media coverage

We need your good Tor stories

What do you use Tor for? Why do you need it? What has Tor done for you? We need your stories.

We have plenty of practice explaining how Tor works, from technical specifications, design documents, academic papers, and popular presentation. And of course, the code is all open-source.

But explaining why Tor is important is more of a challenge. We can speak in the abstract about the importance of free speech and privacy on the internet, but no abstract statement is quite so persuasive as a real-world example.

We know these examples are out there. We regularly hear from vulnerable populations and people who need to cope with surveillance. We are approached by people who need Tor to stay safe at work, whether they are going after criminals on behalf of their governments, or going after the criminals who run their governments, or just regular people trying to preserve their privacy.

But naturally, most of these stories are ones that we don't have permission to share. After all, it would hardly be in keeping with our pro-privacy beliefs to publish tech-support requests!

Similarly, because we don't gather sensitive data on our network, we cannot (as some networks do) publish regular reports on what kinds of uses we are seeing. (We do not collect this data because we believe that a privacy network should put privacy foremost, and that the best way to protect people's information is not to collect it in the first place.) This is fantastic when it comes to protecting users against advertisers, censors, miscellaneous snoops, and the secret police of authoritarian regimes. But it isn't working out so well when we are asked by donors and other potential allies who want to know what supporting Tor means in less technical terms.

Furthermore, we work on Tor because everybody has the right to their own voice. So while this is on the one hand a plea for information we can use to tell the world about the importance of what we're accomplishing (and try to get donations to do more of it), it's also a request born of the notion that nobody is more qualified to tell your own story than you are.

So, please send us your stories so we can share them with the world. If email works, you can send it to tor-assistants@torproject.org, subject line "Why I Use Tor". And of course, you can just post a comment here.

We won't use names, but if too many details can reveal who you are, please err on the side of caution. There is no point in responding to our request if it puts you in danger. That said: why do you use Tor? Whether you use it to look at cute cats or political blogs, we'd like to know. And since we designed Tor with privacy in mind, we can't know unless you tell us.

Thank you!

Media coverage of "Covert channel vulnerabilities in anonymity systems"

Over the past few days there has been some coverage of my PhD thesis, and its relationship to Tor, on blogs and online news sites. It seems like this wave started with a column by Russ Cooper, which triggered articles in PC World and Dark Reading. The media attention came as a bit of a surprise to me, since nobody asked to interview me over this. I'd encourage other journalists writing about Tor to contact someone from the project as we're happy to help give some context.

My thesis is a fairly diverse collection of work, but the articles emphasize the impact of the attacks I discuss on users of anonymity networks like Tor. Actually, my thesis doesn't aim to show that Tor is insecure; the reason I selected Tor as a test case was that it's one of the few (and by far the largest) low-latency system that aims to stand up to observation. Other, simpler, systems have comparatively well understood weaknesses, and so there is less value in researching them.

Quantifying the security of anonymity systems is a difficult question and still being actively worked on. Comparing different systems is even harder since they make different assumptions on the capabilities of attackers (the “threat model”). The mere chance of attacks doesn't indicate that a system is insecure, since they might make assumptions about the environment that are not met, or are insufficiently reliable for the scenario being considered.

The actual goal of my thesis was try to better understand the strengths and weaknesses of systems like Tor, but more importantly to also to suggest a more general methodology for discovering, and resolving flaws. I proposed that the work from the well-established field of covert channels could be usefully applied, and used examples, including Tor, to justify this.

There remains much work to be done before it's possible to be sure how secure anonymity systems are, but hopefully this framework will be a useful one in moving forward. Since in September 2007 I joined the Tor project, I hope I'll also help in other ways too.

Syndicate content Syndicate content