Delivering privacy in a world of pervasive digital surveillance: Tor Project’s Executive Director speaks out


The overarching mission of the US-based non-profit organization the Tor Project is to advance human rights and make open-source, privacy preserving software available to people globally, so that they can browse the internet privately, protect themselves against surveillance and bypass online censorship.

We’ve spoken to Isabela Fernandes, Tor Project’s Executive Director, about their efforts and plans to advance that mission.

Tor Project privacy

[Isabela Fernandes’ answers have been lightly edited for clarity.]

To infosec professionals The Tor Project doesn’t need an introduction, but there’s always other people out there who have never heard of it. How would you describe its importance to them? What resources does it offer, and for whom?

The Tor Project serves a wide group of people who are concerned with protecting their online activity and privacy – from activists to journalists, human rights defenders, and at risk communities who see their rights restricted, such as LGBTQIA+ people, people seeking access to reproductive and healthcare services, and those offering those services and support systems.

People might be most familiar with Tor Browser, a fortified copy of Firefox that provides anti-fingerprinting protection, does not keep any browsing history, isolate cookies and connects to the Tor network, a decentralized network run by volunteers all around the world which routes traffic through multiple servers and encrypts it each step of the way.

Tor also has a technology called .onion sites, websites that give visitors an added layer of privacy by never exiting the Tor network, and which are used by global news outlets, social media platforms, email services and human rights organizations.

People often think that Tor Browser is difficult to use or that accessing the Tor network is illegal. This is not the case.

Tor works just like any other browser. If you haven’t used it in a while or tried it at all, we strongly encourage you to download the latest version and take it for a ride. I think many users will be surprised how easy it is to use. And the more people use Tor Browser, the more we will be able to protect members of at-risk communities.

Many people around the world go online exclusively via their smartphone. Does the work on the Tor Browser for Android reflect that state of affairs? Is there a plan to start working on a Tor Browser app for iPhone?

Tor Browser for Android was our first major step to support the mobile use case, an effort we started back in 2016. Our goal is to ensure maximum platform and downwards compatibility as a lot of at-risk users rely on a stable experience, specifically on older handheld devices. iPhone users currently have access to Onion Browser on iOS.

Over the past couple of years we have invested in other initiatives to expand the mobile use case coverage. We partner with Guardian Project and Calyx Institute to help bring Orbot [a proxy that enables users to send the data from their mobile apps through the Tor network] to iPhone and OnionShare [open source tool for secure and anonymous file sharing, sites hosting and chatting via the Tor network] to both Android and iOS.

Besides that, one big benefit of our project to re-write Tor in Rust is a better API to embed Tor on a mobile application. The main feature for it is called OnionMasq; early in the year we tested it with different applications and it already showed to be much easier for developers to embed Tor to their app.

Finally, at the end of 2021, we announced our plan to build a Tor ‘VPN-like’ app for Android, our goal for 2023 is to end the year with a MVP testing app. This project is intended to build a client that will operate like a VPN, but use the Tor network. The Tor VPN client will complete the user experience on mobile, especially for users in regions where Android devices are their only way to access the internet. We want to make sure that we are covering this experience for our users as well.

The Tor network relies on a community of volunteers who operate relays and bridges. How important is community involvement in Tor Project’s various projects? How can people get involved?

While the Tor Project has teams dedicated to developing anti-censorship technologies and providing community support that can act quickly when new challenges arise, community and volunteer support is invaluable to the success of our mission.

Today, we count 7000+ relays and 2660+ bridges, and anyone can join this growing open network. We also have more than 130,000 people running snowflake proxies – a technology developed and integrated on all Tor powered products – to bypass internet censorship.

For those who want and have the capacity to support our work, the following are great ways to get involved: run snowflake proxies. Those are browser extensions available for all kinds of the major browsers out there and can be run by keeping the tab open. This is an easy way for every internet user to help more people access the Tor network more easily and is safe for the end user, as the traffic only indicates a Tor node, not which sites are being navigated to.

For the more technologically literate folks out there, we invite you to run a relay or bridge. At the moment, we are asking for help with obfs4 bridges to help combat censorship happening in Turkmenistan.

People can also become an alpha tester (if it’s safe to do it where they live) and help us identify bugs on new Tor Browser features.

Last but not least, anyone can contribute monetarily to help us shore up our operations. The Tor Project is a 501(c)(3) nonprofit which means we are supported by donations. Every donation, no matter the amount, makes an impact.

The Tor Project recently shared the results of a program in several Latin American countries, aimed at collecting on-the-ground information about how users use the various Tor Project products and the difficulties they encounter while doing it. What have you learned? How has this affected your plans for similar projects in other parts of the world?

Our outreach, user testing and training programs in the Global South have validated our user-centric development process and highlighted improvement areas to reduce barriers to adoption of our technology – whether it is on a technical level by implementing more intuitive connectivity and anti-censorship tools, or by expanding up our user support and localization efforts. Especially as people’s digital rights continue to face increasing attacks and restrictions, we need to continue to increase awareness and accessibility of our tools.

Since 2017, every year we have a major Tor Browser release with usability improvements. All this work comes directly from what we learn through this program. For instance, the most recent 12.5 release is the circuit display that shows which connection through Tor the user is using to access a particular domain. We added other improvements based on our trainings with hundreds of journalists and human rights defenders in Brazil, Mexico and Ecuador.

To that end, we will continue to tailor our outreach and support approaches in unique ways for different regions; running Tor training with local partners in Latin America and East Africa and to include new partners from the Middle East and North Africa (MENA) region; and localizing Tor tools and support materials in critical languages, including Arabic, Farsi, Russian, Swahili, and Chinese.

Governments in various countries are imposing restrictions on internet access and censoring online content. What are the latest fights the Tor Project had to win to support users in such environments and enable them to bypass censorship?

Some recent, better known examples where the Tor Project has had a huge impact in helping people access the unrestricted internet include Iran and Russia.

Russia is the country with the second largest number of Tor users, making up 15% of total daily users throughout 2021. At the onset of the Ukraine war, there was a big push to block access to Tor. Our community team called on our volunteers to spin up new bridges – tools that make it possible for users to “hop” over censorship against the Tor network. The Tor community supported censored users by starting up approximately 1,200 new bridges, and we doubled the number of bridges on the network in the few weeks following.

Then, last fall, as the protests erupted in Iran, we were able to apply these learnings and sprang into action with a cross-team rapid response, involving the creation and dissemination of localized user guides and customer support in Farsi and Arabic to facilitate access to our network.

On the technical side we made Snowflake more robust and harder to detect by censors. Within days we saw a spike in the use of bridges. We also called on our volunteers again to install Snowflake to act as ephemeral proxies to enable access to the Tor network. At the onset of the protests we had around 30,000 Snowflake proxies and a week later 110,000.

Currently we are working with users in Turkmenistan who have been experiencing heavy state censorship for several months now. This specific case is quite different from what we have seen in Iran, Russia or China. The censor is moving faster and is not afraid of the dimensions of their blocks, blocking the full range of IPs of hosting providers, including the big ones. We are documenting the learnings we have from this new behavior to apply them to improve our process to fight back against censorship.

The US, several European countries and the EU itself are considering legislation to ban the use of end-to-end encryption. If it’s passed, what would be its effect on the Tor Project?

Our stance is clear, we think that encryption is a right – which is why it is built into our technology. As more and more aspects of our lives are carried out digitally, whether it is conducting financial transactions, accessing health care services or staying in touch with friends and loved ones, our online activity should be governed by the same rights to privacy and anonymity as our analog experiences.

As part of our work, the Tor Project is currently active in the debate around the need to safeguard EE2E. We are engaged in advocacy work on the issue and have supported other organizations in their efforts to raise awareness, especially as part of the Global Encryption Coalition.

We are also planning to leverage our own platform to launch a repository of user stories highlighting the importance and beneficial use cases of encryption in everyday life to help mainstream the acceptance and normalization of encryption as a technology.

What Tor Project projects have come to fruition in the past six months? What projects are currently in the works?

Earlier this year, we launched the Mullvad Browser, a free, privacy-preserving browser offering similar protections as Tor Browser without the Tor network. Mullvad Browser is another option for internet users who are looking for a privacy-focused browser that doesn’t need a bunch of extensions and plugins to enhance their privacy and reduce the factors that can accidentally de-anonymize themselves.

At the same time, we are constantly improving our own technology, especially with a focus on accessibility, speed and ways to improve censorship resistance. Most recently, we have launched Tor Browser 12.5 which integrates better with screen readers, makes the connection status easier to spot and helps automate connection to bridges. We are also addressing legacy code and rewriting our code base in Rust to achieve better mobile compatibility and performance.

We’re also continuing to deploy Proof of Work, a defense against DoS attacks designed specifically to protect individual onion services. When big sites adopt these protections, we should see a decreased negative impact of targeted DoS attacks on network speeds.

We have also been working on two designs for Tor that will improve the speed for Tor users: one is Congestion Control and the other is Conflux. Congestion Control has already been deployed on Tor stable and Conflux is targeting the next stable release. Our efforts on improving our defenses mechanisms and to improve Tor speed by better selecting the relays and handling traffic will help improve the user experience regarding the speed of the network.

To build better support and governance for our relay operators community, we recently published the process to have policies and proposals approved. More governance tools like this one will be coming up and we are very excited that we can provide such support to the relay operator community and we hope to continue to do more for them so the Tor network remains healthy because it is maintained by a healthy community.



Source link