A darker side

Tor, short for The Onion Router, began as a worldwide network of servers developed with the US Navy that enabled people to browse the internet anonymously. Since then it has grown into a highly-influential, non-profit organisation for the research and development of online privacy tools. The Tor network disguises a person’s identity by moving their ‘traffic’ across different servers, encrypting it so that it cannot be traced back to the ‘host’. For example, Tor could be used to remain anonymous in countries with strict internet censorship, such as North Korea and Iran, or to conduct online ‘undercover investigations’. However, this same ‘identity protection’ is also used by those engaged in criminal activities. Tor’s promises of ‘absolutely anonymity’ has been a matter of scrutiny since late 2014, when dozens of sites on the so-called ‘dark web’, including a reincarnation of the infamous online drugs marketplace Silk Road, were taken offline in a global law enforcement purge. This was made possible by the FBI obtaining a subpoena to access software developed by researchers at Carnegie Mellon University, which allowed them to track down the locations of servers running illegal sites. The Tor Project fixed the flaw that enabled those ‘raids’, but the breaches have prompted a major upgrade of the service to strengthen its encryption capabilities and allow administrators to create ‘fully secret’ darknet sites that Tor Project co-founder Nick Mathewson says can be ‘discovered’ only by those who “know a long string of unguessable characters”. “Someone can create a hidden service just for you that only you would know about, and the presence of that particular hidden service would be non-discoverable,” explained Mr Mathewson. “As a building block, that would provide a much stronger basis for relatively secure and private systems than we’ve had before.” Many sites on the dark web make no secret of their existence and their ‘.onion’ web addresses are widely known. For example, any potential government whistleblower can visit the anonymous upload system for WikiLeaks’ simply by pasting wlupld3ptjvsgwqw.onion into their Tor browser. Prior to being taken down by the FBI, the original Silk Road could be found at silkroadvb5piz3r.onion. Tor’s network comprises volunteers’ computers that serve as ‘nodes’, bouncing traffic around the globe. In particular, some nodes serve as directories to the hidden services. For the routing system to work, all the hidden services have to notify their existence to those directories – a flaw that led to the recent takedowns. In theory, the only people who should know about a hidden service on the dark web are those who have been told about it. This is not currently the case, but the next generation of Tor is looking to change that. It will create a series of unique cryptographic keys from each .onion address that will be passed to the hidden service directories. Users who know the correct key will be able to route themselves to their chosen dark web site, but the directory will not be able to ‘decipher’ that address. “The [new generation] Tor network isn’t going to give you any way to learn about an onion address you don’t already know,” says Mr Mathewson. That presents fresh challenges for law enforcement. A group of paedophiles could, for example, store all their image files on a computer known only to members of that group. This would make the ‘host’ impossible to discover in an online search, never mind access. For paedophile rings, drug gangs and terrorists cells, it means they can connect to a host computer from anywhere in the world without leaving a trace, keeping the existence of that computer a ‘secret’ from those outside the network. Although Tor already has ways to make hidden services inaccessible to others, the new system will no longer require high-level programming skills, making that level of secrecy far more accessible to the average user. Mr Mathewson hosts his family calendar on a Tor hidden service and, once the updates are complete, say