An interesting discussion appeared on #debian on OFTC regarding TOR. One person
was of the view that "many intelligence and other agencies are probably heavily
involved in tor". As the discussion continued (yes, I should have pointed out
it was OT for the channel...) it appeared that privicy and anonymity were
getting confused.
Now, I'm not a huge TOR fan (being an oper on OFTC), but I seriously doubt that
government agencies are 'heavily involved'. I was pointed at
an article to back this
claim up, but the article doesn't. Instead, it (and the original claim) raises
a couple of interesting issues.
Firstly, there is a difference between privacy and anonymity, although closely
related. Privacy allows you to keep information about yourself secret, and
anonymity allows you to keep you yourself secret. In the case linked, although
the people browsing were anonymous, and maintained privacy, this was broken
when they revealed information about themselves. Breaking this privacy broke
their anonymity. TOR doesn't even grantee complete anonymity:
Tor can't solve all anonymity problems. It focuses only on protecting the transport of data. You need to use protocol-specific support software if you don't want the sites you visit to see your identifying information. For example, you can use web proxies such as Privoxy while web browsing to block cookies and withhold information about your browser type. Also, to protect your anonymity, be smart. Don't provide your name or other revealing information in web forms.
[http://www.torproject.org/overview.html.en]
Used properly, TOR can be a very powerful tool to help, but certainly
isn't a silver bullet. It needs to be used properly to prevent your identity
being known (anonymity). However, without privacy, this is nothing.
Even without these safeguards, it would require significant
resources (and may not be possible) to reliably retrieve useful information
about one particular person. This leads to the
Greater Internet Fuckwad
Theory, which is the main issue I have with TOR, but that's a different post.
So, the question is: do you want privacy or anonymity when using the internet?
You need to know what you want before you use a tool, as nothing can beat user
education on how to keep your browsing details out of the 'wrong hands'.
