Achieving Sender Anonymity in Tor against the Global ... - MDPI
Tor, anonymity and countercontrol in the log in era
Transcript of Tor, anonymity and countercontrol in the log in era
!
Tor, anonymity and countercontrol in the log in era
!
New Media Theories Research Essay
Roberto Pizzato ID 19971084
Academic Year 2014/2015 9 January 2015
Summary
Introduction 3
Power and Control before the Internet 6
Control as Modulation 7
Control-freedom and Paranoia on the Internet 8
Control and Sovereignty in the Network Society 9
Protocol, the language of networks 11
Power and Resistance 12
Counterprotocol and Exploits 13
Countercontrol 14
The Tor Project 15
History and Sponsors of The Onion Router 16
Usability of Tor 17
Tor Users 19
Conclusion 20
Bibliography 22 ! 2
Introduction Online anonymity is a topic which hints the will to avoid different forms of surveillance and
control, but it has not always been considered as such.
In the mid 1990s users witnessed an Internet that looked very different from the one they surf
nowadays. Their first online experiences tasted of freedom and anonymity: as for other media, such
as TV and radio, the only action required to be able to access Internet content was switching a
device on. Unconsciously, they considered the Internet a medium that could be used anonymously,
an environment in which a certain degree of anarchy was suggested by an illusory absence of
control. Nonetheless, users’ Internet Protocol addresses have provided information on each Internet
connection since before the use of Web Cookies in ‘the log in era’.
Users’ identification has significantly improved since then, in particular in the last decade.
This process has been enhanced by companies such as Google and Facebook among others, due to a
business model centred on the usage and sharing of users’ data. This identification has empowered
not only the Internet corporations, but also users themselves. Nowadays, just typing someone’s
name on a search bar something about that person is likely to be found. Personal information such
photos, job experience and interests have become largely available to corporation as well as simple
users.
Internet users have a name, a surname and a history: searches, place visited, products bought, etc –
that is an online identity linked to their online behaviour. Tracking cookies keep them logged in,
smartphones require to create a personal account and to be logged in order to be used. The exchange
between users and corporation consists in agreeing to the terms of service for the former – which
allow these corporations to deploy data – and to provide services and products for the latter. In
everyday life this practice has become so common that has blurred users’ awareness of how they
have turn out to be controlled.
Moreover, since 9/11 intelligence agencies – the US National Security Agency in particular
– have designed infrastructures of online surveillance strictly connected to the data espionage of the
above-quoted Internet based corporations storage. This effort has been made easier by the politics
of Internet corporations that has encouraged the users to share data on Social Networking Sites and
to be always connected in order to make the best use of their services. Profiling users is the core
business of these companies, as they constantly strive for providing data for the most accurate
targeted advertising possible. That is, private business and countries’ safety purposes have led to the
! 3
most sophisticated form of pervasive control ever developed. Hence, surveillance and control
deploy marketing and targeted advertising techniques, while the boundaries of privacy are
continuously redefined through the agreement to terms of service which keep on being revised.
In 2013, the use, or better the abuse, of surveillance and control technologies by US and UK
intelligence agencies was unveiled by Edward Snowden, a former NSA contractor. Previously
employed as system administrator at the Central Intelligence Agency and at the Defence
Intelligence Agency, when he leaked top secret documents about PRISM – the clandestine US
National Security Agency mass surveillance program – he was working for the consulting firm
Booz Allen Hamilton inside the NSA centre in Hawaii. After two newspapers reported the leak – i.e.
The Guardian and The Washington Post – the topic of surveillance and control went mainstream.
The scandal had two fundamental consequences: one legal, the other psychological, both of
them associated to the concept of privacy. The first was the lawsuit filed against the NSA by the
American Civil Liberties Union on 10 June 2013, and immediately joined by the Yale Law School
(Yale Law School), which actually was only the one of the three litigations that aim to prove how
this form of surveillance violated the American Constitution. But it is the second consequence the
most relevant for this paper: a widespread paranoia related to the power of these techniques of
surveillance, the idea that even confidential users’ data stored by companies such as Hotmail,
Google, Yahoo and Facebook were constantly spied.
The tension between the empowerment enabled by these corporations – in terms of connectivity,
services and tools – and these systems of surveillance has increased proportionally to the users’
awareness of ‘being spied’. Thus, a projects which allows anonymity and circumvention of Internet
control has become more familiar to the masses – i.e. the free software and open network Tor.
In 2013 in fact, the number of hits to its download page has quadrupled reaching 139 million
(Business Week). This is what makes Tor an interesting case study for this research: it embodies the
desire of being online and anonymous at the same time. It represents the friction between control
and what I will define as ‘countercontrol’.
The focus of this paper is the dynamic that regulates the relationship between control and
forms of resistance within networks, in terms of protocol and users’ behaviours. This tension cannot
be ignored, it must be addressed, by the agencies responsible for the espionage, by the companies
which collect and manage our data, and last but not least, by the users.
The aim of this paper is to locate Tor as a form of resistance within the theories of power and
control. Moreover, the study of networks in what I called the ‘log in era’ can be combined with an ! 4
investigation of the topic based on software studies, and provides a framework in which control is
exerted on users’ countercontrol. Finally, the notion of countercontrol could be explained through a
shift to behaviourism.
To sum up, what is of interest here is not an ethical critique of the use of anonymity tools as
such, but rather the analysis of the dynamic that led to its creation, to its development and how it
has finally become mainstream. The aim of this paper is an attempt to answer the following
questions: how could Tor be related to theories of power and control? To what extent may Tor be
consider a form of resistance? How could we define online anonymity in the ‘log in era’?
! 5
!Image 1: One of the most popular log in pages in the world: Facebook log in page showing the claim “Heading out? Stay connected”.
!Image 2: The Download Tor button on the Tor Project homepage showing the claim “Protect your privacy. Defend yourself against network surveillance and traffic analysis.
! 6
Power and Control before the Internet
In order to define control it is necessary to introduce another fundamental concept strictly
intertwined with this: that is the notion of power. One of the most relevant contributions to this
topic is the work of the French philosopher Michel Foucault, who focused on the modes of
objectification which convert human beings into subjects (Foucault, 777). In particular, he studied
the dynamic that has led people to turn themselves into subjects, so that speaking about power is
speaking about subjects.
In 1982, a decade before the commercialisation of the Internet, Foucault wrote The Subject and
Power, which is a milestone of the major discourses elaborated by different scholars in the
following years. He suggested “to go towards a new economy of power relation” which “consists of
taking the forms of resistance against different forms of power as a starting point”, in other words
this relation can be analysed through the antagonism of the contrasting strategies used by these two
forces (780). This approach encourages to investigate the point of application and the methods used
as antithesis of power. Thus, when exploring these forms of resistance and the power relations they
imply, researchers should focus on the struggles for dissociate the above-quoted relations.
Moreover, Foucault delineated a precise profile of these anti-authority struggles: they are
‘transversal’ – not related to a particular country or form of government, they fight power effects
per se, they look for the ‘immediate enemy’ instead of a definitive solution, they are against the
“government of the individualisation”, they question the “way in which knowledge circulates and
functions” and finally they pose the ontological question “Who are we?” (781). To put it simple, the
anti-authority struggles described in the Subject and Power found their enemy in a “technique, a
form of power” (ibid). If we were to find a relation with the status quo, Tor could be considered one
of these struggles.
However this speculation was about a declining form of society organisation – defined by Gilles
Deleuze as Disciplinary Society – which he differentiated from the new ‘Societies of Control’.
Nonetheless, to some extent, the Foucauldian perspective is still extant and applicable to the current
way of life characterised by the widespread use of the Internet. In fact, when reading the quote
below, its relevance emerges in relation to what I called the ‘log in era’, a time in which the
exploitation of users’ data by the marketers and the control technologies used by intelligence
agencies have turn users into subjects.
! 7
This form of power applies itself to immediate everyday life which categorizes the individual, marks
him by his own individuality, attaches him to his own identity, imposes a law of truth on him which
he must recognize and which others have to recognize in him. It is a form of power which makes
individuals subjects. There are two meanings of the word "subject": subject to someone else by
control and dependence; and tied to his own identity by a conscience or self-knowledge. Both
meanings suggest a form of power which subjugates and makes subject to. (781)
To sum up, from the Foucauldian perspective subjectivation and resistance are two crucial concepts
related to the definition of power.
Additionally, Foucault stressed that power is characterised by its capacity to be exerted through
relations between individuals or groups (786) and it becomes explicit only when it is exercised.
Thus, there is no universal power, because it “exists only when is put into action”. Actions are in
fact the real expression of power, which could be finally define as an agency that “acts upon
action”. Eventually, this dynamic can effect present and future actions (789) in an environment
marked by a fundamental element: freedom (790). If subjects are not free, power can’t be exerted,
that is power and freedom “are mutually exclusive”, even if they cannot be separated, they never
confront each other face-to-face (Ibid). For what concerns the Western countries, supposedly
considered free, Internet users are hence free and controlled, and subjects of power as well.
Control as Modulation
Foucault focused on institutions as apparatuses of power, but as suggested by Deleuze, they have
been replace by corporations in what he named the ‘Societies of Control’. In fact, if the notion of
power is well explain by the former, a in-depth speculation of control was made by the latter. The
shift to Deleuze is important in order to address Foucault’s power strategy, or “the totality of the
means put into operation to implement power effectively or to maintain it” (Foucault, 793), that is
control. The crisis that hit the ‘Disciplinary Society’ led to the instability of this model, as well as its
modes of control and enclosure, so that this crisis needed to be confronted and addressed through
new techniques.
Deleuze’s Postscript on the Societies of Control was published in 1992, ten years after The
Subject and Power. It was precisely in the 1990s that the Internet was launched as a product for to
the masses; at the same time, a process of replacement took place. Power, and hence control, was ! 8
not a prerogative of institutions anymore, corporations would exert it (Chun, 25). This change
reflected also on the modes of control, that would become ‘modulation’, “like a self-deforming cast
that will continuously change from one moment to the other (Deleuze, 4). On one hand Deleuze’s
definition of corporation as gas or spirit (ibid) may be vague, on the other hand it is appropriate for
its capacity to express the pervasive and somehow ‘immaterial’ character of the Web.
Surely, what it is remarkable about this perspective is the predominant role of corporations
in people’s everyday life and the introduction of another fundamental element: the code. According
to Deleuze, “the code is a password” (5). Thus, it is reasonable to affirm that the password is the
essence of the ‘log in era’, a time rule by the Internet corporations, which have built their fortune
and power on the control exerted through the password, the only way to access their services.
The numerical language of control is made of codes that mark access to information, or reject it.
We no longer find ourselves dealing with the mass/individual pair. Individuals have become
“dividuals”, and masses sample, data, markets, or “banks”. (Deleuze, 5)
This words reflect the time we are living, in fact the ‘Societies of control’ – differently from the
previous ‘disciplinary societies’ – are characterised by the use of computers instead of the machines
previously deployed, a technological shift that would change the economical system from a
capitalism of production to a capitalism of higher-order production (ibid). This definition is just
appropriate enough to describe the current status of the (new) global economy, in which what it is
sold are not only commodities, but also users’ data as commodities. Given that “marketing has
become the center or the ‘soul’ of the corporation”(6), what he called the ‘corporate system’ (7) has
taken advantage of the digital technologies and imposed its power over the previous system.
Obviously the Web has had a predominant role in this process.
Nonetheless, the Foucauldian perspective is not antithetical to the one suggested by
Deleuze, but it is a necessary development due to the vital characteristic of power to maintain itself.
In fact, the new forms control do not exclude that the old methods would eventually come back,
modified in order to be applied by the ‘corporate system’ (7). Postscript on the Societies of Control
concludes posing a question, how – or whether – will struggles against power evolve in new forms
of resistance “capable of threatening the joys of marketing” (ibid)? That is how will be resistance
exercised in the ‘corporate system’?
! 9
Control-freedom and Paranoia on the Internet
According to Wendy Chun, “power now operates through the coupling of freedom and
control” (Chun, 1), a practice well explained also by Foucault. In fact, in Control and Freedom:
Power and Paranoia in the Age of Fiber Optics she used the terms ‘Control-freedom’ as a reaction
to the “privatisation of networks, public services and spaces”. On one hand, the Internet was sold as
a technology capable of blowing the mass media monopoly through the free flow of information – it
was perceived by the users as a tool enabling anonymous communication and a means of
empowering. On the other hand it has allowed an unprecedented form of pervasive control through
Internet cookies (2). If Chun’s paper focused on ‘jacked in’ objects such as laptop and personal
computer, now the control has become even more total and ubiquitous due to the widespread use of
smartphones and tablets connected to the Internet through 3G connections. Since Internet cookies
have been used, the flow of online information provides users’ Internet Protocol address, type and
language of the used browser, and user domain. Thus, the World Wide Web has never been
anonymous, in fact users’ online activities have always been traced, that is controlled. Users’
privacy per se has always been an illusion (15), suggested by the ideology supported by software
companies (19).
If you believe that your communications are private, it is because software corporations, as they
relentlessly code and circulate you, tell you are behind, and not in front of, the window. (21)
That is, the question whether the Internet is a tool of freedom or control is a false dichotomy.
As stated by McLuhan “the ‘content’ of any medium is always another medium” (McLuhan, 203),
so that the capacity of the Web to incorporate all the other media formats has made the Internet the
new mass medium.
The software as ideology is a characteristic that emerged after the shift to the ‘corporate
society’, it appeared as an effect of the introduction of the Internet as a new mass medium. The
political decision of the US government to “privatize the backbone” of what until 1994 was a
“military and research network” (25), effected society also from a socio-economical perspective,
and transformed the Web in a global marketplace. The crisis of the ‘disciplinary society’ was faced
through this shift, that had as a consequence the commodification of users’ data. Thus, technology
was used as solution to political problems (25).
! 10
Finally, differently from Foucault, who described power as such only when exerted, Chun
focused on the failures of the control systems and argued that the Foucauldian perspective
overestimated power not mentioning its possibility to fail. However, it can be said the NSA scandal
has emerged not because the technological part of system failed, but because the ‘human part’ of it
leaked top secret information.
Control and Sovereignty in the Network Society
Chun’s definition of the two layers of all new media objects – the cultural and the computer (Chun,
18) – is remarkable for this paper, but it is Galloway and Tacker’s perspective the most remarkable
when analysing networks and control.
Their critique is about the “power relationship between sovereignty and networks” (Galloway &
Thacker, 1). The Exploit was published in 2007, one year after Power and Paranoia in the Age of
Fiber Optics, and starts with an approach to control based on a political point of view. Galloway
and Thacker’s first off is a preliminary division into different positions about politics: one arguing
that “everything has changed after the fall of the Soviet Union and the attack to the Twin Towers,
the other supporting the thesis that the new millennial era is simply ‘more of the same” (2). The first
position suggests the ‘American exceptionalism’, due to the US superpower, was increase in the
period following September 11, 2001. The United States had to opt out from multilateral treaties in
order to preserve its predominant economic and political position, and to be safe. The centrality of
the US in researching, developing and launching new information technologies is evident when
looking at the history of project as Cybernetics, ARPANET and the anonymity software Tor, which
will be discussed hereinafter. Moreover, most of the biggest Internet corporations were born and are
currently based within the American borders – i.e. Google, Facebook, Amazon, Yahoo!, eBay,
Twitter, etc.
Arguing that the US represent an exception on the international scale has a political meaning:
according to Galloway and Thacker, the process of globalisation has mutated “from a system of
control housed in a relatively small number of power hubs to a system of control infused into the
material fabric of distributed networks” (3). Even though the American sovereignty seems to
suggest the opposite, “everything is everywhere” (4), that is that the American superpower is a
juncture between sovereignty and networks (5). The friction created by this apparent contradiction
unveils a fundamental characteristic of control applied to networks.
! 11
[...] there is no greater lesson about networks than the lesson about control: networks, by their mere
existence, are not liberating; they exercise novel forms of control that operate at a level that is
anonymous and nonhuman, which is to say material. (Galloway & Thacker, 5)
Thus, for Deleuze control is immaterial because it does not use force and enclosure, but it is
material from the above-quoted perspective; what it is interesting is that the two concepts are not
contradictory. As the two scholars stated “networks are a medium of contemporary power” (ibid)
above which no subject nor groups may exercise an absolute control.
The stress on politics is crucial to take on the topic of network control, because networks “act
politically” (15). Since the World War II the American supremacy has been shown through its
military apparatus and its technological development has been related to the US warfare. But since
these technologies have entered the global market, such as the Internet did through the privatisation
of its structure, the US enemies could use the same tool to fight the American power back. In fact
Galloway and Thacker underlined that “without connectivity terrorism would not exist in its current
form”, which is a terrorist network (16). In a certain sense this process has been enhanced by the
West, which “at least created the possibility for terrorism to emerge” (ibid). What the above-
mentioned scholar stated is that “the most highly standardised and controlled technology in history”
(18) had to be fight on the same ground, that is only networks can fight networks.
Thus, given the additive and non exclusive nature of networked power – the politics of Internet
corporations are a crystal clear example of that – it can be said that power has two qualities: it
implies resistance and it hints inequality in terms of power differentials in its inner structure (18).
These differentials infer a hierarchy within networks, that is that control is networked and
distributed, but hierarchical at the same time. Distributed through the global market ruled by US
based Internet corporations and hierarchical because of the American superpower. This is what it
can be defined as ‘sovereignty-in-networks’ (20).
In the ‘log in era’, users’ are encouraged to stay always connected, in order to use the social
networking sites, applications and other services provided by the Internet corporations. The
ubiquity of the Internet connection enabled by portable digital devices have rendered networks so
crucial to our lives that we do not question them anymore.
Nonetheless, reasoning on the term ‘users’ we can unveil an addiction: users are addicted to the
networks. As Chun stated “the term user, resonating with ‘drug user,’ discloses every programmer’s
dream: to create an addictive product” (Chun, 21). ! 12
Protocol, the language of networks
Given that networks are the framework of users’ life, the historical and cultural approach represent
only the first stage in the process of locating them theoretically. It is fundamental to analyse the
language of the networks as well, the rules and standards which make the flow of information
possible within networks. According to Galloway and Thacker “the concept of protocol refers to all
the technoscientific rules and standards that govern networks”, they are “rooted in the laws of
nature, yet they sculpt the spheres of the social and the cultural” (28). Then, the authors underline
the similarity between networks in biological and computer networks, to some extent as
Cybernetics, information theory and systems theory have pinpointed a trait d’union between
biology and informatics. More precisely, in biological and computer networks the flow of
information is direct by protocol (55), if the DNA carries information in the former, TCP/IP, FTP
and HTTP are the carrier of information in the Internet. If protocol is what enables communication
within networks, thus networks can be defined as protocological networks. Then, in order to
describe the characteristics of protocol, Galloway and Thacker state that:
Protocol is twofold; it is both an apparatus that facilitates networks and a logic that govern how
thing are done within that apparatus. (29)
Networks are made possible and governed through protocological control, a concept that is
dynamic and ‘metastable’ (30). Additionally, the graph theory provides a definition of networks
based on three main characteristics: they are made by nodes and edges – or dots and lines – and
they imply connectivity and topology. They are characterised by ‘metastability’ and they are
“multinode, multiedge configurations” (33).
To sum up, looking back to Deleuze’s idea of control as modulation, it can be argued that
control is “what enables a relation to a device, a situation, or a group” (35). That is to say control is
enabled through protocol.
Moreover, what problematises control is its duplicity: there’s control “from within the network and
from without the network”; to be effective it should not pervade, but rather operate over networks
(36). This tension between a control which stands “at once within and above” networks suggests
that the sovereignty still matters (39).
When trying to apply this perspective to the Web 2.0 and its transition to the what Tim
Berners-Lee called Web 3.0, Deleuze becomes central again. Users, individuals that have become ! 13
‘dividuals’ (Deleuze, 5), may be allowed or not to access information through the use of code, or
passwords. Once they logged in, they have become data, patterns, commodities. Users are
encouraged to stay always connected by the empowerment, the social acceptance and the services
they can get, so they accept the deal. Thus, I am skeptical about Galloway and Thacker’s idea of
control as something which aims “to make itself relevant” (41). It could be considered paradoxical,
but control is perceived when something goes wrong, not when it hides in everyday life. In the
control societies information cannot be considered immaterial, and of course information is the
substance of protocol (57). Nonetheless, if we think about the Edward Snowden’s revelations and
the following growth in terms of hits to Tor download page, it can be argued that it was a particular
event – a leak in the system – which lead to users’ concerns about privacy and control. So that
information is material, it is pictures, thoughts, files we share on the Internet and “makes protocol
matters” (57) only when control seems to represent a threat, that is when it becomes surveillance.
Power and Resistance
The Foucauldian concept of biopolitics could be described as the “strategic integration of biology
and informatics” in order to develop techniques which allow organisation and control of population
(Galloway & Thacker, 72). The notion of biopolitics derives from the idea of biopower, that is the
technology of power which enables control on populations. Control is made effective through the
production and analysis of data (73), a process which has clearly improved in the ‘log in era’, a time
in which big data are largely available among different fields. These data are collected and
exploited by private companies and governmental agencies, while the former use them to make
profit, the latter justify their use by security goals (74). Statistics and demographic are deployed to
establish patterns, averages and norms which enable the optimisation of control for both of the
above-quoted purposes (76).
Security matters because biopolitics has made “the concern for security immanent to social life
while also creating networks of all types (social, economic, biological, technological,
political)” (ibid). Security implies a threat, something which could sabotage control, that is
resistance.
What is the target of resistance? Control, applied to networks through protocol, aims at maintaining
itself and finds its enemies in the forces which try to resist. Thus, the target of resistance is protocol
(78). According to Galloway and Thacker networks are real-time, dynamic, experiential living
! 14
networks”, resistance is thus living, or life-resistance. Given that biopower has life as its object, also
resistance has life as its object, hence we can define life as the capacity of resist force (79).
Power always implies resistance. In relationships of force there are always vector movements going
toward and against. This is what Hardt and Negri call “being - against.” It is the vast potential of
human life to counter forces of exploitation. (78)
Counterprotocol and Exploits
Within protocological networks power does not shift from one place to another, instead power
differentials are exploited in order to produce political acts (Galloway and Thacker, 81). Hence, on
the Internet one is more likely to use the existing structure and its pits in lieu of drawing on an
alternative models.
Protocological struggles do not center around changing existent technologies but instead involve
discovering holes in existent technologies and projecting potential change through those holes.
Hackers call these holes “exploits. (ibid)
From Foucault to Deleuze, the relation between these struggles and power is central when analysing
the dynamic which governs control. Thus, if resistance targets protocol, it express itself through
counterprotocol, or the exploitation of protocol exerted to resist. Examples of counterprotocol could
be computer viruses (88), or as in this paper, technologies which enable anonymity such as Tor.
However, in computer networks a virus could not exist without computer, but computers do not
need viruses to exists.
Finally, on one hand it can be said that the dynamic nature of networks underlays the need of these
holes as means of improvement: the fragility and the strength of the informatic networks lays on
their capacity to deal with failures which can be exploited. On the other hand, counterprotocological
practices can benefit from the homogeneity of networks and exploit them for their purposes (99).
Countercontrol
Countercontrol is a term borrowed from behaviourism and introduced by the American psychologist
Burrhus Frederic Skinner. As stated by the American professor Dennis J Delprato, “the concept of
! 15
countercontrol derives from the fundamental behaviour-analytic position that behaviour is always
controlled or caused” (Delprato, 191). In his book Science and Human Behavior, Skinner focused
on the control of human behaviour and its resistance, that he named ‘countercontrol'. He
individuated different forms of controlling agencies in the field of psychotherapy, as well as in
different spheres of social life such as a economics, religion, government and law and education.
An understanding of Skinner’s position on control could be grasped from a well-known quote taken
from an interview:
[...] it is a mistake to suppose that the whole issue is how to free man. The issue is to improve the
way in which he is controlled” (Skinner, I have been misunderstood)
Thus, control could benefit human beings even more the freedom. According to Foucault if subjects
are not free, power can’t be exerted. Moreover, as argued by Skinner behaviors are determined in
noncoercive ways by societal controlling agencies. If we combine this perspectives with Galloway
and Thacker’s idea of “a system of control infused into the material fabric of distributed networks
(Galloway &Thacker, 3), we will end up to Skinner idea of control as practice which becomes more
as effective as human behaviour is further analized (Skinner, 438).
According to Gerald C. Davidson, when a person is led to think that is free and then that
freedom is threatened, she is likely to arouse what psychologists call ‘reactance’ (Davidson, 155).
From a behaviourist perspective, this could explain why Tor went mainstream after the NSA
scandal.
Galloway and Thacker stated that control is exerted above and within networks; surely it is
strictly intertwined with the use of Internet. Thus, given that in the ‘corporate system’ control has
passed in the hands of private corporations, Skinner’s assumption that “government which governs
least is relatively free from the dangers of misuse of power” (Skinner, 439) could give an
understanding of the status quo. Moreover, the American psychologist stated that “in economics a
similar philosophy defends the normal stabilising processes of a ‘free’ economy against all forms of
regulation” (ibid). Hence the stress on the ‘free economy’ may highlight a correlation between this
perspective and the current (free) global market.
Finally, it is through the diversification of control that a new culture can be safety designed
in a flexible way (Skinner, 441). That is that through the shift from the declining ‘disciplinary
society’ to the ‘society of control’, a new culture has been designed through the spreading ! 16
privatisation of the Internet. Networks provide a dynamic environment in which control can be
distributed horizontally while imposed from above (Galloway and Thacker, 39) and allow
governments to “prevent any sort of control through the use of force” (Skinner, 442).
The Tor Project The Tor is a free software and open network, relevant to this research because of three reasons: it is
an example of resistance within a computer network such as the Internet, it is a clear case of a
counterprotocological network and it represents a form of countercontrol with which techniques of
control have to deal. Given the theoretical background in which Tor could be positioned, I would
like to introduce the origins of this anonymity project, how it functions and who are Tor users.
As I had explained, recently Tor has recently increased its popularity, hereinafter I will provide two
examples of its spreading.
On 10 November 2014 the Mozilla Foundation announced the launch of Polaris, a new
online privacy initiative developed in partnership with the Tor Project and the Center for
Democracy & Technology. According to an online survey conducted by Harris Poll on behalf of
Mozilla in October 2014, 74% of more than 7,000 online adults aged between 18 and 64 years old
said that “their personal information on the Web is less private today than it was one year
ago” (Mozilla Blog).
On 31 October 2014, even Facebook had opened its platform to Tor users and “unveiled its
hidden service” through a link accessible only via Tor-enabled broser: https://
facebookcorewwwi.onion/ (Tor Project Blog). To be precise, it was already possible to access
Facebook through Tor, but the access could have been mistaken for a hacked account or a botnet
(The Guardian online, ‘Facebook opens up to anonymous Tor user with .onion address’), and
cryptographic protection was not assured. Obviously users cannot be anonymized if they used their
profile name, but through Tor now they can avoid localization – so that they can access the social
network from countries in which the social network is blocked – and hide browsing habits
remaining within the Tor network (BBC online).
Facebook goal is to extend its network in order to gain more users, no matter how: a clear
case of the additive and non exclusive nature of networked power (Galloway & Thacker, 18).
However, if users access through Tor it does not mean that they are not identified. Security is then
! 17
provided for the users who could not have accessed the social network, while concerns regarding
privacy, surveillance and control are still on the ground, due to the log in process. Nonetheless, the
second most used website in the world (Alexa) and one of the biggest Internet corporations has
publicly dealt with Tor (Facebook).
History and Sponsors of The Onion Router
The onion routing was conceived by Paul Syverson, Michael Reed and David Goldschlag in 1995.
At that time the U.S. Naval Research Laboratory designed a technology that would protect online
government communications from traceability. In 1997, the Defense Advanced Research Projects
Agency (DARPA) funded the project as part of the High Confidence Networks Program. Since
Roger Dingledine and Nick Mathewson were asked to be part of the project in 2002, the team
working on the Onion Router changed. Two years afterwards, the “Second-Generation Onion
Router” was presented at the 13th UNESIX Security Symposium and released under free license by
the Naval Research Laboratory. The team grew in December 2006, when Dingledine, Mathewson
and five others founded the nonprofit organization which maintains Tor nowadays (Onion Routing,
Syverson, Tor Project).
Thus, the inception of Tor can be traced back to the US military system and the project has
developed into a nonprofit NGO in about a decade. But what it is even more remarkable is that
among its sponsors a large variety of actors have been active in the last 20 years: from the US
Department of State to Google, from an “An anonymous North American Internet Service
Provider” to more than 4000 donations made by personal users (Tor Project, ‘Sponsors’). Moreover,
the Naval Research Laboratory has appeared among the sponsors till 2010, while a branch of the
US government as the “Department of State Bureau of Democracy, Human Rights, and Labor” has
sponsored Tor since 2013, the year in which the NSA scandal emerged (ibid). Paradoxically, Tor
was funded by a US governmental department and the target of a US intelligence agency – i.e. NSA
– at the same time (Tor Blog).
Usability of Tor
The basic concept is to avoid “the transport medium from knowing who is communicating with
whom” so that “the network knows only that communication is taking place” (Onion Routing). In
! 18
other words, Tor keeps the content of the communication “hidden from eavesdroppers up to the
point where the traffic leaves the OR network” (ibid).
Within the Tor network a user can achieve anonymity mixing her internet traffic with other
users’ traffic, that is that the sender of information cannot be distinguished from the set of other
users (Clark, Van Oorschot, Adam). More specifically, anonymity within the Tor network means
controlling and preventing “the dissemination of a user’s IP address” (ibid). Through the use of mix
proxy servers – tools which intermediate requests from client and direct them to other servers after
the connection has been segmented – users’ data cannot be monitored and stored by Internet Service
Providers. By default, Tor routes Internet traffic via these mix proxies, which encrypt the
information layering it; this is the reason why this method is called onion routing (ibid).
However, it can be said that “the sender is only anonymous within a crowd” and her safety is
dependant to the reliability of the members of the Tor network: if errors are committed, users can
be traced (ibid).
As written in the about section of the Tor Project website, “as Tor's usability increases, it will attract
more users, which will increase the possible sources and destinations of each communication, thus
increasing security for everyone.” (Tor Project).
Finally, an analysis of the language and documentation on Tor website underlines that its users
should be familiar with the jargon used (Clark, Van Oorschot, Adam). Although Tor has become a
popular privacy tool which enables online anonymity, its functionality are not always satisfactory in
terms of usability and configuration (ibid).
Nowadays, even ‘privacy-aware’ users are living hard times due to the so called ‘browser
fingerprinting’ (Broenink). One of the best known way of tracking users is through tracking
cookies, a technique which enables users traceability through the information sent by Internet
browsers. As previously explained, users can be tracked for different purposes, the ones relevant for
this research are essentially two: tracking for security reason – i.e. surveillance by the intelligence
agencies – and tracking for commercial reason, such as providing target advertising.
Some users might deploy ‘incognito’ browser in order to hide the traces of their activities, but this
does not prevent fingerprinting (ibid). Additionally, when a user tries to hide her fingerprints in an
unexperienced way, it might incurred in the Fingerprintint Paradox. In other words a user could
distinguish from the crowd because the technique used is not widespread enough (ibid). That is not
to say that Tor is not secure, in fact it is the only widespread technology that actually try to prevent
! 19
online fingerprinting (ibid). This anonymising tool needs a network made by a large number of
people in order to enable a higher degree of anonymity.
However, in October 2013, The Guardian reported top-secret NSA documents which show how the
intelligence agency considered Tor “very secure” and “very widely used worldwide” (The Guardian
online).
! Image 3: The screenshot of the successfull configuration of Tor for iOS.
Tor Users
Tor can be used for a variety of people seeking anonymity for different reasons. Its target is people
that do not want to be spied, tracked, commodified, censored; users that want to be safe and keep
their content confidential.
According to the Tor website, the free software and anonymity network is used by normal people
who want to protect their privacy from marketers, identity thieves and irresponsible corporations.
Parents can protect their children from being localize, researchers can study sensitive topics without
being stopped by firewalls, users can browse blurring their fingerprint and making ‘red flagging’
more difficult, and again they can circunvent censorhip.
! 20
Moreover, military usage of Tor is still central, after all it was actually designed for this purpose, as
well as it was the project by DARPA which has developed into Internet. In the military field the
main use is protecting from localization and enemy’s surveillance.
Interesting enough is that Tor it is used for hiding surveillance and by “law enforcement officers” at
the same time.
Activists, whistleblowers, journalists and bloggers may use Tor to achieve information, protect their
identity and once again, to circumvent censorship.
Finally, IT and business professionals can use Tor, the former to test control systems without
revealing violation, the latter in order to keep strategies confidential and to make competitors’
analysis (Tor Project, Inception).
! Image 4: ‘Who uses Tor?’ benner on Tor
Project homepage.
! 21
Conclusion Control is a fundamental topic when approaching network societies, it is a vital characteristic of
biological and computer systems, moreover it enables these systems’ functionality. On the Web it
could assume a negative nuance when it mingles with surveillance and it is perceived as an agency
imposed from above, nonetheless it does not hint a negative meaning per se. Control is a
prerogative of the above-quoted networks, both examples of protocological networks. As previously
argued, control has to deal with resistance, which express itself through conterprotocol.
Additionally, it can be said that a form of resistance is a behaviour which can be observed in human
beings, triggered by the awareness of being controlled. This concept may well explain users’
behaviours in terms of using anonymising tools on the Web and why Tor went mainstream after the
NSA scandal. Finally, the shift to behaviourism, to some extent suggest that control will improve
people’s social life.
In other words, users are led to think by Internet corporations that they are free and that their
privacy is guaranteed by the improvement of customised privacy settings, but when users discover
this is not enough, they try to avoid surveillance and control through anonymity. Anonymity has
two intertwined goals: one is avoiding traffic analysis, the other is avoiding forms of surveillance.
However, anonymity may be pursued by the ‘controllers’ themselves, in order to check their
techniques and to test new methods of control.
Tor was designed by the US government and this problematises its meaning and understanding. It is
a tool that enables countercontrol, anonymising Internet traffic and enabling practices out of the
control techniques radars. The same technology is used by power and resistance, even though it was
initially designed by an intelligence agency controlled by an institution – i. e. U.S. Naval Research
Laboratory.
Tor functions as a catalyst of countercontrol actions, no matter why users are seeking
anonymity when they use it. Thus, the analysis of Tor should not be approached from an ethical
perspective unless take the risk to incur in misleading paradoxes.
Among Tor sponsors and developers there are actors for whom anonymity could be
considered a threat: Google because of its business model based on targeted advertising and the US
government because of its concerns about security. However, this is not a contradiction, it hints a
dynamic in which power needs resistance to improve its techniques of control and resistance needs
power in order to achieve its goals through power’s protocol. Thus within networks, as in the
! 22
relation between a therapist and a patient, the relations of forces is dynamic, but unbalanced. The
actor which introduce of the protocol is in a predominant positions: counterprotocol could not exist
without protocol and countercontrol could not exist without control.
! 23
Bibliography
•Alexa. ‘The Top 500 sites on the Web’. Web. Retrieved: 8 Jan. 2014.
•American Civil Liberties Union. ‘ACLU Asks Spy Court to Release Secret Opinion on
Patriot Act Surveillance Powers’. N.p., 10 June 2013. Web. Retrieved: 21 Dec. 2014.
•Bloomberg Businessweek Technology. ‘The NSA’s Worst Nightmare: What Is Tor?’
BusinessWeek. N.p., n.d. Web. Retrieved: 28 Dec. 2014.
•Broenink, Ralph. ‘Using Properties for Fingerprinting Purposes’. 16th Biannual Twente
Student Conference. University of Twente. (2012): 169-176
•Clark, Jeremy; van Oorschot P.C. and Adams, Carlisle. ‘Usability of Anonymous Web
Browsing: An Examination of Tor Interfaces and Deployability’. SOUPS 07. New York.
(2007): 41-51. <https://www.ccsl.carleton.ca/paper-archive/soups2007.tor.pdf>
•Cheney Lippold, John. ‘A New Algorithmic Identity Soft Biopolitics and the Modulation of
Control.’ Theory, Culture & Society 28.6 (2011): 164-181.
•Chun, Wendy Hui Kyong. ‘Control and Freedom: Power and Paranoia in the Age of Fiber
Optics’ MIT Press. (2007).
•Deleuze, Gilles. ‘Postscript on Societies of Control’. October 59 (1992): 73-77.
•Delprato, Dennis J. ‘Countercontrol in Behavior analysis’. Eastern Michigan University.
(2002): 191-200
•Dixon-Thayer, Denelle. ‘Mozilla’s Data Privacy Principles Revisited’. Mozilla Privacy
Blog. Web. 11 November 2014. Web. Retrieved: 8 Jan. 2015. <https://blog.mozilla.org/
privacy/>
•Foucault, Michel. 'The Subject and Power’ Critical Inquiry (1982): 777-795.
•Galloway, Alexander R. and Thacker, Eugene. ‘Protocol, Control and Networks’ Grey Room
17 (2004): 6-29.
•Galloway, Alexander R. and Thacker, Eugene. ‘The Exploit’ University of Minnesota Press
(2007).
•Lawrence, Dune. “The Inside Story of Tor, the Best Internet Anonymity Tool the
Government Ever Built.” BusinessWeek: Technology 23 Jan. 2014. BusinessWeek. Web. 18
Nov. 2014.
! 24
•Lee, Dave. ‘Facebook sets up ‘dark web’ link to access network via Facebook’. BBC News.
N.p., 3 November 2014. Web. Retrieved: 8 Jan. 2015 <http://www.bbc.com/news/
technology-29879851>
•McLuhan, Marshall. ‘The Medium Is the Message’. Understanding Media: The Extensions
of Man. McGraw-Hill. (1964): 193-209.
•Muffet, Alec. ‘Making Connection to Facebook more Secure’. Facebook. N.p., 31 October
2014. Web. Retrieved: 8 Jan. 2015. <https://www.facebook.com/notes/protect-the-graph/
making-connections-to-facebook-more-secure/1526085754298237>
•“Onion Routing.” Onion-router.net. N.p., 2005. Web. Retrieved: 8 Jan. 2015. <http://
www.onion-router.net/>
•Skinner, Burrhus Frederic, ‘I have been misunderstood, An interview with B.F.Skinner’,
Center Magazine, (March - April 1972) :63−65
• --- ‘Science and human behavior’. Macmillan. (1953) Harvard University. Cambridge.
•Syverson, Paul. “Onion Routing: Publications.” N.p., 2005. Web. Retrieved: 8 Jan. 2015.
• ---. “Paul Syverson Home Page.” N.p.,Web. Retrieved: 8 Jan. 2015. <http://
www.syverson.org/>
•Syverson, Paul F., Michael G. Reed, and David M. Goldschlag. “Private Web Browsing.”
Journal of Computer Security 5.3 (1997): 237–248. Print.
•Tor Blog. “Facebook, hidden services, and https certs” N.p., 31 Oct. 2014. Web. 28 Dec.
2014. <https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs>
•Tor Project. “Inception” N.p., n.d. Web. 28 Dec. 2014 <https://www.torproject.org/about/
torusers.html.en>
•Tor Project. “Partnering with Mozilla.” N.p., 11 Nov. 2014. Web. 28 Dec. 2014.
• ---. “Tor Project: Overview.” N.p., n.d. Web. Retrieved: 28 Dec. 2014. <https://
www.torproject.org/about/overview>
• ---. “Tor Project: Sponsors.” N.p., n.d. Web. Retrieved: 28 Dec. 2014.<https://
www.torproject.org/about/sponsors.html.en>
! 25
•The Guardian. ‘Facebook opens up to anonymous Tor user with .onion address’ N.p., 31
October 2014. Web. Retrieved: 2 Jan. 2015. <http://www.theguardian.com/technology/2014/
oct/31/facebook-anonymous-tor-users-onion>
•The Guardian. ‘Tor: ‘The King of high-secure, low-latency anonymity’ N.p., 3 October
2013. Web. Retrieved: 2 Jan. 2015.<http://www.theguardian.com/world/interactive/2013/oct/
04/tor-high-secure-internet-anonymity>
•Yale Law School. “Media Freedom and Information Access Clinic, ACLU Ask Spy Court to
Release Secret Opinions on Patriot Act Surveillance Powers” N.p., 11 June 2013. Web.
Retrieved: 18 Dec. 2014.
! 26