It's been quite a few months for the Tor Project. Last November, project co-founder and director Roger Dingledine accused the FBI of paying Carnegie Mellon computer security researchers at least $1 million to de-anonymize Tor users and reveal their IP addresses as part of a large criminal investigation.
The FBI dismissed things, but the investigation in question is a very high-profile matter focused on members of the Silk Road online-drug marketplace. One of the IP addresses revealed belonged to Brian Farrell, an alleged Silk Road 2 lieutenant. An early filing in Farrell's case, first reported by Vice Motherboard, said that a "university-based research institute" aided government efforts to unmask Farrell.
That document fit with Ars reporting from January 2015, when a Homeland Security search warrant affidavit stated that from January to July 2014, a “source of information” provided law enforcement “with particular IP addresses” that accessed the vendor-side of Silk Road 2. By July 2015, the Tor Project managed to discover and shut down this sustained attack. But the Tor Project further concluded that the attack resembled a technique described by a team of Carnegie Mellon University (CMU) researchers who a few weeks earlier had canceled a security conference presentation on a low-cost way to deanonymize Tor users. The Tor officials went on to warn that an intelligence agency from a global adversary also might have been able to capitalize on the vulnerability.
As this high-stakes situation continued to play out, the Tor Project was also looking for help. Faced with an increased demand and more government scrutiny in the wake of the Snowden leaks, 2015 saw Tor engage in a five-month search for a new executive director, someone who could "be the face and voice of the organization, to educate the public about privacy and encourage wider adoption of its tools, and could court donors to help sustain the organization and fund development of its tools," as Wired put it. And in December, Tor ended its year by hiring Shari Steele, previously the EFF executive director for 15 years.
As Steele prepares for her first year leading the Tor Project, she was kind enough to sit down last month in San Francisco with Ars for an extended chat on everything from the CMU situation and funding to the Tor community at large. What follows is the transcript of our conversation that has been lightly edited for clarity (or heavily edited, in the case of any of our clumsy questions).
Ars: You are a longtime person in the world of privacy and surveillance. How is Tor going to change now that you're at the helm?
Steele: One of the big things that Tor is looking to do is change its public perception and also to be able to be responsive to the things that the Tor Project itself thinks are the most important things to be working on rather than what its funders think are important.
The two biggest things I want to work on: First is to build up an infrastructure and second is to build up the reputation of the organization and bring in money from alternative sources. A significant amount of the money right now is coming from various US government grants. That's great that there's money coming in, but most of that is restricted money, and you have to work on the specific things that are talked about in the proposal and the grant issuance. So we're looking to find some additional funding sources. There's a big crowdfunding going on right now to get individual donations.
I noticed Laura Poitras at the top of my Tor Browser the other day.
Yes, Laura was the first champion that we had out there, but you should be paying attention. There's all sorts of really interesting people that have been released and are going to be released as champions, all wearing our “This is what a Tor champion looks like” shirts.
You mentioned changing the public perception of Tor. I feel like in journalist, academic, activist circles that we roll in, it's great. It's a tool for privacy, for anonymity, for making sure the government isn't tracking what you're doing and making sure miscreants writ large are not tracking you. But I feel like that's—I don't want to say divorced from—but maybe separate from the perception the public at large has. Many have only heard of Tor because that's how you access Silk Road or the deep, dark, scary Web. Is that the perception you mean?
That's exactly what I mean. And it's kind of crazy. I'm going to take off my Tor hat for a second. As someone who has observed Tor for years and years from the outside, it's actually kind of mind-blowing, the difference between what the project is actually about, the service, and how essential it is to the infrastructure of freedom versus the public's reaction to it is and how it has been received in papers. That really is one of the things that I'm hoping to change.
These are brilliant technologists who are doing the work of the angels, and they are doing important stuff. If you talk to any of them, I don't recall a single solitary person I've met who is in this for the Dark Net. Everyone here wants to make the world a better place and sees this as an essential freedom tool; [Tor technologists] think of themselves as freedom fighters. It's really weird that the public perception is so completely out of touch with what this project is really about.
So how do you change that?One of the ways is to teach the members of the organization themselves that they have nothing to be defensive about. I think when these kinds of attacks happen, the community gets extremely defensive and tends to blow up negative stories in ways. They should just let that stuff slide and put some positive stories out there and be able to talk about how it's helping journalists do their jobs and it's helping activists in parts of the world where their governments would kill them if they knew who they were. So, it really starts by talking to reporters like you who are going to get the story out there.
Is it just a marketing issue? Does there just need to be more Tor stickers on buses? What does that look like?
In a way it's a reputational kind of thing. The reality is that to the people who are working on Tor, is great. It is a freedom-enhancing project. The people who are working on it, they understand that is their mission. That is what they're about. So it really is a perception thing; we have to change the perception.
I don't think stickers on buses is the way to do it, but I think coupling ourselves to stories that are positives stories—about revolution and about personal privacy and about people using Tor for medical research and for all sorts of ways that Tor is being used for positive ways. Let's talk about that more instead of talking about the Dark Net.
So you are the new head of the Tor Project, how much do you use Tor in your regular non-work life?Personally, I use it maybe 10, 20 percent of the time. I know that there are people out there that are using it a lot of the time. But for me as much as I might hate Flash, there are times that I need to watch something on YouTube. I can't do 100 percent of the things that I need to do on Tor. Even Craigslist blocks a lot of Tor access, so I have to shuffle circuits to hit one that will work. How much do you use it for yourself in day to day life?
There's a sort of fantasy—how will Tor grow, what would that look like if we had unlimited resources, and how would we make that more accessible—and the fantasy is that maybe someday it's built-in to a privacy option on regular apps that you use. You wouldn't normally have it turned on, and instead when you do your Google search, you would click a switch and say “I would like to browse privately now”—that would be Tor. That's kind of the way we're thinking about it.
Before I came to Tor, I wasn't a big Tor user, but I was a big Tor supporter. I don't know if you know, but there was a time early in Tor's career that EFF actually sponsored Tor, so I always recognized the importance of it. But like you, most of my communications aren't deeply private. Most of my communications, I don't think of it that way. There are lots of people in the Tor community that do private things all of the time. But this very week, they've been giving me all kinds of new tools that I've never used before.
reader comments
105