Tighten up the tinfoil hats, folks; this is going to be that kind of day.
I know my readership extends to Europe and beyond, and I’m going to try to bear that potentially international audience in mind as I write this. But first and foremost, I am an American, and embrace libertarian sensibilities that may seem out of the ordinary for the contemporary political spectrum.
One of the things that Americans often say about this country is that it’s “the land of the free” or that it’s “a free country”. I scoff at this, largely because we have this really unsettling pattern of jailing non-violent people. We’re not really free in our homes, and we’re definitely not free on the Internet.
Nowhere is this more evident than on the world wide web. Go ahead and take a few minutes to look through the cookies your browser has accumulated. Don’t forget the Flash cookies. Go ahead, I’ll wait.
Google tracks you everywhere you go. Facebook tracks you everywhere you go. A number of ad companies you’ve probably never heard of are also following you. And to top it all off, the US Department of Homeland Security through its various three letter agencies (CIA, NSA, FBI) are also following you. If you go to the wrong web site, it is noted. If you say something they don’t want you to say, it is noted.
The US Constitution enumerates certain fundamental human rights (and these aren’t American rights, but natural rights that all people should enjoy without any government usurpation).
- Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
- The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated […]
You may have heard of The Tor Project. Tor is a rather clever piece of software that obfuscates the location of a client on the Internet, and in a particular clever twist it can also optionally obfuscate the destination via a hidden service. I’ll get to that in just a bit.
Tor software is available to download for most popular computing platforms, including Windows, Mac OS X, and Linux. It’s free & Open Source, so you can download the code and make sure that you feel safe using it, or you can even make improvements to it and contribute those improvements back to the project for others to benefit from.
Tor has been heavily used in the Arab Spring movement to allow dissidents to reach each other online without facing additional imminent danger from the oppressive regimes which they are fighting. An Internet Service Provider can, at best, determine that a customer is using Tor (or connecting to it) but can’t see what the person is actually doing with it, or if they are doing anything at all. You see, one method of participating in Tor is routing traffic for other people. So you could be carrying anonymous traffic for someone else, which even you cannot see, which can further obfuscate your own use of the platform.
But I think it has a place right here at home, in America, where the government has a troublingly deep interest in how we are using the Internet. I think this is also true for people in other Western nations.
You see, using Tor doesn’t require that you be doing something immoral or illegal to justify it. Isn’t it enough to overtly tell the watchers “I am doing something that is private, it is none of your business, and you can’t see because I don’t want you to”? It might just be checking my email, or checking the weather. But I try to get on Tor every day for at least part of my day and frustrate The Man.
If you really want to have fun with Tor, check out the Tails OS. Tails is a live Linux distribution that boots off of USB thumb drive or CDROM, and it’s made from top to bottom with your privacy in mind. It goes to great lengths to make sure the only network traffic that leaves your computer goes through Tor to get to where it’s going. It blocks non-Tor network traffic coming in. The web browser is set up out-of-the-box to use Tor. And it leaves nothing written to your hard disk or thumb drive unless you go out of your way to compromise your privacy.
Hidden services are rather clever. I promised I would get to this. Most Tor users are just using Tor as a way to get to the public Internet without anyone knowing who they are or where they are coming from. But with a hidden service, a server operator can obfuscate their location. For this to work, both the server and the client need to be using Tor software.
Hidden services can be run on any protocol that uses tcp, but most commonly you’ll see http (web) based services offered. They will usually have some kind of completely non-memorable hash as the hostname in front of the .onion top level domain name. For this reason, you either need to keep really well-managed local bookmarks, or you need to use a bookmark management service to further increase your privacy (if you’re worried about people like the TSA snooping your laptop at the airport). Any of the links that I post here with a .onion top level domain will not work in a normal web browser without Tor. You must be using Tor for these to work!
Privacy-oriented search engine DuckDuckGo has established a Tor hidden service, so you can search the web through DuckDuckGo without your query every hitting the public Internet. Your request, and DDG’s response, remain entirely hidden within Tor’s obfuscating onion network.
I mentioned the need for managing your bookmarks. There are already a number of such sites on the public Internet. As you might imagine, there is a Tor hidden service for that, too. Check out onionbookmark, which allows you to peruse a public index of bookmarks, share your own public bookmarks, or store private bookmarks.
Tor Mail offers free email services. You send and receive email through their hidden service, either using one of their capable webmail clients, or your own Tor-enabled local IMAP client. Simply using Tor Mail doesn’t make your mail private. You will still need to encrypt your email via PGP or GnuPG first. It also does not obfuscate who you are exchanging email with.
Once you’re inside of the .onion, you’ll find a great many hidden services are available once you start looking around. Some are almost entirely benevolent in nature. Others are somewhat revolutionary. And, as you might imagine, with such anonymity you will find crass, banal, and criminally oriented services. It sometimes helps to have a strong stomach and a thick skin when finding your way around the .onion. Maybe consider setting up your own hidden service? Or acting as a bridge or relay to improve the performance of the Tor network?