Following is the full transcript of journalist and computer security researcher Jacob Appelbaum’s TEDx Talk: The Tor Project, Protecting Online Anonimity at TEDxFlanders conference. This event occurred on October 20, 2012.
Jacob Appelbaum – Computer security researcher
Hi there. It’s a great pleasure to be here and I’m really excited, actually, to see so many familiar faces. And I wanted to tell about my story and how I came to work in anonymity. 18 minutes isn’t really a lot of time to sum up a decade of work, but, I’ll try.
And I’ll start by saying that I met Roger Dingledine, Rachel Greenstadt and Nick Mathewson at a Hacker Convention in Las Vegas. And they told me about this idea, this idea of anonymity. This idea that every person has the right to speak freely, the right to read without exception. This idea that it should be available to each person. They introduced me to the philosophy but also to the technology.
And the technology was very fascinating to me. Overall, what I found to be interesting was this idea that not one human should be excepted from the basic human rights, that we, generally, I think, as a world, agree should exist, should be something that is equally accessible to all, regardless of class, race, gender, sexual orientation.
But what does that actually mean? Well, it turns out, for the Tor Project — which is a free software project for freedom, that I and many others work on — what it means is to actually put enabling technology into the hands of each person so that they can choose whether or not they wish to use it.
And so, what Roger and Nick and Rachel and other members of the Tor Project — who are incredibly inspirational to me — what they were able to show me was that by making it free software, this means that each person would be able to inspect the software — should they wish — or to delegate that task to someone who understands that. It means that each person without cost would be able to use the system and it would allow them to communicate across boundaries that previously were not something that they could transgress without serious risk. This kind of idea, it doesn’t seem terribly radical, I think, in the West. But in some parts of the world this is extremely radical, this notion that you have the right to speak freely, that you do not have to add a national ID card to every statement that you sign, that in fact you might want to show evidence of a crime and you don’t want to take any credit at all for that. In some ways it’s a strange thing.
But in some fields it makes sense. We all have our own personal relationship to privacy and to anonymity. And, we just don’t call it that, usually. So, everyone in this room seems to be wearing clothes, as an example. I want to use the example of curtains in the window but the Dutch, well — curtains and windows that’s not really a good privacy enhancing technology since so many people seem to not use them. But clothes are a good one, because clothes are an example of how technology and society may not be perfect, but we’re still going to try anyway.
And so, what Tor as an anonymity system is trying to do is to give us some autonomy, so that we have the ability to choose when we wish, a thing which we do not claim as perfect, but we claim is better than what we have without this system.
And, what is that exactly? It’s a simple piece of software that you install on your computer or onto your telephone, that can be used with web browsers, with chat programs or whatever you’d like. So if you want to leak a document to the New York Times, or to a reputable source like WikiLeaks, then you could very easily use something like Tor to do that. It is essentially agnostic in the sense that if it runs over the protocol known as TCP/IP, that’s specifically TCP, then that will be something that will work with Tor.
So, if you use the Internet, you’re probably able to do a lot of the things you do on the Internet with Tor. But, to actually talk about why you would want to do that, we sort of have to address what it is that we want to think about. And so, when we talk about anonymity in the Tor project, it usually creates a strange feeling for people. For example, they say, “Well, you know, I don’t really have anything to hide” or “Well, I’m using this service and they promised that they won’t, you know, they won’t do anything bad with that data.” So what we want to do is to create a clear dividing line between what we would call privacy by policy and privacy by design.
Privacy by policy is where a group of people collect all of your private — ostensibly private — communications and information, and they promise that they’re not going to give it to anyone else. Sounds like a great deal right? So, think about it this way: how many of you, if I could have a show of hands in the audience, would be willing to have a stranger, completely — have all of the information on your government issued ID cards and everything in your wallet, which was issued by an agency of some kind or a company how many of people here would just empty their wallet on the street and show all of that to a random passer-by that asked for it? Anybody here? I’m glad there is at least one person. Thanks!
Well, this is an interesting thing, because many of you didn’t raise your hands. I think you probably thought that was the right answer. But, as it just so happens, the interesting notion here is this idea that, somehow, because you don’t show it to someone, because the State keeps it in confidence, that it’s private. Well how could it be private information if the State forces you to give it up? That’s kind of strange. And that only certain members of a privilege class — of privilege employee class, no-less — are allowed to have access to that information in an unfettered manner. Well, that’s strange, to me, that that would be considered private. But that’s the kind of privacy by policy. And sometimes it works all right. So it works really well in cases where it is especially not important that that information is not released.
So, in the case of, say, you’re a victim of domestic violence, it is probably the case that if that information exists somewhere, and someone could get it, it would be quite damaging to you. It could be damaging to your literal life. So, in a privacy by design world, what we might do is create a system where you no longer release your real home address when you need to give that up. In the State where I live in the United States, there’s the thing called the address confidentiality program. And what they do is they give you a special card and this card allows you to say that this is your home address. But if an abusive person exists within one of these State’s agencies, — say you being harassed by a law enforcement, as an example — then if you are in this database, then it would allow you to make sure that the only people that could get that information were people who could get it from the agency that keeps it safe, including from all of the other agencies. This is a kind of privacy by design system, but still a not very strong one. Because ultimately, the authority to release your information rests with someone other than you.
So with Tor, what we’re trying to create is a system — and we have created this system — where that isn’t the paradigm. The paradigm is an absolute privacy by design system, given certain constraints. So, assuming that, the person that wishes to know you are cannot watch the entire Internet, all at the same time. When you use the Tor network, your local network, that is usually the place where censorship and surveillance occur in a way that is linked to you, to your national ID card, to your credit card, to billing information, that connection only sees that you’re connecting to this anonymity network. So that’s really fascinating because it means that when you visit a website or when you visit a service of some kind, it does not know that you’re in Belgium anymore.