Tor Project's struggle to keep the 'dark net' in the shadows
- Published
The BBC has interviewed Andrew Lewman, executive director of the Tor Project.
His US-based team creates software that lets people visit websites anonymously and access otherwise hidden parts of the internet.
An article based on the interview can be found here, which focuses on Mr Lewman's belief that cyberspies in the US and UK are leaking his team information, frustrating their colleagues' efforts to compromise Tor's special browser software.
The following is a transcript of his wider-ranging conversation with BBC News Online's technology desk editor, Leo Kelion.
How would you describe what the Tor Project is to someone unfamiliar with it?
This browser to access the Tor network - how would you describe what that is?
Do you have any idea of how many people are now using the Tor Browser?
How is that spaced out across the world - are there particular countries where it is more popular than others?
Bearing in mind the whole point of Tor is to protect anonymity, do you have any insight into the type of people using it?
After allegations made in the Edward Snowden leaks about the activities of NSA [US National Security Agency] and GCHQ [UK Government Communications Headquarters] cyberspies, there is concern among many members of the general public about surveillance on the net. Do you think we should all be using Tor now?
There's been a lot of reports about different groups wanting to overcome the anonymity that your provide. How big a threat to Tor is that?
A few years ago if we had talked about the dark net and Tor specifically, a lot of people would have been scratching their heads. Nowadays that has changed. Has being thrust into such prominence caused problems for the Tor Project?
But if you read about some of the reports and bounties being put up to overcome the protections you offer - is there concern that the project is a small group of people and there are huge amounts of effort being put against it?
If you look at the funding, an awful lot seems to be coming from the US government at the same time people in the NSA are reportedly trying to compromise the anonymity offered. How would you describe your links with the US government?
When you talk about the people who hate us, are you talking about people in the security world?
Bearing in mind you are part-funded by the US government, what opportunity do you have for pushback? To say you can't both fund us and be out to destroy us?
Do you think you can resist attacks on Tor indefinitely, or if they continue and are well funded will Tor inevitably break?
One of the other issues that you face is illegal activity on Tor. Buying and selling illegal drugs, paedophilic images and other illegal pornography, and a host of other unlawful activities. What are your concerns about Tor being used in that way?
But on a personal level. does it bother you that the work you are doing is being misused in this manner?
When the police come to your organisation for help, is it only advice that you can give or is there technical help you can provide?
Tor has become synonymous with the phrases dark net and dark web. Do those phrases bother you as they have meanings to people, and often they mean illegal or illicit activity?
But is it an unhelpful phrase? It seems to have stuck - or does it not bother you that much?
Bearing in mind how much is reported about the illegal drug sales, the illegal images, does Tor have an image problem?
There are alternatives to Tor - I2P, Freenet and others. Is your sense that some of the potential terrorists or other illegal activity has moved away from Tor because there is so much scrutiny of it?
We were recently expecting two researchers from Carnegie Mellon University [in Pittsburgh, Pennsylvania] to explain how they had compromised Tor's anonymity - but the talk was pulled. What's your thoughts on what went on?
Bearing in mind they haven't passed on those details still, to what extent does that leave Tor exposed?
With the growth of the popularity of Tor, you need more servers to keep the service running. Are you facing a problem because of the controversy associated with some of the activities that people get up to that universities aren't as willing as they would have been otherwise to provide the facilities to you?
But is there a danger you fall victim to your own success? More people end up wanting to use Tor than you can support?
Back to the issue of the security services. Presumably from the NSA's point of view it would want to monitor Tor to head off potential terrorist threats. How concerned are you that your software could be used to help terrorism?
You're saying there are people in the NSA and GCHQ who go behind their bosses' backs to give knowledge to you to fix potential flaws in Tor?
Are you 100% certain these people who are providing the information work for the security services, or is this a hunch?
How often would you say it is that you receive reports from someone you think must come from one of the security agencies?
Is it people who are undermining the work of their colleagues tasked with compromising Tor, and if that is the case why is this is going on?
Is there anything else you'd want to add that we have not covered already?
Some of the questions have been edited for the sake of clarity.
- Published22 August 2014
- Published30 July 2014
- Published4 July 2014
- Published28 July 2014
- Published5 August 2013
- Published2 October 2013