New Tools Help Tor Fight Censorship
In her end-of-year newsletter, Isabela Bagueros, The Tor Project’s Executive Director turns her focus to the Russian government’s latest attempt to prevent its citizens from communicating with each other in confidence. Some Russians are no longer able to use the Tor browser. The Tor Project domains and sub-domains have been censored as well.
Russia holds 15% of all Tor users; those 15% need Tor perhaps as much as the other 85%, as they live in one of the world’s most totalitarian countries.
Tor is built on the principle that privacy is a human right. Y contrast, Putin’s government clearly views privacy as a threat – which they make very clear as they try to disable one of the most effective privacy-building tools ever developed.
None other than Edward Snowden, who of course has a lot at stake, is tweeting about the situation:
Edward Snowden @Snowden
Roskomnadzor (Russia's censorship bureau) is attempting to block one of the most important rights-respecting networks in the world without issuing so much as a press release. This is like banning the entire cell phone network because a drug dealer used it—without explanation. https://t.co/lnuh8MkY3S
Roskomnadzor can easily censor and track people and websites since they have control over personal and private information in the absence of anonymization tools like Tor.
Tor itself is raising awareness of the situation, and is publicly asking people to join the fight by running a Tor bridge, becoming part of the network that enables people to obscure their identity. Roskomnadzor uses a variety of methods to disable Russian citizens’ access to Tor. One technique is the release of counterfeit versions of the Tor browser into the country’s digital landscape. People who rely on one of those counterfeit versions inadvertently tip Roskomnadzor off to the fact that they’re Tor users – which of course makes them a target for “special attention.”
Reliable software is digitally signed of course. But the question becomes “Who signed it?” Commercial software producers have had serious problems with signing keys that are shared by a number of people in the development team.
Perhaps Tor could appoint an individual Signing Officer who takes personal responsibility for the signing of the Tor browser’s code. That way there would be no way for Roskomnadzor to intercept the signing key as it’s shared, or placed somewhere that’s accessible to multiple people.
The principle of the code signing officer is described in the Code Signer’s Professional License at https://caudit.proflic.org/
PKIDR has solutions to all the challenges that the Tor Project faces. Real digital identities, digital signatures, decryption control, and ownership of personal information can solve all the mentioned challenges. The ideal environment is one in which everyone has all the privacy they need, but they can still be held accountable if they commit a crime.