Back when men were real men, women real women, small furry creatures from Alpha Centauri real small furry creatures from Alpha Centauri and the internet a young and shiny thing understood and used by the small number of people able to write their names in hexadecimal while sleepwalking to the fridge, people became interested in the prospect of protecting privacy and anonymity. Unlike in real life, where a letter dropped into a letterbox is difficult if not impossible to trace to the sender, communication on the internet is, by default, neither secure nor anonymous. Communication, here, does not merely mean email, but every piece of data sent over the net. The website you are viewing knows, if not who you are, then at least where your computer is. Almost by definition, it has to.
Read on for more.
And so Geeks shut themselves away and came up with a variety of solutions that would allow use of the internet without revealing one’s identity or interests. Most, if not all, of these solutions are variations in one way or another of a proxy server - that is to say, instead of connecting to the site he wishes to view, the user connects first to the proxy server, and gets it to go and request the data. The end user is is hidden from the target website. If several of these proxy servers were to be chained together, the theory is, even the proxy system itself could not match a particular communication with a particular user. Assuming, and it is a big assumption, that they did not keep their own logs.
One such system is the Tor network, several parts of which have been raided by police in Germany for what seem, on the face of it, the best possible reasons. And before anyone raises an eyebrow, let me explain why these systems are hopelessly naive, and why the operators - assuming that they are themselves of good character, and this is itself a large assumption - have brought trouble on themselves.
All of these proxy systems work by offering to share the blame. When user A requests content Z, it is the proxy system that is seen (by the wider internet) to make the request. If Z turns out to be illegal, dangerous, subversive or harmful, the response of those running the proxy system is to throw up their hands and say ‘hey, I’m just providing a service’. But that at best that service is used by those hoping to circumvent website advertising (which is funding the websites they view), and at worst helping the kind of communication by the kinds of people that deserve no help at all from the rest of us. Quite the reverse.
And lastly, one has to examine the motives of those running the servers. Perhaps they believe they are helping freedom-fighters in oppressive regimes, but the truly oppressive regime is going to regard use of a proxy system as every bit as subversive as access to the BBC website itself. If not worse. And is there no operator running the service as a cover for his own dubious activities? It would not take the intellect of a genius to conceive such a thing, after all.
So I remain deeply suspicious of these schemes. I am unconvinced that any truly legitimate use for them exists and I view their aims as hopelessly naive at very best. If I had genuine cause to use such a system, and I don’t, I wouldn’t be able to trust it anyway. How would I know that it was not, in fact, being run by just the people I wished to hide from? Or keeping logs (with intent or otherwise) of activity that would mean the whole thing amounted to a false and dangerous sense of security.
The German police have done the right thing, it seems to me. There is no true anonymity on the internet. The operators of the Tor service have done little more than offer someone else the chance to use their own ID card. In real life, the sensible would not say, ’sure, stranger, take my driving licence, and drive on the roads where you like’, and on the internet the sensible do not offer their computers freely for arbitrary use. It invites abuse, and yes, legitimate police raids.
More information from the Register. A pro-Tor view from the itnomad weblog (thanks AJJ).