The Tor anonymity network has generated almost constant controversy since its inception nearly two decades ago. Proponents say it is an essential service for protecting online privacy and circumventing censorship, especially in countries with poor human rights records. Critics, meanwhile, claim that Tor protects criminals who distribute child abuse images, deal illegal drugs, and engage in other illegal activities.
Researchers on Monday unveiled new estimates that attempt to gauge Tor’s potential downsides and benefits. They found that nearly 7 percent of Tor users globally connect to hidden services, which the researchers say are disproportionately more likely to offer illegal services or content compared to normal Internet sites. Hidden service connections were significantly higher in countries rated politically “free” compared to countries rated “partially free” or “not free”.
Legal vs illegal
In particular, the fraction of Tor users who access hidden sites worldwide is 6.7, a relatively small percentage. However, those users are not evenly distributed geographically. In countries with regimes rated “not free” according to this score from an organization called Freedom House, access to hidden services was only 4.8 percent. In ‘free’ countries the share rose to 7.8 percent.
Here’s a chart of the breakdown:
In a paper, the researchers wrote:
The Tor anonymity network can be used for both legal and illicit purposes. Our results provide a clear, albeit probabilistic, estimate of the extent to which Tor users are engaged in either form of activity. In general, Tor users in politically “free” countries are more likely to use the network in illicit ways. Numerous additional questions remain, given the anonymous nature of Tor and other similar systems such as I2P and Freenet. However, our results narrowly suggest that Tor users in more repressive “non-free” regimes are much more likely to access Clear Web content through the Tor network and thus are relatively less likely to engage in activities that are generally perceived as malicious .
The estimates are based on a 1 percent sample of Tor access nodes, which the researchers tracked from Dec. 31, 2018, to Aug. 18, 2019, with a data collection hiatus from May 4 to May 13. traffic signatures, the researchers distinguished when a Tor client visited normal Internet websites or anonymous (or Dark Web) services.
The researchers – from Virginia Tech in Blacksburg, Virginia; Skidmore College in Saratoga Springs, New York; and Cyber Espion in Portsmouth, UK – acknowledged that the estimates are not perfect. In part, that’s because the estimates are based on the unprovable assumption that the vast majority of Dark Web sites offer illegal content or services.
However, the paper argues that the findings could be useful to policymakers trying to measure Tor’s benefits relative to the harms it causes. The researchers look at the results through the lenses of the 2015 paper titled The Dark Web Dilemma: Tor, Anonymity, and Online Policing and On Freedomthe essay published by the English philosopher John Stuart Mill in 1859.
Dark web dilemma
The researchers wrote in Monday’s paper:
These results have a number of consequences for research and policy. First, the results suggest that technologies that grant anonymity, such as Tor, pose a clear challenge to public policy and contain clear political context and geographic components. This policy challenge has been referred to in the literature as the ‘Dark Web Dilemma’. At the root of the dilemma lies the so-called “harm principle”, as proposed in On Freedom by John Stuart Mill. According to this principle, it is morally permissible to take any action as long as it does not harm anyone else.
The challenge of the Tor anonymity network, as suggested by its dual-use nature, is that maximum policy solutions all promise to do harm to one party. Leaving the Tor network active and free from law enforcement scrutiny is likely to result in direct and indirect harms resulting from the use of the system by those engaged in child exploitation, drug trafficking, and firearms sales, though of course, these harms are very significant. heterogeneous in terms of their potential negative social consequences and some, such as personal drug use, may also in some cases have predominantly individual costs.
Conversely, simply working to shut down Tor would harm dissidents and human rights activists, particularly, our results suggest, in more repressive, less politically free regimes where technological protection is often most needed.
Our results showing the uneven distribution of likely legal and illegal Tor users across countries also suggest that a looming public policy conflagration may be on the horizon. For example, the Tor network runs on ~6,000-6,500 volunteer nodes. Although these nodes are spread over a number of countries, it is likely that many of these infrastructure points cluster in politically free, liberal-democratic countries. In addition, the Tor Project, which runs the code behind the network, is a non-profit legal entity in the United States and traces both its intellectual origins and a large portion of its financial resources to the United States government.
In other words, much of the physical and protocol infrastructure of the Tor anonymity network is disproportionately clustered in free regimes, especially in the United States. Coupling this trend with a strict interpretation of our current results suggests that the harms of the Tor anonymity network cluster in free countries hosting Tor infrastructure and that the benefits cluster in disproportionately highly repressive regimes.
An “incorrect” assumption
It didn’t take long for the people behind the Tor project to question the findings and the assumptions that led to them. In an email, Isabela Bagueros, executive director of the Tor project, wrote:
The authors of this research article have chosen to categorize all .onion sites and all traffic to these sites as ‘illegal’ and all traffic on the ‘Clear Web’ as ‘legal’.
This assumption is flawed. Many popular websites, tools and services use ui services to provide their users with privacy and censorship circumvention benefits. For example, Facebook offers an onion service. Global news organizations, including The New York Times, BBC, Deutsche Welle, Mada Masr and Buzzfeed, offer onion services.
Whistleblowing platforms, file sharing tools, messaging apps, VPNs, browsers, email services and free software projects also use onion services to provide privacy protection to their users, including Riseup, OnionShare, SecureDrop, GlobaLeaks, ProtonMail, Debian, Mullvad VPN, Ricochet Refresh , Briar and Qubes OS.
(For even more examples and quotes from website admins using onion services on why they use Tor: https://blog.torproject.org/more-onions-end-of-campaign)
Writing off traffic to these widely used sites and services as “unauthorized” is a generalization that demonizes people and organizations that choose technology that helps them protect their privacy and circumvent censorship. In a world of increasing surveillance capitalism and internet censorship, online privacy is necessary for many of us to exercise our human rights to freely access information, share our ideas and communicate with each other. Falsely identifying all onion service traffic as “illegal” hurts the fight to protect encryption and benefits those in power who seek to weaken or outright ban strong privacy technology.
Second, we look forward to hearing the researchers describe their methodology in more detail so that the scientific community has an opportunity to judge whether their approach is accurate and safe. The copy of the paper provided does not describe their methodology, so the Tor project or other researchers cannot judge the accuracy of their findings.
The paper is unlikely to turn Tor supporters into critics or vice versa. However, it does provide a timely estimate of overall Tor usage and geographic breakdown that will be of interest to many policymakers.