Dave Naffziger's Blog

The geeks of the world often associate The Onion Router (Tor) with dissidents in oppressive regimes (read this slashdot thread for a few choice examples). Tor provides plenty of anonymity benefits, however hiding from Internet monitors in an oppressive regime is not one of them.

The Tor network consists of a network of anonymizing servers. A user install some software on their machine that establishes an encrypted connection with one of these servers (the entry server). The entry server then connects with a second server, which then connects with a third server. This third server (exit server), then makes an unencrypted connection with the target website. This path changes every 10 minutes or so, making it difficult for someone to figure out which websites you were looking at. A diagram from EFF’s website is below.

A Chinese dissident might use Tor to:

• Host a website (saying all sorts of bad things about the government)
• Visit a Chinese website (probably of another dissident)
• Visit a foreign website (like a search engine that doesn’t filter)

To understand why a dissident would be vulnerable let’s add Chinese monitors to our diagram:

Tor is exploitable because needs to publish the Tor nodes users can contact Tor. That means every Tor server is public, and therefore a monitor can determine if a user is connected to Tor. Let’s reexamine the three use cases again and describe how they can be exploited.

• Host a website. A monitor can see the traffic going back and forth between a user and Tor. If the user is hosting a website, the majority of the traffic would come out from the user into Tor. The monitor can measure this and determine that a website is being hosted (or other content is being distributed). The IP address is visible and before long, the Chinese authorities are knocking on your door.
• Visit a Chinese website. This time, monitors can see traffic coming from the user to Tor AND traffic coming from Tor to the website. Various attacks based on the timing of packets have been proven to allow association of the user with the website he’s watching - essentially the anonymity of Tor has been completely removed.
• Visit a foreign website. This is the ‘safest’ of the three activities. The Chinese authorities only know that you’re using Tor to browse the web - they can’t figure out what you’re looking at. However, the number of people using Tor is quite small (I’ve seen estimates around 10,000). In a country of 100 million Internet users and where surveillance dragnetting isn’t illegal, you’ve just made the shortlist to be studied further.

The only thing worse than “no security” is “perceived but flawed security”. If you believe someone is watching you, you’ll dress nicely. If you think you’re invisible, well, why bother with clothes?

To their credit, the EFF does not claim that Tor would help dissidents and has a great discussion on changes that it might make to support them. Even the wikipedia article (moderated by EFF contributors) is careful to draw the line short of helping dissidents. I just hope the dissidents reading slashdot are able to draw the same distinctions.