Possible upcoming attempts to disable the Tor network
The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities. (Directory authorities help Tor clients learn the list of relays that make up the Tor network.) We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked. Tor remains safe to use.
We hope that this attack doesn't occur; Tor is used by many good people. If the network is affected, we will immediately inform users via this blog and our Twitter feed @TorProject, along with more information if we become aware of any related risks to Tor users.
The Tor network provides a safe haven from surveillance, censorship, and computer network exploitation for millions of people who live in repressive regimes, including human rights activists in countries such as Iran, Syria, and Russia. People use the Tor network every day to conduct their daily business without fear that their online activities and speech (Facebook posts, email, Twitter feeds) will be tracked and used against them later. Millions more also use the Tor network at their local internet cafe to stay safe for ordinary web browsing.
Tor is also used by banks, diplomatic officials, members of law enforcement, bloggers, and many others. Attempts to disable the Tor network would interfere with all of these users, not just ones disliked by the attacker.
Every person has the right to privacy. This right is a foundation of a democratic society. For example, if Members of the British Parliament or US Congress cannot share ideas and opinions free of government spying, then they cannot remain independent from other branches of government. If journalists are unable to keep their sources confidential, then the ability of the press to check the power of the government is compromised. If human rights workers can't report evidence of possible crimes against humanity, it is impossible for other bodies to examine this evidence and to react. In the service of justice, we believe that the answer is to open up communication lines for everyone, securely and anonymously.
The Tor network provides online anonymity and privacy that allow freedom for everyone. Like freedom of speech, online privacy is a right for all.
[Update Monday Dec 22: So far all is quiet on the directory authority front, and no news is good news.]
[Update Sunday Dec 28: Still quiet. This is good.]
Actually, the problem is that Tor isn't decentralized enough to discourage governmental shutdown.
> I bet that this is a law enforcement operation against Tor by US FBI, Europol and UK NCA.
> I hope these guys know what they are doing.
They are engaged in a foolish and dangerous experiment.
This is indeed a crisis, perhaps the biggest the Project has ever faced. Some thoughts:
Roger is keeping his head, which is the proper thing to do during a crisis. Let's all follow his lead and play it cool.
In a crisis atmosphere, making radical changes (e.g. incorporating namecoin into critical Tor infrastructure) seems inadvisable. Much better would be to geographically/legally diversify locations of reserve Dir Auth nodes. Similarly, for users, switching to untried alleged alternatives to Tor also seems inadvisable. If the worst happens, and enough DAs are seized by our enemies to incapacitate the Tor network, let's give the Project a chance to get it back up somehow. (Roger: any idea how long that might take, if more than five DAs are seized?)
Some true Patriot risked her/his freedom to warn Roger, so users should respect his judgment about the need to withhold some information in order to protect the identity of the source. That said, I think there is no point to keeping back the name of our enemy, since it is obvious that it is "FBI" (no other entity has the ability to attempt to seize more than one or two DAs, or is foolish/panicked enough to try).
In my heart, I agree with those who chided Roger for not listing USA at the top of the "Enemies of the Internet". But my brain reminds me of some unpleasant realities: Roger acts under his own name, and an unwritten part of his job description for many years has been talking directly with FBI and other LEA officials, seeking to educate them about why LEAs should not blindly react to Tor by trying to simply shut the network down. Further, he is a US resident, so vulnerable at all times to arrest by US "authorities". All in all, he has a legitimate need to avoid becoming too confrontational with the most lethal parts of the USG. However the users are free to call out our enemies by name, and we are doing so.
I assume the phone lines between Walpole, San Francisco, and New York City are burning up; good! Further emergency action which I assume is happening: contact key media outlets to publicize and explain what is known about the plan to seize DAs (Glenn Greenwald, Marcy Wheeler, Kim Zetter... and would Brian Krebs please comment in the usual place?). And let's start organizing a giant phone-in to the politicos by Tor users in the US and Europe; an instance of what EFF likes to call "the Internet reacts".
A hasty socio-technical suggestion: if the project needs to issue new keys or find some way to distribute emergency TBB with new hardcoded DA identifiers, can you arrange to do that with the assistance of Debian or OpenBSD? Many Tor users already have copies of their signing keys (note that these are two different cryptographic infrastructures since OpenBSD does not use GPG), and it should be possible to arrange with Debian (for example) to set up a special repository which is independent of Debian's own repositories, but whose signing keys are signed by Debian keys.