Roger Dingledine gave a presentation on Tor, software that lets a user request and view Web pages without revealing the location of your computer to the site. Tor allows packages to be bounced multiple relays so that no one relay knows who is visiting a particular site. The user establishes time-sensitive encryption keys between each relay. There are two pieces to all these “proxying” schemes. A relay component: building circuits, sending traffic over them, getting the encryption right. A discovery component: learning what relays are available.
Attackers can block users from connecting to the Tor network by, for example, blocking all the relay IP addresses in the Tor directory; by filtering based on Tor’s network fingerprint; by preventing users from finding the Tor software. After six years, the Chinese government finally got around to blocking the TorProject.org website two weeks ago.
Attackers seek to restrict the flow of embarassing and opposing information such as rights violations, corruption, opposition movements, etc. Complete blocking is not the goal of attackers, it’s not even necessary. Similarly, there is no need to shut down or block every circumvention tool. They only need to block ones that are popular and effective (the ones that work), and those that are highly visible.
In designing blocking-resistance software, some important design factors need to be kept in mind. There is little reprisal against passive consumers of information. Procducers and distributors of information are in greater danger. Governments have economic, political, social incentives not to block the whole Internet. But they can tolerate some collateral damage.
At the same time, China’s filtering system is practically maxed out. There is not much more content they can parse and filter. In other words, network firewalls has limited CPU capacity. So it’s possible to blend in. In terms of data security, what is often more useful is tactical security measures, rather than strictly technical security issues. In my opinion, this is where the field of nonviolent action has much to contribute.
Tor gives three anonymity properties:
- A local network attacker can’t learn, or influence, your destination.
- No single router can link you to your destination.
- The destination, or somebody watching it, can’t learn your location.
Tor is highly sustainable, with thousands of volunteers and a completely open source philosophy. The software has an established user base of hundreds of thousands of people around the world. Ordinary citizens, activists, corporations, law enforcement, etc, all use Tor. This diversity of users means that Tor is virtually guaranteed to survive. Anonymity is useful for censorship-resistance as well. Roger likened the race against government surveillance as an arms race, an analogy I’ve also used in my dissertation research.