Skip to content
Naked Security Naked Security

Tor Project says developers would rather quit than give FBI a backdoor

A lead developer for the Tor Project said it has a policy of "no backdoors, ever" and has systems in place to quickly identify backdoors in its source code.

The Tor Project is standing with Apple in its ongoing battle with the US government over encryption backdoors, and several developers for the anonymity service have said they would rather quit than add a backdoor to Tor’s software.

In a blog post published earlier this week, head developer of the Tor browser Mike Perry said the Tor Project has a longstanding policy of “no backdoors, ever.”

Perry said the Tor Project has never been asked to put a backdoor in its programs or source code, or to “hand over cryptographic signing material.”

Nevertheless, Perry reassured Tor users, which he said includes “human rights defenders across the globe,” that the Tor network has adequate systems in place to defend users’ security and privacy from hackers and governments.

The Tor network uses layers of encryption to shield your location and the location of any hidden services you use.

That hasn’t stopped intelligence and law enforcement agencies like the NSA and FBI from trying to crack open Tor to identify users in criminal investigations.

And last November, the Tor Project accused researchers at Carnegie Mellon University of selling information to the FBI about a vulnerability they discovered, which the university denied.

Perry said “several of our developers” would rather resign than “honor any request” to introduce a backdoor – an intentional security vulnerability – into its software, similar to how some Apple engineers have discussed the idea of resisting any order to undermine the security of Apple’s products by quitting.

Unlike Apple, however, the Tor Project uses open source code and has a bug bounty program to reward hackers who responsibly disclose security bugs.

Perry said the Tor Project’s code review and open source development processes “make it likely” that any backdoor “would be quickly discovered.”

The Tor Project joins a growing list of technology companies, organizations, lawmakers and private individuals supporting Apple in its legal fight with the US Department of Justice and the FBI over demands that it develop encryption backdoors in the iPhone.


Image of open door courtesy of Shutterstock.com.

6 Comments

> ..they would rather quit than add a backdoor to Tor’s software.

hey now, lets not give the government ideas how to cripple Tor, ie – drive away employees.

Users of Tor are predominantly child abusers, terrorists, hard drug dealers, money launderers and large scale tax cheats. I hope the NSA, MI5, GCHQ, etc are actively seeking to disrupt these criminal rings and bring them to juctice for the security of law-abiding citizens. No doubt evil regimes like North Korea are doing the same, but that is no reason tfor the forces of good to desist. They are not interested in whether Joe Bloggs is cheating on his wife, or a local plumber does a barrow-job for cash.

How would you know what the “predominant” ToR user is? You’d have to survey the majority of ToR users for that conclusion to be any more authoritative than a prejudiced opinion. But of course, you wouldn’t know who they are… that’s the whole point.

Researchers in London actually did make an effort to measure what the Dark Web mostly consists of (which is not the same as what the predominant user looks like!). They concluded that it was somewhere between 5% and 55% criminal. You can laugh at the wide range of the result, but hats off, these guys actually tried to measure it:

https://nakedsecurity.sophos.com/2016/02/03/dark-web-is-mostly-illegal-say-researchers/

If you read that article and the comments you will quickly see that it is more likely that the answer lies towards the 55% end of criminality than the 5% end, but even at 50% that means half of the Dark Web serves a neutral or good purpose…and, of course, that’s just “what’s there,” not “who’s using it and for what.”

I think both sides need to come to the party. The well-meaning members of the Tor project needs to stop spluttering in denial when people point out that there is, let’s be quite clear about this, a lot of criminality going on in and through Tor.

But Tor’s arch-critics also need to stop spluttering with outrage and insisting that Tor is all about criminality.

I use Tor quite a lot, yet I have never used it for any unlawful purpose. Lots of people I know are in the same boat…so it makes no sense to rant and point fingers at us without any rhyme or reason. That’s as offensive and as purposeless as saying “all Nigerians are crooked” because your experience of Nigeria has been years’ worth of spams and scams. (There are about 170,000,000 people in Nigeria. Even if 90% of them are corrupt, that leaves a whole Netherland’s worth of Nigerians who are not!)

I agree with you Paul that whole extreme kneejerking is wrong for this. But attempting to “have a shared watering hole that zebras and elephants and lions and hyenas share” doesn’t work when it comes to humans. If they resign fine, because they’re seemingly unwilling to help (which to some people can look like they are aiding)

We can’t even co-operate in something like a game for 10min without something contemplating some undermining action. :P

It’s not quite like a watering hole, because the zebras and lions don’t mix. You can be a zebra in Tor and (for the most part) not be preyed upon by lions. Ironically, the “shared watering hole” analogy applies best of all to free, open Wi-Fi hotspots (where the lions can hide in plain sight), yet you don’t hear people clamouring for those to be closed down.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?