EFF Throws Support to ‘Anonymous’ Internet Project

The Electronic Frontier Foundation (EFF.org) is throwing its support behind a new version of an open source project designed to protect Internet surfers from online snoops.

The latest version of the Tor Software Project, Tor 0.0.9.2, was published on the EFF’s Web site Tuesday, with bug fixes and the added capability of allowing Win32-based machines to run Tor as a server.

Originally developed for operating systems like Linux, BSD, OS X and
Solaris, the project started to get more attention in December
with the inclusion of a Win32 installer (in version 0.0.9) that lets Windows end users join in the project.

The Tor Software Project was designed and developed by the U.S. Naval
Research Laboratory’s Center for High Assurance Computer Systems, with help from the Office of Naval Research (ONR) and the Defense Advanced Research Projects Agency (DARPA), to build an anonymous communications system.

Last week, the EFF announced it would provide financial backing for the
project. The organization’s officials said the application helps Americans exercise their
First Amendment right to free, anonymous speech online.

Web sites, ISPs and third-party sniffers can use the header
information (source, destination, time, etc.) contained in traveling data
packets to perform traffic analysis. While traffic analysis can be used for rather innocuous data mining, like adjusting the price of goods depending on the user’s nation of origin or determining online behavior, proponents of Tor said the tool is beneficial to surfers who may be harmed if their identity were revealed.

“EFF understands the importance of anonymity technology for everyone — from the average Web surfer, to journalists for community sites like Indymedia, to people living under oppressive regimes,” said Roger Dingledine, Tor project leader, in a statement.

Tor is an open source distributed networking project, with volunteer servers
acting as a “middle men” between a user’s PC and their ultimate destination
on the Internet, using a technique called onion routing.

Developers can
freely modify and redistribute the source and binaries as long as they
include Tor’s copyright, conditions and disclaimer clauses and don’t use the
copyright holder’s names to endorse or promote derivative works.

Executing the application opens a DOS command prompt box (in
Windows). When the user visits a Web server, the application grabs a list
of Tor servers available and maps a circuit of encrypted connections through
several of them. Each server knows only the origin of the server
immediately before it and its destination, with another encrypted key to
negotiate at every hop on the server route to further spoil any attempts to
track a user’s Web destination. As an added privacy measure, new server
circuits are created every minute or so to prevent eavesdroppers from
linking earlier actions to new ones.

The project’s Web site said users can run any software application with
SOCKS support over the Tor network-within-a-network, though
it only works with TCP streams.

Tor doesn’t completely shelter the end user, nor is it intended to:
designed to cover IP address tracks for data packets traveling server to
server, it doesn’t stop Web sites from setting cookies from your visit or withhold information on what browser you’re using. Officials
recommend users install and run Privoxy — a Web proxy officials say runs
well with Tor software — and to avoid providing your name and other
personal information on Web forms.

The site’s FAQ page also comes with the caveat that it doesn’t provide
complete anonymity for its users. When users execute Tor on their PC, a
statement reads: “This is experimental software. Don’t rely on it for strong anonymity.”

It’s one of the reasons commercial vendors of privacy software such as Anonymizer.com aren’t particularly worried about the presence of a free version in their midst. Like the Tor project, Anonymizer shields users from snooping, but officials
say to compare the two products is to make an apples to oranges comparison because the proxy servers are under their control at all times.

Lance Cottrell, Anonymizer president, said the Tor application is a great
open source project. He’s met with Tor developers on several occasions,
but it doesn’t provide the quality of service needs required by enterprise
customers.

“We are taking full responsibility. The buck absolutely stops with
Anonymizer,” he said. “Whereas with an open source distributed network
there’s really no one you can turn to and say, ‘why was my privacy
compromised?'”

The company also has strong ties with the EFF. Individuals who donate more
than $35 to the organization get a trial Anonymizer account for six months
or more.

Users can download Tor here.

News Around the Web