This is an advent calendar for techies. In the fully commercialized digital world, almost everything belongs to a large Internet corporation. Their software is neither open nor free. As an alternative, there is this small island of the open source world: software whose code is publicly visible and can be independently checked for possible security gaps and backdoors. Software that can be freely used, distributed and improved. Often the drive for work is simply the joy of providing something useful to society.
Short portraits of open source projects will be published on heise online from December 1st to December 24th. These are about the functions of the respective software, the pitfalls, the history, the background and the financing. Some projects are backed by an individual, others by a loosely organized community, a tightly managed foundation with full-time employees or a consortium. The work is done entirely on a voluntary basis, or it is financed through donations, cooperation with Internet companies, government funding or an open source business model. Regardless of whether it is a single application or a complex ecosystem, whether a PC program, app or operating system – the diversity of open source is overwhelming.
Short portraits of open source projects will be published on heise online from December 1st to December 24th. These are about the functions of the respective software, the pitfalls, the history, the background and the financing.
December 5th: The Tor Browser
An unusual career: Thanks to long-term government funding, the child of military research became the most important weapon against government Internet control.
The Tor anonymization browser directs data traffic to its destination via three stations and disguises IP addresses. This enables anonymous and censorship-free use of websites: Internet providers only see the first Tor node and not where the journey is going. You can neither log nor prevent the website access. Instead of the IP address used, websites only see the last of the three Tor nodes. And secret services that are eavesdropping cannot make sense of the data traffic either.
Tor originally stands for “The Onion Router” and is being developed by the US organization The Tor Project. The technology is under the 3-clause BSD license. The main application is the Tor browser for PC. Tor Browser for Android is the official Android app; the Onion Browser is recommended for iOS, developed by a member of the Tor community. A by-product is the Darknet under the pseudo-ending .onion, which can be accessed with the Tor browser.
Beginning as a military research project
The first work on what would later be called “Tor” began in 1995 at the Naval Research Laboratory (NRL), a research laboratory of the US Navy. Mathematician Paul Syverson wanted to develop a digital technology in which US military and intelligence agencies could move anonymously. From the beginning it was clear that the technology had to open up to society and be open source, because for the actual purpose it needed cover traffic, massive data traffic from completely different users: inside, who consider Tor to be trustworthy.
Appeared in 1996 a first paper and a prototype with simulated nodes was set up. 2002 became a Pre-Alpha-Version presented in 2003, Tor went live with about a dozen nodes. 2004 appeared with Tor: The Second-Generation Onion Router a design paper that is still valid today.
The Tor Project takes over
In 2006, the US military formally separated from Tor. The Tor Project as a not-for-profit organization based in Seattle took over the further development. The decreed according to the latest annual report had an annual budget of $ 4.4 million between July 2019 and June 2020 and had 18 employees.
The highest decision-making body is a ten-member board of directors, whose chairman is IT security entrepreneur Rabbi Rob Thomas. The Munich lawyer Julius Mittenzwei, a member of the Chaos Computer Club, is also on the board of directors. The managing director is Isabela Bagueros, a long-time Tor project manager. Top earners are the two Tor veterans Roger Dingledine and Nick Mathewson, with a monthly salary of around 10,000 US dollars.
The narrow core of the community consists of around 90 people. Various Tor-based programs come from the community, such as the Darknet file exchange program OnionShare, the Tor-based live operating system Tails or the darknet smartphone messenger Briar.
Money from the state
Most recently, almost 50 percent of the Tor Project’s budget came from US funding. In the years 2007 to 2020 it was an average of 67 percent. Approximately 20 percent of the funds came from the Department of Defense, the State Department and the US Agency for Global Media, and seven percent from the National Science Foundation. The proportion of individual donations was six percent, but has risen sharply in recent years. Other notable donors were the Swedish Foreign Ministry (seven percent) and the Mozilla Foundation (four percent).
Mozilla, the smallest regular donor, plays a key role when it comes to software. The Tor Browser for PC and Tor Browser for Android are based on the Firefox browser. That Tor Uplift-Team from Mozilla ensures that Tor features and Firefox browsers work seamlessly with one another.
The Tor community provides the nodes
The global digital civil society provides the infrastructure: about 6200 obfuscation stations, of which the Tor browser always selects three to anonymize data traffic. There are also about 1500 hidden ones Bridge nodethat are used when Internet service providers block standard nodes.
Tor nodes are run on a voluntary basis by individuals, general (digital) organizations such as the Digitalcourage association or Reporters Without Borders, and by specialized goal associations such as F3 Netze, onion friends or the Artikel10 association in Germany. The German goal community plays a key role in the infrastructure. About a third of global Tor traffic is running about German knots.
Use every day worldwide between 2 and 2.5 million people Tor, the largest Tor nation is the USA, followed by Russia and Germany. In this country around 180,000 people are active in the Tor network every day.
Because of its distributed architecture, open source nature and active community, Tor is superior to commercial, centralized VPN anonymization services. Cracking a goal is theoretically possible, but only with a great deal of effort and within narrow limits.
The Tor browser is used to circumvent censorship in dictatorships and to undermine western mass surveillance, to buy drugs on the Darknet, to communicate between whistleblowers and editorial offices and for all types of cybercrime. And certainly still for the original purpose, the anonymous digital operation of secret services and the military.
26 years after its inception, Tor is the most contradicting open source technology, both in terms of usage and in terms of organization and history: Tor is in fact a joint project between digital civil society and the US government. A military research project became the most important antagonist of state surveillance and censorship, thanks to reliable government funding.
The work on the series of articles is based in part on a “Neustart Kultur” grant from the Federal Government Commissioner for Culture and the Media, awarded by VG Wort.