from the making-the-NSA-cry dept
Before Snowden, Tor was an important but rather obscure tool, mostly of interest to those living under oppressive regimes who wanted to access the Internet freely without risking imprisonment or worse. Post-Snowden, things are more complicated. On the one hand, it is clearly one of the key tools that we can all use to thwart attempts by intelligence agencies to monitor what we are doing online. On the other hand, for that very reason, Tor has been the subject of serious attempts by the NSA, GCHQ and the Russian Ministry of Internal Affairs to compromise it so that they can gain information about its users. The fact that, as far as the NSA and GCHQ are concerned,Tor -- "The Onion Router" -- "stinks", as one of the slides leaked by Snowden puts it, is an excellent reason for people to support its recent "call to arms":
We used to think there are two main ways that the Tor network can fail. First, legal or policy pressure can make it so nobody is willing to run a relay. Second, pressure on or from Internet Service Providers can reduce the number of places willing to host exit relays, which in turn squeezes down the anonymity that the network can provide. Both of these threats are hard to solve, but they are challenges that we've known about for a decade, and due in large part to strong ongoing collaborations we have a pretty good handle on them.
But lately, the people behind Tor have realized there is a new problem they must deal with:
We missed a third threat to Tor's success: a growing number of websites treat users from anonymity services differently. Slashdot doesn't let you post comments over Tor, Wikipedia won't let you edit over Tor, and Google sometimes gives you a captcha when you try to search (depending on what other activity they've seen from that exit relay lately). Some sites like Yelp go further and refuse to even serve pages to Tor users.
The rest of the post explores possible solutions to this growing rejection of Tor, such as technical mechanisms that allow anonymous users to interact with websites, and social mechanisms -- using a community to help police problems with anonymous users. But as the post notes, these haven't worked too well in past. It therefore suggests a third approach:
The solution I envision is to get a person who is both technical and good at activism to focus on this topic. Step one is to enumerate the set of websites and other Internet services that handle Tor connections differently from normal connections, and look for patterns that help us identify the common (centralized) services that impact many sites. At the same time, we should make a list of solutions -- technical and social -- that are in use today. There are a few community-led starts on the Tor wiki already, like the DontBlockMe page and a List of Services Blocking Tor.
It's good to see such a key project both identifying problems and coming up with possible ways to tackle them. The post contains further details of future plans, the people and organizations involved -- and even an offer of funding for those who want to help ensure that The Onion Router's stink continues to make the people at the NSA and GCHQ cry.
Step two is to sort the problem websites based on how amenable they would be to our help. Armed with the toolkit of options we found in step one, we should go to the first (most promising) site on the list and work with them to understand their problem. Ideally we can adapt one of the ideas from the toolkit; otherwise we'll need to invent and develop a new approach tailored to their situation and needs. Then we should go to the second site on the list with our (now bigger) toolkit, and so on down the list. Once we have some success stories, we can consider how to scale better, such as holding a conference where we invite the five best success cases plus the next five unsolved sites on our list.