Control and Freedom

States v. Forrester, in regard to ‘electronic surveillance’, unlike telephone numbers, ‘pen

registers’ such as IP addresses and emails are not just ‘routing information’ but have more content, not only identifying the user but visited webpages and entered search terms. Buckner therefore states that a user’s expectation of privacy is much greater and that the court erred in the United States v. Forrester ruling, which I describe in more detail (Appendix H).

2.5 Control and Freedom

In recent years the reputation economy of the Tor network, as seen by the media, law

enforcement and the general public, is that of hiding Dark Net markets, child porn, criminals and terrorists. Yet ‘[d]espite this dominant idea of the dark web as only useful to pedophiles, assassins, and junkies, recently more Internet users have started to use Tor and even

‘hidden.onion’ sites’ (Gehl 2014:1222-3). In an era where multinational companies and governments organise the personalised subject’s online experiences around advertising, data tracking and surveillance, users also apply Tor in order to anonymously search the ‘vanilla internet’. Statistics indicate that in 2015 the Tor project estimated ‘that about 3.4% of client traffic is hidden-service traffic and 6.1% of traffic seen at a relay is hidden-service traffic’

(Kadianakis 2015).¹⁴⁶ In other words, around 96,6% of Tor traffic was NOT Hidden Services.

Returning to Chapter 1 and the changing names of the address offices representative of their functions, Tor also renamed its ‘hidden services’ to ‘onion services’ in 2015, ‘to reflect the fact that they provide more than just the “hiding” of a service—more importantly, they provide end-to-end security and self-certifying domain names’ (Winter et al. 2018). This change in

nomenclature follows the development of Tor and its historical ‘onion routing’, along with its present dynamic ‘reputation economy’ among its various user groups. As shown by numerous studies (Forte et al. 2017;Khattak et al. 2016; Gehl 2014) there is discrimination of Tor users.

The 2016 study Do You See What I See? Differential Treatment of Anonymous Users explores how Tor users receive ‘differential treatment’ that ‘involves websites providing Tor users with degraded service, resulting in them effectively being relegated to the role of second-class citizens on the Internet’ (Khattak et al. 2016:1). Khattak et al.’s research specifically focuses on censorship; it is not directed at content or traffic entering Tor but rather in relation to traffic exiting Tor (2016). By examining the characterization of websites and IP addresses, they were able to establish how Tor users are discriminated against at the network layer, ‘a straightforward technique for services to block Tor is to filter traffic from publicly listed exit nodes’ (ibid:3).

Concomitantly their research proposes that ‘at least 3,67% of the top 1000 Alexa web sites block Tor users at the application layer’ (ibid:1).

Another study Privacy, Anonymity, and Perceived Risk in Open Collaboration: A Study of Tor Users and Wikipedians (Forte et al. 2017), supports this by demonstrating how other websites

‘block Tor users from posting outright by blacklisting IP addresses that are known to be Tor exit nodes. One of these sites is Wikipedia’ (Forte et al. 2017:9). Forte et al. also describe how Tor users repeatedly received CAPTCHAs (Completely Automated Public Turing Test To Tell Computers and Humans Apart), stating that ‘the web hosting service Cloudflare (a large content delivery network, or CDN) presents Tor users with CAPTCHAs to such an extent that a

146 Tor’s executive director Roger Dingledine also stressed that hidden services websites only account for 2% of total traffic using Tor’s anonymising technology: a warning not to confuse websites hiding themselves with individual internet users using Tor to surf the web anonymously (Dredge 2014).

defeated interviewee returned to using a normal browser (ibid:8).¹⁴⁷ This is echoed by my own study. Whilst collecting my small data set on Tor I would sometimes get a CAPTCHA, which interrupted my data gathering process. I postulate that this happened because I was perceived as a Tor user using google.com as the Tor search engine. (Figure 87)

Figure 87: CAPTCHA in Tor Browser, January 26, 2015

Websites and servers ‘by default assesses the “reputation” of each client IP address in terms of how much malicious traffic it has been observed to send, and blocks attempted access by clients with sufficiently poor reputations’ (Khattak et al. 2016:8). However, this differential treatment of Tor users is often unfounded, resulting in second-class treatment of anonymous users, often deemed criminal by association when using Tor. As discussed previously, ‘[t]raditional threats to Tor involve deanonymization attacks that reduce user privacy, or governments blocking access to the Tor network’ (ibid), which still occurs in certain countries. Tor fights censorship but Tor is itself often censored.

Over the past few years Tor has increasingly been applied to protect the anonymity of the user in areas of protest and freedom of speech issues. Actually it is anyone desiring to be anonymous,

‘a list that includes journalists and their sources, human rights activists, political dissidents living under oppressive countries and many others who have various reasons for needing to shield their identity and their online activity’ (Zetter 2015).¹⁴⁸ As shown above, Tor is also used

147 In another study, for one interviewee, ‘the kind of identity knowledge he wanted to circumvent by using Tor was not his name, but his IP address’ (ibid). ‘He explained that he does not care if blog owners know who he is when he comments, he cares that they are not able to hack or locate him’ (Forte et al. 2017:9).

148 ‘Ostensibly the NSA would like to label anyone who is investigating privacy and anonymity online as an

‘extremist’ and would collect their IP address for inclusion in its database. Not only those using Tor or

investigating privacy services such as TAILS are being monitored, and ‘fingerprinted’ (tracking IP addresses) but people who visit websites, read articles from journals such as the Linux Journal (according to the NSA an

‘extremist forum’) and even WIRED, which is where this source comes from, are being collated in the huge troller of data’ (Zetter 2015).

by whistleblowers and the controversial content they report, but also lawyers who need to discuss their cases with undocumented immigrants, or by average citizens to disseminate

information about reproductive rights in countries where abortion is illegal. De-anonymisation is a security threat to their lives. As explained in Chapter 6, all around the world some of these activists and users are also operating relays for Tor’s network, or creating Tor ‘bridges’ when necessary.

However, XKeyscore records any connections to the bridges.torproject.org server and uses a microplugin to then read the contents of the email that the Tor Project sends to requesters in order to obtain the address of the bridge (ibid).

Edward Snowden has described XKeyscore as a ‘front-end search engine’ that collates all users’

data, metadata and especially searching activities, what it calls ‘raw traffic’. It catalogues the searched URLs of Tor Onion Services in the Dark Net, thereby verifying that the NSA is tracking those interested in privatising services and tools.¹⁴⁹ With this XKeyscore system they are basically ‘saying that anyone who is looking for those various [services] are suspicious persons’ (ibid). Moreover, TAILS software also did not go overlooked: ‘The NSA clearly regards Tails as a sinister tool, however, referring to it in one comment in the source code as “a comsec mechanism advocated by extremists on extremist forums”’(ibid).

As explained above Tor ‘does not guarantee perfect anonymity; if you don’t use a Virtual Private Network in addition to Tor, people can still see you’re using Tor even if they can’t necessarily see what sites you’re visiting’ (Emerson 2016). In order to reach and ‘tour’ Tor Hidden Services (a.k.a. Onion Services), I had to pass the ‘admissions test’, what Gehl defines as ‘techno-elitism’ (2014), in this case, the Tor Browser in combination with TAILS. My research also indicates that Tor had certain design flaws, which enabled malicious attacks, penetration and even infiltration of the Tor network, as confirmed by the empirical studies (Biryukov et al. 2013; Chakravarty et al. 2014).These have been patched. Tor continues to anonymise the origin of the traffic and ensures encryption inside the Tor network yet it ‘does not magically encrypt all traffic throughout the Internet’ (Emin et al. 2015:30). In other words, Tor does not offer 100% anonymity since the exit node operators are in a position to capture any traffic passing through it (ibid:29).

Although it has been shown that the anonymity network Tor is not without risks Wendy Chun reminds all readers and users, worldwide,

from our position of vulnerability, we must seize a freedom that always moves beyond our control, that carries with it no guarantees but rather constantly engenders decisions to be made and actions to perform (Chun 2005:30).

According to the 2013 Snowden revelations, the NSA ‘describes the [Tor] network as the king of high-secure, low-latency Internet anonymity’ (Gross 2013) and admits that they can only de-anonymise a few users. However, the ‘NSA has had “no success de-anonymizing a user in response” to a specific request, the document said’ (ibid). Snowden’s documents also revealed the frustration of the NSA, reflected by their Powerpoint presentation Tor Stinks:

149 https://web.archive.org/web/20140128224439/http://www.ndr.de/ratgeber/netzwelt/snowden277_page-3.html

‘We will never be able to de-anonymize all Tor users all the time’ (ibid).¹⁵⁰ Whether this

frustration will continue remains to be seen. In an era of so-called Big Data, as more user data is collated (by Google, governments and researchers) correlation becomes easier and

deanonymisation occurs more frequently, yet Tor and TAILS still provide certain degrees of anonymity. In the next chapter I compare the effects of Google Search to the effects of

‘reimagining search’ when using Tor.

150 The Guardian. 2013 “Tor Stinks, NSA Presentation Document.” Oct. 4, 2013. Link is no longer available.

(http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document).