Privacy Worlds: Exploring Values and Design in the Development of the Tor Anonymity Network

This paper explores, through empirical research, how values, engineering practices, and technological design decisions shape one another in the development of privacy technologies. We propose the concept of “privacy worlds” to explore the values and design practices of the engineers of one of the world’s most notable (and contentious) privacy technologies: the Tor network. By following Tor’s design and development we show a privacy world emerging—one centered on a construction of privacy understood through the topology of structural power in the Internet backbone. This central “cipher” discourse renders privacy as a problem that can be “solved” through engineering, allowing the translation and representation of different groups of imagined users, adversaries, and technical aspects of the Internet in the language of the system. It also stabilizes a “flattened,” neutralized conception of privacy, risking stripping it of its political and cultural depth. We argue for an enriched empirical focus on design practices in privacy technologies, both as sites where values and material power are shaped, and as a place where the various worlds that will go on to cluster around them—of users, maintainers, and others—are imagined and reconciled.

Critical Traffic Analysis on the Tor Network

Tor is a widely-used anonymity network with more than two million daily users. A prominent feature of Tor is the hidden service architecture. Hidden services are a popular method for communicating anonymously or sharing web contents anonymously. For security reasons, in Tor all data packets to be send over the network are structured completely identical. They are encrypted using the TLS protocol and its size is fixed to exactly 512 bytes. In this work we describe a method to deanonymize any hidden service on Tor based on traffic analysis. This method allows an attacker with modest resources to deanonymize any hidden services in less than 12.5 days. This poses a threat to anonymity online.

The potential harms of the Tor anonymity network cluster disproportionately in free countries

The Tor anonymity network allows users to protect their privacy and circumvent censorship restrictions but also shields those distributing child abuse content, selling or buying illicit drugs, or sharing malware online. Using data collected from Tor entry nodes, we provide an estimation of the proportion of Tor network users that likely employ the network in putatively good or bad ways. Overall, on an average country/day, ∼6.7% of Tor network users connect to Onion/Hidden Services that are disproportionately used for illicit purposes. We also show that the likely balance of beneficial and malicious use of Tor is unevenly spread globally and systematically varies based upon a country’s political conditions. In particular, using Freedom House’s coding and terminological classifications, the proportion of often illicit Onion/Hidden Services use is more prevalent (∼7.8%) in “free” countries than in either “partially free” (∼6.7%) or “not free” regimes (∼4.8%).

How Really Secure is TOR and The Privacy It Offers?

TOR is a very popular Project, a global anonymity network loved by millions of internet users, used by people who want to express their opinion online, take malicious actions, transfer files from one location to another without these files are compromised, their location is not detected, etc. All the above actions are performed so as not to be detected by ISPs or to log their online data from the websites they want to visit, thus significantly reducing the risk to be detected, although the ISP knows when a user is connecting to the TOR network but without being able to see the contents of the packets. TOR started for another purpose and ended up being used for another purpose. Designed by the U.S Navy for the exchange of confidential data and ended up an open source project, this in itself is questionable and needs a lot of skepticism, how an anonymity project that was designed to be used for the secrecy of communications was left free to users making life difficult for the secret services worldwide to detect dangerous online transactions and prevent malicious actions, isn’t that true after all? Did the government create an anonymity project to make its life more difficult? is this whole endeavor a delusion? Is this whole project deliberately in the interest of governments?