When Edward Snowden was photographed by Guardian journalists in his Hong Kong hotel room, one picture quickly became a subject of interest. It featured Snowden’s laptop, which was emblazoned with stickers for the Electronic Frontier Foundation and the Tor Network:
The EFF is a digital-rights group based in America. Tor is an acronym for The Onion Router, a free piece of software that gives its users anonymity from eavesdroppers by routing their communications through multiple points within its network of volunteer computers with partial encryption and decryption at every stage. It gives users, whatever their reasons for staying anonymous, a high degree of security.
That may no longer be the case. Around midnight on Saturday, the administrators of the Tor network began receiving reports that several “hidden services” had disappeared from the network. Hidden services on Tor are sites and servers that cannot be accessed through through Google or by typing in a web address such as qz.com. Instead, it only works when logged into Tor. These include things like Silk Road, a marketplace for both legal and illegal goods, and Strongbox, a secure drop-off for whistleblowers to deliver documents to the New Yorker. Much like websites on the web, hidden services on Tor need to be stored—or hosted—on physical servers. One such company, Freedom Hosting, had gone down over the weekend and taken “a large number” of services with it.
The Tor project’s executive director, Andrew Lewman, told Quartz he couldn’t say how many sites had been affected as the organization didn’t know the size of Freedom Hosting. One hacker estimated it could be as many as half of all such services on Tor.
Freedom Hosting was home to hacking forums, hidden wikis and TorMail, an anonymous email provider, among other things. It also served websites dedicated to child pornography. On Saturday, The Irish Independent reported that the FBI had requested the extradition of the recently-arrested Eric Eoin Marques, whom the agency call ”the largest facilitator of child porn on the planet.”
Hidden services on Tor have long been the subject of debate because they facilitate crimes like the trading of child pornography, drugs and weapons. But they also serve a useful function by allowing activists, dissidents and journalists to communicate securely in countries with repressive regimes. It is widely thought that the attacks that brought down Freedom Hosting were orchestrated by American law-enforcement agencies, which infected Freedom Hosting’s sites with code that unmasked some its users if they ran Microsoft’s Windows operating system with a particular version of the Firefox browser, on which the Tor browser is based. It appears even those who worry constantly about anonymity and security can be just as sloppy as ordinary folk.
While this will mean that criminals and pedophiles may think twice about trading on Tor, it might also affect the faith that others have in the service. Lewman said that users should continue to trust Tor but that they should update their software regularly. A security note from Tor, issued yesterday, added that “switching away from Windows is probably a good security move for many reasons.” Google moved from Windows to Linux due to security concerns three years ago (paywall). It is surprising that some of the most careful people on the internet have not done the same.