Tor and THEMIS: Finding Balance Between Anonymous Browsing and Criminal Activity

Tor and THEMIS: Finding Balance Between Anonymous Browsing and Criminal Activity
Page content

Anonymous Browsing

How does anonymous browsing really work? In the case of a system like Tor, traffic originating from your computer is encrypted and sent off to a proxy server, which is a server that exists only to route traffic from one location to another. After being routed through numerous proxy servers, the traffic finally arrives at its final destination. The server that receives it doesn’t know the traffic’s origin.

Some proxy networks are much simpler and only bounce traffic to a single proxy server before ending at the proper destination. The idea behind creating Tor was that traditional proxies can be easily shut down or blocked. Tor was originally funded in 2004 by the US Naval Research laboratory and even today, the US Government provides approximately 80% of Tor’s yearly budget.

Although Tor can be extremely useful in countries that block their citizen’s access to the internet, it can also be used for illegal activities.

THEMIS

Iowa State professor Yong Guan and his students are researching how to put a stop to illegal activities without affecting legal users. Their system, named THEMIS, aims to provide privacy for legitimate users while giving law enforcement agencies the ability to track the source of malicious or illegal content.

While details are light, it appears Guan wants to create a new anonymous network with provisions built in to protect users’ anonymity. While traffic would still be encrypted between proxies, an AFGH re-encryption key would be included with each message. This key would allow authorities to trace the source of the message. If someone reported a threatening message to the authorities, they would need to subpoena data from the ISP along with the AFGH re-encryption key to start tracking. It’s a labor-intensive process, but could overcome the issue of Tor’s near-complete anonymity.

The main issue Mr. Guan may encounter is trying to get people to use his network. On one hand, you have the public internet, which some people are just fine using. On the other hand, you have people that are highly concerned about their privacy. The people that want privacy now can use systems such as Tor, in which there is no certain way to track users. What will it take to get the privacy-minded people to start using a system that by default is anonymous but can still give authorities the ability to track them down? I think Mr. Guan is going to have a tough sell on his hands.

In order for a system such as THEMIS to work, there needs to be some incentive for the user using that service. Mr. Guan has said that THEMIS will be “incentive-compatible” but failed to shed any light on this component.

One area in which THEMIS may be more attractive to legal users is speed. Whereas Tor has levels of encryption at each proxy, THEMIS uses a different encryption scheme to speed up routing through proxies. If THEMIS can be shown to truly respect the privacy of its users while offering a notable performance bump in speed over Tor, THEMIS may not be such a long shot.

The Big Picture

Let’s say THEMIS takes off and people start using is at a replacement for Tor. I highly doubt any of the people using Tor for illegal activities are going to give up their cozy position of anonymity willingly. In short, there are no real ways to stop illegal activity going through anonymous browsing sites.

Below is a quote taken from an NSA presentation called “Tor Stinks” that sums up Tor’s current status nicely:

“We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user…on demand.” Emphasis added in the presentation.

References