Neil Mohr investigates the shadowy world of onion routing, and how it can be used to shrug off any surveillance of your online activities
They’re watching you. They’re watching everything you do online. You’d think we were being paranoid, but it’s part of their mission statement: the UK government is part of the international Five Eyes group of Australia, Canada, New Zealand, the United Kingdom and United States, which have worked together since the end of World War II to collate and share intelligence, and that includes the internet use of citizens.
In the digital age, that means intercepting, storing, and analysing all Internet traffic. Don’t be fooled into thinking that local laws can stop a nation state from spying on its own citizens. If you’re one of the Five Eyes, just get your buddy overseas to do the spying, then report back. Tempora, a UK programme, splices off the undersea fibre-optic backbone of the internet, duplicating all the data transmitted over it, with the NSA sharing that data. Damn crafty, we Brits.
Back in the US, programmes such as PRISM created a legal framework for the NSA to spy on targeted US citizens, immunising co-operating US companies from prosecution. Or take MUSCULAR for bulk copying of Google and Yahoo! data outside US territory, for the NSA and GCHQ to rifle through. And who knows what Russia, North Korea, and China are up to…
It’s not paranoia if it’s actually happening. The good news is that the open-source community has brought together a host of privacy technology to offer a verified solution: Tor. Tor (or, as it used to be known, The Onion Router) is a project designed to provide anonymous access to the internet. An easy way to think of it is as a browser VPN that anyone can use.
That’s a good starting point, but what’s wrong with your current VPN service? It says it offers you privacy and anonymous browsing, right? Yes, but how do you know it actually does? This isn’t to say VPNs are useless, it’s pointing out that they’re not a silver bullet. If no third parties test their systems for security or flaws, how do you know they’re secure at all?
This brings us back to Tor and what it can do for our online privacy. It might help to very quickly say why you don’t have online privacy in the first place, beyond the notion that every government in the world is probably monitoring you online. It’s largely down to how the Internet was developed and has to be run. The internet is a precarious stack of open protocols built up over decades, and back in the 1960s, everything was done in plain text – that didn’t change for a very long time; HTTP is transmitted in plain text.
Even today, the domain-name routing of your browsing and email message headers remains open to scrutiny, and if you want the internet to be worldwide, you have to allow data packets to be passed across borders – this enables
