When free-software communities unite for privacy
At DebConf25 in Brest, France, the talk "When Free Software Communities Unite: Tails, Tor, and the Fight for Privacy" was delivered by a man who introduced himself only as intrigeri. He delivered an overview of the Tor Project, its mission, and the projects under the umbrella. He also spoke about how the organization depends on Debian, and plans for the software it delivers.
It is entirely fitting that a talk on protecting user privacy and
anonymity would be given by a speaker who does not reveal their full
name in person or online. The Tor Project is a non-profit organization
with a global community of volunteers who work together to produce
"a lot of software
", intrigeri said.
![intrigeri [intrigeri]](https://static.lwn.net/images/2025/intrigeri-sm.png)
He did not cover all of the software produced by the organization, and when one says "Tor" some disambiguation is necessary. Tor may refer to several things. It could refer to the organization itself, or the Tor network, which is the overlay network that runs through Tor network relays operated by volunteers, using a technique known as onion routing. Internet traffic is routed through Tor relays to obfuscate a user's location and destination to deter network surveillance or traffic analysis from determining what a user is doing online.
It could also refer to the Tor software used to connect to the Tor network or the software to set up and run Tor relays.
The project also provides the Tor web browser and Tails, which is a Debian-based operating system meant to be run from a USB thumb drive. Intrigeri has been a Debian developer for many years and runs the Tor Project's Tails team. The project's GitLab instance hosts all of the software it provides.
The problem that Tor is trying to solve with all of this software is that internet service providers (ISPs), commercial interests, or governments are able to identify and track users' activity on the internet. Encryption alone is not enough, he said, to provide anonymity. It does not hide who is talking to whom or who is visiting a web site; encryption only masks the content of communications, not the participants.
Tor tries to provide ways for users to communicate and use the internet anonymously, without fear that they'll be spied upon. For some users—such as whistleblowers, victims of domestic abuse, and dissidents in oppressive countries—the preservation of anonymity is not only about protecting one's rights on principle, it is a matter of safety.
ISPs or government entities like the US National Security Agency (NSA) can
figure out who is visiting a site or which users are talking to one
another if those connections are made directly over the internet. Even
when communications are encrypted, a user's "social graph"
may be exposed via metadata. Here he displayed a slide that quoted
former NSA director Michael Hayden, who said: "We kill people based
on metadata.
"
In practice, people rarely care about anonymity, he said, so it is
necessary to position Tor appropriately for the audience. If he talks
to a private citizen, he says "I work on privacy software
". If
he is speaking to a business, on the other hand, he says that Tor
works on network security. When talking to governments, he describes
Tor as providing "traffic-analysis resistance
", and for
human-rights activists, "Tor provides reachability
". Here
intrigeri used the example of people in Iran or Russia trying to
communicate with people in other countries.
If Tor only worked for one of the use cases, such as user
anonymity, then "the other three would try to fight it
". By
addressing the interests of individuals, businesses, governments, and
human-rights activists, "all of these people who would not be
aligned, or would be adversaries, have some interest in working
together
".
Evil relays
Many people use commercial virtual private networks (VPNs), which
relay traffic through a remote server in an attempt to provide online
privacy. But there is the possibility, he mentioned, of an "evil
relay
"—such as a VPN provider that tracks users or provides
information to other parties. Even if the VPN provider is trustworthy,
he said, observers can use timing analysis to determine who is
connecting to what.
Tor solves this by using multiple relays. One relay knows who is
connecting, but "no single relay has all the information
" about
users and their connections. Even then, he said that using Tor at the
network level only hides a user's IP address; there is still
information in the network packets that can leak information the user
does not want leaked that can uniquely identify them. "As soon as
you're unique, you're traceable
." That is why the
Tor Project provides the Tor Browser, which is Firefox-based and
tries to ensure that it does not send information that can uniquely
identify a user by fingerprinting their browser.
Some users may think that is what Chrome's incognito mode or
Firefox's private browsing mode do; it is not. "That does not do
much, it leaves fewer traces on the hard drive, that's about it
",
he said. For the threat model Tor considers, "it does nothing at
all
". To emphasize the point, he put up a slide with a
cartoon mocking a Chrome user trying to use incognito mode to hide
their browsing habits.
Tails and Tor
Of course, some internet activities take place outside the web
browser. Users who need anonymity beyond web browsing can look to
Tails. Intrigeri said that Tails provides a digital-security
toolbox with safe defaults for working with sensitive documents and
more. He described it as "amnesia by default
" since Tails is
meant to be run from a USB stick and leave no traces on the system it
runs on.
Tails was first
announced in 2009 under the name Amnesia, but the project was not
part of the Tor organization until last September. The announcement
said that talks began between the two organizations in 2023 because
Tails had "outgrown its existing structure
". Intrigeri said
that the Tails team can now focus on improving Tails and leaves
fundraising and running the organization to the Tor Project. "I'm
glad. I was not very good at it
." Tails is now more sustainable
and able to focus on its core mission thanks to combining efforts.
He is happy with the merger, and not just because he has been able to leave fundraising behind. He said that being part of the Tor organization means that the collective is now better equipped to react to censorship and decide what piece of the software stack is best to help solve the problem. Some problems may be best solved with improvements to the Tor Browser, some with Tails, and some at the Tor network level. There are also better training and outreach opportunities now that the organizations have combined.
Thanks, Debian
He noted that speaking at DebConf was a natural fit for Tails and
Tor because the organization owes so much to Debian; in addition to
being the base distribution for Tails, Debian is the base for Tor's
infrastructure as well. Currently, Tor has more than 100 hosts running
Debian, and he wanted to say "thank you
".
Intrigeri also described Tails as a "gateway to free
software
". Many users of Tails have never used Linux before they
reach for the distribution; "before they were just using macOS or
Windows
". After experiencing Tails, he said, users may want
something similar for day-to-day usage when anonymity is not
required. It is not a one-way street, however. "A bunch of people
become contributors in free software through Tails
", and the Tails
project contributes back to Debian as well. For example, members of
the Tails team help to maintain AppArmor in Debian, as well as the puppetserver
package, and others.
What have you done for me lately?
Lately, Tor has been working on a number of new projects or enhancing
existing ones. He said that Tor has been focusing on a
"comprehensive approach to anonymity and privacy protections
",
which includes meeting users where they are. For example, many users'
primary method of connecting to the internet is via their phone, not
a desktop or laptop. In countries with heavy censorship, where the Tor
network itself is blocked, users can connect to relays via bridges,
which are Tor relays that are not listed in the Tor directory and use
obfuscation to make it hard to detect as a relay.
Until recently, though, connecting to a bridge on a mobile phone was difficult and cumbersome. In April, Tor announced the addition of Connection Assist for Android in Tor Browser 14.5. This feature made it possible for Android users to more easily connect to Tor bridges, something that had only been available on the desktop version of Tor Browser.
He also discussed some of the anti-censorship tools from the project that had been introduced or improved lately, including WebTunnel and Snowflake. WebTunnel, which was announced last March, mimics encrypted web traffic (HTTPS) to fool observers into thinking that a user is simply browsing the web. In reality, it acts as a secret bridge to the Tor network. Users visit the get bridges for Tor page, copy the bridge information, and then use that to configure the Tor Browser to use WebTunnel to hide the fact that they are using the Tor network.
Snowflake is another technology to help "give censorship the
slip
" where Tor is blocked. Users who cannot connect to Tor
ordinarily can use Snowflake to connect via WebRTC; to observers it appears as if
the user is simply making a video call. Users whose internet access is
uncensored use the Snowflake extension to act as a Tor relay, with the
inbound connection coming via WebRTC, allowing Snowflake users to
piggyback on their connection. Last year, Tor added a Snowflake
extension for Chrome browser users that allows users to share their
connection with other users; extensions were already available for Firefox
and Microsoft Edge.
The organization also spends a fair amount of time trying to optimize its services and evade not only censorship but attempts to infiltrate the networks. Intrigeri mentioned that one of the ways that users in Russia get information about Tor bridges is via Telegram and the Tor Project realized that there was an unusual amount of new accounts on Telegram requesting bridge information. The purpose of this was likely to find Tor bridges and block them. To prevent that, the project started to send new accounts to one set of bridges and direct older Telegram accounts to a different set.
After the talk I spoke with intrigeri briefly. He said that the project has to be conservative in its response to new tactics in the arms race between Tor and its opponents in order to keep an upper hand. If the project pushes out several new features or practices to thwart censorship before they are needed, its opponents can start trying to subvert them immediately. By waiting, the project can extend the lifetime of its defense.
On the financial front, intrigeri mentioned that the Tor Project had
worked to "align with a new set of funders globally
", with a mix
of funding coming from individual giving, international grants, and
"value-aligned companies
". There was a bit of applause in the
room when he added that the organization was now receiving 20% of its
funding from the US government; that was down from 50% at one
point. That meant that "the last ten months have been less
stressful for Tor than for other organizations
".
Keeping data safe
Even though Tails is designed to leave no data behind on
the computer it runs on, users still need to store documents and other
data. Tails is meant to be a "safe for sensitive material
", but
there is a challenge: an operating system that runs from a USB stick
is especially prone to data loss because USB sticks tend to
fail. Cheaper USB sticks, which are often all that is available to
lower-income users globally, fail faster. It is also not safe to
assume that users have substantial technical education or access to
backups.
That means that the project has been working on, and has outstanding goals for, additional safeguards of user data. For example, with the 6.0 release, Tails added error detection for reading and writing to USB sticks. The project also has documentation for data recovery. He said that there is work toward warning users about the dangers of unplugging the USB stick before shutting down Tails and a plan to add a better data-backup feature.
Like it or not, he said, "people use smartphones
", and they
use messaging apps on smartphones. The project has conducted
interviews with a variety of users—digital-security trainers
working with human-rights organizations, journalists investigating
state surveillance, environmental activists, and others—as a
result it realizes that there is a need to provide messaging
applications in Tails for communicating with people who only
use smartphones. "'Install this app so we can talk' is not ideal; a
stumbling block to have a conversation can be a problem
." There is
no one-size-fits-all solution, but Signal is the "top priority
"
application to support, as well as Wire and WhatsApp.
As he came to the end of his allotted time, he reminded the audience that its support matters and encouraged people to provide support in the form of running Snowflake proxies, Tor relays, monetary donations, and keeping Debian great.
During the question period, I asked whether the Tor Project
provided any legal resources to those who ran Tor proxies, since it
was possible that there is some legal risk in doing so. He said that
the real risk is in running an exit node—the one that connects
directly to whatever sites or resources that Tor users are connecting
to. It is possible to operate a Tor relay that is not an exit node, so
users concerned with legal risk can opt not to run an exit
node. In answer to the direct question, he said that Tor does not
provide any legal resources, but there are groups that "bring
people together and pool resources, including legal ones
", that
might be available to support Tor users and proxy operators.
As Q&A time wound up a plane passed overhead rather loudly. As
the noise subsided, he deadpanned that it was odd: "usually it's a
black helicopter
". It's hard to imagine a better exit line than
that for a talk on Tor and its assorted projects.
[Thanks to the Linux Foundation, LWN's travel sponsor, for funding my travel to Brest for DebConf25.]
Index entries for this article | |
---|---|
Conference | DebConf/2025 |
Posted Jul 23, 2025 21:40 UTC (Wed)
by david.a.wheeler (subscriber, #72896)
[Link]
All media fails eventually. Having backups is key to having data survive this inevitable failure.
Posted Aug 1, 2025 19:25 UTC (Fri)
by hcrs (guest, #178641)
[Link]
2) Some nodes doing outright malicious things, like
Then tor gets plenty of these - but not really bans offending sender or trying alternate sources. Seems this kind of activity not really monitored by project.
3) Clearly too many nodes on adjacent IPs. Some IP ranges look outright evil.
So tor is quite centralized in terms of relays management - but it seems it brings not much benefits since overall network management got screwed over time to point it IMO became quite scary to use. At least in normal ways.
Data backup
Tor nodes are quite poorly monitored it seems
1) Bunch of nodes clearly belong to adjacent subnets and used for en masse attacks similar to Sybil in spirit. Some even honestly (?) write things like "CozyBearDev" (RU gov-associated hackers) in node family. And obviously have many quite large IP blocks only few entities on globe could afford.
Jul XX XX:XX:XX.000 [warn] Detected possible compression bomb with input size = 18894 and output size = 604704
Jul XX XX:XX:XX.000 [warn] Possible compression bomb; abandoning stream.