Learning About Tor: Hands-On With Anonymous Communication

Joseph Lorenzo Hall; NYU Media, Culture & Communication
Time-stamp: <2012-03-03 10:43:48 josephhall>, v0.2

Description: This is an in-class hands-on demonstration intended to familiarize non-technical students with some of the features of anonymization tools, in this case Tor. The background mini-lecture analogizes passing notes in a classroom with the goals of dissidents in repressive regimes trying to get information in and out of their country without being identified by authorities or having the contents of their communications exposed.

Objective: Students will learn, at a high level, how encryption and proxy routing can be used to anonymize communications.

Materials

For N students:

• N large manila envelopes, write the instructor's name on the front.
• N letter-sized envelopes
• N smaller envelopes (can fit in the letter-sized envelopes)
• N/4 tiny envelopes (can fit in the smaller envelopes)
  • Each of these tiny envelopes has "To: " written on the front.
• N "payloads" (small cards that fit into the tiny envelopes)
  • All have "To: " written on the front.
  • N/3 of these say, " was here!" (with enough space for a student to write their name)
  • N/3 of these say, "The recipe for Iranian Coca-Cola!"
  • N/3 of these say, "You've got a secret admirer!"
• N letter openers (plastic knives), with a different student's name written on each in marker.

Background Remarks: Analogy to Passing Notes

Imagine students passing notes in class at school, before texting, instant messaging, or Facebook. They would have to be very careful passing notes, or the teacher might see them and they'd get in trouble... and the teacher might even read the note out loud to the rest of the class! That could be pretty embarrassing, depending on the contents of the note.

Question: What could a note-passing student do to avoid the teacher catching them and reading their secrets out loud?

Well, they could:

• conceal the note in something that doesn't look like a note and pass it (e.g., someone drops their hat and the sender puts the note in the hat before returning it);
• take care with the actual passing of the note and try not to be seen;
• write the note in some sort of code -- like Pig Latin -- that would render the note's contents gibberish if the Teacher did catch the note and read it aloud; and/or,
• ask someone else to pass the note so that if the note is intercepted, the person they asked to pass the note gets in trouble!

Now, imagine if the Teacher gets fed up with subversive note-passing and hires one person for each student, a "monitor", whose only job is to make sure that their student only passes approved things -- textbooks, handouts, writing utensils -- to other students.

Question: What could these students do to still pass notes with "unapproved content"?

It actually starts to get really hard, right? They'd have to resort to passing notes that look like "approved" notes -- say written in a textbook -- or they'd have to take advantage of times when their monitor was distracted.

This is an imaginary classroom, of course, but we can think of this teacher and their army of monitors as repressive governments such as China and Iran. These governments regularly monitor what their citizens say and punish dissidents speaking about banned topics. Imagine the students here are political dissidents that could easily be thrown in jail or physically harmed for trying to communicate about subjects like democracy. If there were a tool that allowed these dissidents to still "pass notes" without getting into trouble and without the contents of their notes exposed, that could be a very good thing. It would save lives, promote democratic thought and organizing and generally aid note-passers of all varieties (even the ones that just want to throw a wicked surprise party and nothing more).

These kinds of tools exist! Software that can resist censorship is called anti-censorship software and Tor is software that can be used for anonymous communication on the internet. Tor is not the only such tool, but it's probably the most widely known, actively developed and widely used.

How does Tor help people communicate anonymously? The short answer is that it's complex and technical! It involves encryption (math), clever routing (networks) and very careful software engineering. At the heart of Tor is an idea called "onion-routing" that is the centerpiece of anonymous communication in Tor. We're going to spend the rest of class in a hands-on demo. that will familiarize us with how Tor works and some important wrinkles in anonymous communication common to all such tools.

In-class Demonstration: Anonymized Note Passing!

A bit about encryption

Encryption is essentially a mathematical way of making messages look like gibberish. That is, it looks like gibberish to everyone but someone with the right "key" to decode the gibberish.

Imagine that I'm at my computer and I want to order some lingerie on the internet. Say Student A [pick a good sport as this gets PG] sells lingerie online. I point my browser at Student A's website and send a message that tells it what I'd like to buy and contains my credit card information. (Write down, but don't say out loud, "I'd like that corset, please; here's my credit card information.") I pass this to [a close student who is not Student A] and they pass it until it gets to Student A.

Question: How many people other than Student A know what I wanted to buy? Why is this?

Now, what if I put a similar, but different message, in an envelope and do the same thing?

Question: What could note-passers between the sender and recipient do to get access to the contents of my message, now that it's in an envelope?

Of course, they could rip the envelope open, right!

Wouldn't it be neat to have envelopes that only the recipient could open? In fact, this exists! Encryption allows someone to send a message that only a person with the right key can open. I have in my hand a plastic knife with my name on it. Imagine that it's a fancy letter opener and that it can only open letters with my name written on them. And here's an opener for Student A. Now, if I put my message in a special envelope that only Student A can open with his letter opener, I can be pretty damn sure that no one between me and Student A will be able to read my message!

This is how web browsers work when we, say for example, log into our bank on the web. Our browsers can send messages in encrypted "envelopes" that only our bank can open, so that anyone passing the message along cannot casually or even deliberately eavesdrop on the message. (Of course, that holds unless someone out there is selling letter openers for envelopes with our bank's name on them!)

Onion routing

Now, we'll use what we've learned about encryption to show how the Tor software uses a technique called "onion routing" to anonymize communications:

1. Each student gets:
   • 1 each of manila, large and small envelopes.
   • 1 letter opener with their name written on it in marker.
2. Have each student write their own name on the large and small envelopes.
3. Have students pass the large and small envelopes to the instructor; the instructor shuffles the large envelopes and then the small envelopes. The instructor then passes out one large and one small envelope to each student, making sure that the student doesn't get the same name on each envelope and that neither of the names on the envelopes is that of the student.
4. The instructor writes one student's name on the "To:" line of each payload card and then passes out a payload card to each student. The instructor also gives out the few tiny envelopes, randomly. The instructor tells the ones with "(blank) was here!" payloads to write their name in the blank and tells the students with the tiny envelopes to write the name of the student on their payload on the "To:" line of the tiny envelope.
5. Students now "package their onions". (If they have a tiny envelope, they first place their payload in the tiny envelope.) First, all students place their payloads inside the small envelopes and seal them; then, they place the small envelopes in the large envelopes and seal them; and, finally, place the large envelopes in the manila envelope and seal those. Pass the manila envelopes to the instructor.
6. The instructor can open the manila envelopes because they have the letter opener with their name on it. The instructor does so and passes the inner large envelopes to their recipients.
7. These recipients can open the letters with their letter openers and then pass the small envelope to that recipient.
8. The recipients of the small envelopes can open the small envelopes with their letter openers and deliver the payload to the recipient.

Question: We've just passed notes anonymously! Or, have we?

The instructor then asks each student to read their payload and say what their message is (if the student has a tiny envelope, they can open it to read their message).

Question: Can anyone tell where their note came from? Did anyone have an opportunity to read the payload of a message they were delivering?

A few of the payloads explicitly say, "Joe was here!" or something similar. That's not anonymous, right? This goes to show that we can think up a fancy and awesome method for anonymizing the origins of a particular communication, but if the sender writes their name (or other identifying info.) in the payload, then there's no more anonymity.

The payloads that didn't have tiny envelopes were easily read by the final delivery hop, right? The tiny envelope represents end-to-end encryption, like SSL -- for example, we use SSL when we go to our bank's website and see the little lock icon in our browsers. Only by using encryption methods like SSL can we make sure that the contents of our communications are protected from eavesdropping along the delivery path.

(cc) 2012, Some Rights Reserved, Joseph Lorenzo Hall.