Today, I spoke with
BB: What happened? Is Germany trying to stamp out Tor because of a perceived connection with child porn?For those of you who are unfamiliar, Tor has many laudable uses. From the tor.eff.org website:
Shava Nerad, TOR: Absolutely not. Last week, a few Tor exit-node servers were seized by the German police in a massive sting against child pornography. From our friends on the ground in Germany, we hear that dozens and dozens of machines may have been seized. So far as we know only six of those were Tor servers. We have heard from the server operators. None of them has been charged. This is not a "crackdown" on Tor, as has been widely reported. We expect and hope that the volunteer Tor server operators in Germany will get their equipment back after this has blown over, and there will be no action.
BB: So Tor was not the target here?
Shava Nerad, Tor: Correct. Basically, investigators took every IP address that hit a server, and tried to grab the associated computer. Someone later went in to the police offices and asked, "Do you know what happened to these 6 servers?" It took them five or ten minutes, going through reams of paperwork, to track them down. Child porn, not Tor, was the target.
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.Update: Ryan Singel at Wired News has a related item: Link.
Previously on BB: German Police Seize TOR Servers
Reader comment: Jamie McCarthy responds to a suggestion I made that Tor can assist users blocked by government censorship. Tor's a helpful tool for many things, he argues, but not this. "Tor's a fine solution to many privacy-related problems, but if your adversary is your government, that's, as the FAQ notes, 'a really hard problem,' and not one that it claims to solve." Full response follows.
Three problems with that. First, censorship by government is not a problem Tor is designed to solve. Second, it doesn't solve it very well, at least not right now.
And third, suggesting Tor as a solution to users with this problem can get them killed.
Here's the Tor FAQ on this:
Tor could be a platform on which a Chinese-firewall circumventing system would run. But no such system exists yet, and Tor's not a solution by itself. The short version is that Tor's list of servers is completely public. To get the list, just install Tor on any Debian system -- the details of every participating server will be in the file /var/lib/tor/cached-directory. The Chinese government can simply block every machine on that list, and Tor ceases to function in China.
Worse, the Chinese government can set up Tor exit nodes (just like anyone else can). If dissidents are communicating to non-HTTPS websites or sending unencrypted email over Tor, then over time, as their exit nodes are used, the government may learn enough about them to find out who they are.
I'm using China as an example here because, while Germany was the country in question in this story, you mentioned "undemocratic governments," and whatever its faults regarding censorship, Germany is certainly a democracy. But these points apply in China, or Germany, or any country that has control over the packets crossing its borders and its backbone routers.
Tor's a fine solution to many privacy-related problems, but if your adversary is your government, that's, as the FAQ notes, "a really hard problem," and not one that it claims to solve.