WEBVTT - TechStuff Classic: The Secrets of Tor and the Deep Web 0:00:04.400 --> 0:00:07.800 Welcome to Tech Stuff, a production from I Heart Radio. 0:00:12.039 --> 0:00:14.600 Hey there, and welcome to tech Stuff. I'm your host, 0:00:14.720 --> 0:00:17.439 Jonathan Strickland. I'm an executive producer with iHeart Radio and 0:00:17.480 --> 0:00:19.759 I love all things tech and it's time for a 0:00:19.880 --> 0:00:26.079 classic episode. This episode originally published on April six. It 0:00:26.200 --> 0:00:30.080 is titled The Secrets of Tour and the Deep Web. 0:00:30.600 --> 0:00:33.440 I've covered these topics a few times over the years. 0:00:33.479 --> 0:00:36.120 This one was a pretty fun discussion. Hope you enjoy. 0:00:37.120 --> 0:00:40.680 The Mighty Tour is one of the Avengers. He wields 0:00:40.720 --> 0:00:45.400 the hammer Mjolner, and his brother is Loki. She's not 0:00:45.440 --> 0:00:48.240 even growing her eyes, She's just staring me down this time. Okay. 0:00:48.280 --> 0:00:52.159 So seriously, though, what tour is free software. It's an 0:00:52.159 --> 0:00:56.080 open network, and it helps you defend against traffic analysis. 0:00:56.080 --> 0:00:58.640 In other words, people trying to figure out what you 0:00:58.680 --> 0:01:02.120 are doing and who you're commun ninicating with. Traffic analysis 0:01:02.160 --> 0:01:05.480 is a form of network surveillance that threatens personal freedom 0:01:05.480 --> 0:01:09.560 and privacy. Uh, it threatens confidential business activities and relationships, 0:01:09.560 --> 0:01:13.800 and it threatens state security. Therefore, some folks got together 0:01:13.840 --> 0:01:15.360 and said, hey, you know what we should do is 0:01:15.400 --> 0:01:18.320 we should come up with the means to allow people 0:01:18.319 --> 0:01:22.240 to communicate over the Internet, but do so in a private, 0:01:22.280 --> 0:01:25.960 anonymous fashion, so that you can set up these anonymous channels. 0:01:26.160 --> 0:01:28.839 Perhaps the most popular way to access this is through 0:01:28.880 --> 0:01:33.280 a customized build a Firefox called the Tour Browser Bundle. Right, Yeah, 0:01:33.280 --> 0:01:36.760 because just using Tour on its own is one thing 0:01:36.800 --> 0:01:38.559 to do to to allow you to have a little 0:01:38.560 --> 0:01:42.800 more of an anonymous presence, but it requires more than that, 0:01:42.880 --> 0:01:45.440 because if you access Tour through some other means, if 0:01:45.440 --> 0:01:49.080 you don't have say Flash disabled in your web browser, 0:01:49.520 --> 0:01:52.680 then you're still kind of broadcasting where you are because 0:01:52.680 --> 0:01:57.800 Flash often involves uh identification information in order for it 0:01:57.840 --> 0:02:00.640 to work. So it is a and source. So if 0:02:00.640 --> 0:02:02.640 you feel like getting in there and and doing your 0:02:02.640 --> 0:02:06.240 own thing, you're absolutely able to um and uh and 0:02:06.240 --> 0:02:08.399 And a lot of people do use it in one 0:02:08.440 --> 0:02:11.359 form or another. At its peak, in more than half 0:02:11.360 --> 0:02:14.920 a million people were using it every day. Yeah, oddly enough, 0:02:14.960 --> 0:02:17.919 I think as I a call in that year, there 0:02:17.960 --> 0:02:23.880 was some news that broke about government agencies. Yeah, Edward 0:02:23.919 --> 0:02:26.880 Snowden had that leak about the n s A, and 0:02:27.000 --> 0:02:31.080 suddenly people were thinking, you know, I was like it doubled. Yeah, Yeah, 0:02:31.160 --> 0:02:33.520 it was one of those things where people began to 0:02:33.560 --> 0:02:36.679 get very concerned. And it's not necessarily that these people 0:02:36.720 --> 0:02:39.280 are doing anything wrong. In fact, that's not the point 0:02:39.320 --> 0:02:42.400 at all. The point is that they have an expectation 0:02:42.560 --> 0:02:46.080 to privacy and being able to hold this kind of 0:02:46.120 --> 0:02:52.040 anonymous communication with other people. The communication itself isn't necessarily anonymous, 0:02:52.040 --> 0:02:55.760 but the channels are. Uh, you know, that's just that's 0:02:55.760 --> 0:02:58.200 just an expectation we have. It's not that, you know, 0:02:58.480 --> 0:03:01.280 I'm planning something to Ferry. It's just if I want 0:03:01.280 --> 0:03:04.800 to send a message to Lauren, and it's just for 0:03:04.919 --> 0:03:08.880 Lauren's eyes, I don't think anyone else has the right 0:03:08.919 --> 0:03:11.560 to look in on that. So yeah, and in normal 0:03:11.600 --> 0:03:15.880 internet traffic, that's absolutely a possibility. Yes, Because we've talked 0:03:15.880 --> 0:03:19.000 a lot about how information travels across the internet. You know, 0:03:19.080 --> 0:03:21.919 it all gets divided up into these little packets. Then 0:03:21.960 --> 0:03:24.880 the packets go across the network and then get put 0:03:24.919 --> 0:03:27.640 together Willy Wonka style on the other side, so that 0:03:27.680 --> 0:03:29.480 you get whatever it is you were trying to send, 0:03:29.600 --> 0:03:32.480 which is unfortunately probably not a delicious chocolate bar no 0:03:32.880 --> 0:03:36.080 or Mike TV either. It's not neither of those things. 0:03:36.080 --> 0:03:37.560 What it might be like if I, if I were 0:03:37.640 --> 0:03:40.440 to send that email to Lauren, and it's a sizeable email, 0:03:40.720 --> 0:03:43.960 that email gets divided up into numerous packets. The packets 0:03:44.240 --> 0:03:47.160 go across the Internet, not necessarily taking the same path, 0:03:47.720 --> 0:03:50.720 and they eventually reassemble on the other side and then 0:03:50.800 --> 0:03:53.240 Lauren can read it. But in order for that to happen, 0:03:53.560 --> 0:03:56.160 these packets have to have little bits of information so 0:03:56.200 --> 0:03:59.560 the routers know where to send the information onto next. 0:04:00.080 --> 0:04:03.400 So it's kind of like an address on a piece 0:04:03.440 --> 0:04:06.720 of mail. So let's say that you've got a snoop 0:04:06.800 --> 0:04:11.960 in your neighborhood and this person is getting into everybody's business. 0:04:12.040 --> 0:04:14.480 And the way this person does it is they look 0:04:14.520 --> 0:04:17.760 at all the mail that's going in and out of 0:04:17.800 --> 0:04:20.840 a person's mailbox. And even if they're not opening that 0:04:20.960 --> 0:04:23.480 mail and and reading all of it, just just the 0:04:23.480 --> 0:04:26.480 fact that you're sending it to particular people at particular 0:04:26.560 --> 0:04:29.720 times can tell that snoop a lot about what's going on. Right, 0:04:29.760 --> 0:04:33.080 So if you're sending out, uh, you know, envelopes to 0:04:33.440 --> 0:04:37.719 say a medical facility, that could give a lot of 0:04:37.760 --> 0:04:40.720 information to a snoop if they're seeing that stuff from 0:04:41.160 --> 0:04:44.120 various insurance companies is coming into you that could you know, 0:04:44.120 --> 0:04:46.640 I'm going with a medical thing here, but really this 0:04:46.720 --> 0:04:50.720 applies to any sort of communication. So so what we're 0:04:50.720 --> 0:04:53.440 saying is that it's not enough for the content of 0:04:53.480 --> 0:04:56.720 what you send over the internet. Uh necessarily, I mean 0:04:56.760 --> 0:04:59.680 you are hypothetical, you maybe you're fine, it's not enough 0:04:59.680 --> 0:05:03.200 for you to encrypt the content, but the actual transfer 0:05:03.279 --> 0:05:06.800 of the content in some cases needs to be encrypted exactly. 0:05:06.920 --> 0:05:09.880 And there are a lot of legitimate cases where you 0:05:09.880 --> 0:05:12.920 would want that to happen. I mean, let's talk about 0:05:13.200 --> 0:05:16.480 journalists for example. So you might have a journalist who 0:05:16.680 --> 0:05:22.039 is pursuing some major story, perhaps they're in unfriendly territory 0:05:22.120 --> 0:05:24.520 to do so, and they want to be able to 0:05:25.000 --> 0:05:28.680 contact sources that might be in danger otherwise if there 0:05:28.760 --> 0:05:32.560 if if this communication were publicly known or really anything 0:05:32.600 --> 0:05:36.480 that could endanger the journalist, a source, or the story itself, 0:05:36.920 --> 0:05:38.880 then you would want to have a way of securely 0:05:38.960 --> 0:05:42.760 communicating and making sure that no one's really snooping in 0:05:42.839 --> 0:05:46.440 on you. Well, that's that's a perfectly legitimate source. There 0:05:46.440 --> 0:05:49.120 are governments that use this kind of thing in order 0:05:49.200 --> 0:05:53.440 so that they can gather information and disseminate information. Uh, 0:05:53.600 --> 0:05:55.960 you've got companies that use this kind of stuff in 0:05:56.080 --> 0:06:01.080 order to have secure communications about upcoming products or services 0:06:01.120 --> 0:06:03.320 that are not part of the public knowledge and don't 0:06:03.320 --> 0:06:05.280 need to be oh sure, I mean even if you're 0:06:05.320 --> 0:06:07.720 just doing r and D about something you know, like 0:06:07.720 --> 0:06:10.599 like let's say that you're the example that you used 0:06:10.640 --> 0:06:12.280 and in our notes here is Apple. Like if here, 0:06:12.320 --> 0:06:15.320 if you're creating a new product and you start researching 0:06:15.400 --> 0:06:20.000 patents online, um, the right person could could find your 0:06:20.000 --> 0:06:22.960 searches and figure out what you were looking for, and 0:06:23.400 --> 0:06:26.360 that sucks for you. Yeah, yeah, if you had the 0:06:26.440 --> 0:06:29.640 next big idea and you were waiting, because you know, 0:06:30.160 --> 0:06:33.159 like the company of Apple, they get a lot of 0:06:34.240 --> 0:06:37.800 a boost from folks whenever they announced something brand new 0:06:37.839 --> 0:06:41.719 that surprises everyone, which of course is exactly why you 0:06:41.760 --> 0:06:46.800 have so many news agencies scrutinizing everything Apple does in 0:06:46.880 --> 0:06:50.279 order to try and guess what's coming next. So the 0:06:50.360 --> 0:06:53.000 more you're able to keep that secret, the bigger the 0:06:53.040 --> 0:06:57.159 impact is when you unveil it. Because the worst, the 0:06:57.200 --> 0:06:59.920 worst feeling is when you tune into an Apple of 0:07:00.040 --> 0:07:02.360 that and it ends up being exactly what you expected. 0:07:02.360 --> 0:07:05.080 It was. Time to be right. Every everyone still tunes 0:07:05.120 --> 0:07:07.520 in but then they're like, oh, but that's exactly what 0:07:07.560 --> 0:07:10.120 they were talking about last week. I know, and you 0:07:10.240 --> 0:07:16.360 read what they wrote last week, so stop it me. Sure, 0:07:16.520 --> 0:07:19.760 and and lots of other people who could generally be 0:07:19.960 --> 0:07:23.080 considered to be working for for non nefarious purposes, but 0:07:23.400 --> 0:07:27.080 nonetheless would like a little bit of secrecy, uh, for example, 0:07:27.120 --> 0:07:30.760 activists or whistleblowers, um or you know Chinese citizens who 0:07:30.760 --> 0:07:32.680 really just want to use Facebook or read news from 0:07:32.680 --> 0:07:35.680 other countries. Sure, and we've seen plenty of examples also, 0:07:35.800 --> 0:07:38.840 things like the Arabs Spring. You know, places in the 0:07:38.880 --> 0:07:42.600 world where you have people who are trying to enact 0:07:42.720 --> 0:07:47.080 change in a very harsh environment where if their activities 0:07:47.120 --> 0:07:51.120 were picked up on by official sources, government sources, state 0:07:51.200 --> 0:07:56.080 sponsored sources, they could face some serious consequences. And it's 0:07:56.080 --> 0:07:58.400 not necessarily the again, like you said, that they're doing 0:07:58.440 --> 0:08:01.200 anything nefarious, it's just they can't do it at all 0:08:01.240 --> 0:08:05.640 without fear of some form of consequence unless that can 0:08:05.720 --> 0:08:07.960 remain secure. So you've got to figure out how do 0:08:08.000 --> 0:08:11.640 we make this secure. Also, we have to figure out 0:08:11.960 --> 0:08:14.200 how do we frame this in such a way where 0:08:14.240 --> 0:08:18.880 we also admit some people do use it for nefarious purposes. Oh, sure, 0:08:18.880 --> 0:08:21.760 of course. I mean there are plenty of people out 0:08:21.800 --> 0:08:24.320 there who are going to use this kind of anonymous 0:08:24.320 --> 0:08:28.800 connection in order to conduct illegal or otherwise illicit activities. 0:08:28.920 --> 0:08:31.760 We've talked about some of them in previous episodes, in fact, 0:08:32.080 --> 0:08:35.679 and we'll mention some more as we go along. So again, 0:08:35.679 --> 0:08:37.800 it's one of those things where you would probably argue 0:08:37.800 --> 0:08:42.000 that it's a relatively small percentage of the population using 0:08:42.000 --> 0:08:44.240 it for these purposes, but they're the ones who get 0:08:44.280 --> 0:08:48.520 the most press, uh, and so therefore it kind of 0:08:48.720 --> 0:08:51.719 creates this public perception that people who use tour are 0:08:51.840 --> 0:08:55.360 up to something. Also, you know, we mentioned the fact 0:08:55.440 --> 0:09:00.040 that in a normal Internet communication, the you know what, 0:09:00.040 --> 0:09:03.840 what amounts to the the address on the label is 0:09:04.080 --> 0:09:06.319 perfectly visible because it needs to be so that it 0:09:06.400 --> 0:09:08.840 can route across gets to the place it's gone. Yeah, 0:09:08.960 --> 0:09:11.400 and Tour they had to figure out a way around 0:09:11.440 --> 0:09:14.400 that so that you could have it be ob you skated, 0:09:14.520 --> 0:09:17.960 so that if someone were to snoop in on communication, 0:09:18.040 --> 0:09:20.360 they would not be able to determine what the origin 0:09:20.480 --> 0:09:26.040 nor destination were. And that is pretty amazing stuff because 0:09:26.040 --> 0:09:27.959 you gotta you gotta figure out a way of implementing 0:09:28.000 --> 0:09:30.400 that where it can still work, Like, how do you 0:09:30.520 --> 0:09:33.520 disguise the address and still hope that it gets to 0:09:33.559 --> 0:09:36.560 where it's going, Because if we did that to the 0:09:36.720 --> 0:09:40.640 to the US Postal Service, our stuff would never get anywhere. 0:09:41.720 --> 0:09:44.040 And it wouldn't be their fault either, because you just 0:09:44.080 --> 0:09:46.079 wouldn't be following the rules. Oh sure, Yeah, if you 0:09:46.080 --> 0:09:48.680 don't write your address on something, then how does it 0:09:48.679 --> 0:09:53.840 get to that place? So here's another funny thing, Lauren, Um, 0:09:53.920 --> 0:09:58.199 who was it that came up with this whole tour idea? 0:09:58.240 --> 0:10:01.520 I mean it must have been like, um, like hackers, 0:10:01.920 --> 0:10:05.920 you know at def con convention, who all got together 0:10:05.960 --> 0:10:07.560 and so we don't want the government looking in on 0:10:07.600 --> 0:10:10.080 our stuff, right, you know? It was the government. It 0:10:10.160 --> 0:10:13.079 was the it was it was the U. S. Naval 0:10:13.120 --> 0:10:17.920 Research Laboratory UM back in back in actually, which makes 0:10:17.920 --> 0:10:21.720 it extra hilarious that that the n s A has 0:10:21.800 --> 0:10:24.360 kind of been trying to crack trying to crack it 0:10:24.400 --> 0:10:27.680 because you've got a government agency doing its best to 0:10:27.720 --> 0:10:31.600 figure out how to intercept information that goes across a 0:10:31.600 --> 0:10:37.800 tour network, and another government US government entity that's responsible 0:10:38.280 --> 0:10:41.360 in large part for the creation for its creation and furthermore, 0:10:41.480 --> 0:10:44.719 other governmental agencies that are responsible for funding it. As 0:10:44.760 --> 0:10:48.640 of one point two four million dollars, half of tours 0:10:48.679 --> 0:10:52.920 revenue UH came from government grants, including a large part 0:10:53.000 --> 0:10:56.120 from the Department of Defense. So this is an example 0:10:56.200 --> 0:10:58.960 of two different parts of the United States government working 0:10:59.000 --> 0:11:02.160 at odds against each other, one part saying this is 0:11:02.200 --> 0:11:05.800 absolutely necessary for us to be able to operate in 0:11:05.840 --> 0:11:09.199 a secure way, and the other part saying, we want 0:11:09.240 --> 0:11:11.559 to be able to see what's going on here. So 0:11:11.559 --> 0:11:13.439 so so yeah. But but this all got its start 0:11:13.480 --> 0:11:17.400 back with the U. S. Navy and UM. It was 0:11:17.760 --> 0:11:22.640 part of an onion rooting project. Routing project, Yeah, rooting. 0:11:22.679 --> 0:11:25.120 If you're in England, it's routing. Here in the US, 0:11:25.160 --> 0:11:28.720 it's usually routing either way. Why would you even call 0:11:28.800 --> 0:11:32.319 it an onion It's because it relies upon quote a 0:11:32.440 --> 0:11:36.400 layered object to direct the construction of an anonymous, bidirectional 0:11:36.480 --> 0:11:39.760 real time virtual circuit between two communicating parties and initiator 0:11:39.800 --> 0:11:42.720 and responder. And that's as clear as day. Yeah, we 0:11:42.760 --> 0:11:45.120 can just end the podcast now, guys, don't worry. We're 0:11:45.120 --> 0:11:47.840 going to explain the whole layered thing a little bit 0:11:47.920 --> 0:11:51.840 later on. So we will. We will make sure that 0:11:51.880 --> 0:11:55.720 you understand why an onion It's actually a pretty clever 0:11:56.280 --> 0:11:59.760 way to describe what's going on. But the project had 0:12:00.240 --> 0:12:04.960 specific goals to research and develop and build anonymous communication systems, 0:12:05.240 --> 0:12:09.560 to analyze other anonymous communications systems, and to create low 0:12:09.720 --> 0:12:14.400 latency Internet based systems that resisted traffic analysis, eavesdropping, at 0:12:14.400 --> 0:12:19.240 other attacks from outsiders as an Internet routers or insiders 0:12:19.280 --> 0:12:22.719 as an onion routing servers. I have more to say 0:12:22.760 --> 0:12:25.360 about the secrets of tour. The deep Web got a 0:12:25.360 --> 0:12:28.679 lot of layers to peel off that onion. But before 0:12:28.720 --> 0:12:38.600 we get to that, let's take a quick break. So 0:12:39.000 --> 0:12:42.959 the ideal was to create some form of distributed system 0:12:42.960 --> 0:12:45.720 where you could have two parties communicating with one another 0:12:46.200 --> 0:12:48.199 and no one would be able to know that those 0:12:48.200 --> 0:12:51.280 two parties were in communication. They would know the communication 0:12:51.400 --> 0:12:53.800 is going on because traffic is moving across the network, 0:12:54.200 --> 0:12:56.760 but because of the network's design, they would have no 0:12:56.800 --> 0:13:00.000 way of knowing what to end parties were actually communicating 0:13:00.040 --> 0:13:01.920 with one another. Because, just as we were saying with 0:13:02.000 --> 0:13:05.359 that snoop, even if you can't see what the information 0:13:05.400 --> 0:13:08.640 itself is, just knowing who is talking to whom gives 0:13:08.640 --> 0:13:12.880 you a lot of info right because of this, and 0:13:12.920 --> 0:13:15.280 funnily enough, the Navy actually had to step back from 0:13:15.320 --> 0:13:18.120 the project in order to make it actually useful because 0:13:18.120 --> 0:13:21.280 the network needs to be open, right. Um. So, I 0:13:21.320 --> 0:13:23.160 mean if if you know, if you can see that 0:13:23.280 --> 0:13:27.920 everything is coming through, if if only the Navy used it, 0:13:28.160 --> 0:13:31.319 then you would know whenever communication was happening that the 0:13:31.400 --> 0:13:34.880 Navy was communicating with people like you would. You would 0:13:34.880 --> 0:13:37.680 have limited the number of people that could possibly be 0:13:37.760 --> 0:13:41.240 the ones communicating by making it open and say this 0:13:41.280 --> 0:13:44.240 is a playground where everyone can come in. Suddenly you 0:13:44.320 --> 0:13:47.240 can't tell who's communicating with whom because there's so many's 0:13:47.240 --> 0:13:49.880 too much noise and not in the traffic, right. Um. So, 0:13:50.000 --> 0:13:53.080 the project incorporated as a nonprofit in two thousand six, 0:13:53.160 --> 0:13:55.840 and it currently depends a whole lot on crowdsourcing. UM. 0:13:55.880 --> 0:13:58.839 There are only nine full time tour employees as of 0:13:58.960 --> 0:14:03.960 this podcast, which we are recording on April. By the way, 0:14:04.280 --> 0:14:07.160 um and uh, the rest of the development is spread 0:14:07.160 --> 0:14:10.480 across dozens of part time assistants and hundreds of volunteers. 0:14:10.760 --> 0:14:14.200 The code is open source, which actually makes it harder 0:14:14.240 --> 0:14:16.360 to mess with. Um. You know, like if someone say, 0:14:16.559 --> 0:14:20.480 say the n s A tried to create a vulnerability deliberately, 0:14:20.840 --> 0:14:24.320 then anyone could catch it, right, Yeah, it's not like 0:14:24.520 --> 0:14:26.880 it's hidden the way behind closed doors. In that way, 0:14:27.240 --> 0:14:29.760 it gets overlooked and you suddenly have this back door 0:14:29.920 --> 0:14:32.920 entrance into the Tour network. No, it's it's it's much 0:14:32.960 --> 0:14:34.720 more likely for someone to catch it if lots of 0:14:34.720 --> 0:14:37.160 people are looking. Yeah exactly. Yeah, you've got lots of 0:14:37.160 --> 0:14:39.920 people checking on it all the time. So it's actually 0:14:39.920 --> 0:14:42.440 more secure by being in plain sight in that way. 0:14:42.520 --> 0:14:45.520 So here's how it used to work. Because you know, 0:14:45.600 --> 0:14:49.320 I mentioned that tour was had an onion in the oh, 0:14:49.480 --> 0:14:52.880 but it doesn't really involve onions anymore. And then we've 0:14:52.920 --> 0:14:55.720 mentioned onions. Yeah, so yeah, so we're gonna we're gonna 0:14:55.760 --> 0:14:58.360 go back to how it worked originally because the way 0:14:58.400 --> 0:15:00.280 it works now is not that much different, but it 0:15:00.320 --> 0:15:04.680 doesn't involve the onion metaphor anymore. So, first of all, 0:15:04.720 --> 0:15:08.880 to achieve anonymity, the Tour Network uses something called privoxy filters, 0:15:08.960 --> 0:15:13.440 which prevent client information from reaching servers. So this means 0:15:13.480 --> 0:15:16.200 that a client, you know, that's that's your computer. When 0:15:16.200 --> 0:15:19.840 you are trying to access anything, Let's say you're using 0:15:19.880 --> 0:15:22.960 your your browser to access your email, because I love 0:15:23.000 --> 0:15:25.840 that example. It's easy one. So your your computer is 0:15:25.880 --> 0:15:29.480 the client. It's sending a request to another computer. It's 0:15:29.560 --> 0:15:34.240 asking for data from this computer that hosts the the 0:15:34.320 --> 0:15:38.360 email service that you use, and that is called the server. Now, 0:15:38.400 --> 0:15:41.720 normally the server receives information that can identify the client, 0:15:42.080 --> 0:15:46.280 so you have some sort of address that identifies this 0:15:46.360 --> 0:15:49.200 is the machine that's asking for that information. So then 0:15:49.240 --> 0:15:52.800 the server knows exactly who it's talking to. Well, privoxy 0:15:52.880 --> 0:15:56.000 filters prevent that from happening, so it's possible for a 0:15:56.080 --> 0:16:00.400 client's identity to remain unknown to the server and also 0:16:00.480 --> 0:16:03.120 to the rest of the network as these requests go 0:16:03.200 --> 0:16:06.280 across the network. Also, one of the other things that 0:16:06.320 --> 0:16:08.200 has and we'll talk more about this in a bit, 0:16:08.800 --> 0:16:12.440 is the ability to create hidden services. But you know, 0:16:12.480 --> 0:16:14.920 I'm not going to spoil that because the discussion we 0:16:14.960 --> 0:16:17.160 have later on will really kind of bring that to 0:16:17.320 --> 0:16:19.640 light and it will make much more sense after we 0:16:19.680 --> 0:16:24.000 talk about exactly how this communication occurs. Yes, so it's 0:16:24.360 --> 0:16:28.400 possible to use onion routing software to send information completely anonymously. 0:16:28.400 --> 0:16:30.560 In other words, you could use it so that you 0:16:30.600 --> 0:16:33.720 could send an anonymous message to someone else, they would 0:16:33.720 --> 0:16:35.880 not know the identity of that person. But that's not 0:16:35.920 --> 0:16:39.400 the purpose of tour. The purpose, like I said before, 0:16:39.560 --> 0:16:44.080 is to allow anonymous channels of communication. So you and 0:16:44.160 --> 0:16:47.040 the person with whom you're communicating know each other's identity, 0:16:47.240 --> 0:16:50.120 but nobody else does, right, So this allows you to 0:16:50.280 --> 0:16:54.320 have that honest, open expression of information without fear of 0:16:54.360 --> 0:16:57.880 someone else snooping in on you or any other consequences 0:16:57.920 --> 0:17:01.200 apart from whatever consequences come from just that communication between 0:17:01.200 --> 0:17:04.720 two parties. If you tell someone that they dressed like 0:17:04.720 --> 0:17:06.840 a slab, there's going to be consequences. What I'm saying 0:17:07.080 --> 0:17:10.480 doesn't have to be someone snooping in on you. Good point. 0:17:10.800 --> 0:17:15.360 I get that a lot. Uh. So it uses proxy servers, 0:17:15.400 --> 0:17:18.280 and a proxy server acts as an intermediary between a 0:17:18.359 --> 0:17:21.560 client and some other server. So you can kind of 0:17:21.560 --> 0:17:23.800 think of it as this is the go between. So 0:17:24.000 --> 0:17:28.200 if I were to send a request to get my email, 0:17:28.320 --> 0:17:30.560 but I wanted to go through a proxy server, I 0:17:30.560 --> 0:17:33.920 would log into the proxy server. The proxy server would 0:17:33.920 --> 0:17:38.800 then send my request onto the email server, and from 0:17:38.800 --> 0:17:41.440 the email servers perspective, it looked like the proxy server 0:17:41.640 --> 0:17:44.520 was the origin of that request, it isn't able to 0:17:44.560 --> 0:17:50.120 see back to exactly there's a hop missing there. So 0:17:50.640 --> 0:17:55.080 that's really important in this. And uh, the communication part 0:17:55.320 --> 0:17:57.320 is the tricky part. Like I said, So you've got 0:17:57.359 --> 0:18:01.800 this information, it's passing between nodes or little routers within 0:18:01.840 --> 0:18:05.200 the tour network. Okay, so think of these nodes as 0:18:05.240 --> 0:18:09.280 rest stops between the client, the sender, and the recipient 0:18:09.359 --> 0:18:12.679 the server. Right. Each node only knows the identity of 0:18:13.280 --> 0:18:15.760 the node before it and the node after it, right, 0:18:16.119 --> 0:18:18.119 So uh, and the note before it and after it 0:18:18.200 --> 0:18:21.760 completely is dependent upon when you're sending the message, because 0:18:22.119 --> 0:18:24.639 you're you're going to create new pathways every time you 0:18:24.720 --> 0:18:27.359 create a connection, so it's not like you have a 0:18:27.520 --> 0:18:31.280 set path each time. It's like the Internet. It's very flexible. 0:18:31.680 --> 0:18:34.440 So when you send a message, and let's say it's 0:18:34.480 --> 0:18:37.680 going through letters A through G, we're just designating these 0:18:37.720 --> 0:18:39.760 nodes as A through G and for some reason it's 0:18:39.760 --> 0:18:41.560 going into a B, C, D, E F G order. 0:18:42.040 --> 0:18:45.560 So node D only knows about nodes C and E. 0:18:46.200 --> 0:18:48.399 The information came from C. It knows it has to 0:18:48.440 --> 0:18:51.480 send the information onto E. It has no awareness of 0:18:51.560 --> 0:18:55.840 a B or you know, effor G. So that's it. 0:18:56.080 --> 0:18:59.800 And that means that if you were to intercept information 0:19:00.000 --> 0:19:02.520 passing between two nodes, you would just know which note 0:19:02.520 --> 0:19:04.119 it came from and which node it went to. You 0:19:04.119 --> 0:19:06.600 wouldn't know the actual person who sent it, nor would 0:19:06.600 --> 0:19:09.040 you know the person to whom it went. Ultimately, on 0:19:09.200 --> 0:19:12.800 top of that, the nodes encrypt the communication as it's 0:19:12.840 --> 0:19:15.479 passed along. Yes, and this is where you get that 0:19:15.600 --> 0:19:19.280 layer and layer and layer of encryption. And because there's 0:19:19.280 --> 0:19:22.560 so many layers of encryption, well, what else has lots 0:19:22.560 --> 0:19:25.439 of layers? An onion? I was going to think of 0:19:25.520 --> 0:19:28.000 Game of Thrones, but yes, Onion is right. Onion is 0:19:28.040 --> 0:19:30.199 exactly the thing that they went with because Game of 0:19:30.200 --> 0:19:33.360 Thrones really wasn't that popular. Also, it's proprietary. I mean, 0:19:33.400 --> 0:19:36.080 you know, yeah, that probably would have George R. Martin 0:19:36.440 --> 0:19:38.560 gotten a little upset about that. But yeah, so so 0:19:38.640 --> 0:19:41.360 Onion is in fact what they went with because there's 0:19:41.359 --> 0:19:44.560 so many different layers of encryption. Still a little bit 0:19:44.560 --> 0:19:46.280 more to talk about with the secrets of tour in 0:19:46.320 --> 0:19:48.320 the Deep Web, but before we get to that, let's 0:19:48.359 --> 0:19:59.520 take another quick break. Okay, so here's my example, and 0:19:59.600 --> 0:20:02.200 I think it's a doozy of an example. Because it's 0:20:02.240 --> 0:20:06.720 completely believable. I decided to use as an example two 0:20:06.800 --> 0:20:09.679 of our beloved co workers here at how stuff works. 0:20:09.960 --> 0:20:12.879 Uh And when you start thinking to yourself, who would 0:20:12.960 --> 0:20:16.200 be so paranoid that they would need an incredibly secure 0:20:16.240 --> 0:20:21.159 communication process? Two names leap to mind from the shadows 0:20:21.320 --> 0:20:23.600 and then back into the shadows, because that's where they belong. 0:20:24.200 --> 0:20:26.600 One of them wearing a gremlin mask. Yeah, and maybe 0:20:26.600 --> 0:20:28.479 a fedora on top of it. It's not a fedora, 0:20:28.560 --> 0:20:31.439 I know, Ben Dora. No, it's a trill Bey, I'm 0:20:31.440 --> 0:20:33.399 going to call it a fedora anyway. So Ben Bolan 0:20:33.800 --> 0:20:36.199 and Matt Frederick so stuff they don't want you to 0:20:36.240 --> 0:20:39.199 know hosts. Yes, and if you've never ever listened to 0:20:39.240 --> 0:20:42.840 that show, go check it out. Watched the show. Yeah, 0:20:42.880 --> 0:20:45.639 that's great. So so let's say that Ben wants to 0:20:45.720 --> 0:20:48.399 contact Matt and he wants the communication to be secure, 0:20:48.440 --> 0:20:50.960 so he sends it across the Tour network using this 0:20:51.040 --> 0:20:54.480 freely available software. He's got the Tour bundle installed and 0:20:54.560 --> 0:20:57.480 he sends the message along. So here's what happens. Ben 0:20:57.520 --> 0:21:01.080 would contact a proxy server on the TORN network. Now, 0:21:01.200 --> 0:21:05.080 that proxy server would then determine the route of nodes 0:21:05.560 --> 0:21:07.520 or the number of hops that it will take to 0:21:07.600 --> 0:21:11.480 get from the proxy server to Matt's computer. So for 0:21:11.600 --> 0:21:16.000 argument's sake, let's say again that it's just uh five nodes, 0:21:16.119 --> 0:21:18.960 So it's a B, C, D E. Those are the 0:21:19.119 --> 0:21:22.439 Those are the nodes that it's going to go through. Now, 0:21:23.280 --> 0:21:27.639 each hop becomes an encryption layer on this onion, and 0:21:27.680 --> 0:21:31.040 the core of the onion is Ben's original message to Matt, 0:21:31.160 --> 0:21:34.440 So that's the very center. Now Ben's proxy server starts 0:21:34.480 --> 0:21:38.720 to construct layers of encryption based upon the path that 0:21:38.880 --> 0:21:42.560 this onion is going to take journeying from the proxy 0:21:42.600 --> 0:21:46.000 server all the way to Matt's computer, and the innermost 0:21:46.119 --> 0:21:49.320 layer will be the encryption for Matt's proxy. Yes, so 0:21:49.359 --> 0:21:52.440 the next layer out would be the node just before 0:21:52.640 --> 0:21:55.920 it gets to Matt's proxy. The next layer out would 0:21:55.920 --> 0:21:57.520 be the node before that, and so on and so 0:21:57.600 --> 0:22:00.240 forth until you got to the first node that the 0:22:00.280 --> 0:22:03.919 proxy server sends this onion onto. Now, every time the 0:22:03.960 --> 0:22:08.000 onion travels to a new node, it decrypts that layer. 0:22:08.200 --> 0:22:12.040 The corresponding layer strips of encryption. Yeah, so that that 0:22:12.160 --> 0:22:14.679 layer of the onion gets pulled away, and that's how 0:22:14.720 --> 0:22:19.000 the node knows where to send it onto. Next, so 0:22:19.240 --> 0:22:22.199 proxy service sends it on to node A. Note A 0:22:22.320 --> 0:22:24.960 strips away that encryption and sees that needs to send 0:22:24.960 --> 0:22:28.720 it on to Node B. Node B gets this onion. 0:22:29.359 --> 0:22:32.320 Now Node BE only knows that Note A set the onion, 0:22:32.359 --> 0:22:34.879 doesn't know where the onion originally came from, and it 0:22:35.359 --> 0:22:38.720