Tor and Privacy

The other day I was looking for something completely unrelated and I came across an interactive diagram that shows what information is protected when you use a secure Web connection. The diagram also mentions something called “Tor”, which protects other parts of the information that gets transmitted with every message your computing device sends over the Web.

In a nutshell, Tor makes it impossible (as far as we can tell) to trace a message from source to destination. This could be really, really beneficial to people who would like to, for instance, access a site their government does not approve of. (If that government already suspects the citizen is accessing a forbidden site, they can still put sniffers on either end of the pipeline and infer from the timing of messages that the citizen is acting in an unpatriotic fashion, but they can’t just put a sniffer on the forbidden end to see who happens by.)

There are lots of other times you might want to improve your privacy; unfortunately not all those activities are legal or ethical. A lot of verbiage on Tor’s site is to convince the world that the bad guys have even better means of protecting privacy, since they are willing to break the law in the first place. Tor argues that they are at least partially evening the playing field. They mention reporters protecting sources, police protecting informants, and lawyers protecting clients. My take: you had me at “privacy”.

To work, Tor requires a set of volunteer middlemen, who pass encrypted and re-encrypted messages from one to another. Intrigued, I looked into what would be involved in allocating a slice of my underused server to help out the cause. It’s pretty easy to set up, but there’s a catch. If you allow your server to be an “exit point”, a server that will pass messages out of the anonymous network to actual sites, sooner or later someone is going to be pissed off at someone using the Tor network and the only person they’ll be able to finger is the owner of the exit point. Legal bullshit ensues.

Happily, there are lawyers standing by to protect the network, and some of them might even be itching for a showdown with The Man. Still, before I do anything rash, I need to check in with the totally awesome folks at MacMiniColo, because shit could fall on them, since my server is in their building. If they have qualms (they are not a large company), then I could still be a middle node in the network, and that would help some. But simply because of the hassles involved with being an exit node, that’s where I can do the most good.

I’ll keep you posted on how this shakes out. I need to learn more. If I decide to move ahead, there’s a lot of p’s to dot and q’s to cross, and my server company may ixnay the whole idea. In the meantime, check out Tor, especially if you have nothing to hide.

1

Leave a Reply

Your email address will not be published. Required fields are marked *