The Internet as we now know it may be many things, but anonymous is not necessarily one of them. Originally put together by ARPA, the U.S. military’s Advanced Research Projects Agency (now known as DARPA, the Defense Advanced Research Projects Agency), the Internet was designed to connect universities and military sites for data-sharing purposes. There was no desire for any of these users to be able to hide their identities. The rise of e-commerce in the 1990s brought with it relatively widespread encryption, mostly for banking and credit card data. This encryption hid the contents of a message, but not the online identities of users. After all, in order to communicate, both parties must be able to know where to send their messages. Obscuring one’s real world identity was not difficult; a user could use a pseudonym, and log on at an Internet café or library to avoid being traced. Linking a communication to a specific computer was not impossible, it was just time-consuming and involved.
When the U.S. Naval Research Laboratory originally explored the concept of onion routing in 1998, it was seen as a method of protecting secure government communications. In its patent, the Navy describes a network designed to keep both the initiator and the responder to a communication anonymous and secure against eavesdropping. Every packet sent across the network would be encrypted multiple times, like the layers of an onion. The first server to receive the packet from the sender would only be able to decrypt the first layer. Thus, that server would know where the message had come from, and the next hop in the chain. The next server would only be able to decrypt the second layer, and would only know where the packet had come from, and the next server it was to go to. The effect would be that any single server would not be able to identify both the sender and the receiver, and the servers in the middle would be able to identify neither, but rather other intermediate steps only.
The potential of onion routing was far greater than just secure military communications. Because onion routing hid the contents of the message, its origin, and its destination, it was useful for anyone who wanted to hide not only what they were saying, but who they were talking to. There were great expectations of deploying onion routing to dissident groups within countries across the globe, from Syria to Iran to China. These groups would be able to circumvent local internet censorship and speak freely and securely.
The major public implementation of this system is known as Tor. The system is originally known as TOR, The Onion Routing Project, and is maintained by a group of volunteers. Tor implements the onion routing concept in a simple, easy to use package that’s widely distributed to internet users.
The public debut of Tor was not without controversy, however. While Tor could protect communications seen as valuable to American interests (it remains funded in part by American governmental agencies, including the State Department and the National Science Foundation), it quickly became obvious to governments and law enforcement that the same potential for secure communication also extended to those whose goals were considered illegitimate, such as child pornographers, drug dealers, terrorists, and spies. Moreover, because of how the network obscured its traffic and the routing of its data, it would be impossible to simply exclude those users. Their traffic, after all, would be invisible and anonymous.
Almost immediately, “hidden” websites began to spring up over Tor. These sites were completely encrypted, since they were only able to receive communications via Tor. An example is Strongbox, the New Yorker’s anonymous information sharing service, where whistleblowers can have a high degree of anonymity. Others, like The Pirate Bay or Lolita City, took advantage of Tor’s security to protect their illegal content: copyrighted movies and video games, or child pornography, respectively.
For the early part of Tor’s existence, this “shadow Internet,” or darknet, was limited by the fact that the network could only carry anonymous data if its security was to be maintained. Secure email is one thing, but internet crime for hire, such as data theft and hacking, required the transfer of money. This was a service Tor could not really provide, since traditionally, participants in a transaction would need to be able to identify one another easily. Trades-in-kind were possible, but the use of conventional currency required transfers by a more conventional method. Many countries had already established financial intelligence gathering operations, like Canada’s FINTRAC, specifically to trace suspicious transactions.
For dissident communications this didn’t much matter, but for a while, it did limit the usefulness of the darknet in more conventional black-market contexts. However, this state of affairs was soon to change drastically…
Stay tuned for Part II of the online Digital Frontier series.