I just finished Tor: From the Dark Web to the Future of Privacy, a profile of the Tor Project. I thought it was an approachable overview of Tor and its history. If you’re interested, the book is free! Or you can read my chapter-by-chapter notes below.
Chapter 1: Privacy Worlds
The book claims that Tor “recreates the utopianism of the early internet pioneers, in which many users felt the connective power of the whole internet at their disposal. They experienced a global public sphere that was much harder for governments to control (even if with much of the poison that we see today).”
It also talks about how “we write our values into the technologies we…
I just finished Tor: From the Dark Web to the Future of Privacy, a profile of the Tor Project. I thought it was an approachable overview of Tor and its history. If you’re interested, the book is free! Or you can read my chapter-by-chapter notes below.
Chapter 1: Privacy Worlds
The book claims that Tor “recreates the utopianism of the early internet pioneers, in which many users felt the connective power of the whole internet at their disposal. They experienced a global public sphere that was much harder for governments to control (even if with much of the poison that we see today).”
It also talks about how “we write our values into the technologies we build” and how imported technologies “often bring their own cultures with them”. “So if we want to understand Tor and how it has shaped the landscape of online privacy across its history, we might try to pick apart the privacy values of its designers to understand how those values have shaped it over the years.”
Chapter 3: Tor’s Strange Beginnings
I learned about the “Pentagon Pizza Channel”, which supposedly predicts conflicts based on the number of pizzas being ordered near the Pentagon. If a lot of pizzas are being ordered late at night, maybe people are scrambling over some crisis. It may not be real, but it serves to demonstrate the importance of protecting metadata:
Following Operation Desert Storm, the US military’s ground invasion of Iraq in 1991, a (possibly real, possibly apocryphal) story began circulating on late-night talk shows. As the story went, a journalist had noticed a massive spike in pizza deliveries to the headquarters of the US Department of Defense in the Pentagon building the night before the unannounced invasion. From this, the journalist deduced that there were hundreds of Pentagon employees working late, and hence, that the invasion must be imminent.
To the [US Naval Research Laboratory] researchers, this provided a compelling example of how revealing metadata alone can be.
There were several quotes about how usability was important (a lesson I learned repeatedly at Signal):
[…] an onion routing system had to be open to as wide a range of users and maintainers as possible, so that the mere fact that someone was using the system wouldn’t reveal anything about their identity or their affiliations.
Onion routing, whose values and core design were increasingly based around usability and mass uptake, framed these issues in terms of greater adoption—a more usable system was a more secure system, as it would have a larger and more diverse “crowd” to get lost in.
The book mentions that anonymity is “one way of recasting privacy politics in technical language.” I think this is a good lesson. The author highlights many people who believe that Tor is neutral infrastructure and a non-political technology. I think this is totally wrong (for all technology, not just Tor)! If I want to talk with someone who disagrees, I can find framing that makes it sound less political.
Chapter 4: Designing the Onion
Bookmarked “The Eternity Service”, a 1996 paper which imagined a robust file storage similar to BitTorrent. (At least, that’s what I think it’s about—I haven’t read it yet.)
A note about how digital surveillance feels, which I both understand and disagree with:
You can’t see or feel online state surveillance, so you can’t really see or feel its absence either.
Three more quotes about approachability:
Usability and anonymity exist in tension in onion routing.
This is one reason that Tor survived-many of its competitors, developed as they were by cypherpunks for whom security was the ultimate goal, prioritized resistance to powerful adversaries over usability.
Wherever more complexity, or the opportunity to confuse users with a less or more secure mode popped up, it was generally considered and abandoned.
Chapter 5: Enter the Maintainers
Tor requires upkeep and maintenance, both to keep the code running and to operate relays. Not everyone does this for the same ideological reasons:
It struck me as quite an odd group—I met techno-libertarian tinkerers, unabashed fascists, card-carrying liberal democrats, and anarcho-socialists. What they shared was a general interest in technology and digital privacy […]
I really liked this quote from a Tor relay operator:
“I think [Tor works] probably because it’s easy to work together. We don’t actually have to work together! The Tor Project has made it so simple to start a relay and just run it, and not actually interact with anyone…they’ve made it so easy to, to act like a big community when actually, we’re not really, I think we might be a bunch of individuals…We don’t have to cooperate with each other, apart from running the same software.”
— Relay operator
Chapter 6: The Onion Grows Roots
Again, Tor faced issues about whether it was a social/political technology or a neutral tool:
[…] the people involved in the Tor community at this stage generally chafed at the idea of privacy as a social movement. The engineer world was distrustful of policy and legal debates, preferring to change the world through technical fixes […]
I do not believe that technology can ever be neutral. This idea seems to have taken hold with Tor. For example:
This public relations campaign began to quickly change Tor’s reputation as a high-security hacker technology—instead of arguments at crypto conferences, a search for Tor now returned endorsements from major human rights organizations.
And a nice reminder that infighting is a real threat:
The state security actors against which Tor was trying to defend had a long history of skillfully disrupting undesirable activist or resistance groups through stirring up internal conflict and stoking paranoia.
Chapter 7: The Dark Net Rises
This book argues that the so-called “Dark Web” is a “wildly misleading term”. I loved this little rebuttal:
Claiming that all data stored in servers accessible via the web are part of a shadowy bulk of unindexed sites is misleading—the equivalent of saying that books indexed in your local library sit on top of a vast hidden “deep library” of books that live in people’s living rooms, or arguing that all the ketchup that isn’t stored in supermarkets exists in a shadowy “deep kitchen.”
Despite this, the concept of the Dark Web dogged Tor. The media associated Tor with the drugs and crime and bad things. This hurt the project.
The Silk Road, perhaps the most famous example of this phenomenon, was shut down by cops. This shook the Tor community:
[…] that law enforcement was able to pull off such an operation strongly implied either wholesale government compromise of the network or a serious unknown vulnerability. In fact, the reality is more prosaic. As shown since by Sarah Jamie Lewis’ OnionScan mapping project, hidden services are easy to misconfigure, and large proportions of the ecosystem were making rookie mistakes that allowed them to be discovered.
Learned about Tor2Web, a less secure (but more convenient) way of accessing Tor onion services (sometimes called “hidden services”).
Chapter 10: Privacy Futures
Hey, can someone make something really popular using Tor?
Tor is still searching for what one might have once called its killer app—a use case that breaks open a major market or route to mass adoption. It has maintained a solid core of between two and three million daily users around the world for the last decade, but has yet to enter the exponential growth phase that typifies a “success story” in the world of digital infrastructure.
I was surprised to learn that Tor sold an NFT:
In fact, the nascent Web3 has already been an important source of funding for Tor. In 2021, Tor auctioned an NFT, a piece of digital art called Dreaming at Dusk created by artist Itzel Yard, based on the private key of the first onion service released on the network.The proceeds from this sale—$1.7 million in the Ethereum cryptocurrency—covered a third of Tor’s operating budget for the year, and helped it partly recover following its financial issues faced during the height of the pandemic.
The book also mentions “crypto panics” which seem common:
As authoritarian political movements continue to become established across the word, crime will be cited as a justification to ban Tor in service of state-level power, particularly to undermine its anti-censorship properties.
And finally, I was inspired by this:
[…] the history of the internet is defined above all by the efforts that hackers, engineers, and everyday users have made to take the apparently fixed properties of its infrastructures and break them, or to build new and diverse worlds out of them.
Closing thoughts
I found myself using Tor for my regular internet browsing after reading this book. Not all the time—it’s unfortunately too slow for a lot of things—but it’s plenty fast for messaging, emailing, and reading my RSS feeds. It’s clear that they’ve done a lot to make Tor “just work”, which I appreciate as fascism takes hold where I live.
I thought the book was clearly written. I really liked its heavy use of quotes from Tor maintainers and relay operators. The book is free to download, so if it interests you, give it a read!