Tor with everything: The ‘dark net’ posited for major browser integration
Tue 30 Sep 2014
It’s reported that a number of major tech companies are evaluating the possibility of integrating The Onion Router’s anonymising protocols into core mainstream software – including a major web browser.
The latest volley in the very public conflict regarding online privacy is surely a gulp-inducing prospect to the law enforcement agencies currently so vocal about needing to identify our online activities.
Though Tor’s executive director Andrew Lewman did not name the browser nor the company in question, he said: “They very much like Tor Browser and would like to ship it to their customer base. Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users.”
Ironically it is difficult to identify the potential Tor-enabled browser based on those figures, but known browsers which fall into that percentage of market share include various iterations of Microsoft’s Internet Explorer, Google Chrome, and Mozilla Firefox.
The existing Tor browser is itself derived from Firefox, as is the slightly less heroic browser forked by The Pirate Bay in order to help bittorrent users circumvent government-imposed ISP bans on select Torrent sites.
But this is something more profound: the prospect of a ‘private browsing’ button or mode in a major web browser which does not merely reject cookies, history-saves and tracking data, but which actually makes its connections through the same fragmented and largely (but not completely) untraceable pipes and protocols which Edward Snowden famously used to transmit his landmark revelations about the extent of the NSA’s spying remit.
The Onion Router was developed by the U.S. Naval Research Laboratory in the mid-1990s, with an alpha release in 2002, and obscures users’ identities by making routing and identification separate processes. A Tor packet knows where it has just come from and where it is immediately going next, but nothing about the stages of its journey outside of those two parameters.
The fact that a Tor transmission can be routed ad hoc through anything from a major Tor node in Europe to the small bandwidth of a casual or occasional user in Pakistan has been seized on by the U.S. Department Of Justice as a case to amend the Federal Rules of Criminal Procedure, with the ambit of creating an ‘open warrant’ to investigate anyone using Tor, or similarly-intentioned software. But that would prove problematic upon wide public adoption of the protocol.
The Tor network is not currently robust enough to handle such a potentially massive increase in traffic, but Tor developer Mike Perry commented: “I believe that with only minor modifications, the current Tor network architecture could support 100 [million] daily directly connecting users…assuming we focus our efforts on higher capacity relays and not simply adding tons of slower relays.”
As with the bittorrent protocol, Tor relies on user reciprocity, wherein the client can also act as a relay node. At the moment this is a voluntary action, and one which many people are not inclined to take, either to conserve bandwidth or privacy. Mandating that a client also act as a relay node would not only remove the decision – and the concern – from the end user, but would also solve at least some of the obstacles to scaleability in the Tor network structure.
The widespread usage of Tor in mainstream network traffic is likely to shrink the number of ISPs which currently block Tor on the basis of assumed guilt. For corporate concerns desperate to offer privacy to their clients, Tor has become an acme of security and reliability, chiefly advertised and promoted by its enemies: with Vladimir Putin offering a $111,000 reward for anyone able to reliably identify Tor users, and with the NSA and FBI desperate to compromise the Frankenstein’s monster that their colleagues in the Navy let loose, only a major and verifiable security breach seems likely to impact on Tor’s appeal to individuals and companies, the more so if Mozilla, Google or Microsoft adopt it.
