Tor - The Onion Router

Main article: VPN and privacy (anonymity on the Internet, anonymizers)

Tor Logo, (2016)

About the product

The project site (http://torproject.org) defines Tor (The Onion Router) as free software and an open network of servers to protect against network surveillance, known as traffic analysis that threatens personal freedom and privacy, privacy of business contacts and communications, and state security.

Initially, the Tor system was developed in the laboratory of the US Navy by federal order. In 2002, the development was declassified, and the source codes were transferred to independent developers who created client software and published the source code under a free license so that everyone could check it for vulnerabilities.

Tor is a system of proxy servers that support "onion routing" - a technology for anonymous exchange of information through a computer network. Tor gives the user the ability to save incognito on the Internet and protects his traffic from analysis, and also allows you to bypass some types of blocking of Internet resources. In addition, Tor opens access to the darknet - a hidden segment of the Internet in which underground information resources are concentrated. This opportunity has made Tor a popular tool in the hands of lawbreakers who trade in the sale of drugs and weapons, the distribution of pornography and other illegal activities.

How Tor works

The principle of operation of Tor is that the user's request to access the site is first encrypted to the input node with its own IP address. For each request, a route is randomly selected through one of the three nodes, and each next node encrypts the previous one. All traces of Tor users on the Internet are thus hidden. The browser developer is the American non-profit organization Tor Project.

The Tor system provides encrypted traffic transmission between network servers (nodes) operating over the SOCKS protocol. On the last node server in the chain, the transmitted data goes through the decryption procedure and is transmitted to the target server in clear text. In this case, after a certain time interval, the route of packets is changed. Network nodes are located in different countries.

Tor allows you to hide end addresses from the provider and, thus, provide access to network resources blocked by it. Also, the Tor system hides the sender's address from the target resources.

Tor can work with web browsers and protocol-based applications. TCP Software Tor is developed for various operating systems:,, Microsoft Windows Linux OS, Apple as well as for smartphones ,, etc OS Android. iOS

Tor servers are located around the world

Chronicle

2022

Browser ban in Russia

In mid-December 2022, a point was put in the case of banning Tor in Russia. The Saratov Regional Court upheld the decision of the Leninsky District Court (first instance), and the appeal of Tor representatives was dismissed.

On May 19, 2022, the Saratov Regional Court overturned the decision of the court of first instance and sent the case for a new trial. In a new review, the prosecutor clarified the requirements and asked the court to recognize the information contained in the Tor Browser software application, prohibited for distribution in the Russian Federation, to recognize the application as prohibited, restrict access to it and oblige Google to remove the Tor Browser software application from Google Play.

The court banned the Tor browser in Russia

On May 31, 2022, Roskomnadzor appealed to Google with a demand to remove the Tor Browser application from Google Play in accordance with the decision of the Saratov District Court.

The court recognized the information contained in Tor Browser "prohibited for distribution on the territory of the Russian Federation, as well as the software application itself, which allows access to prohibited content and contributes to the commission of criminal offenses."

On July 28, 2022, the Leninsky District Court of Saratov satisfied the requirements of the Saratov District Prosecutor's Office in the case of the site of the Tor network project in the Russian Federation - recognized the information as prohibited for distribution in Russia.

The Saratov Regional Court upheld this decision, and it entered into force in mid-December 2022. The court recalled that in 2017, the deputy prosecutor of the Saratov region asked the court to recognize the information posted on the website of the torproject.org, banned for distribution in the Russian Federation. He justified his demand by the fact that using the site, torproject.org users can access the download of the anonymizer browser program for subsequent visits to sites with extremist materials.^[1]

Roskomnadzor unlocked the Tor website in Russia

In July 2022, Roskomnadzor unblocked the Tor website in Russia.

The court canceled the blocking of the Tor site in Russia

On May 19, 2022, the Saratov Regional Court overturned the decision of the court of first instance in the case of the website of the Tor network project in Russia. This was reported in the court's Telegram channel.

The court of appeal found that in resolving the dispute, the court of first instance did not take into account that the owner of the torproject.org site is Ze Tor Project Inc., which was not involved in the case. Since when considering the dispute, the district court did not attract the site owner to participate in the case, thereby violating the rules of procedural law, which are significant and insurmountable, the court said.

The court canceled the blocking of the Tor site in Russia

As stated in Roskomsvoboda, whose lawyers appealed, they had two arguments. The first - in 2017, the trial court did not involve The Tor Project Inc. This, as the lawyer notes, is an unconditional basis for canceling the blocking decision, since it affects the rights and obligations of the site owner.

The second argument is that Russian law does not contain any general ban on the dissemination of information related to VPN technologies and anonymizers.

Now Tor must unlock. By May 2022, Russia is the second country in the world in terms of the number of Tor users, more than 300 thousand people use the browser every day.

The Tor browser site will be unlocked after Roskomnadzor receives a certified copy of the court's decision, believes Sarkis Darbinyan, managing partner of DRC law firm.

In our experience, this can take one or two weeks, "he said in a conversation with Kommersant.

According to Darbinyan, blocking Tor resources was "an initiative of the local prosecutor, who thus decided to statistically work out the number of blocked resources."^[2]

Tor 0.4.7.7 with Congregation Control system

On May 5, 2022, it became known that Tor had increased the speed of the network.

The updated browser technology will reduce network latency.

The Tor project introduced a system called Congestion Control, which eliminates speed limits on the network. This system is running and running in the latest stable version of the Tor 0.4.7.7 protocol, available since last week.

Concentration Control will lead to a significant increase in Tor performance and an increase in the bandwidth of our network, the project developers said.

This system implements three algorithms Tor-Westwood, Tor-Vegas and Tor-NOLA to help reduce memory consumption and minimize latency.

Tor Westwood - minimizes packet losses in large channels;

Tor-Vegas - estimates the queue length and introduces balancing elements;

Tor-NOLA - Acts as a bandwidth delay analyzer.

Tor conducted simulations to compare versions 0.4.6 and 0.4.7 and found smoother and improved viewing without speed and overload restrictions (bottleneck) and without additional load on end-to-end delay. However, for the entire community to take advantage of the improvements, version relay operators must upgrade the Tor protocol to version 0.4.7.

Operators of internal Tor nodes will have to set capacity limits, since the traffic structure will change and congestion management will use repeaters at full capacity. As customers upgrade to version 0.4.7 (or later), network performance will increase for everyone.

As our network is about 25% busy, we expect bandwidth to be very high for the first few users of version 0.4.7 on fast channels with fast releases until most customers upgrade. At this point, a new equilibrium will be reached in terms of bandwidth and network usage, Tor said. - For this reason, we are postponing the release of the stable Tor browser with Concentration Control until enough users are updated. We hope that this will happen by May 31.

In the next major release of version 0.4.8, the Tor project plans to introduce a traffic separation mechanism to further increase the speed^[3] network^[4].

2021

Removal of blocking from the service in Russia

On December 9, 2021, it became known about the removal of blocking from the Tor network in Russia. Thus, users can again use the proxy server system to access sites blocked in the country.

This morning, the blocking of the Tor network (IP addresses of known nodes, some bridges and snowflake transport) was removed, access to the Tor network for Russian users again works. Only the website is blocked, - said Roskomsvoboda in its Telegram channel.

Roskomnadzor stopped blocking the Tor network

On December 6, 2021, the Tor Project received a notification from Roskomnadzor demanding to remove the "prohibited" information, as well as a warning about a possible blocking of the resource.

The next day, Roskomnadzor began blocking the torproject.org website on the basis of a decision by the Saratov District Court made due to the placement on this resource of information about the means of accessing prohibited content.

Details were not indicated. In case of failure to comply with the requirement, access to the site will be limited, the department warned. The Tor team linked this blocking of the site with their call for Russian users to raise the nodes of the network.

According to Tor Project statistics, by the end of 2019, Russians are in second place among Tor network users. Since the beginning of 2020, more than 324,000 people from Russia, or 14.7% of the audience, use Tor every day. There are more Tor users in the US alone - about 477,000 daily, or 21.7% of the audience. But the real indicators of the number of Tor users in Russia can be three times higher, the press service of the Tor Project noted.

Earlier in 2021, State Duma deputy Anton Gorelkin supported the blocking of the Tor browser in Russia. According to the deputy, the service for an anonymous network connection is "absolute evil." Most users use the browser to break the law, so it needs to be dealt with "hard and uncompromising," the parliamentarian added.^[5]

Service blocking in Russia

In Russia, the Tor (Tor Project) browser site was blocked - with its help you can anonymously access the Internet, including the darknet. The site was blacklisted, and providers began to block it.

In early December 2021, the Tor website blocking bypass service was blocked in Russia. According to the Roskomsvoboda project, user complaints about the inaccessibility of the network come from Moscow and other regions of Russia.

According to the OONI project, which monitors Internet censorship, Tor has not been operating in Russia since December 2. OONI recorded anomalies on networks of different operators in several cities of Russia.

Tor website blocking bypass service blocked in Russia

Tor is blocked using equipment created to isolate the Runet, says GlobalCheck, a project to study and help bypass locks in Russia and the CIS.

We confirm the beginning of blocking on TSPU [technical means of countering threats that are installed in the networks of operators according to the law on the isolation of the Runet - approx. TAdviser], - reported in the Telegram channel GlobalCheck.

Network expert ValdikSS said that blocking Tor does not work in St. Petersburg on Tele2. It is easy to check the lock - when opening the site 152.199.19.160 in the browser, "404 not found" should be displayed, in other cases you have a Tor lock.

The largest providers and mobile operators began to block Tor in Russia. All or almost all IP addresses of known nodes [elements in the network chain] are not available, including some bridges [Tor nodes not from the open list]. The [cloud platform] Microsoft Azure CDN network domain is also unavailable, writes ValdikSS.

The list of operators whose users noticed this problem included almost all major Russian providers: MTS, Rostelecom, MGTS, Beeline, Megafon and others. The connection in the Tor browser does not occur directly, but through a chain of other IP addresses. It is often used to gain access to the darknet.

On December 2, 2021, Roskomnadzor announced plans to block six VPN services that allow you to bypass locks and gain access to prohibited information. We are talking about services Betternet, Lantern, X-VPN, Cloudflare WARP, Tachyon VPN, PrivateTunnel.^[6]

2020: Unknowns take possession of a quarter of Tor nodes for attacks on users

Since January 2020, an unknown cybercriminal group has been adding Tor to the network servers in order to strip attacks SSL browser Tor users visiting cryptocurrency related sites. This became known on August 11, 2020. Cybercriminals acted so smoothly and tirelessly that by May 2020 they controlled a quarter of all output nodes of the Tor network (servers through which user traffic leaves the Tor network and goes open). Internet

According to security researcher Nusenu, who is also the operator of the Tor output node, at the height of the operation, almost four hundred malicious output nodes were under the control of attackers. According to him, the scale of the operation is difficult to determine, but one thing is known for sure - cybercriminals pursued financial benefits.

Attackers carried out man-in-the-middle attacks on users of the Tor browser by manipulating traffic passing through output nodes controlled by them. In particular, they were interested in visitors to sites related to cryptocurrencies.

More precisely, cybercriminals carried out the so-called SSL stripping - they rolled back HTTPS traffic of users to less secure HTTP. As Nusenu explained, the purpose of the attackers was to replace bitcoin addresses inside HTTP traffic sent to bitcoin mixers (cryptocurrency transaction anonymization services). By changing bitcoin addresses at the level of HTTP traffic, cybercriminals intercepted cryptocurrency unnoticed by its owners.

Attacks by themselves with the substitution of bitcoin addresses are not something new, but in this case it amazes the scope of the operation. At the peak of the attack on May 22, 2020, attackers controlled 380 servers - 23.95% of all output nodes of the Tor network. That is, the chances of users getting to the malicious node were 1 in 4.

In May 2020, Nusenu reported the problem to Tor administrators, and during three operations they managed to significantly reduce the influence of attackers. The third operation to eliminate malicious exit nodes took place on July 21, 2020. However, according to the researcher, up to 10% of the output nodes are still under their control.

Most likely, the group will continue attacks, since Tor Project does not provide for a thorough check of the operators of the servers added to the network. While providing anonymity is a key feature of Tor, it would be worth the network administration to introduce a check of at least the operators of the output nodes. This would help avoid such attacks in the future (in the past, such attacks on Tor users have already occurred)^[7].

2019

Researchers: Unencrypted traffic on Tor reveals sensitive data

On October 17, 2019, it became known that many developers using Tor code in their applications mistakenly believe that it ciphers HTTP is a traffic.

Security researchers Adam Podgorski and Milind Bhargava have developed a way to profile users of the anonymous Tor network by collecting and analyzing data from Tor output nodes. According to the researchers, they managed to collect data about specific owners of mobile devices such as GPS coordinates, web addresses, phone numbers and keystrokes on the keyboard.

As Pogorsky and Bhargava found, the anonymizer and the Tor network transmit unencrypted mobile traffic without the knowledge of users. The researchers determined that the sources of 95% of traffic are Android devices, and 5% are iOS devices. The traffic came from mobile applications installed by electronics manufacturers, cellular operators and users themselves.

Шаблон:Quote 'author = noted Bhargava' We believe that the source of unencrypted traffic is the Tor code installed on these devices, and users are unaware of anything,

Although Tor Project has its own Android application called Orbot, third-party developers often use Tor functionality in their applications. They mistakenly believe that all Tor traffic is either encrypted or transmitted anonymously by default. Many do not understand the principle of operation of Tor and believe that it can be used to make unencrypted HTTP traffic encrypted.

The researchers do not disclose the names of the allowing leak applications or their manufacturers. However, they said, this includes a wide range of programs ranging from the most popular to little-known. About four months ago, Pogorsky and Bhargava reported the problem to all developers of the vulnerable, ON but have not yet received any response from them^[8]

Russia came out on top in the number of users of the Tor browser

On July 17, 2019, it became known that Russia came out on top in terms of the number of users of the Tor browser, overtaking the United States, Iran, Germany and Indonesia, as evidenced by statistics on the official website of the product. The historical record was set on July 11, 2019 - it was on this day that about 600 thousand Russians joined Tor. This was written in the BBC.

At the beginning of 2019, the Tor browser in Russia had no more than 300 thousand users per day, but since April it has been used much more often, the BBC notes, and the change in the number of Russian users was hopping in nature: growth on weekdays was replaced by sharp falls on weekends. The last time such traffic spikes were observed was in October 2015, when Roskomnadzor blocked the Rutracker torrent tracker. Then the number of Russian Tor users grew to almost 400 thousand per day, but later decreased.

According to Stephanie Whited, a representative of the Tor Project organization, which develops the browser, it is impossible to explain the growing popularity of Tor among Russians. The peculiarities of the network architecture allow you to determine from which country the user is visiting, but not which resources he is visiting. Thus, from the data available to the organization, it is impossible to draw conclusions about the reasons for the jumps.

The BBC puts forward three versions of the jump in popularity of Tor among Russians, and none of them seems convincing enough even to journalists themselves.

According to one version, the reason for the sharp surge in activity may be the actions of the Russian authorities aimed at establishing control over means of bypassing blocking on the Internet. In 2017, a law was passed in Russia obliging anonymizers (including Tor) to block sites and services from the Roskomnadzor blacklist. Tor refuses to comply with the requirements of the authorities.

Another version explains the anomaly by the action of the botnet. The botnet is an army of infected computers remotely managed by hackers. The traffic of computers included in such an army is indistinguishable from the traffic of ordinary users. Hackers use botnets to carry out DDoS attacks on sites, guessing passwords for Internet resources, and sending spam. It was infected computers that inflated the world statistics of Tor from 1 to 5 million users per day in August 2013, the BBC notes.

Finally, according to journalists of the publication, the growing popularity of Tor in Russia may be associated with a large-scale advertizing campaign of a large underground Russian-language trading platform specializing in drugs. According to data cited by the Google BBC, in May 2019, the peak of interest in the darknet store roughly coincides with the beginning of the growth of user activity in Tor.^[9]

The attacker earned $760 thousand on fake domains in the dark net

Digital Shadows specialists on March 21, 2019 reported an unusual fraudulent operation - a massive case of typesquatting in the dark net dark net. The researchers accidentally stumbled upon the statements of an anonymous attacker, boasting that he was able to create a network of 800 fake names in the "dark web" (on the pseudo-domain.ONION). Read more here.

2017

The creator of Tor explained how Roskomnadzor will be able to block Tor

One of the creators of onion routing, David Goldschlag, told Vedomosti how exactly Roskomnadzor could block it.

After entering the site address in the Tor browser, the request is sent to the input node that has its own IP address. There are two types of nodes - public and non-public. Users in Russia most often connect to the first type of nodes. Since the IP addresses of public nodes are in the public domain, Roskomnadzor can add them, as well as the IP addresses of sites in the pseudo-domain zone.onion, to the blacklist and oblige providers to close access to them. As Goldschlag explained, in order to successfully block Tor, all providers must restrict access to input nodes, which significantly complicates the task. Nevertheless, from a technical point of view, this is quite feasible.

With non-public nodes, things are more complicated. Firstly, their IP addresses are not publicly available, and secondly, when transmitting addresses, they are encrypted. You can use non-public addresses by setting the appropriate Tor browser settings. Be that as it may, Roskomnadzor's plans to block Tor or onion sites are still unknown.

Onion routing is a technology for anonymous exchange of information through a computer network. Messages are repeatedly encrypted and then sent through several network nodes called onion routers. Each router removes the encryption layer to open tracing instructions and send messages to the next router, where everything repeats. Thus, intermediate nodes do not know the source, destination and content of the message^[10].

Tor taught how to install on a PC in countries where it is tightly locked

The Tor Project developers in their Facebook account presented several alternative ways to install their secure browser for countries in which the project is blocked by state censorship^[11].

We are committed to fighting censorship. If you want to download our browser to bypass censorship in your country, but our site is blocked, we can offer alternatives for you, "Tor Project said in an official statement

Tor anonymity in question

On April 10, 2017, it became known about a study conducted at Deusto University, which revealed a reassessment of the anonymity of the Tor network due to the many connections between the worldwide network and darknet.

The dark web is not as "dark" as it might seem. IskanderSanchez-Rola, data security and privacy researcher at Deusto University

Sanchez-Rola's team analyzed ~ 1.5 million darknet pages and found out: more than 20% of these pages use data imported from the regular Internet - images, documents and JavaScript files ^[12] is ^[12].

According to the researchers, this poses potential risks of data disclosure, since resource owners can track users' downloads, for example, Google can track traffic to 13% of domains analyzed by the research team.

27% of the dark web sites analyzed contain scripts that track user movements, the researchers noted. About a third of them got there from a regular network. Source 43% of Google scripts.

If a site on the dark web uses the same script as an external network site, it becomes possible to track and even identify the user when he visits a less secure site, experts said.

A separate risk factor is Tor network proxy services such as Tor2Web. In fact, these are the entry points into the closed network. Their users risk de-anonymization the most. These services "see" user IP addresses, the presence of links between the darknet and the Internet means that unauthorized interested parties can access information about IP users. If a user opens a page on the darknet through a proxy that contains resources (pictures, scripts, etc.) taken from the external Network, his browser will download these resources through regular connections, bypassing anonymization.

Therefore, to access resources on the Tor network, you only need to use a specialized Tor browser.

Sarah Jamie Lewis, a researcher who created the OnionScan service to search for vulnerabilities in darknet resources, announced the likelihood of de-anonymizing up to 35% of servers in Tor, but operators of these resources are in no hurry to take action.

According to Lewis, the study of Spanish experts is a serious argument to stop using scripts from third-party sources that put both resources and users at risk.

The study shows one very simple thing: Tor itself is not a universal means of ensuring anonymity and/or protecting one's own privacy. The layer of protection alone is not enough anywhere, this rule works, both in the field of cybersecurity and in the field of physical security. Any defense must be "deeply layered" ', otherwise it will be ineffective. Dmitry Gvozdev, CEO of Security Monitor

2016

IP addresses of Tor servers are blocked in Belarus

The IP addresses of Tor servers were included in the "List of means of ensuring anonymity," which is maintained by BelGE.

The Ministry of Communications of the Republic of Belarus clarified that it is not anonymous Internet access that is limited, but visiting prohibited sites. In accordance with the provision on the procedure for restricting access to information resources with prohibited information, tools such as proxy servers, anonymous networks such as Tor, etc., are subject to blocking, the ministry said. "In this case, the goal is not to prohibit anonymous access of users to the Internet. The task is to restrict access to Internet resources containing information, the distribution of which is prohibited. Access to these sites is limited in accordance with the legislation of Belarus, "the^[13] emphasized^[14].

FBI staged a massive hack of Tor users

The FBI illegally hacked into the mailboxes of users of the TorMail service, investigating the case of child pornography in 2013. The obtained court warrant allowed only a certain number of certain accounts to be hacked, but the bureau did not stop there. This is the conclusion reached by the American Civil Liberties Union (ACLU), which is investigating the^[15] incident^[16].

More: Censorship (control) on the Internet. World experience

More than 100 key nodes of the Tor network monitor users

There are at least 110 nodes on the Tor Network that are configured to monitor users. This is stated in a report prepared by Researchers from the College of Computing and Computer Science at Northeastern University in the United States^[17] than ^[18] of the ^[19].

All specified nodes have a flag (Tor Hidden Services Directorate), that is, they belong to servers that receive traffic and distribute users to hidden services. They play a key role in hiding the real IP addresses of users. In total, there are more than 3 thousand HSDir nodes in the anonymous Tor network.

More than 70% of detected "tracking" nodes are located in the cloud infrastructure. Geographically, their main part is located in the USA,, Germany, and France. Great Britain Netherlands

Within 72 days, when the researchers studied the nodes, they recorded about 40 thousand visits. Most of them simply requested the path to the root folder of the server, these visits were automated. Nevertheless, a small number of visits were made by real people - such researchers counted no more than 20.

2015

In early 2015, the FBI confiscated from a telecommunications company a server serving a Tor website for distributing child pornography. Agents implemented their own software for several weeks, which made it possible to find out the IP addresses of visitors to the resource, and thanks to this, then set the addresses of their residence. In total, the bureau was able to find out the IP addresses of at least 1.3 thousand visitors. After that, a series of arrests were carried out.

2014

FBI paid $1 million to hack anonymous Tor network

In 2014, the Federal Bureau of Investigation paid $1 million to researchers at Carnegie Mellon University in the United States for assistance in penetrating Tor in order to de-anonymize its users. The bureau itself turned to the university's specialists. The hack was necessary for him to find out the activity of law violators using this network to hide their location^[20] to^[21].

Tor officials added that there is particular concern about the FBI's cooperation with the university community, which aims to hack into defense technology. "If such actions by the FBI get away with it, then it will mean that the Fourth Amendment to the US Constitution is not working," they said. The Fourth Amendment prohibits unreasonable searches and detentions. If the authorities need to access the data of criminals, they can use the help of Tor developers, but the latter are extremely opposed to such crude methods of invasion, which violate the privacy of many users at once, the project administration said in a statement.

Interior Ministry investigates the possibility of hacking Tor

In July 2014 MINISTRY OF INTERNAL AFFAIRS Russia , she announced a closed competition for the implementation of research work "Research on the possibility of obtaining technical information about users (user equipment) of the anonymous TOR network."

The maximum price that the Ministry of Internal Affairs is ready to pay for the performance of these works is 3.9 million rubles, and the department expects to complete the research in November 2014. The customer for the project is the NPO Spetstekhnika and Svyaz, subordinate to the Ministry of Internal Affairs.

Tender documentation with technical requirements for work on the public procurement website was not posted. Interested contractors will be able to receive the necessary documents on the project only through special communication channels or personally.

At the same time, the information on the procurement object specifies that "in order to ensure the defense of the country and the security of the state, the government of the Russian Federation establishes a ban on the admission of work carried out by foreign persons."

Kaspersky Lab told TAdviser regarding this tender that, of course, law enforcement agencies are worried about the possibility of using the Tor network for criminal purposes. The anonymization capabilities that it provides allow attackers to carry out illegal activities and be confident in their own security.

"However, many experts around the world are constantly investigating the Tor network for possible vulnerabilities, but so far there has been no real evidence of direct de-anonymization of users. Accordingly, it is unlikely that the results of this tender and the subsequent study will be successful. In any case, we are unlikely to know about its results, "says Sergey Lozhkin, an antivirus expert at Kaspersky Lab.

The head of the company's analytical center Zecurion Vladimir Ulyanov believes that the tender announced by the Ministry of Internal Affairs emphasizes the interest in the Tor network on the part of law enforcement officers from different countries. Last year, it became known that the American NSA is making active attempts to disclose Tor users, he says.

According to Ulyanov, the small amount of the contract should not be embarrassing, and it is important to understand that the tender does not concern the working system, and not even the prototype, but it only refers to a general study on this topic. Accordingly, an assessment of the fundamental possibility of obtaining information about network users and possible approaches to solving the problem can be presented as a report, he said.

Ulyanov adds that regarding technical issues, it is necessary to separate the tasks of finding Tor users and their de-anonymization (what kind of person is behind a specific connection, what resources he visits and what he does on them).

"As for the first part, presumably, the NSA already knows how to filter Internet traffic and find connections to Tor. But until the second problem is solved, Tor users can feel relatively safe. The resource intensity of solving the problem is such that it cannot be put on stream, "the head of the Zecurion analytical center is sure.

2010: Network Hacking

The well-known network for anonymizing Tor traffic was hacked by ^[22]: attackers gained control over two of the seven directory servers and the statistics accumulation server metrics.torproject.org. After discovering the intrusion, the project administrators took the machine data out of the network and completely reinstalled the software, along with updating the identification keys.

The hackers used the captured servers to organize an attack on other hosts. There were no traces of data substitution in the Tor source repository. The attackers also did not gain access to the encryption keys of the Tor network, but just in case these keys were re-generated. Users and site administrators are advised to urgently update Tor software to Tor version 0.2.1.22 or 0.2.2.7-alpha, which fixed a leak vulnerability and updated v3 identification keys.

Tor has previously recorded cases of attackers gaining control over border nodes (exit points) through which they directly access the resources requested by users.

2008: Tor's connection to the US government

From Yasha Levin's book "The Internet as a Weapon. What Google, Tor and the CIA are hiding. "

"Russian Deployment Plan"

The Thor Project was BBG's (Broadcasting Board of Governors') most advanced weapon in implementing the Freedom of the Internet policy, and the council pushed Tor founder Dingldine to reach out to overseas political activists and persuade them to start using the tool. However, Dingldine quickly became convinced that his organization's ties to the American government were suspicious and made it harder to attract users. He received one of the lessons in 2008.

At the beginning of the year, the BBG commissioned Dingldine to complete a task called the "Russian Deployment Plan." The plan provided for the addition of the Russian language option to the Tor interface and the preparation of Russian activists for the correct use of the service.

In February 2008, a few weeks before the presidential election in Russia, Dingldine wrote to a Russian activist named Vlad, fighting for privacy on the Internet. "One of our sponsors... [The Broadcasting Board of Governors] wants us to start reaching out to real users who may benefit from our tool at some point, "Dingldine explained. - We decided on Russia, because it increasingly appears on the radar among countries, where serious problems with censorship may begin in the coming years... Therefore, please do not need to spread about it yet, but if you want to participate in some way or share advice, then let me know. "

Vlad was pleased with Dingldine's letter. He knew about Tor and was a fan of the network, but the plan itself raised doubts among him. He replied that at the moment there is no problem with censorship in Russia: "The main problem of Russia is not state censorship (such as the Great Chinese Firewall or cases in a number of Arab countries), but self-censorship of many websites, especially regional organizations. Unfortunately, this is not a problem that can be solved with Tor. " In other words, why solve a problem that does not exist?

However, an even bigger question to Dingldine's plan arose from Tor's connection to the American government. Vlad explained that he and other Internet ­ privacy activists in Russia are concerned about the network's dependence on "Uncle Sam's money" and that "some sponsors of the project are associated with the US State Department." He wrote: "I understand that this question is ambiguous and blurred, but does such sponsorship have any unusual consequences for ­ Thor project and ­ network development process?"

Against the backdrop of deteriorating political relations between Russia and the United States, the implication of the question was obvious: how close were the ties between Tor and the US government? And given the tensions of the geopolitical climate, will Russian activists have problems at home because of this? These were just and reasonable questions. The emails, which Jascha Lyovin accessed under the Freedom of Information Act, do not make it clear whether Dingldine responded. Could he? What would he answer? The project positioned itself as an independent non-profit organization, but in early 2008, when Dingldine wrote to Vlad, in fact, it was an instrument of the US government.

The correspondence leaves no doubt that the Tor project was not a radical independent organization that fought with the authorities. In fact, this was power, or at least its right hand. In internal correspondence, among the data on staff changes, reports, proposals, where to go on a hike or where to spend a vacation, and other office nonsense, there are unequivocal indications of Tor's close cooperation with BBG and many other branches of the American government, especially those related to international politics and non-military methods of struggle. The messages describe meetings, trainings and conferences with the NSA,, and CIA FBI the State Department.

Strategic meetings and discussions were also held about the need to influence news coverage and control the negative press. In addition, it is obvious from the letters that Tor employees are following the orders of their supervisors in the federal government, including plans to introduce anonymity technologies in countries hostile to US interests: in China, Iran, Vietnam and, of course, Russia.

Despite Tor's public assurances that they would never create loopholes that would ensure secret privileged government access to their network, the correspondence shows that in 2007, at least once, the company informed its federal partners of a breach in their security system before making that information public. This probably gave the state the opportunity to take advantage of the situation to identify Tor users before fixing the problem.

Financial statements allow you to reconstruct history even more accurately. Apart from the salaries that Google paid college students to work at Tor as part of the Summer of Programming program, the Tor project almost completely existed through government contracts. By 2008, the organization had contracts with the Navy, BBG, the State Department, and also worked on the Stanford Research Institute program Cyber- ­ Threat Analytics.

Podkont­rolnaya the US Army, this initiative arose in the NSA's advanced research and development unit - "a kind of national listening laboratory and other spy tools," as James Bamford put it in the book Shadow Factory. And a few months after turning to Vlad, Dingldine signed a contract worth 600 thousand dollars with the State Department, this time with the Department of Democracy, Human Rights and Labor, which was created in the first term of Bill Clinton and whose task was to allocate grants for "promoting democracy."

What did people like Vlad think about this? It is clear that nothing good. That's the problem. The Thor project needed trust and enthusiasm from users. First of all - trust. The appeal to Russian activists soberingly reminded Dingldine that the connection with the government inevitably carries negative connotations. That problem, he guessed at the first BBG contract in 2006, will always haunt Tor. Obviously something had to be done that would change public perception and distance Tor in people's minds from government sponsors once and for all. And, to his happiness, Dingldine met the ideal candidate for this: the young and ambitious developer Tor, who helped the project appear in a new guise - in the form of a rebellious group that horrifies Uncle Sam.

Touching on the history of the creation of Tor, Jascha Lyovin writes in the book "The Internet as a Weapon" that almost everyone who participated in the development of Tor was somehow connected with the state apparatus from which the program was supposedly supposed to protect people. Even Tor founder Roger Dingldine spent one summer in and created the NSA program, executing contracts and DARPA the U.S. Navy.

"I even found an old audio recording from 2004 (just when he was framing the Thor project as an independent organization), in which he says the following:" I am fulfilling the contract of the US government to create and launch anonymity technology. "

Notes