[tor-talk] Group Thinks Anonymity Should Be Baked Into the Internet Itself

[Eugen Leitl <eugen@xxxxxxxxx>]

http://www.technologyreview.com/news/521856/group-thinks-anonymity-should-be-baked-into-the-internet-itself/

Group Thinks Anonymity Should Be Baked Into the Internet Itself

Following NSA surveillance revelations, talks advance on making the
privacy-protecting tool Tor an Internet standard.

By David Talbot on November 26, 2013

WHY IT MATTERS

Published reports suggest that Internet traffic is widely spied upon by the
NSA and other government agencies.

The Internetâs main engineers have asked the architects of Torânetworking
software designed to make Web browsing privateâto consider turning the
technology into an Internet standard.

If widely adopted, such a standard would make it easy to include the
technology in consumer and business products ranging from routers to apps.
This would, in turn, allow far more people to browse the Web without being
identified by anyone who might be spying on Internet traffic.

If the discussions bear fruit, it could lead to the second major initiative
of the Internet Engineering Task Force (IETF) in response to the mass
surveillance by the National Security Administration. Already the IETF is
working to encrypt more of the data that flows between your computer and the
websites you visit (see âEngineers Plan a Fully Encrypted Internetâ).

Collaborating with Tor would add an additional layer of security and privacy.
When Tor is successfully used, the websites you visit donât know the true
address and location of your computer, and anyone watching traffic from your
computer wouldnât know where youâre browsingâa distinct layer of protection
that goes beyond encrypting your communications.

Stephen Farrell, a computer scientist at Trinity College, Dublin, believes
that forging Tor into a standard that interoperates with other parts of the
Internet could be better than leaving Tor as a separate tool that requires
people to take special action to implement. âI think there are benefits that
might flow in both directions,â he says. âI think other IETF participants
could learn useful things about protocol design from the Tor people, whoâve
faced interesting challenges that arenât often seen in practice. And the Tor
people might well get interest and involvement from IETF folks whoâve got a
lot of experience with large-scale systems.â

Andrew Lewman, executive director of Tor, says the group is considering it.
âWeâre basically at the stage of âDo we even want to go on a date together?â
Itâs not clear we are going to do it, but itâs worth exploring to see what is
involved. It adds legitimacy, it adds validation of all the research weâve
done,â he says. On the other hand, he adds: âThe risks and concerns are that
it would tie down developers in rehashing everything weâve done, explaining
why we made decisions we made. It also opens it up to being weakened,â he
says, because third-party companies implementing Tor could add their own
changes.

The IETF is an informal organization of engineers that changes Internet code
and operates by rough consensus. Internet service providers, companies, and
websites arenât required to implement any standards the IETF issues. And even
if security standards are implemented, they may not be widely deployed. For
example, years ago the IETF created a standard for encrypting Web traffic
between your computer and the websites you visit. Although this standard,
HTTPS, is built into most software for serving Web pages and browsing the
Web, only banks, e-commerce sites, and a number of big websites like Google
and Facebook have elected to actually use it. The IETF hopes to make such
encryption the default for a future Web communications standard known as HTTP
2.0.

The Tor Project is a nonprofit group that receives government and private
funding to produce its software, which is used by law enforcement agencies,
journalists, and criminals alike. The technology originally grew out of work
by the U.S. Naval Research Laboratory aimed at protecting military users (see
âDissent Made Saferâ).

When someone installs Tor on his computer and takes other precautions, it
supplies that computer with a directory of relays, or network points, whose
owners have volunteered to handle Tor traffic. Tor then ensures that the
userâs traffic takes extra steps through the Internet. At each stop, the
previous computer address and routing information get freshly encrypted,
meaning the final destination sees only the address of the most recent relay,
and none of the previous ones.

Leaks by Edward Snowden, a former NSA contractor, suggest that circumventing
Tor was one of the NSAâs goals, and that the agency had had some success (see
âAnonymity Network Tor Needs a Tune-up to Protect Users from Surveillanceâ).
âWe are about 10 people, and have multibillion dollar agencies trying to
break our technology,â Lewman says.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk