Tor Project claims spy leaks help maintain anonymity

A developer of the Tor browser for anonymous web surfing claims some spies are helping fix flaws exploited by state intelligence agencies

A leading developer of the open- source Tor browser for anonymous web surfing claims some UK and US spies are helping fix flaws exploited by state intelligence agencies.

GCHQ and NSA members regularly leak details of flaws found in the software to help users remain anonymous, says Andrew Lewman, executive director of the Tor Project, which maintains the code.

"There are plenty of people in both organisations who can anonymously leak data to us,” he told the BBC in an interview.

Internet users have increasingly sought ways to browse anonymously in the wake of revelations about spy agency internet surveillance by whistleblower Edward Snowden.

The Tor Project claims its browser has been downloaded 150 million times in the past year, and that it currently supports about 2.5 million users a day.

Tor is typically used by journalists, activists, whistleblowers, business professionals and security-conscious individuals. It is also used by the military, government and law enforcement personnel.

But those spy agencies are now targeting Tor to undermine its protections on the assumption that anyone wanting to be anonymous must have something to hide.

Tor users are advised to take further measures to protect their privacy because although the browser can hide traffic within the network using multiple hops and encrypted tunnels, the end points can be observed. 

Lewman said the Tor Project regularly receives anonymous tips about bugs and design issues that could be used to compromise the service, which he believes are from security agency sources.

The assumption is based on the fact that no one outside spy agencies is likely to have the time and expertise to examine the Tor code closely enough to find “super subtle bugs” that could be used to compromise it.

Lewman believes that while spy agencies are trying to break Tor, some people within these organisations are trying to preserve it, either because they rely on it or because they disagree with spying on UK and US citizens.

But despite the legitimate uses of Tor, the software has also been employed for various criminal activities, including illegal drug sales, malware hosting, money laundering and illegal pornography.

In the light of this fact, the Tor Project claims it co-operates with law enforcement to “help understand how Tor works” to aid investigations.

In October 2013, the UK’s newly launched National Crime Agency (NCA) said criminals could not hide on the hidden internet, but legitimate business users of the Tor browser were safe.

The NCA vowed to pursue criminal users of the hidden internet – known as the deep web or dark web after the arrest of four UK men in connection with the Silk Road illegal online drugs market.

Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit (NCCU), said the investigation will provide further insights into how criminals use the hidden internet.

He said Tor represents a challenge to law enforcement around the world, but with Silk Road, the NCA has proved it can infiltrate that environment.

However, Archibald said the NCA recognises the benefits of communicating anonymously online, and those engaging in legitimate business using Tor need not worry.

Read more on Privacy and data protection