- Computer programmers are modifying a communications system,
originally developed by the U.S. Naval Research Lab, to help Internet users
surf the Web anonymously and shield their online activities from corporate
or government eyes.
-
- The system is based on a concept called onion routing.
It works like this: Messages, or packets of information, are sent through
a distributed network of randomly selected servers, or nodes, each of which
knows only its predecessor and successor. Messages flowing through this
network are unwrapped by a symmetric encryption key at each server that
peels off one layer and reveals instructions for the next downstream node.
-
- In contrast, messages traveling across the Internet are
generally not encrypted, and the path of a message can be seen easily,
linking users to activities like website visits.
-
- The Navy is financing the development of a second-generation
onion-routing system called Tor, which addresses many of the flaws in the
original design and makes it easier to use. The Tor client behaves like
a SOCKS proxy (a common protocol for developing secure communication services),
allowing applications like Mozilla, SSH and FTP clients to talk directly
to Tor and route data streams through a network of onion routers, without
long delays.
-
- Onion routing does not guarantee perfect anonymity. But
it helps protect users from eavesdroppers who aren't watching both the
initiator and recipient of the message at the time of the transaction.
Developers say Tor can be used to prevent websites from tracking their
users; block governments from collecting lists of website visitors; protect
whistleblowers; and circumvent local censorship by employers, ISPs or schools
that restrict access to certain online services.
-
- The Navy is financing Tor because it wants to hide the
identity of government employees who have long used anonymous communications
systems for intelligence gathering and politically sensitive negotiations.
-
- "The point of the Tor system is to spread the traffic
over multiple points of control so that no one person or company has the
ability to link people," said programmer Roger Dingledine. Dingledine
and Nick Mathewson, both based in Boston, are building Tor as a research
platform with a worldwide community of open-source software developers.
-
- Their goal is to blend together a wide range of users
and avoid the weakness of many anonymizing services that are located on
a handful of machines and vulnerable to a single point of failure.
-
- Companies could also use Tor for discreet competitive
research, said Dingledine, or to route their employees' Web browsing so
employment sites like Monster can't determine which of them are trolling
for a job. "Plenty of people don't want their source IP listed in
Web logs, especially .mil or .gov visitors," said Dingledine.
-
- The security of the Tor service is proportional to the
number of nodes in the system. Tor is slowly scaling and looking for tens
of thousands of participants who can provide enough nodes to prevent the
service from being compromised by what the project website describes as
"curious telcos and brute-force attacks."
-
- "The current Tor version very effectively builds
on 20 years of development in anonymous designs," said cryptographer
David Chaum, whose 1981 paper on untraceable e-mail, return addresses and
digital pseudonyms set the groundwork for the Tor service.
-
- Tor is distributed as free software under the commonly
used 3-clause BSD license. About 1,000 users (it's an anonymous network,
so developers aren't exactly sure) are running the service in client or
server mode.
-
- The Tor network currently includes 35 servers that forward
each data stream at least three times. Each server averages 10 Kbps of
bandwidth. Those with reliable Internet connections, who can support at
least 1 Mbps in both directions, are being recruited as potential servers
in the network.
-
- Users are permitted to operate an unrestricted number
of nodes. But Dingledine pointed out that a well-funded adversary could
sign up for a large number of servers and potentially take over the network.
-
- Those who want to operate Tor routers must therefore
convince the Tor directory server operators that they are trustworthy and
reliable. Dingledine said developers are trying to find ways to scale the
system without having to have a human check the integrity of every new
server that becomes part of the network.
-
- Dingeldine said the developers of another online anonymity
project, called JAP, were forced by the German government to insert a backdoor
into the program and were barred from revealing it. If anyone insisted
on similar measures for Tor, Dingledine said the community of open-source
developers who analyze source-code changes for each Tor revision would
expose it -- as they did with JAP.
-
- "The reason Tor works is that it's free and available
software," said Dingledine. "If it was a closed source or a proprietary
system, there is no way to know."
-
- © Copyright 2004, Lycos, Inc. All Rights Reserved.
-
- http://wired.com/news/privacy/0,1848,64464,00.html?tw=wn_tophead_1
|