Defend Dissent with Tor
Guest post by Glencora Borradaile
After 4 years of giving digital security trainings to activists and teaching a course called "Communications Security and Social Movements", I've compiled all my materials into an open, digital book - Defend Dissent: Digital Suppression and Cryptographic Defense of Social Movements hosted by Oregon State University where I am an Associate Professor. The book is intended for an introductory, non-major college audience, and I hope it will find use outside the university setting.
Defend Dissent has three parts:
- Part 1 covers the basics of cryptography: basic encryption, how keys are exchanged, how passwords protect accounts and how encryption can help provide anonymity. When I give digital security trainings, I don't spend a lot of time here, but I still want people to know (for example) what end-to-end encryption is and why we want it.
- Part 2 gives brief context for how surveillance is used to suppress social movements, with a US focus.
- Part 3 contains what you might consider more classic material for digital security training, focusing on the different places your data might be vulnerable and the tactics you can use to defend your data.
Each chapter ends with a story that brings social context to the material in that chapter (even in Part 1!) - from surveillance used against contemporary US protests to the African National Congress' use of partially manual encryption in fighting apartheid in South Africa in the 80s.
It should be no surprise that Tor is a star of Defend Dissent, ending out Parts 1 and 3. The anonymity that the Tor technology enables turns the internet into what it should be: a place to communicate without everyone knowing your business. As a professor, I love teaching Tor. It is a delightful combination of encryption, key exchange, probability and threat modeling.
In Defend Dissent, I aim to make Tor easy to understand, and use a three-step example to explain Tor to audiences who may have never used it before: There are just three steps to understanding how Tor works:
1. Encryption allows you to keep the content of your communications private from anyone who doesn't have the key. But it doesn't protect your identity or an eavesdropper from knowing who you are communicating with and when.
2. Assata can send Bobby an encrypted message even if they haven't met ahead of time to agree on a key for encryption. This concept can be used to allow Assata and Bobby to agree on a single encryption key. (Put an encryption key in the box.)
3. When Assata accesses Tor, the Tor Browser picks three randomly chosen nodes (her entry, relay and exit nodes) from amongst thousands in the Tor network. Assata's Tor Browser agrees on a key with the entry node, then agrees on a key with the relay node by communicating with the relay node through the entry node, and so on. Assata's Tor Browser encrypts the message with the exit key, then with the relay key and then with the entry key and sends the message along. The entry node removes one layer of encryption and so on. (Like removing the layers of an onion ...) This way, the relay doesn't know who Assata is - just that it is relaying a message through the Tor network.
I'm excited to share this accessible resource and to teach the world more about Tor, encryption, and secure communication. Even if you're a technical expert, Defend Dissent may help you talk to others in your life about how to use Tor and why these kinds of tools are so vital to social movements, change, and dissent.
For more details on how Tor works you can read the four chapters of Defend Dissent that lead to Anonymous Routing: What is Encryption?, Modern Cryptography, Exchanging Keys for Encryption, and Metadata.
Or discover other topics in defending social movements with cryptography.