“Privacy By Design”

The Tor Project, Onion Routing and the Online Anonymity Movement

As our lives become increasingly digitized, more of what we do and how we interact with the world on a daily basis exists specifically online.

Consequently, the question of privacy and security in a domain that not many people truly understand is becoming increasingly important.

In recent years, online surveillance and “traffic analysis” has grown exponentially, and an industry based on tracking people’s web movements is increasingly a major player on a global level.

By using this form of surveillance, and studying the data that is sent across the web, authorized and unauthorized people can observe a user’s information. That info can include anything from where you are, to who you are, to what you are writing, reading or viewing online.

What the average person does online is no longer a private endeavour, and while you move about cyberspace, minding your own business, you can be sure that you are not doing so alone.

It’s not all a downward spiral, however. Technologies to subvert online surveillance and enhance privacy have become the central thrust of a movement to protect and strengthen the privacy and security of Internet users worldwide.

The Onion Router

Originally developed by the United States military, Onion Routing, the process by which a user’s data is encrypted multiple times through different “layers” of encryption, has been developed into what is now known as the Tor network.

Tor is a non-profit organization that uses free, open-source software to enhance privacy and anonymity on the Internet.

The project works to protect a user from surveillance and traffic analysis by allowing them to choose a highly specific, personalized pathway of layered proxy servers, or nodes, through which to send their encrypted info across the Internet.

“We built this big peer-to-peer network, and the idea is that if you use it you have the ability to be private by design,” said Tor developer, hacker and Internet activist Jacob Appelbaum at a Share Conference in Belgrade, Serbia, in 2011.

At the conference, Appelbaum claimed that there were approximately 2,500 people around the world operating Tor servers, and approximately 250,000 people using the network at any given point.

Since the software is free and anonymous, anyone can use it, including law enforcement and military. According to Appelbaum, this level of diversity on the network is what makes Tor so strong.

“It turns out that when you work on anonymity, you need people from all sides to join,” he said. “If people from every country in the world use it, you can’t learn much about someone using the network.”

The Process

Appelbaum has equated Tor to a sort of cloud network.

“When you use Tor, you have an IP address which is out in the Tor network itself,” he said. “You never actually connect to a server from the IP address that is on your local Internet connection.”

This allows for someone connecting through the Tor network to remain completely anonymous and essentially untraceable. If someone were to intercept a Tor user’s data and attempt to locate them by using their IP address, they would only find a Tor address.

“What people see is the Tor cloud, and they see you talking to Tor as a network, but they don’t see anything else,” said Appelbaum.

When a user connects to Tor, their message is wrapped in several layers of encryption, hence the “onion” concept. The message is sent one at a time to three different nodes across the network that can be located anywhere in the world. Each node is able to read one layer of encryption in forward motion only.

By this method, the first node knows just where the information is coming from, and that it is going to the second. The second knows only of the first and third node. The third and final node knows only of the second and the final destination, but doesn’t know where the message came from.

If the message were to be intercepted anywhere along the way, the message would be incomprehensible, and theoretically, the user’s information would be safe.