(Page 5 of 5)
Tor is preparing for the fight against relay blocking by creating a system of "bridge nodes"--a constantly changing list of IP addresses through which people can reach the main network of relays. A user can simply send an e-mail asking for a bridge address. Of course, an Iranian censor could also request and block such addresses, but the idea is to defeat such efforts by generating ever more bridges, donated by a wide range of Internet users. And Jonathan Zittrain, a Berkman cofounder and Harvard Law School professor, envisions going even further. "The next big moment that the Tor people haven't implemented--something in the background, something that would be huge--would be if your use of Tor, by default, makes you a Tor node yourself," he says. "At that point, it totally scales. The more people use it, the more people can use it."
As part of a three-year effort to improve the software and expand its use, Tor's staff and volunteers will step up appeals for Tor users to let their computers serve as bridges to individual users elsewhere. But taking the next step--becoming a relay, or node, potentially available to any Tor traffic--would massively increase the traffic flowing through a user's computer. If users became nodes by default, it could defeat the purpose of using Tor to remain low key: once a user wandered into a cybercafé to blog anonymously, that terminal would soon stand out as a hub of Internet traffic. What's more, such a system "sets off an arms race with all the network providers and network administrators," says Andrew Lewman, Tor's executive director. "It increases traffic, and we become something they might block, because that's their job." Tor would ultimately like to find safe ways to enlist distributed help, but for now, developers are pursuing intermediate goals, such as limiting bulk data transfers and improving the flow among existing Tor relays.
One criticism leveled against Tor is that it can be used not only for good purposes but for bad--protecting distributors of child pornography, for example. Dingledine's response is that Tor's protections help law enforcement catch criminals, too, while criminals may find it more effective to use neighbors' or public Wi-Fi links, or hacked computers, to mask their identities.
Another concern is that circumvention tools--especially those that only use a single proxy, which holds information about who is talking to whom--can create privacy and security worries of their own. Earlier this year, Hal Roberts discovered that certain tools used widely in China--DynaWeb Freegate, GPass, and FirePhoenix--appeared to be offering to sell users' browsing histories. While there's no evidence that any individual's privacy was compromised, the point was made: in many cases, using anonymity or circumvention systems still means trusting an organization with your information--and trusting that its privacy policies can and will be honored. (With Tor, it's a bit different; since no single relay ever holds the information about the complete route, you must trust the integrity of algorithms that obscure connections between origins and destinations.) "I don't doubt the dedication of the people hosting these tools, but what I'm concerned about is whether they will protect your data," Roberts says. "The biggest takeaway is: they have that data."
Dingledine thinks events will push people to seek the protections that Tor and other tools provide. In 2006, for example, AOL gave away millions of users' search terms for research purposes. Although the searchers were identified only by random numbers, bloggers and reporters were quickly able to identify individual users from clues based on the search terms. (Since Tor uses a different router pathway for each user each time, it's impossible to amass such aggregate data about even an anonymously identified Tor user.) Dingledine reasons that each time a national censor blocks news sites and YouTube, or an ISP or website loses or sells or gives away user data, people will seek solutions. "The approach we've taken so far is to let the bad guys teach people about it," he says. "Let the AOLs and the China firewalls screw up. Let everybody read about why they want privacy on the Internet." More and more people might just decide that enough is enough.
David Talbot is Technology Review's chief correspondent.
Antipiracy legislation headed for a U.S. Senate vote in January could be fraught with downsides.
Social media sites have played a huge role in the prodemocracy surge—but states have also been very good at using technology to suppress their people.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
syverson
1 Comment
Clearing up a few points
A few clarifications of points made in this generally good article about the design and uses of Tor:
1. It is true that the versions of onion routing we designed before designing Tor "never left the lab", but only in the sense that the public prototype ran on machines entirely at the Naval Research Laboratory. During its operation from 1997 to early 2000, over twenty million requests from more than sixty countries and all major US top level domains were processed by the initial prototype onion routing network. An average of over 50,000 hits per day occurred during the final year. Peak reported load of 84,022 connections occurred on 12/31/98.
2. Many improvements and realizations stemmed from the collaboration with Roger Dingledine and Nick Mathewson that led to Tor, but "that tools for protecting military agents and tools for protecting Web surfers' privacy could be one and the same" was recognized from the very beginning of onion routing, and several early design and deployment decisions arose from it. For example, encouraging public usage by allowing public verification of trust was one of the motivations to go open source, as it later came to be called. The first publication release for onion routing code was in 1996.
Reply