Read more in techdirt.
This article was anonymously co-authored, as he is still living in China today.
Since late 2005 Western media have been filled with reports of Beijing’s increasingly heavy-handed attempts to silence dissent and block references to politically sensitive topics such as democracy and human rights. The so-called Great Firewall of China is managed by nine state-licensed internet-access providers that use technologies and an army of censors to patrol the gateway between China and the rest of the world. This army of censors are referred to as ‘net nannies’, and their numbers are thought to be in the tens of thousands that monitor computers in every home and over 100,000 internet cafés in China every day [i].
This is why anonymity is important. Without anonymity you cannot see the truth in China, because you will be blocked. According to the co-author of this article, living in China feels like being on the front line of the anonymity battle. Anonymity in internet cafés is almost impossible. People have to buy credits via an internet cafés account that is linked to their ID card, everyone’s online activities, are tied to a workstation and are monitored. Surfing from home is similar. It was after the network connection of the co-author of this article was cut off for the umpteenth time that he started researching ways of anonymizing his online activity using The Onion Router (TOR) which is an anonymity-enhancing network. After he had installed Tor, he had unrestricted Internet access. He had in effect found one of the many holes in the Great Firewall of China. He was seeing the truth as it was, he was looking at China’s underbelly, and China’s net nannies couldn’t see his for once!
This article is about anonymity, why it is needed, TOR and how it works, and the co-author’s experiences with TOR and his what he found in the darkweb.
Why online anonymity is difficult
Even if you are living in a country whereby freedom of speech is not inhibited true online anonymity is not easy. The reason being is that the Internet was not designed to provide anonymity; all Internet endpoint systems, machines, routers, wherever your communications travel are identified uniquely on the Internet by an IP address. This is because the Internet assumption is that you are going to create some sort of a record of the path that the data took, i.e. the IP address that originated the data so that you’re able to send something back. So as a consequence, the Internet is about being non-anonymous. Not necessarily identifiable to an individual or a corporation, but certainly traceable to the physical source of the data.
Basically Internet data packets have two parts: a data payload and a header used for routing. The data payload is the contents of the packet, whether that’s an email message, a web page, or an audio file. This could be likened to the letter in the envelope when you send something by snail mail and the header can be likened to the envelope. On the envelope is the destination address and a stamp, and on the back could be optionally the address of the sender. The stamp will be marked with the ink stamp from processing post office. The difference with the Internet is that the header is appended with the stamp (IP address) of every Internet endpoint that the packet travels over. This offers a basic problem for those wanting anonymity in that the recipient of your communications can see that you sent it by looking at headers, likewise applies to authorized intermediaries such as Internet service providers. A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, looking at headers and this is what the Chinese net nannies are doing.
Even an anonymizing proxy doesn’t give complete anonymity, although it will not add those optional headers because it will make the request just as if it was making it on its own behalf, and then turn around and send the response back. So although there is anonymity being provided the vulnerability is that the IP address of the sender is stored in cache on the service that can be retrieved by those parties whom have access to the proxy and this can be matched to actions. Although you cannot see which user is doing what unless you have just one user using a proxy when it’s obvious who they are and what sites they’re visiting because anything they do is being done on their behalf by the proxy. Now when two users are using the proxy it becomes more difficult. However by looking at the timing of the arrival and departure of packets and the relative sizes of the packets, you could still probably disambiguate the actions of two users across a single proxy. Increase the number of users on the proxy to four and five and six and so on then it becomes increasing complicated to disambiguate queries, but it’s not impossible. Whoever has access to the proxy could just capture a huge blob of traffic and then take it offline for analysis to any level of detail needed in order to make determinations on about who was making queries where. In effect a single proxy cannot guarantee anonymity.
The Onion Router (Tor)
The Onion Router, is a programme “massive network of nodes controlled by all kinds of distributed entities all over the globe and foreign countries” “anonymous secure private tunnel” (or some such) that is designed to give you an individual complete anonymity. As of the end of April 2014 Tor was comprised of 4500 relays and of these 1000 are exit relays [vii].
Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by the military, journalists, law enforcement officers, activists, and many others. For example journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. EFF has also previously funded the development of Tor[ii]. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Law enforcement uses Tor for visiting or surveying web sites without leaving government IP addresses in their web logs, and for security during sting operations[iii].
The beauty of this massive network of nodes controlled by all kinds of distributed entities all over the globe and foreign countries, and the need not to trust individual nodes is that no government is a sole controller. This means that no government can issue a subpoena and demand to know who is using the service. Tor will never be forced legally to do something they would rather not do[iv]. . Governments can be pretty persuasive.
How does Tor work?
To use Tor you need to first install the Tor client. TOR software allows access to the TOR network. Once installed you can see a world map displaying all currently active publicly broadcasted Tor entry nodes. You only have to connect to one of these to be able to use the internet securely.
Your client searches for a Tor entry node, and you choose exit node, and the number of hops. The route is chosen automatically. What happens next is that you start at the selected last Tor node (exit?) and build what is referred to as an onion. An onion because the encryption is created in layers and decryption can be likened to peeling off the layers of the onion. If you are familiar with how a VPN works, encryption of the payload with a randomly generated symmetric key and encryption of the symmetric key using an asymetric (public) key and in order to decrypt the payload you first need the private key pair in order to decrypt the symmetric key.
All Tor nodes have a public key pair, their own private key that only they know, and a public key. This key pair is created using a special one-way algorithm. Encryption can be done by using their publicly available key which everyone can know, and once encrypted, that data can only be decrypted using the matching private key that each specific Tor node keeps secret. Tor is effectively building nested tunnels that provide at each layer origin authentication, along with confidentiality and integrity of data.
To create a private network pathway with Tor, your client incrementally builds a circuit of encrypted connections over Tor nodes. The circuit is extended one hop at a time, and each node knows only which node gave it data and which node it is giving data to. No individual node knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop cannot trace these connections as they pass through. This is nested multilayer encryption, each layer encrypted with a successive Tor node’s public key, which only that node knows how to decrypt, and each layer containing a symmetric key which was generated randomly by the user’s client.
When you have finished creating the onion using your Tor client, you give it to that first Tor node in the chain to decrypt the outer layer. The Tor node uses its private key to decrypt the outer layer of the onion and finds a symmetric key which it will use for decrypting the outer layer of the packet and the routing instructions for the next Tor node. The packet is still encrypted N times minus one, using keys it has no knowledge of because those keys were buried in layers of the onion which were encrypted using the public keys of the other Tor nodes that can only be decrypted using their private keys.
There is no way to know by looking at the onion what the path will be. Only the Tor node that decrypts its layer knows the identity of the next node in the chain. It knows nothing about any other nodes in the chain. It doesn’t even know how many other nodes there are. So this onion then moves through the Tor network, basically informing each node only the information it has to have: how to decrypt what you receive, who to send it to.
Other factors that enhance the anonymity provided by Tor is the number of people who use Tor, this actually makes it more secure[v]. Tor hides you among the other users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected.
What’s more is that Tor actually pads out the packet to a fixed size. This is to make traffic analysis based on packet size as shown in the simple proxy example impossible. No matter how big the packets actually are, Tor pads them out to full size so that all packets moving among the routers within the onion router system are the same size.
Tor however, is slow. It will turn a fast broadband connection in to a pre-millennium dialup connection. Websites take a long time to load, and pictures reveal themselves a nail biting line at a time. What’s more is that some research has been done on identifying vulnerabilities in Tor, and this is shown in the following diagram in the Exit relay. If this is owned by malicious parties, there is a chance of a Man-in-the-Middle (MitM) attack. Find more here.
.onion and the rabbit hole
Tor also has a .onion pseudo domain which is Tor’s intranet. Hosted on Tor servers, links to these sites, will be encrypted from beginning to end. The web surfer is completely anonymous. Nobody knows who you are, and you don’t know who anybody else is. Many .onion domain names are very difficult to find. It requires patient searching on the Internet to find one. And when one does, ones perception of the Internet instantly morphs. Like Alice in Wonderland, tumbling down the rabbit hole, the route from one’s computer to the final Tor exit node changes into a long dark corridor with many many locked doors running along it. Except, you can only see the doors that you know about, then, those doors might also be locked. If one taps on a stretch of wall long enough another door might appear. Tor is the portal into what is known as the darkweb, or deepnet (Freenet[vi]).
Navigating through feels like playing an old text based adventure game, if you don’t know exactly what command to write, you aren’t going to be able to turn left, turn right or put the silver key in the brown door. Now jump over a few walls to a quieter part of town, and knock on a nondescript door leading to a much darker, seedier underworld. For those that find the doors and the pass codes, there are forums where they practice complete freedom of speech; forums where the rules of our physical world don’t apply. Places where you can say whatever you want about whatever topic you can think of without fear of recrimination. This concept of complete freedom of speech feels liberating in a very fundamental way. As you dive deeper into the rabbit hole, you will discover that it is liberating for other people too. Not just for those like yourself: those trying to escape Government monitoring in repressive regimes, searching for the truth, but also for those with criminal intentions, and for those looking for places to release their abnormal desires. The .onion network is a breeding ground for pedophiles.
These specific forums are buzzing with activity in a perverse way. It is an upside-down world, where paedophiles who have created these meeting places to exchange child pornography and tips on how and where to find victims, advice on successful ‘grooming’ techniques, basically fulfilling the role of what we would associate as a peer support group in the physical world. The impact of these groups is profound in that paedophiles are able to ‘normalise’ abnormal desires, enabling them to view their behaviour as socially acceptable and possibly lowering their inhibitions to act on impulses that would otherwise remain fantasy. If you had unexpectedly ended up in this rabbit hole, you will not be able to resist making yourself heard, tell them they are sick, cyber YELL at them that they are not normal, or you can threaten that you will “report them to the TOR administrator,” to which they will reply “Fool, we run TOR!”
Freedom of Speech vs. darkweb
TOR and .onion network make it possible for those living in repressive regimes a glimpse of the truth, and a freedom of speech that would otherwise be impossible. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Nonetheless if you go there and end up down one of those rabbit holes you will find that there is the dark side of TOR, the darkweb. how does one end up there?
It is the distributed nature of Tor that indicates that no single organisation, legal or not, country, or person can claim to run Tor completely. Although some entities they may feel that they do. Finally the question that begs to be asked is: Are those ethical organisations and persons that support Tor both financially and otherwise, are to all intents and purposes fuelling the darkweb and all it represents, even if this is unintentional? This is also a question that begs to be answered…
[i] Oqvist, K. (2009), Virtual Shadows: Your Privacy in the Information Society, ISBN 978-1-906124-09-0, British Computer Society
[vi] Freenet users basically share unused hard drive space to participate in a distributed Freenet database, what this means is that each user gives up a chunk of their hard drive in return for being able to use chunks of everybody else’s hard drive in this network.
[vii] Spoiled Onions: Exposing Malicious Tor Exit Relays, http://www.cs.kau.se/philwint/spoiled_onions/
Really interesting post on rules concerning the use of personal information in China.
If you make it to the end of the article 😉 I am very much of the same opinion as the author, in that okay to have rules but what about enforcement. Also is the actual intentions of the Chinese authorities? Are they really after protecting the human rights of the Chinese citizen, or is this another ploy to enforce registration of identity, hence make anonymous access to online resources impossible. This restricts freedom of speech… as if it is not already enough given existing controls…
This is a privacy blog, however there are times when the right to freedom of speech and personal privacy overlap somewhat. Hence I am sure that I am not alone in feeling delighted at the award of the Nobel prize to Chinese dissident Liu Xiaobo (刘晓波).
There is more: on October 11, 23 Chinese Communist Party elders known for their pro-reform positions, including Mao Zedong’s former secretary Li Rui (李锐) and former People’s Daily editor-in-chief Hu Jiwei (胡绩伟), submitted an open letter to the Standing Committee of the National People’s Congress, formally China’s highest state body, calling for an end to restrictions on expression in China. Read more at the China Media Project.
This story is old hat to me. I now am able to suppress the expression of disgust on my face fairly quickly when I see the little microphone just above my head, but for those that don’t know, all new taxis in most major cities in China are bugged. More here.
Currently in China, those who cannot afford their own computers and reliant on webcafes, must link every instance of computer usage at a specific computer to either their ID card or their passport. This is very annoying for me, as the only time I go to internet cafes these days is when I have lost my keys, and so invariably also do not have my passport.
The Government also has a very tight relationship with the Internet Service Providers. Whilst researching the practicalities of internet anonymity through TOR on my home computer, my internet access was cut a few times, and eventually my route to all publicly broadcasted TOR entry nodes blocked.
As China is on route to turning its internet black list into an internet white list, it is eagerly looking at the further step of forcing users in all instances of internet participation, online forums for example, to display their real name; and of course for that real name to be linked to their ID card number, and other identifiable information.
It looks like being barred from facebook, twitter, blogspot, youtube and wordpress will be the least of worries for those with a social or political conscience.
Well, sort of.
Their Chinese search site, google.cn now redirects to google.com.hk in Hong Kong. Google states that this is a direct response to the hacking attack reported on in January. They also state that that was the final straw that led them to the decision to stop censoring their search services in China.
By redirecting searches to their Hong Kong site, they hope to bypass Chinese legal requirements of self censorship. It will be interesting to see how the Chinese government responds to this. Google has set up a status page which reports on the availability on their services for users in China. You can find it here.