use the open-source software that enables anonymous web browsing for nefarious means.

Tor was set up in 2002 by academics and researchers at the US Naval Research Lab to subvert the monitoring of web traffic and allow people to access an encrypted network through the internet. Theoretically, it would enable people to communicate without being tracked. Its loftiest goal is to allow those living in totalitarian regimes, where communications are monitored and censored, to organise and promote democracy. Students in Hong Kong and users in Iran have claimed to use Tor to subvert censorship.

Increasingly, Tor has hit the headlines for being the home of weapons traders, drug dealers and people trading in images of child abuse. It’s regularly raided by law enforcement in western countries to crack down on illicit activity.


In a recent study, just 6.7% of traffic monitored by academics was for 'malicious means'

The study states that "using Freedom House’s coding and terminological classifications, the proportion of often illicit Onion/Hidden Services use is more prevalent (∼7.8%) in “free” countries than in either “partially free” (∼6.7%) or “not free” regimes (∼4.8%)." 

The remainder were shown to visit the “clear web”, which isn’t seen as home to as many illicit websites while using Tor.

“What got me interested was the history of Tor, particularly as it relates to the State Department and its use in politically repressive regimes,” explains Eric Jardine, one of the co-authors of the paper, and an academic at Virginia Tech University. The US State Department funds Tor in order to promote its use to ensure democracy and free speech in repressive countries at the same time as the country’s Federal Bureau of Investigations (FBI) tries to tamp down on its illicit use by citizens looking to buy drugs and weapons.

The researchers set up a series of entry nodes to the Onion network, which encrypts information in layers of protection, at which point they geolocated incoming IP addresses. They then tried to understand where traffic may be headed and for what purposes. “We don’t really know where in precise terms people are going,” says Jardine.

The question they were trying to answer was twofold: one, whether the tool – which can be used for both good and bad purposes – was more bad or good. “We had reason to suspect you might find a balance in favour of positive uses,” says Jardine, a belief that was borne out in the data they collected.

But they also wanted to look at the distributional elements of Tor, and how it differed – or didn’t – depending on where you lived. “If you think through when you would want to use Tor for positive things, like rights-based uses, if you’re living in a context where you’re protected by laws and commercial tools like VPNs, something like Tor might be a bit of overkill,” says Jardine. “It makes sense that you’re only going to use that in the eventuality that you’re up to some truly nefarious stuff.”


Most Tor users headed towards regular web content - but those who didn't were mostly from 'freer' countries

And that’s what the academics found. “Most Tor users head toward regular web content that could likely be considered benign,” explains Jardine. But of those who don’t use it for normal methods – as a slightly more souped-up VPN or anti-snooping browser extension, for instance – the majority are disproportionately in countries that have the ability for free political expression.

It’s for that reason that Jardine and his colleagues warn against taking too stringent action against Tor and its users. Around one in 20 users who use Tor for bad actions are poisoning the well for the majority of users who use it as a method of preserving privacy, or avoiding surveillance in repressive states. “One of the things the results suggest is if you go full bore and try to compromise it in a fundamental way, that’s not a value-neutral policy choice,” says Jardine. “You’ll end up hurting people in repressive countries who are using this technology for rights-based purposes. It complicates the story.”

The inventors of Tor were not unaware of the fact that their lofty goals could be polluted by those looking to avoid law enforcement while conducting illegal activity, says Jardine. “What was unexpected was [that with] the fusion of this kind of technology with cryptocurrencies you start to open up new domains. All of a sudden you have a pseudo-anonymous payments system to go along with an anonymous web hosting system, and that gets into more of a space where the potentially malicious uses expand.”


There is an 'element of contradiction' in the way authorities deal with Tor

Jardine suggests that while those malicious users appear to be increasing, they’re still far from the majority. “Anyone who’s advocating maximalist policies towards this technology is probably missing a facet of the real picture,” he explains. “If you say: ‘Shut it down’, you’re missing the fact that will cause harm.”

 Jardine also says that there’s an element of contradiction in the way authorities deal with Tor. “At this moment, it seems as though you kind of have parallel tracks,” he says. The State Department funds the project while the FBI tries to pick off its bad actors using increasingly intrusive techniques. Jardine thinks the FBI should continue to try and take those people offline, but not at the expense of the majority of law-abiding users. Things that “compromise at a network level the whole system” should be avoided, he says. “Then you get into a space where you’re breaking this for everyone else, and there are people who legitimately need this.”


For more from Pando, sign up to our weekly newsletter.