Sour Grapes
Of course we're Fair and Balanced!


Internet anonymity

I've been playing with Tor, "an anonymizing overlay network for TCP." It seems to work pretty well, at least in conjunction with Privoxy, which I've been using since it was the Internet Junk Buster.

Why should I use Tor?

Individuals need Tor for privacy:

  • Privacy in web browsing — both from the remote website (so it can't track and sell your behavior), and similarly from your local ISP.
  • Safety in web browsing: if your local government doesn't approve of its citizens visiting certain websites, they may monitor the sites and put readers on a list of suspicious persons.
  • Circumvention of local censorship: connect to resources (news sites, instant messaging, etc) that are restricted from your ISP/school/company/government.
  • Socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists and NGOs need Tor for safety:

  • Allowing dissidents and whistleblowers to communicate more safely.
  • Censorship-resistant publication, such as making available your home-made movie anonymously via a Tor hidden service; and reading, e.g. of news sites not permitted in some countries.
  • Allowing their workers to check back with their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.

Companies need Tor for business security:

  • Competitive analysis: browse the competition's website safely.
  • Protecting collaborations of sensitive business units or partners.
  • Protecting procurement suppliers or patterns.
  • Putting the "P" back in "VPN": traditional VPNs reveal the exact amount and frequency of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research groups are communicating with your company's patent lawyers?

Governments need Tor for traffic-analysis-resistant communication:

  • Open source intelligence gathering (hiding individual analysts is not enough — the organization itself may be sensitive).
  • Defense in depth on open and classified networks — networks with a million users (even if they're all cleared) can't be made safe just by hardening them to external threat.
  • Dynamic and semi-trusted international coalitions: the network can be shared without revealing the existence or amount of communication between all parties.
  • Networks partially under known hostile control: to block communications, the enemy must take down the whole network.
  • Politically sensitive negotations.
  • Road warriors.
  • Protecting procurement patterns.
  • Anonymous tips.

Law enforcement needs Tor for safety:

  • Allowing anonymous tips or crime reporting
  • Allowing agents to observe websites without notifying them that they're being observed (or, more broadly, without having it be an official visit from law enforcement).
  • Surveillance and honeypots (sting operations)

Does the idea of sharing the Tor network with all of these groups bother you? It shouldn't — you need them for your security.

Then again, the very first thing Tor tells you when it starts up is:

Aug 27 14:11:57.818 [notice] Tor v0.0.8rc1. This is experimental software. Do not use it if you need anonymity.

Blog home
Blog archives