A Quick, Simple Guide to Tor and the Internet of Things (So Far)
"The Internet of Things" is the remote control and networking of everyday devices ranging from a family's lawn sprinkler or babycam to a corporation's entire HVAC system.
Tor Project contributor Nathan Freitas, Executive Director of The Guardian Project, has developed a new way to use Tor's anonymous onion services to protect the "Internet of Things." The new system, while experimental, is also scalable.
The system uses Home Assistant, a free, open-source platform built on Python, that can run on Raspberry Pi and other devices. It easily can be set up to control and network people’s “Internet of Things” —home security systems, toasters, thermostats, smart lightbulbs, weather sensors and other household appliances. The new "Tor Onion Service Configuration" setup is available on their website.
"The Tor Project wants Tor privacy technology to be integrated into everyday life so that people don't have to log on to it—their privacy and security are built in. Nathan's work with Home Assistant is an early but important milestone," said Shari Steele, Tor's Executive Director.
The great danger with the "Internet of Things" (or IoT) is the opportunity for surveillance--for an individual hacker or a state actor to accumulate, store, and exploit very private information against individuals or companies.
These attacks are far from hypothetical: We've read about the ability for an attacker to see and speak to a baby through a babycam or hack and control a car. Attackers stole 40 million credit card numbers after they hacked into a national retailer's HVAC system and used it to reach their computer system and their customers.
Tor has developed a way to build a buffer of privacy between the baby and the Internet--so that the baby (or the HVAC system) is never exposed to the open Internet at all. Instead of a hackable, single point of failure, attackers must contend with the global network of thousands of Tor nodes.
"Too many 'Things' in our homes, at our hospitals, in our businesses and throughout our lives are exposed to the public Internet without the ability to protect their communication. Tor provides this, for free, with real-world hard ended, open-source software and strong, state of the art cryptography," said Nathan Freitas, Executive Director of the Guardian Project.
“Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance. The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access. Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel.”
--"DON'T PANIC," Berkman Klein Center's report on encryption
• Guardian Project video explaining the Tor/Home Assistant system: https://www.youtube.com/watch?v=j2yT-0rmgDA
• Guardian Project's easy-to-understand slides:
• Home Assistant page on setting up Tor:
Here is another article on this valuable initiative:
Tor Could Protect Your Smart Fridge From Spies and Hackers
20 Jul 2016
> There’s a growing fear that the exploding internet of things — from baby cams to pacemakers — could be a goldmine for spies and criminal hackers, allowing them access to all kinds of personal photos, videos, audio recordings, and other data. It’s a concern bolstered by remarks from top national security officials.
Some Tor users have been calling for Tor Project and like-minded human rights and civil liberties advocacy groups to pressure EU politicians and tech industry leaders* to engineer incentives aimed at growing a privacy industry. This might be a lost cause in the US, but I think some politicians in countries like Germany would be receptive.
In particular, some Tor users have been calling for inexpensive but reliable devices which can help consumers verify that their own devices are behaving well. For example, someone might want to check that their smart phone has not been surreptitiously "hot-miked" (remotely turned in an audio bug which transmits your IRL conversations to a government agency, even though the phone appears to be "turned off".
Or someone might want to verify that they really have disabled geolocation services on their WiFi devices. Journalists reporting from active war zones have been successfully targeted by hostile governments for assassination by drone/air strike. This is the exactly the scenario which a pair of gifted security researchers are working to prevent:
Edward Snowden’s New Research Aims to Keep Smartphones from Betraying Their Owners
21 Jul 2016
> In early 2012, Marie Colvin, an acclaimed international journalist from New York, entered the besieged city of Homs, Syria while reporting for London’s Sunday Times. She wrote of a difficult journey involving “a smugglers’ route, which I promised not to reveal, climbing over walls in the dark and slipping into muddy trenches.” Despite the covert approach, Syrian forces still managed to get to Colvin; under orders to “kill any journalist that set foot on Syrian soil,” they bombed the makeshift media center she was working in, killing her and one other journalist, and injuring two others.
Unfortunately, the site which published their paper is blocking Tor!
* Tech industry leaders: presumably not including anti-democracy billionaire Peter Thiel, cofounder of Palantir (one of the authoritarian-enabling firms which conspired in a disinformation/disruption scheme targeting journalist Glenn Greenwald, US high school students in Seattle, and others):
Donald Trump, Peter Thiel and the death of democracy
21 Jul 2016
> What Trump offers Thiel isn’t just an excuse to be contrary and politically incorrect. Trump gives Thiel something far more valuable: a way to fulfill his long-held ambition of saving capitalism from democracy. In a 2009 essay called The Education of a Libertarian, Thiel declared that capitalism and democracy had become incompatible. Since 1920, he argued, the creation of the welfare state and “the extension of the franchise to women” had made the American political system more responsive to more people – and therefore more hostile to capitalism. Capitalism is not “popular with the crowd”, Thiel observed, and this means that as democracy expands, the masses demand greater concessions from capitalists in the form of redistribution and regulation. The solution was obvious: less democracy. But in 2009, Thiel despaired of achieving this goal within the realm of politics. How could you possibly build a successful political movement for less democracy?
> Fast forward two years, when the country was still slowly digging its way out of the financial crisis. In 2011, Thiel told George Packer that the mood of emergency made him “weirdly hopeful”. The “failure of the establishment” had become too obvious to ignore, and this created an opportunity for something radically new, “something outside the establishment”, to take root. Now, in 2016, Thiel has finally found a politician capable of seizing that opportunity: a disruptor-in-chief who will destroy a dying system and build a better one in its place. Trump isn’t just a flamethrower for torching a rotten establishment, however – he’s the fulfillment of Thiel’s desire to build a successful political movement for less democracy.
> For Thiel, a smaller, more easily manipulated mob is preferable to a bigger one. If democracy can’t be eliminated, at least it can be shrunk through authoritarianism. A strongman like Trump, by exploiting the racial hatred and economic rage of one group of Americans, would work to delegitimize and disempower other groups of Americans. He would discipline what Thiel calls “the unthinking demos”: the democratic public that constrains capitalism.
> Thiel’s preferred political future isn’t hard to picture. The government shoulders the research costs for capitalists but makes no demands and sets no conditions. An authoritarian leader uses racial anger to set one portion of the population against another, and cracks down on those he sees as alien or illegitimate. The state becomes even more responsive to the needs of capitalists and even less responsive to the needs of workers and citizens. What Thiel calls the “oxymoron” of “capitalist democracy” is resolved – by jettisoning democracy.
> A Trumpist state could do much to soothe the crisis of capitalism: it could pour public dollars into discovering the next lucrative technology for the private sector while holding the line against the redistributive clamor of a rising millennial majority. Thiel has a history of making bets that pay off big. With Trump, he may have made another.