CSCI 8970 – Colloquium Series – Fall 2010 – Eleventh Event
Tor and Censorship: Lessons Learned
Monday, November 22, 2010
Presenter: Roger Dingledine, the Tor Project
Roger Dingledine’s lecture dealt with the intricacies and changes that Tor has experienced since its development and the challenges it currently faces. To start, Roger explained the concept of Tor and how it allows through its relay operators and use of a anonymous network for users to browse the internet without being easily identified. Tor is a non profit organization that unlike other anonymity advocates, the Tor system does not generate a database. Tor has close to 500,000 users and it currently promotes its use to governments (for traffic-analysis resistance), to private citizens (for privacy), to businesses (for network security), and to human rights activists (for reachability). By contacting an ISP provider or a proxy provider, the FBI, the NSA, and other organizations are able to know what individuals or corporations are browsing for. By blending information together Tor provides anonymity and it is not possible for even the government or large corporations to know what a user is doing on the internet.
While Tor’s anonymity system would seem ideal for criminals, Roger argues that criminals already have in their arsenal the ability to steal computers, cell phones, develop Trojans, viruses, botnets, zombies, espionage, and extortion. Yes, while Tor could be used (and probably is used) by some criminals, to Mr. Dingledine, the benefits outweigh the negative consequences. Regarding its effectiveness, Roger reminded us that the larger the network, the more security that can be provided to users. Through the use of 3 hops, information is relayed and is hard to track .The basic Tor design uses a simple centralized directory protocol. Attackers can block users from connecting to the Tor network by blocking the directory authorities, by blocking all the relay IP addresses in the directory, by filtering based on Tor’s network fingerprint, or by preventing users from finding the Tor software, but Tor developers are constantly finding new ways in which to continue to provide anonymity.
Certain governments have blocked Tor with different degrees of efficiency. Yet despite government efforts, people in China and Iran still connect to Tor. China has traditionally blocked the program for periods of time and then unblocked it. By using bridges, people in China have continued to be able to use Tor after October 2009. If an individual wants to find a bridge, he can go to https://bridges.torproject.org/ and the site will tell one the addresses for a few bridges based on time and your IP address. Another way to find a bridge is to mail bridges@torproject.org from a gmail/yahoo address, and they’ll send one a few links. They can also be found through social networks, which can help create robust bridges. There are currently 500 bridges, but there is a need to speed the rate of change of IP addresses faster than they can be blocked. The main ways in which they are currently blocked is by block their IP address / port through a firewall. They also intercept DNS requests and give bogus responses or redirects. China searches for keywords in TCP packets. Iran uses DPI to filter SSL when they want (bought equipment from Nokia). Iran is currently putting their internet back online as they improve their capacity to monitor. Russia does not block, they simply pollute. Ninety percent of responses in forums are of people are paid by the government to disagree with other. Governments are increasingly buying fancier hardware and are using new filtering techniques that have spread through commercial (American) companies. To conclude, he mentioned how unsafe and impersonal the internet remains. Both Javascript and Flash are vulnerable. Some apps are bad at obeying their proxy settings and other programs particularly various Microsoft windows programs such as Microsoft Word that is actually a networked application compromise a user’s anonymity. Roger concluded by warning that the competition will only be increasingly more difficult. Technology is increasingly reducing privacy. According to Roger, Google is actually planning to replace still earth images with real time video of places around the globe. What are we heading into?
