Important note. In some parts of the world, the mere fact that you are using Tor could arouse suspicion, trigger surveillance, or provoke a bad response from the authorities. Likewise, on the office network, your IT team might not like it because it stops them meeting their own legal obligations of keeping the digital workplace safe. So, even though we’re saying, “Try Tor today,” make sure you have thought about any negative outcomes. If in doubt, treat this as a thought experiment.
Today is Data Privacy Day, so we thought we’d try something a bit different; a bit “out there.”
So, here it is.
Why not make today the day you try out Tor?
Tor is short for The Onion Router, and, in its own words, this is what it does:
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.
Tor comes as an easily-installed software bundle that includes a privacy-conscious version of Firefox, together with the low-level component that connects the browser into the part of the Tor network that bounces your communications around.
(Your regular browser and all your other internet-connected applications behave as they did before – they are unaffected by installing Tor.)
As you can imagine, that’s made Tor rather controversial, not least because Tor makes it harder to track people who do undeniably nasty or dangerous things online.
Again, in Tor’s own words:
[Tor is] an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
State security, of course, isn’t just a sea of negative issues such as oppression, surveillance, censorship, totalitarianism and the suppression of personal rights and freedoms.
Our security as a state, at least for most of us in most developed countries, depends at least in part on effective law enforcement.
That applies all the way from the local council taking action against illegal dumping, through the prosecution of reckless and dangerous drivers, to the investigation and active disruption of serious offences such as human trafficking and terrorism.
Unfortunately, this has led to some difficult tensions in how to regulate the internet.
One significant problem is that if we make it too easy for law enforcement to find out who’s doing what online, we make it correspondingly difficult for the rest of us to stay secure, even (or perhaps especially) when the law says that we need to take proper care of the data we collect about other people.
Remember that this dilemma exists independently of how much protective regulation there is around how law enforcement gets permission to investigate in the first place.
The police typically need warrants, work under oversight, are responsible to regulatory bodies, and much more.
The problem is that crooks, hackers, industrial spies and terrorists don’t, and aren’t.
TRACKING, LOGGING AND MONITORING
Another problem is being tracked, logged, monitored and then pitched with ads by companies that go out of their way to keep their eyes on our online behaviour.
Again, this problem exists even with websites where we are happy to receive personalised ads, or where we willingly agree to the ads as our way of “paying” for a free service that would otherwise require a monetary subscription.
It’s not so much that a specific company has amassed data about us so that it can access and use the information easily.
It’s the risk that someone else, anyone else, might be able to do the same thing for no purpose other than to commit crimes against us.
Unfortunately, in a world of data breaches, cryptographic blunders, desultory patching – loosely speaking, in a world of security-can-wait-until-tomorrow – the only reliable way to avoid making it too easy for the crooks…
…is not to let all this trackable data get collected all the time.
And that brings us to Tor.
Tor doesn’t actually provide you with an instant, private, untraceable, anonymous presence online, and Tor itself strongly advises that you read up on what it can and can’t do.
But it is a way to make the data that’s collected about you much less useful to crooks who might get hold of it in the future.
BUT IT’S TOO SLOW
We’re aware that a lot of people to whom we’ve suggested the Tor Browser have retorted that “it’s too much trouble to try because it’s so slow.”
Indeed, it isn’t as fast as a regular connection because of the bit about “bouncing your communications around,” which is necessary to obscure what you are doing and how.
On the other hand, lots of people don’t bother encrypting their laptops “because it’s slow,” only to find out, when they try it, that they can’t tell the difference.
Tor may not be for you, but we still think it’s a worthwhile exercise to try it, to learn what it can do, and to think about why anonymity and privacy online are desirable for everyone, not just for activists, reactionaries, spies and crooks.
And, after all, if you have nothing to hide…
…then there is no need for anyone to keep an eye on you, is there?