WEBVTT - The Secrets of Tor and the Deep Web 0:00:04.200 --> 0:00:07.160 Get in touch with technology with text stuff from how 0:00:07.240 --> 0:00:14.680 stuff dot com either and welcome to text stuff. I'm 0:00:14.760 --> 0:00:17.360 Jonathan Strickland and I'm Lauren Bock Obama, and I'm in 0:00:17.400 --> 0:00:21.639 the dark. That the dark, the dark dark net, dark 0:00:21.760 --> 0:00:24.680 dark Web. I don't think we're actually in the dark snet. No, 0:00:24.800 --> 0:00:27.000 Actually we're pretty much on the light. But we're gonna 0:00:27.040 --> 0:00:29.960 talk a little bit about the dark net. Really, what 0:00:29.960 --> 0:00:33.400 we're going to talk about is Tour, right, that was 0:00:33.440 --> 0:00:36.639 originally an act from him for the Onion Router. Yeah, 0:00:36.720 --> 0:00:39.320 now it's just Tour. They still have an onion that 0:00:39.560 --> 0:00:41.680 is in their logo. It takes the place of the 0:00:41.760 --> 0:00:44.640 O in Tour t o R. And that's not just 0:00:44.680 --> 0:00:46.920 because they really like onions. There's a reason that we 0:00:46.920 --> 0:00:49.199 will get into. Yeah, but so, but so, what is this? 0:00:49.320 --> 0:00:52.320 So all the Mighty Tour is one of the Avengers. 0:00:52.720 --> 0:00:56.280 He wields the hammer Jolner, and his brother is Loki. 0:00:57.760 --> 0:00:59.880 She's not even rolling her eyes, she's just staring me 0:01:00.040 --> 0:01:02.960 down this time. Okay. So seriously, though, what Tour is 0:01:03.360 --> 0:01:06.680 free software. It's an open network and it helps you 0:01:06.800 --> 0:01:10.400 defend against traffic analysis. In other words, people trying to 0:01:10.400 --> 0:01:13.440 figure out what you are doing and who you're communicating with. 0:01:13.959 --> 0:01:17.440 Traffic analysis is a form of network surveillance that threatens 0:01:17.480 --> 0:01:21.520 personal freedom and privacy. UH, it threatens confidential business activities 0:01:21.560 --> 0:01:25.720 and relationships, and it threatens state security. Therefore, some folks 0:01:25.959 --> 0:01:27.840 got together and said, hey, you know what we should 0:01:27.840 --> 0:01:30.200 do is we should come up with the means to 0:01:30.280 --> 0:01:33.640 allow people to communicate over the Internet, but do so 0:01:34.040 --> 0:01:37.360 in a private, anonymous fashion, so that you can set 0:01:37.400 --> 0:01:40.399 up these anonymous channels. Perhaps the most popular way to 0:01:40.480 --> 0:01:43.640 access this is through a customized built a Firefox called 0:01:43.680 --> 0:01:47.120 the the Tour Browser Bundle. Right, yeah, because just using 0:01:47.160 --> 0:01:50.080 Tour on its own is one thing to do to 0:01:50.080 --> 0:01:51.680 to allow you to have a little more of an 0:01:51.680 --> 0:01:56.040 anonymous presence, But it requires more than that, because if 0:01:56.040 --> 0:01:58.520 you access Tour through some other means, if you don't 0:01:58.560 --> 0:02:02.880 have say Flash disabled in your web browser, then you're 0:02:02.920 --> 0:02:06.200 still kind of broadcasting where you are because Flash often 0:02:06.320 --> 0:02:10.960 involves UH identification information in order for it to work. 0:02:11.240 --> 0:02:13.880 So it is open source, so if you feel like 0:02:13.919 --> 0:02:15.840 getting in there and and doing your own thing, you're 0:02:15.840 --> 0:02:19.320 absolutely able to um and uh and and a lot 0:02:19.320 --> 0:02:21.840 of people do use it in one form or another. 0:02:21.880 --> 0:02:24.720 At its peak in more than half a million people 0:02:24.760 --> 0:02:27.959 were using it every day. Yeah, oddly enough, I think 0:02:29.440 --> 0:02:30.880 as I a call in that year, there was some 0:02:30.960 --> 0:02:37.440 news that broke about government agencies. Yeah, Edward Snowden had 0:02:37.480 --> 0:02:40.360 that leak about the n s A, and suddenly people 0:02:40.400 --> 0:02:43.800 were thinking, you know, I was like it doubled. Yeah. Yeah, 0:02:43.880 --> 0:02:46.239 it was one of those things where people began to 0:02:46.280 --> 0:02:49.440 get very concerned. And it's not necessarily that these people 0:02:49.440 --> 0:02:52.000 are doing anything wrong. In fact, that's not the point 0:02:52.040 --> 0:02:55.120 at all. The point is that they have an expectation 0:02:55.280 --> 0:02:58.800 to privacy and being able to hold this kind of 0:02:58.840 --> 0:03:04.760 anonymous communication with other people. The communication itself isn't necessarily anonymous, 0:03:04.760 --> 0:03:08.480 but the channels are. Uh, you know, that's just that's 0:03:08.520 --> 0:03:10.920 just an expectation we have. It's not that, you know, 0:03:11.200 --> 0:03:14.000 I'm planning something to various, it's just if I want 0:03:14.000 --> 0:03:17.520 to send a message to Lauren and it's just for 0:03:17.639 --> 0:03:21.600 Lauren's eyes, I don't think anyone else has the right 0:03:21.639 --> 0:03:24.280 to look in on that. So yeah, and in normal 0:03:24.320 --> 0:03:28.600 internet traffic, that's absolutely a possibility. Yes. Because we've talked 0:03:28.639 --> 0:03:31.720 a lot about how information travels across the internet, you know, 0:03:31.800 --> 0:03:34.640 it all gets divided up into these little packets. Then 0:03:34.680 --> 0:03:37.600 the packets go across the network and then get put 0:03:37.640 --> 0:03:40.360 together Willy Wonka style on the other side, so that 0:03:40.400 --> 0:03:42.200 you get whatever it is you were trying to send, 0:03:42.360 --> 0:03:45.240 which is unfortunately probably not a delicious chocolate bar no 0:03:45.600 --> 0:03:48.800 or Mike TV either, it's not neither of those things. 0:03:48.800 --> 0:03:50.280 What it might be like if I if I were 0:03:50.360 --> 0:03:53.160 to send that email to Lauren and it's a sizeable email, 0:03:53.440 --> 0:03:56.680 that email gets divided up into numerous packets. The packets 0:03:57.000 --> 0:03:59.840 go across the Internet, not necessarily taking the same path, 0:04:00.440 --> 0:04:03.840 and they eventually reassemble on the other side and Lauren 0:04:03.880 --> 0:04:06.000 can read it. But in order for that to happen, 0:04:06.280 --> 0:04:08.920 these packets have to have little bits of information so 0:04:08.960 --> 0:04:12.280 the routers know where to send the information onto next. 0:04:12.720 --> 0:04:16.159 So it's kind of like an address on a piece 0:04:16.160 --> 0:04:19.440 of mail. So let's say that you've got a snoop 0:04:19.520 --> 0:04:24.680 in your neighborhood and this person is getting into everybody's business. 0:04:24.760 --> 0:04:27.240 And the way this person does it is they look 0:04:27.240 --> 0:04:30.480 at all the mail that's going in and out of 0:04:30.520 --> 0:04:33.560 a person's mailbox, and even if they're not opening that 0:04:33.680 --> 0:04:36.200 mail and and reading all of it, just just the 0:04:36.200 --> 0:04:39.240 fact that you're sending it to particular people at particular 0:04:39.279 --> 0:04:42.440 times can tell that snoop a lot about what's going on. Right, 0:04:42.480 --> 0:04:45.800 So if you're sending out uh, you know, envelopes to 0:04:46.160 --> 0:04:50.440 say a medical facility, that could give a lot of 0:04:50.480 --> 0:04:53.479 information to a snoop if they're seeing that stuff from 0:04:53.880 --> 0:04:56.839 various insurance companies is coming into you, that could you know, 0:04:57.000 --> 0:04:59.359 I'm going with a medical thing here. But really this 0:04:59.440 --> 0:05:03.440 applies to any sort of communication. So so what we're 0:05:03.440 --> 0:05:06.159 saying is that it's not enough for the content of 0:05:06.200 --> 0:05:09.440 what you send over the internet, uh necessarily, I mean 0:05:09.480 --> 0:05:12.400 you are hypothetical, you maybe you're fine. It's not enough 0:05:12.440 --> 0:05:15.960 for you to encrypt the content, but the actual transfer 0:05:16.000 --> 0:05:19.560 of the content in some cases needs to be encrypted exactly. 0:05:19.640 --> 0:05:22.600 And there are a lot of legitimate cases where you 0:05:22.600 --> 0:05:25.640 would want that to happen. I mean, let's talk about 0:05:25.920 --> 0:05:29.240 journalists for example. So you might have a journalist who 0:05:29.400 --> 0:05:34.760 is pursuing some major story, perhaps they're in unfriendly territory 0:05:34.839 --> 0:05:37.240 to do so, and they want to be able to 0:05:37.720 --> 0:05:41.400 contact sources that might be in danger otherwise if there 0:05:41.480 --> 0:05:45.279 if if this communication were publicly known, or really anything 0:05:45.320 --> 0:05:49.200 that could endanger the journalist, a source or the story itself, 0:05:49.680 --> 0:05:51.680 then you would want to have a way of securely 0:05:51.680 --> 0:05:55.479 communicating and making sure that no one's really snooping in 0:05:55.560 --> 0:05:59.240 on you. Well, that's that's a perfectly legitimate source. Their 0:05:59.360 --> 0:06:02.200 governments use this kind of thing in order so that 0:06:02.279 --> 0:06:06.760 they can gather information and disseminate information. Uh, you've got 0:06:06.800 --> 0:06:09.159 companies that use this kind of stuff in order to 0:06:10.040 --> 0:06:14.120 have secure communications about upcoming products or services that are 0:06:14.160 --> 0:06:16.359 not part of the public knowledge and don't need to 0:06:16.400 --> 0:06:18.520 be Oh sure, I mean even if you're just doing 0:06:18.680 --> 0:06:20.880 r and D about something, you know, like like let's 0:06:20.920 --> 0:06:23.600 say that you're the example that you used and in 0:06:23.600 --> 0:06:25.320 our notes here is Apple. Like if here, if you're 0:06:25.320 --> 0:06:29.800 creating a new product and you start researching patents online, um, 0:06:30.320 --> 0:06:33.880 the right person could could find your searches and figure 0:06:33.880 --> 0:06:37.840 out what you were looking for. And that sucks for you. Yeah, yeah, 0:06:37.839 --> 0:06:41.719 if you had the next big idea and you were waiting, 0:06:41.880 --> 0:06:44.480 because you know, like the company of Apple, they get 0:06:44.520 --> 0:06:49.279 a lot of you a boost from folks whenever they 0:06:49.320 --> 0:06:52.599 announced something brand new that surprises everyone, which of course 0:06:52.680 --> 0:06:57.720 is exactly why you have so many news agencies scrutinizing 0:06:57.960 --> 0:07:01.200 everything Apple does in order to try and guess what's 0:07:01.240 --> 0:07:05.000 coming next. So the more you're able to keep that secret, 0:07:05.080 --> 0:07:07.640 the bigger the impact is when you unveil it. Because 0:07:08.360 --> 0:07:12.120 the worst the worst feeling is when you tune into 0:07:12.160 --> 0:07:14.400 an Apple event and it ends up being exactly what 0:07:14.480 --> 0:07:18.040 you expected it was to be. Every everyone still tunes in, 0:07:18.080 --> 0:07:20.440 but then they're like, oh, but that's exactly what they 0:07:20.480 --> 0:07:23.280 were talking about last week. I know, and you read 0:07:23.440 --> 0:07:29.119 what they wrote last week, so stop it me. Sure, 0:07:29.240 --> 0:07:32.480 and and lots of other people who could generally be 0:07:32.680 --> 0:07:35.800 considered to be working for for non nefarious purposes, but 0:07:36.120 --> 0:07:39.840 nonetheless would like a little bit of secrecy, uh, for example, 0:07:39.880 --> 0:07:43.480 activists or whistleblowers um or you know Chinese citizens who 0:07:43.480 --> 0:07:45.400 really just want to use Facebook or read news from 0:07:45.440 --> 0:07:48.440 other countries. Sure, and we've seen plenty of examples also, 0:07:48.520 --> 0:07:51.600 things like the Arabs Spring. You know, places in the 0:07:51.600 --> 0:07:55.320 world where you have people who are trying to enact 0:07:55.440 --> 0:07:59.760 change in a very harsh environment where if their activities 0:07:59.800 --> 0:08:03.840 were picked up on by official sources, government sources, state 0:08:03.960 --> 0:08:08.800 sponsored sources, they could face some serious consequences. And it's 0:08:08.800 --> 0:08:11.160 not necessarily the again, like you said, that they're doing 0:08:11.160 --> 0:08:13.920 anything nefarious it's just they can't do it at all 0:08:14.000 --> 0:08:18.400 without fear of some form of consequence unless that can 0:08:18.440 --> 0:08:20.680 remain secure. So you've got to figure out how do 0:08:20.760 --> 0:08:24.360 we make this secure. Also, we have to figure out 0:08:24.680 --> 0:08:26.920 how do we frame this in such a way where 0:08:26.960 --> 0:08:31.600 we also admit some people do use it for nefarious purposes. Oh, sure, 0:08:31.600 --> 0:08:34.520 of course. I mean there are plenty of people out 0:08:34.520 --> 0:08:37.040 there who are going to use this kind of anonymous 0:08:37.040 --> 0:08:41.520 connection in order to conduct illegal or otherwise illicit activities. 0:08:41.640 --> 0:08:44.480 We've talked about some of them in previous episodes, in fact, 0:08:44.800 --> 0:08:48.400 and we'll mention some more as we go along. So again, 0:08:48.440 --> 0:08:50.520 it's one of those things where you would probably argue 0:08:50.520 --> 0:08:54.720 that it's a relatively small percentage of the population using 0:08:54.720 --> 0:08:57.000 it for these purposes, but they're the ones who get 0:08:57.000 --> 0:09:00.800 the most press, uh, and so therefore or it kind 0:09:00.840 --> 0:09:04.160 of creates this public perception that people who use tour 0:09:04.280 --> 0:09:07.840 are up to something. Also, you know, we mentioned the 0:09:07.880 --> 0:09:12.720 fact that in a normal Internet communication, the you know what, 0:09:12.720 --> 0:09:16.360 what amounts to the uh, the address on the label 0:09:16.480 --> 0:09:18.960 is perfectly visible because it needs to be so that 0:09:19.040 --> 0:09:21.480 it can route across gets to the place it's gone. 0:09:21.679 --> 0:09:24.120 And Tour they had to figure out a way around 0:09:24.160 --> 0:09:27.120 that so that you could have it be obuse skated 0:09:27.240 --> 0:09:30.720 so that if someone were to snoop in on communication, 0:09:30.760 --> 0:09:33.120 they would not be able to determine what the origin 0:09:33.200 --> 0:09:38.520 nor destination were. And that it is pretty amazing stuff 0:09:38.520 --> 0:09:40.120 because you've got you gotta figure out a way of 0:09:40.160 --> 0:09:42.960 implementing that where it can still work, Like how do 0:09:43.000 --> 0:09:46.160 you disguise the address and still hope that it gets 0:09:46.160 --> 0:09:49.160 to where it's going? Because if we did that to 0:09:49.200 --> 0:09:52.559 the to the US Postal Service, our stuff would never 0:09:52.600 --> 0:09:56.240 get anywhere and it wouldn't be their fault either, because 0:09:56.559 --> 0:09:58.520 you just wouldn't be following the rules. Oh sure, yeah, 0:09:58.520 --> 0:10:00.360 I if you don't write your address on something, then 0:10:00.960 --> 0:10:03.920 how does it get to that place? So here's another 0:10:04.000 --> 0:10:08.520 funny thing, Lauren, Um, who was it that came up 0:10:08.559 --> 0:10:11.720 with this whole tour idea? I mean it must have 0:10:11.800 --> 0:10:16.360 been like some like hackers you know at def con 0:10:16.840 --> 0:10:19.400 convention who all got together and said, we don't want 0:10:19.400 --> 0:10:21.880 the government looking in on our stuff, right, you know? 0:10:21.880 --> 0:10:24.840 It was the government? It was it was it was 0:10:24.920 --> 0:10:28.360 the U. S. Naval Research Laboratory UM back in back 0:10:28.360 --> 0:10:33.040 in actually, which makes it extra hilarious that that the 0:10:33.240 --> 0:10:36.160 n s A has kind of been trying to crack 0:10:36.400 --> 0:10:39.360 trying to crack it because you've got a government agency 0:10:39.559 --> 0:10:43.359 doing its best to figure out how to intercept information 0:10:43.400 --> 0:10:47.199 that goes across a tour network, and another government US 0:10:47.280 --> 0:10:52.600 government entity that's responsible in large part for the creation 0:10:52.720 --> 0:10:56.520 for creation and furthermore, other governmental agencies that are responsible 0:10:56.559 --> 0:10:59.679 for funding it. As of twelve, one point two four 0:10:59.720 --> 0:11:04.440 million dollars half of tours revenue UH came from government grants, 0:11:04.480 --> 0:11:07.400 including a large part from the Department of Defense. So 0:11:07.679 --> 0:11:10.199 this is an example of two different parts of the 0:11:10.280 --> 0:11:13.880 United States government working at odds against each other, one 0:11:13.920 --> 0:11:16.680 part saying this is absolutely necessary for us to be 0:11:16.760 --> 0:11:20.240 able to operate in a secure way, and the other 0:11:20.280 --> 0:11:22.760 part saying, we want to be able to see what's 0:11:22.800 --> 0:11:25.280 going on here. So so so yeah. But but but this 0:11:25.440 --> 0:11:28.839 all got its start back with the U. S. Navy 0:11:28.920 --> 0:11:32.840 and UM. It was part of an onion rooting project 0:11:33.480 --> 0:11:37.360 routing project rooting. If you're in England, it's routing. Here 0:11:37.400 --> 0:11:40.800 in the US, it's usually routing either way. Why would 0:11:40.840 --> 0:11:44.000 you even call it an onion It's because it relies 0:11:44.120 --> 0:11:47.599 upon quote a layered object to direct the construction of 0:11:47.640 --> 0:11:51.439 an anonymous, bidirectional, real time virtual circuit between two communicating 0:11:51.480 --> 0:11:55.320 parties and initiator and responder. And that's as clear as day. Yeah, 0:11:55.360 --> 0:11:57.679 we can just end up podcast now. Guys, don't worry. 0:11:57.679 --> 0:12:00.480 We're going to explain the whole layered thing a little 0:12:00.480 --> 0:12:04.400 bit later on. So we will. We will make sure 0:12:04.480 --> 0:12:08.080 that you understand why an onion it's actually a pretty 0:12:08.080 --> 0:12:12.160 clever way to describe what's going on. But the project 0:12:12.240 --> 0:12:16.599 had specific goals to research and develop and build anonymous 0:12:16.600 --> 0:12:21.560 communication systems, to analyze other anonymous communications systems, and to 0:12:21.640 --> 0:12:26.960 create low latency Internet based systems that resisted traffic analysis, eavesdropping, 0:12:26.960 --> 0:12:31.240 and other attacks from outsiders as an Internet routers or 0:12:31.320 --> 0:12:36.880 insiders as an Onion routing servers. So if the best 0:12:37.360 --> 0:12:40.960 uh the ideal was to create some form of distributed 0:12:41.000 --> 0:12:44.160 system where you could have two parties communicating with one 0:12:44.200 --> 0:12:46.719 another and no one would be able to know that 0:12:46.760 --> 0:12:49.520 those two parties were in communication. They would know the 0:12:49.520 --> 0:12:52.640 communication is going on because traffic is moving across the network, 0:12:53.040 --> 0:12:55.600 but because of the network's design, they would have no 0:12:55.640 --> 0:12:58.840 way of knowing what to end parties were actually communicating 0:12:58.880 --> 0:13:00.760 with one another. Because just as we were saying with 0:13:00.800 --> 0:13:04.160 that snoop. Even if you can't see what the information 0:13:04.200 --> 0:13:07.480 itself is, just knowing who is talking to whom gives 0:13:07.480 --> 0:13:11.719 you a lot of info. Right. Because of this, And 0:13:11.720 --> 0:13:14.120 funnily enough, the Navy actually had to step back from 0:13:14.120 --> 0:13:16.920 the project in order to make it actually useful because 0:13:16.960 --> 0:13:20.280 the network needs to be open, right. Um. So, I mean, 0:13:20.400 --> 0:13:22.480 if if you know, if you can see that everything 0:13:22.559 --> 0:13:26.720 is coming through, if on if only the Navy used it, 0:13:26.960 --> 0:13:30.160 then you would know whenever communication was happening that the 0:13:30.240 --> 0:13:33.680 Navy was communicating with people like you would you would 0:13:33.679 --> 0:13:36.520 have limited the number of people that could possibly be 0:13:36.600 --> 0:13:40.040 the ones communicating by making it open and say this 0:13:40.120 --> 0:13:43.080 is a playground where everyone can come in. Suddenly you 0:13:43.120 --> 0:13:46.040 can't tell who's communicating with whom because there's so many's 0:13:46.080 --> 0:13:48.720 too much noise and not in the traffic, right. Um. So, 0:13:48.800 --> 0:13:51.880 the project incorporated as a nonprofit in two thousand six, 0:13:51.960 --> 0:13:54.679 and it currently depends a whole lot on crowdsourcing. Um. 0:13:54.679 --> 0:13:57.600 There are only nine full time to our employees as 0:13:57.600 --> 0:14:02.440 of this podcast, which we are recording on April, by 0:14:02.440 --> 0:14:05.600 the way, um and uh, the rest of the development 0:14:05.640 --> 0:14:08.480 is spread across dozens of part time assistants and hundreds 0:14:08.480 --> 0:14:12.560 of volunteers. The code is open source, which actually makes 0:14:12.559 --> 0:14:15.200 it harder to mess with. Um. You know, like if someone, say, 0:14:15.360 --> 0:14:19.320 say the n s A, tried to create a vulnerability deliberately, 0:14:19.680 --> 0:14:23.160 then anyone could catch it, right. Yeah, it's not like 0:14:23.320 --> 0:14:25.720 it's hidden the way behind closed doors. In that way, 0:14:26.040 --> 0:14:28.600 it gets overlooked and you suddenly have this back door 0:14:28.760 --> 0:14:31.760 entrance into the Tour Network. No, it's it's it's much 0:14:31.760 --> 0:14:33.520 more likely for someone to catch it if lots of 0:14:33.520 --> 0:14:36.000 people are looking. Yeah exactly. Yeah, you've got lots of 0:14:36.000 --> 0:14:38.720 people checking on it all the time. So it's actually 0:14:38.720 --> 0:14:41.280 more secure by being in plain sight in that way. 0:14:41.360 --> 0:14:44.360 So here's how it used to work. Because you know, 0:14:44.400 --> 0:14:48.120 I mentioned that tour was had an onion in the oh, 0:14:48.280 --> 0:14:51.720 but it doesn't really involve onions anymore. And then we've 0:14:51.720 --> 0:14:54.320 mentioned onions. Yeah, so yeah, so we're we're gonna we're 0:14:54.320 --> 0:14:57.040 gonna go back to how it worked originally because the 0:14:57.040 --> 0:14:58.960 way it works now is not that much different, but 0:14:59.000 --> 0:15:03.520 it doesn't involve the onion metaphor anymore. So, first of all, 0:15:03.520 --> 0:15:07.720 to achieve anonymity, the Tour Network uses something called privoxy filters, 0:15:07.760 --> 0:15:12.240 which prevent client information from reaching servers. So this means 0:15:12.280 --> 0:15:15.000 that a client, you know, that's that's your computer when 0:15:15.040 --> 0:15:18.640 you are trying to access anything. Let's say you're using 0:15:18.680 --> 0:15:21.760 your your browser to access your email, because I love 0:15:21.800 --> 0:15:24.680 that example. It's easy one. So your your computer is 0:15:24.720 --> 0:15:28.280 the client. It's sending a request to another computer. It's 0:15:28.400 --> 0:15:33.080 asking for data from this computer that hosts the the 0:15:33.120 --> 0:15:37.200 email service that you use, and that is called the server. Now, 0:15:37.200 --> 0:15:40.560 normally the server receives information that can identify the client, 0:15:40.920 --> 0:15:45.080 so you have some sort of address that identifies this 0:15:45.160 --> 0:15:48.000 is the machine that's asking for that information, So then 0:15:48.040 --> 0:15:51.640 the server knows exactly who it's talking to. Well, privoxy 0:15:51.720 --> 0:15:54.840 filters prevent that from happening, so it's possible for a 0:15:54.880 --> 0:15:59.200 client's identity to remain unknown to the server and also 0:15:59.280 --> 0:16:01.960 to the rest of the network as these requests go 0:16:02.000 --> 0:16:05.080 across the network. Also, one of the other things that 0:16:05.120 --> 0:16:07.040 has and we'll talk more about this in a bit, 0:16:07.600 --> 0:16:11.280 is the ability to create hidden services. But you know, 0:16:11.320 --> 0:16:13.760 I'm not going to spoil that because the discussion we 0:16:13.800 --> 0:16:16.000 have later on will really kind of bring that to 0:16:16.160 --> 0:16:18.440 light and it will make much more sense after we 0:16:18.520 --> 0:16:22.840 talk about exactly how this communication occurs. Yes, so it's 0:16:23.160 --> 0:16:27.200 possible to use onion routing software to send information completely anonymously. 0:16:27.240 --> 0:16:29.360 In other words, you could use it so that you 0:16:29.400 --> 0:16:32.520 could send an anonymous message to someone else. They would 0:16:32.560 --> 0:16:34.680 not know the identity of that person. But that's not 0:16:34.760 --> 0:16:38.240 the purpose of tour. The purpose, like I said before, 0:16:38.360 --> 0:16:42.880 is to allow anonymous channels of communication. So you and 0:16:43.000 --> 0:16:45.840 the person with whom you're communicating know each other's identity, 0:16:46.040 --> 0:16:48.960 but nobody else does, right, So this allows you to 0:16:49.120 --> 0:16:53.160 have that honest, open expression of information without fear of 0:16:53.200 --> 0:16:56.680 someone else snooping in on you or any other consequences 0:16:56.720 --> 0:16:59.960 apart from whatever consequences come from just that communication between 0:17:00.000 --> 0:17:03.560 two parties. If you tell someone that they dressed like 0:17:03.560 --> 0:17:05.680 a slab, there's going to be consequence, is what I'm saying. 0:17:05.840 --> 0:17:07.600 It doesn't have to be someone snooping in on you. 0:17:08.800 --> 0:17:12.600 Good point. I get that a lot. Uh. So it 0:17:12.800 --> 0:17:15.800 uses proxy servers, and a proxy server acts as an 0:17:15.800 --> 0:17:19.960 intermediary between a client and some other server. So you 0:17:20.000 --> 0:17:21.359 can kind of think of it as this is the 0:17:21.400 --> 0:17:25.080 go between. So if I were to send a request 0:17:25.119 --> 0:17:27.960 to get my email, but I wanted to go through 0:17:27.960 --> 0:17:31.119 a proxy server, I would log into the proxy server. 0:17:31.520 --> 0:17:34.920 The proxy server would then send my request onto the 0:17:35.000 --> 0:17:39.400 email server, and from the email servers perspective, it looked 0:17:39.400 --> 0:17:42.160 like the proxy server was the origin of that request. 0:17:42.600 --> 0:17:46.960 It isn't able to see back to exactly there's a 0:17:46.960 --> 0:17:51.879 hop missing there. So that's really important in this. And uh, 0:17:52.040 --> 0:17:55.600 the communication part is the tricky part. Like I said, 0:17:55.640 --> 0:17:59.000 so you've got this information, it's passing between nodes or 0:17:59.280 --> 0:18:03.320 little orders within the tour network. Okay, so think of 0:18:03.359 --> 0:18:07.040 these nodes as rest stops between the client, the sender, 0:18:07.320 --> 0:18:10.440 and the recipient the server. Right, Each node only knows 0:18:10.480 --> 0:18:13.720 the identity of the node before it and the note 0:18:13.760 --> 0:18:16.399 after it, right, So uh, and the note before it 0:18:16.440 --> 0:18:19.800 and after it completely is dependent upon when you're sending 0:18:19.840 --> 0:18:22.960 the message, because you're you're going to create new pathways 0:18:23.000 --> 0:18:25.320 every time you create a connection, so it's not like 0:18:25.400 --> 0:18:28.800 you have a set path each time. It's like the Internet. 0:18:28.960 --> 0:18:32.639 It's very flexible. So when you send a message, and 0:18:32.720 --> 0:18:35.640 let's say it's going through letters A through G, we're 0:18:35.680 --> 0:18:37.879 just designating these nodes as A through G and for 0:18:37.920 --> 0:18:39.679 some reason it's going into a B C, D, E 0:18:39.760 --> 0:18:43.520 F G order. So node D only knows about nodes 0:18:43.680 --> 0:18:46.840 C and E. The information came from C. It knows 0:18:46.880 --> 0:18:49.239 it has to send the information onto E. It has 0:18:49.359 --> 0:18:52.320 no awareness of a B or you know, effor G. 0:18:52.960 --> 0:18:56.760 So that's it. And that means that if you were 0:18:56.840 --> 0:19:00.639 to intercept information passing between two nodes, you would just 0:19:00.680 --> 0:19:02.480 know which note it came from and which node it 0:19:02.520 --> 0:19:04.919 went to. You wouldn't know the actual person who sent it, 0:19:05.000 --> 0:19:07.520 nor would you know the person to whom it went. Ultimately, 0:19:07.720 --> 0:19:11.400 on top of that, the nodes encrypt the communication as 0:19:11.440 --> 0:19:14.160 it's passed along. Yes, and this is where you get 0:19:14.160 --> 0:19:17.840 that layer and layer and layer of encryption. And because 0:19:17.880 --> 0:19:21.000 there's so many layers of encryption, well, what else has 0:19:21.119 --> 0:19:24.240 lots of layers? And Onion I was gonna think of 0:19:24.359 --> 0:19:26.840 Game of Thrones, but yes, Onion is right. Onion is 0:19:26.880 --> 0:19:29.000 exactly the thing that they went with because Game of 0:19:29.040 --> 0:19:32.160 Thrones really wasn't that popular. Also, it's proprietary. I mean, 0:19:32.200 --> 0:19:34.920 you know, yeah, that probably would have George R. Martin 0:19:35.280 --> 0:19:37.359 gotten a little upset about that. But yeah, so so 0:19:37.440 --> 0:19:40.160 Onion is in fact what they went with because there's 0:19:40.200 --> 0:19:43.640 so many different layers of encryption. Now I've I know 0:19:43.720 --> 0:19:47.560 that this discussion we've just had is really dense and 0:19:47.640 --> 0:19:51.080 there's a lot of things about nodes and traffic and 0:19:51.200 --> 0:19:54.679 encryption and layers here. So I created an example to 0:19:54.760 --> 0:19:57.359 kind of illustrate this. And we're going to get to 0:19:57.400 --> 0:20:00.320 that in just a moment, but before we do, let's 0:20:00.320 --> 0:20:03.920 take a quick break to thank our sponsor. Okay, So 0:20:04.200 --> 0:20:07.080 here's my example, and I think it's a doozy of 0:20:07.119 --> 0:20:11.360 an example because it's completely believable. I decided to use 0:20:11.440 --> 0:20:14.560 as an example two of our beloved co workers here 0:20:14.600 --> 0:20:17.359 at how stuff works. Uh, and when you start thinking 0:20:17.400 --> 0:20:20.720 to yourself, who would be so paranoid that they would 0:20:20.720 --> 0:20:25.480 need an incredibly secure communication process? Two names leap to 0:20:25.600 --> 0:20:28.480 mind from the shadows and then back into the shadows, 0:20:28.520 --> 0:20:30.720 because that's where they belong. One of them wearing a 0:20:30.760 --> 0:20:33.600 gremlin mask ye, and maybe a fedora on top of it. 0:20:33.600 --> 0:20:36.199 It's not a fedora, I know, Ben Dora. No, it's 0:20:36.240 --> 0:20:38.520 a trill Bey, I'm going to call it a fedor anyway, 0:20:38.560 --> 0:20:41.680 So Ben Bolan and Matt Frederick so Stuff they don't 0:20:41.680 --> 0:20:44.200 want you to know hosts. Yes, and if you've never 0:20:44.320 --> 0:20:48.760 ever listened to that show, go check it out. Watched show. Yeah, 0:20:48.760 --> 0:20:51.520 that's great. So So let's say that Ben wants to 0:20:51.600 --> 0:20:54.240 contact Matt and he wants the communication to be secure, 0:20:54.320 --> 0:20:56.840 so he sends it across the Tour network using this 0:20:56.920 --> 0:21:00.360 freely available software. He's got the Tour bundle installed, and 0:21:00.440 --> 0:21:03.359 he sends the message along. So here's what happens. Ben 0:21:03.359 --> 0:21:06.960 would contact a proxy server on the Tour network. Now, 0:21:07.040 --> 0:21:10.920 that proxy server would then determine the route of nodes 0:21:11.440 --> 0:21:13.399 or the number of hops that it will take to 0:21:13.440 --> 0:21:17.320 get from the proxy server to Matt's computer. So for 0:21:17.480 --> 0:21:21.840 argument's sake, let's say again that it's just uh five nodes, 0:21:22.000 --> 0:21:24.840 So it's a B, C, D E. Those are the 0:21:25.000 --> 0:21:28.280 Those are the nodes that it's going to go through. Now, 0:21:29.160 --> 0:21:33.520 each hop becomes an encryption layer on this onion, and 0:21:33.560 --> 0:21:36.920 the core of the onion is Ben's original message to Matt, 0:21:37.000 --> 0:21:40.320 so that's the very center. Now Ben's proxy server starts 0:21:40.320 --> 0:21:44.600 to construct layers of encryption based upon the path that 0:21:44.760 --> 0:21:48.400 this onion is going to take journeying from the proxy 0:21:48.480 --> 0:21:51.880 server all the way to Matt's computer, and the intermost 0:21:51.960 --> 0:21:55.199 layer will be the encryption for mats proxy. Yes, so 0:21:55.240 --> 0:21:58.320 the next layer out would be the node just before 0:21:58.480 --> 0:22:01.760 it gets to Matt's proxy. The next layer out would 0:22:01.760 --> 0:22:03.359 be the node before that, and so on and so 0:22:03.480 --> 0:22:06.080 forth until you got to the first node that the 0:22:06.080 --> 0:22:09.800 proxy server sends this onion onto. Now, every time the 0:22:09.840 --> 0:22:13.879 onion travels to a new node, it decrypts that layer, 0:22:14.040 --> 0:22:18.280 the corresponding layer of encryption. Yeah, so that that layer 0:22:18.320 --> 0:22:20.679 of the onion gets pulled away, and that's how the 0:22:20.720 --> 0:22:25.560