I’m not going to bury the lede. Yes, Tor is still the recommended method for journalists and others who need to search the Web anonymously. The debate over potential vulnerabilities in the technology has persisted in comment threads and forums over the past few months, and then escalated over the past week, but it’s clear now that Tor is as strong as it ever was.
CJR first covered Tor back in 2011 within the context of internet shutdowns during Egypt’s protests, but it has been around for much longer. Tor, which stands for The Onion Router, is open-source software run by a nonprofit foundation that blocks the identities of users by way of many layers of routing. While the average American Web user may not have heard of it, or indeed have any real use for it, Tor has become a vital tool ideal for hundreds of thousands of people around the world—including journalists, NGO workers, and Internet users in countries where they would otherwise be hindered by censorship. And, like any tech tool, it has also been used by less praiseworthy factions as well.
Back in June, alongside the very first Snowden scoops in The Guardian about the widening scope of NSA surveillance, came a public outcry for digital privacy protections. Many internet users began to learn about encryption and anonymizing tools like Tor for the first time. People wanted to know how these tools worked, and they wanted to know whether they were really safe. Many helpful FAQs and explainers blossomed across the internet.
As it happened, The Electronic Privacy Information Center, a nonprofit organization advocating privacy and civil liberty issues, had just submitted a FOIA request on May 31, seeking more information on the relationship between the government and Tor. In its rundown of the case on its website, EPIC pointed out various governmental departments’ past and ongoing funding of Tor: “In total, the Federal government’s contributions account for 60% of Tor’s annual $2 million budget.” The FOIA request was meant to determine whether the government had contributed any “vulnerabilities” (also known as “backdoors”) to Tor along with its funds.
There was a historical precedent for this line of concern. EPIC cited the Clipper Chip from the 1990s, “a cryptographic device purportedly intended to protect private communications while at the same time permitting government agents to obtain the ‘keys’ upon presentation of what has been vaguely characterized as ‘legal authorization.’” After widespread public criticism, the NSA sank the project. “Despite losing the public debate over the Clipper Chip, the NSA has introduced vulnerabilities into many of the encryption technologies used by Internet consumers,” EPIC continued.
On September 5, the scoop that the NSA had successfully cracked many of the encryption tools on the market through the use of such backdoors seemed to justify all of the growing suspicions about Tor. If the government could coerce independent, commercial companies into building holes into their services for the NSA to exploit, the logic went, why wouldn’t they want to do the same to Tor, which everyone already knew the government funded?
“The feds pay for 60 percent of Tor’s development. Can users trust it?” asked a widely-cited Washington Post headline following that revelation. But, the article went on to explain, the story wasn’t so simple. While certain branches of the government contributed funding to Tor, the NSA wasn’t one of them. “Don’t assume that ‘the government’ is one coherent entity with one mindset,” Tor Executive Director Andrew Lewman told Brian Fung at the Post. And in that same piece, Roger Dingledine, one of Tor’s founders, made the often-forgotten point that Tor is open-source software. Lots of people are working on Tor’s code, all the time, in the open. If the government (or anyone) had snuck in malicious code, someone would probably have noticed.