Tor’s battle to stay ahead of the security race.
The Dark Net is under attack.
Actually, it’s always under attack. That’s the smart attitude to take as the spotlight has been turned up on technology like the Tor-anonymizing network. Threats from governments and hackers around the world have pushed Tor’s decade-old hidden service technology to its limits.
To stay ahead in the security race, Tor is building the next-generation Dark Net in part with funding from the Defense Advanced Research Projects Agency, the U.S. military agency charged with inventing the cutting edge of new technology.
The funding, which began in 2014, comes as part of DARPA’s Memex project, a “groundbreaking” search engine designed to best commercial titans like Google at searching the Deep Web and other oft-ignored terrain for the U.S. intelligence, law enforcement, and military. To build Memex, DARPA is partnered with universities like Carnegie Mellon, NASA, private research firms, and several Tor Project developers.
DARPA is funding multiple projects focused on improving Tor’s hidden services across “1-3 years,” Tor’s director of communications Kate Krauss told the Daily Dot via email. Tor declined to give more specifics on the grant, like its monetary value and terms, and DARPA didn’t respond to a request for comment.
Roger Dingledine, Tor’s project leader, pointed to a dozen projects over the last year that utilized DARPA’s funding including an investigation team assigned to address recent attacks on some of the Dark Net’s most famous websites.
These attacks, which started in March, targeted several hidden services with a simple-but-effective cyberattack that slowed the entire Tor network and took the sites offline for more than a week, inspiring no small amount of worry about the security of many Tor users. Some of the sites are still struggling to return to normalcy.
The Dark Net road map moving forward is ambitious. Tor plans to double the encryption strength of hidden service’s identity key and to allow offline storage for that key, a major security upgrade.
Next-generation hidden services may be run from multiple hosts to better deal with denial of service attacks and high traffic in general, a potentially big power boost that further closes the gap between the Dark Net and normal websites.
Led by data scientist Christopher White, Memex is explicitly not aimed at de-anonymizing any Tor user or “accessing information not intended to be publicly available,” according to a recent DARPA blog post. Still, government funding of Tor—which, by the way, was invented as a U.S. Navy research project in 2002—has always been somewhat controversial.
This isn’t the first time DARPA has contributed financially to Tor. A 2001-2006 stint as sponsor stands next to similar grants from the U.S. Navy, State Department, and the National Science Foundation as government sponsorships over the past decade.
Hidden services, which make up about 4 percent of the entire Tor network, have until recently been relatively neglected when it comes to funding and developing.
“The challenge with hidden services is two-fold,” Tor director Roger Dingledine told the Daily Dot. “First they’re hard to frame as being within the mission of most funders in our space. Funders care about resisting censorship better, or training users about being safe online, or writing research papers on anonymous communications, but none of those are specifically about hidden services.”
Convincing the money is the hard part. Tor’s existence as a non-profit dependent on grants and donations means that development is, in a significant way, driven by what Tor can convince its sponsors are worthwhile causes.
“And second, hidden services are early enough in their development process that their potential is not as obvious as it is for other parts of Tor,” he explained. “They’re basically still the same design and implementation I came up with 10 years ago, and while many other parts of Tor have become much stronger and smarter, attention to hidden services has lagged behind. The result is that it’s harder to paint a picture about how any specific proposed project will bring them the required distance.”
In addition to DARPA, the hackers behind Tor are looking away from the big funders that have traditionally financed the operation. They’re turning to the crowd to fund development and bring hidden services into modernity, a long-awaited step that could have some major implications about how strong and secure Tor really is.
Illustration by Max Fleishman