(Photo by Christopher Wink)
Stop talking about the dark web, if only for Roger Dingledine’s sake.
He’s the ponytailed and prominent cofounder of the Tor Project, the nonprofit behind the eponymous widespread anonymous communications software. And, he adds, stop paying attention when someone uses that damn iceberg metaphor.
“Every time the media does a story about the dark web, they show the picture of the iceberg” to imply sinister elements make up most of web traffic hidden beneath the water line, Dingledine said. “Somebody needs to flip the darn iceberg.”
MIT-trained and “sometimes” based in the region, Dingledine says there’s really no practical use for the phrase “dark web.” The phrase is usually meant to describe some untraceable online black market (think the Silk Road), thanks to Tor-style software.
But, Dingledine says that, at any given time, no more than one to three percent of the Tor network load comes from so-called “hidden services,” those that use the public internet but require special software to access. It’s these hidden, or “onion,” services that have come to define for many in law enforcement the broader use of “onion services” that gave rise to the Tor Project, including its name (The Onion Router, get it?).
“But onion services basically don’t exist,” said Dingledine, speaking at the Philly Tech Week Dev Talks this month. “It’s nonsense that there are 99 other internets you can’t access.”
Still, some might push him: even if it’s a small part of its use, if the crimes are heinous enough (trafficking in drugs, child porn or worse), does it matter? There’s a cost for any great good, he said. His point: nefarious uses of Tor are far outnumbered by mundane ones — one million people monthly use Facebook over Tor in places like Iran. “They aren’t political dissidents,” he said. “They like pictures of their friends’ cats.”
Just about any use of the “dark web” phrase is really just a marketing ploy by cybersecurity firms and other opportunists, said Dingledine. They’re profiting on ignorance, he said. It’s nonsense.
But that’s not to say that The Tor Project is short of bold. There are roughly two million users globally, though Tor software is, by definition “traffic analysis resistant,” he said. Find Tor’s public metrics here. Dingledine and his Tor cohort are internet privacy pioneers. So his distaste for the “dark web” nomenclature matters.
"No one tries to break the crypt anymore. They want to follow your social graph to then find openings."
Now, to be clear, contrast “dark web” with the “deep web,” which does have a relatively agreed-upon definition: everything that Google can’t crawl. That includes Tor instances, but, of course, that also means anything behind a password, like your bank accounts and private messaging sites and plenty more.
The iceberg metaphor can make a bit more sense for the deep web. But that category is so big, no one is demonizing it. Instead, this is distracting from the real need to talk about a more secure web. Most of us are still too focused on encryption when instead a more decentralized Internet that allows for greater anonymity is more important, he argues.
“Anonymity isn’t encryption. Encryption just protects contents. The bad guy can still see who you’re talking to and when,” said Dingledine. “No one tries to break the crypt anymore. They want to follow your social graph to then find openings.”
The “they” can mean Russian hackers, Chinese intelligence, the FBI or a next generation of common thieves, he said.
“Whenever you log in, they know what your friends are,” said Dingledine. “Then they can monetize it.”
A quick, over-simplified reminder of how onion services work. The onion metaphor refers to the layers of messaging. Around the world, the Tor Project specifically is made up of maybe 8,000 “relays,” which are essentially servers (owned by individuals, universities, select organizations). Your data is sent through multiple relays, with, as Dingledine said, “end-to-end encryption and end-to-end authentication.” That’s the peer-to-peer part of the network, which allows for decentralization and, the thought is, takes power away from internet service providers. You can’t know who is talking to whom and what they’re saying.
All you need to run a relay is a Linux server and a modified text file from Tor. But it can get complicated. And Tor is in a marketing battle. Remember that The Tor Project actually came out of research from the U.S. Navy. In 2015, as much as 95 percent of its $2.7 million budget came from federal government grants, according to Politico.
That means Tor boosters have been trying to make a case for their importance beyond computer scientists. The Tor Project, as an experiment lab of computer science, gets safer with the diversity of its relays and the diversity of why people use the service.
“When I’m talking, I always use ‘anonymity’ for researchers. When I’m talking to my parents I use ‘privacy,’ he said. “It’s a good American value.”
Prompted by a question from this reporter, Dingledine notes you can visit the Tor website to donate.
Dingledine was the nonprofit’s interim executive director for a time, before Shari Steele, a former Electronic Frontier Foundation chief, was named. It was a chance for him to focus on what he does best, including talking to governments about the service. In person, he’s whip smart and can be effortlessly charming, in his own quirky way.
Today as many as 40 people are working actively on the Tor Project, 20 in either full-time or part-time roles, said Dingledine. The rest are contractors or split roles.
“We’re getting to the point where Tor would be fine if I get hit by a car,” he said, of the organization’s reliance of one of its longest champions. Dingledine is one-half of Philadelphia’s preeminent internet privacy power couple: he’s married to Rachel Greenstadt, a celebrated computer science professor at Drexel.
So what of the idea that The Tor Project empowers enemies of the state?
“The design is public. The source code is public. A privacy project is being transparent,” said Dingledine. “Privacy is about choice. We’re giving people the choice.”-30-
Hiring for cybersecurity is on the rise in Philadelphia: ‘There’s not an industry that’s immune’ from attacks
SAP just opened a cyber defense center at its Newtown Square HQ
On the Market: Cybersecurity and conscious capitalism are so hot right now
Penn is launching a 24-week cybersecurity bootcamp
Sign-up for daily news updates from Technical.ly Philadelphia