The results from EPIC’s FOIA request came back a few weeks later. A post went up on the EPIC website on September 25 with its conclusions that, while there was evidence that the NSA and FBI have targeted the communications of Tor users, this particular FOIA request “reveal[ed] no efforts by the NSA to undermine the security or reliability of the Tor network.” EPIC’s popular “Online Guide to Practical Privacy Tools,” updated and relaunched a week later, still featured Tor.
Then, last Wednesday brought news of the FBI’s Silk Road shutdown, an alleged drug market site only accessible via Tor. By busting Silk Road, the agency had finally taken down the “eBay for drugs” it had been chasing for years, and arrested Ross William Ulbricht, the man who (the FBI’s criminal complaint alleges) founded and ran the site.
Both the allegations against “the Dread Pirate Roberts” and the particulars of his entire story are bonkers—fake identities, multiple murder plots, and the shockingly dumb missteps that ultimately led to his downfall. (A ton of great reporting and writing have emerged from this saga over the past few days; I especially recommend the coverage by Ars Technica and The Verge.) But while the tech press and narrative yarn-spinners everywhere were busy sinking their claws into this juicy story, ex-visitors of the extant site were running around in cyber circles, worrying about what it all meant, and about, among other things, whether Tor was still safe.
Responding to the Silk Road bust, Dingledine addressed the situation in a Tor Project blog post that day, assuring Tor users that there was, thus far, no evidence that Tor had been compromised. The FBI’s criminal complaint against Ullrich cited old-fashioned detective work and full-time Web browsing—not cyberattacks.
In one response comment, a Tor user brought up the now-familiar “60% funding from the government” point as proof that Tor was some type of law-enforcement front (perhaps this user read the Post headline, but not the article below it?). Then the same user exclaimed, in time-honored Caps-Lock fashion, “ANYONE ELSE FEEL SAFE USING TOR AFTER FREEDOM HOSTING AND NOW SILK ROAD? ANYONE ELSE NOTICE IT’S THE ILLEGAL SITES GETTING NABBED? IF THAT’S NOT A CLEAR INDICATION THAT TOR IS INVOLVED WITH THE GOVERNMENT THEN I GOT A BRIDGE TO SELL YOU IN SAN FRAN.” Which sort of begs the question of why legal sites would get “nabbed,” but, all kidding aside, Tor users may be forgiven for feeling skittish, considering the circumstances.
Dingledine responded to the capslock commenter with a reminder that there is a difference between the FBI and the NSA, and that one simple solution always remains an option for the truly worried. “There are some serious adversaries attacking the Internet these days,” read his response. “It may be that Tor can’t protect you against the NSA’s large-scale Internet surveillance, and it may be that no existing anonymous communication tool can. ‘Stop using the Internet’ is a perfectly reasonable answer.’”
The tech press even got in on the hand-wringing. “Tor Can’t Always Keep You Safe; Just Ask Silk Road” scolded a particularly misleading PC Magazine headline on Thursday. While you can’t ask Silk Road anything these days, that doesn’t mean Tor can’t “keep you safe” if you use it correctly. It just might land you in jail if you use it to create a drug empire and order assassinations.
As that same Tor blog post notes, Tor is a tool for anonymization—but it “won’t keep someone anonymous when paired with unsafe software or unsafe behavior.” And even that caveat is directed more toward the websites using Tor’s “hidden service feature” and less toward the casual anonymity-seeking, Web-browsing individual.