Joseph Lorenzo Hall; NYU Media, Culture & Communication
Time-stamp: <2012-03-03 10:43:48 josephhall>, v0.2
Description: This is an in-class hands-on demonstration intended to familiarize non-technical students with some of the features of anonymization tools, in this case Tor. The background mini-lecture analogizes passing notes in a classroom with the goals of dissidents in repressive regimes trying to get information in and out of their country without being identified by authorities or having the contents of their communications exposed.
Objective: Students will learn, at a high level, how encryption and proxy routing can be used to anonymize communications.
For N students:
Imagine students passing notes in class at school, before texting, instant messaging, or Facebook. They would have to be very careful passing notes, or the teacher might see them and they'd get in trouble... and the teacher might even read the note out loud to the rest of the class! That could be pretty embarrassing, depending on the contents of the note.
Question: What could a note-passing student do to avoid the teacher catching them and reading their secrets out loud?
Well, they could:
Now, imagine if the Teacher gets fed up with subversive note-passing and hires one person for each student, a "monitor", whose only job is to make sure that their student only passes approved things -- textbooks, handouts, writing utensils -- to other students.
Question: What could these students do to still pass notes with "unapproved content"?
It actually starts to get really hard, right? They'd have to resort to passing notes that look like "approved" notes -- say written in a textbook -- or they'd have to take advantage of times when their monitor was distracted.
This is an imaginary classroom, of course, but we can think of this teacher and their army of monitors as repressive governments such as China and Iran. These governments regularly monitor what their citizens say and punish dissidents speaking about banned topics. Imagine the students here are political dissidents that could easily be thrown in jail or physically harmed for trying to communicate about subjects like democracy. If there were a tool that allowed these dissidents to still "pass notes" without getting into trouble and without the contents of their notes exposed, that could be a very good thing. It would save lives, promote democratic thought and organizing and generally aid note-passers of all varieties (even the ones that just want to throw a wicked surprise party and nothing more).
These kinds of tools exist! Software that can resist censorship is called anti-censorship software and Tor is software that can be used for anonymous communication on the internet. Tor is not the only such tool, but it's probably the most widely known, actively developed and widely used.
How does Tor help people communicate anonymously? The short answer is that it's complex and technical! It involves encryption (math), clever routing (networks) and very careful software engineering. At the heart of Tor is an idea called "onion-routing" that is the centerpiece of anonymous communication in Tor. We're going to spend the rest of class in a hands-on demo. that will familiarize us with how Tor works and some important wrinkles in anonymous communication common to all such tools.
Encryption is essentially a mathematical way of making messages look like gibberish. That is, it looks like gibberish to everyone but someone with the right "key" to decode the gibberish.
Imagine that I'm at my computer and I want to order some lingerie on the internet. Say Student A [pick a good sport as this gets PG] sells lingerie online. I point my browser at Student A's website and send a message that tells it what I'd like to buy and contains my credit card information. (Write down, but don't say out loud, "I'd like that corset, please; here's my credit card information.") I pass this to [a close student who is not Student A] and they pass it until it gets to Student A.
Question: How many people other than Student A know what I wanted to buy? Why is this?
Now, what if I put a similar, but different message, in an envelope and do the same thing?
Question: What could note-passers between the sender and recipient do to get access to the contents of my message, now that it's in an envelope?
Of course, they could rip the envelope open, right!
Wouldn't it be neat to have envelopes that only the recipient could open? In fact, this exists! Encryption allows someone to send a message that only a person with the right key can open. I have in my hand a plastic knife with my name on it. Imagine that it's a fancy letter opener and that it can only open letters with my name written on them. And here's an opener for Student A. Now, if I put my message in a special envelope that only Student A can open with his letter opener, I can be pretty damn sure that no one between me and Student A will be able to read my message!
This is how web browsers work when we, say for example, log into our bank on the web. Our browsers can send messages in encrypted "envelopes" that only our bank can open, so that anyone passing the message along cannot casually or even deliberately eavesdrop on the message. (Of course, that holds unless someone out there is selling letter openers for envelopes with our bank's name on them!)
Now, we'll use what we've learned about encryption to show how the Tor software uses a technique called "onion routing" to anonymize communications:
Question: We've just passed notes anonymously! Or, have we?
The instructor then asks each student to read their payload and say what their message is (if the student has a tiny envelope, they can open it to read their message).
Question: Can anyone tell where their note came from? Did anyone have an opportunity to read the payload of a message they were delivering?
A few of the payloads explicitly say, "Joe was here!" or something similar. That's not anonymous, right? This goes to show that we can think up a fancy and awesome method for anonymizing the origins of a particular communication, but if the sender writes their name (or other identifying info.) in the payload, then there's no more anonymity.
The payloads that didn't have tiny envelopes were easily read by the final delivery hop, right? The tiny envelope represents end-to-end encryption, like SSL -- for example, we use SSL when we go to our bank's website and see the little lock icon in our browsers. Only by using encryption methods like SSL can we make sure that the contents of our communications are protected from eavesdropping along the delivery path.
(cc) 2012, Some Rights Reserved, Joseph Lorenzo Hall.