RealTime IT News

EFF Throws Support to 'Anonymous' Internet Project

The Electronic Frontier Foundation (EFF.org) is throwing its support behind a new version of an open source project designed to protect Internet surfers from online snoops.

The latest version of the Tor Software Project, Tor, was published on the EFF's Web site Tuesday, with bug fixes and the added capability of allowing Win32-based machines to run Tor as a server.

Originally developed for operating systems like Linux, BSD, OS X and Solaris, the project started to get more attention in December with the inclusion of a Win32 installer (in version 0.0.9) that lets Windows end users join in the project.

The Tor Software Project was designed and developed by the U.S. Naval Research Laboratory's Center for High Assurance Computer Systems, with help from the Office of Naval Research (ONR) and the Defense Advanced Research Projects Agency (DARPA), to build an anonymous communications system.

Last week, the EFF announced it would provide financial backing for the project. The organization's officials said the application helps Americans exercise their First Amendment right to free, anonymous speech online.

Web sites, ISPs and third-party sniffers can use the header information (source, destination, time, etc.) contained in traveling data packets to perform traffic analysis. While traffic analysis can be used for rather innocuous data mining, like adjusting the price of goods depending on the user's nation of origin or determining online behavior, proponents of Tor said the tool is beneficial to surfers who may be harmed if their identity were revealed.

"EFF understands the importance of anonymity technology for everyone -- from the average Web surfer, to journalists for community sites like Indymedia, to people living under oppressive regimes," said Roger Dingledine, Tor project leader, in a statement.

Tor is an open source distributed networking project, with volunteer servers acting as a "middle men" between a user's PC and their ultimate destination on the Internet, using a technique called onion routing.

Developers can freely modify and redistribute the source and binaries as long as they include Tor's copyright, conditions and disclaimer clauses and don't use the copyright holder's names to endorse or promote derivative works.

Executing the application opens a DOS command prompt box (in Windows). When the user visits a Web server, the application grabs a list of Tor servers available and maps a circuit of encrypted connections through several of them. Each server knows only the origin of the server immediately before it and its destination, with another encrypted key to negotiate at every hop on the server route to further spoil any attempts to track a user's Web destination. As an added privacy measure, new server circuits are created every minute or so to prevent eavesdroppers from linking earlier actions to new ones.

The project's Web site said users can run any software application with SOCKS support over the Tor network-within-a-network, though it only works with TCP streams.

Tor doesn't completely shelter the end user, nor is it intended to: designed to cover IP address tracks for data packets traveling server to server, it doesn't stop Web sites from setting cookies from your visit or withhold information on what browser you're using. Officials recommend users install and run Privoxy -- a Web proxy officials say runs well with Tor software -- and to avoid providing your name and other personal information on Web forms.

The site's FAQ page also comes with the caveat that it doesn't provide complete anonymity for its users. When users execute Tor on their PC, a statement reads: "This is experimental software. Don't rely on it for strong anonymity."

It's one of the reasons commercial vendors of privacy software such as Anonymizer.com aren't particularly worried about the presence of a free version in their midst. Like the Tor project, Anonymizer shields users from snooping, but officials say to compare the two products is to make an apples to oranges comparison because the proxy servers are under their control at all times.

Lance Cottrell, Anonymizer president, said the Tor application is a great open source project. He's met with Tor developers on several occasions, but it doesn't provide the quality of service needs required by enterprise customers.

"We are taking full responsibility. The buck absolutely stops with Anonymizer," he said. "Whereas with an open source distributed network there's really no one you can turn to and say, 'why was my privacy compromised?'"

The company also has strong ties with the EFF. Individuals who donate more than $35 to the organization get a trial Anonymizer account for six months or more.

Users can download Tor here.