By Kim Zetter EmailDecember 12, 2008 | 6:46:20 PMCategories: Privacy
Two veteran coders have teamed up to create a kind of Google for the anonymous underweb.
Aaron Swartz, a Reddit founder, and Virgil Griffith, creator of WikiScanner, have created a new service called tor2web that gives users access to website hosted anonymously on the Tor network.
Though Tor — ‘the onion router’ — is more famous as a privacy tool designed to prevent tracking of where a web user surfs on the internet, since 2004 the system has allowed users to host servers as well. Unlike conventional servers, these Tor ‘hidden services’ cannot normally be traced to the person operating them.
One drawback to these websites: they’ve only been accessible to people who download and install the Tor software. Swartz wanted to free up the content to make it available to anyone, so he and Griffith created tor2web as a bridge between the public internet and the untraceable sites.
Tor is endorsed by the Electronic Frontier Foundation and other civil liberties groups as a method for whistle blowers and human-rights workers to communicate with journalists, among other uses. It works by randomly routing traffic, such as website requests and e-mail, through a network of nodes hosted by volunteers around the world before delivering it to its destination. The traffic is encrypted enroute through every node except the final one, and the end point cannot see where the traffic or message originated. Theoretically, nobody spying on the traffic can identify the source.
Tor’s hidden services work in a similar manner to obscure the location of someone publishing a service or anonymous content on special websites accessible only through Tor. But until now, these sites — offered through the virtual .onion domain — could not be reached by ordinary web surfers.
With tor2web, however, anyone can browse or visit hidden .onion sites. Users who visit the sites, however, won’t be anonymous in the way they would be if they used Tor themselves.
Swartz (who sold Reddit to Wired’s parent company, CondeNet) started working on the tor2web idea three or four years ago when he tried to find a way to get a web server to speak to the Tor network. He got busy with other things and put the project aside until recently when Wikileaks, a whistle-blower site, experienced problems with entities trying to force it to remove content. Hidden Tor sites are useful for placing information (such as that published by Wikileaks) beyond the reach of a court. But such hidden sites are not available to everyone, so Swartz decided to devise a way to open access to them.
‘There’s all sorts of stuff people want to publish anonymously,’ Swartz told Threat Level. ‘The Tor tools have been really good for doing that. They’re really secure and have been well-vetted. But they’re kind of difficult to install and there’s no way you’re going to get everyone on the internet to install them. So the idea was to kind of produce this hybrid where people could publish stuff using Tor and make it so that anyone on the internet could view it.’
The service is new, so it has a few drawbacks. There are only a couple hundred hidden sites currently available to peruse (many of them are file-sharing and storage services) but Swartz hopes that number will grow as more users become aware that they can publish information anonymously through Tor.
Reaching the hidden sites through tor2web is also currently slow, given the nature of the relay process. Although once a user accesses a page the first time, it becomes cached and therefore quicker to access thereafter. Swartz says the service currently does a little more routing than it needs to do but he hopes that will be fixed at some point.
Another drawback is that many of the .onion web pages have strange alphanumeric URLs that make it difficult to determine a site’s content before you visit it. Swarz says he’s thinking of putting together an index or directory to make it easier to categorize and find useful hidden sites as more of them become available.
‘The first step has been building these tools so that it’s possible,’ Swartz said. ‘Now we have to start building better directories so it’s clear what kind of interesting things are out there.’