HAMBURG – For an intoxicating moment last summer, the revelation of the NSA's Net surveillance programs seemed to have radically transformed public attitudes toward online privacy.
Almost overnight, apparent usage of the Tor anonymous-surfing network jumped fivefold. The explanation, however, turned out to be rather less promising than hoped.
"Some jerk in Ukraine had signed up five million nodes of his botnet as TOR clients," Roger Dingledine, the project's director, speaking here at the 30th annual Chaos Communication Congress (CCC). "If this had been an attack turned against the Tor network, we might not have made it."
Yet even discounting this illusory surge in interest, 2013 proved a critical year for the 11-year-old project. It saw its public profile increase sharply, but largely thanks to high-profile law-enforcement operations that associated it with child pornography or drug sales rather than the facilitation of free speech.
Meanwhile, tacit opposition by intelligence and law enforcement agencies took the new form of deliberate and indiscriminate attacks on Tor network users.
Now, even as the NSA revelations have heightened interest in privacy, the project is being forced to battle on both technical and public-relations fronts in order to grow and remain viable.
"We're in a war, or rather a conflict of perception," Dingledine said. "There are a growing number of people who are learning about TOR not from our site, or these talks, but from mainstream newspapers."
The Tor network has several functions, all aimed at providing near-anonymous network communications.
Individuals can use it for communication that hides the identity of the participants. Similarly, it supports the creation of "hidden service" sites or services, such as web pages, which can only be reached through the Tor network. In both cases, network traffic is encrypted and routed through a number of relay points maintained by volunteers, thus hiding participants' geographic locations and identities.
While not a perfect means of anonymity, it has become widely used by journalists communicating with sources, human rights activists, and dissidents in war-torn areas such as Syria. Indeed, the group's yearly developer meeting in Munich this year was attended by a Syrian woman who said the system had helped her family in Homs communicate with each other and stay alive.
It is stories like hers that the group is now seeking to publicize.
"This is a real thing, with real people involved," said developer Jacob Appelbaum. "If you remove this option for people like that woman in Syria, there are very few other options able to keep people safe."
But headlines in 2013 saw the mainstream media focus more heavily on law-enforcement actions launched against two prominent hidden services on the Tor network. Of these, a company called Freedom Hosting supported sites hosting child pornography, while Silk Road was an online marketplace that enabled the anonymous purchase of drugs. In both cases, the companies used Tor services, but had no connection with the project itself.
The public perception resulting from the cases matters in part because the Tor project is actively seeking funding to help it improve its shielding of users' identities. Currently, 60 percent of its funding comes from U.S. government organizations, with considerably smaller shares from foundations and donated labor.
"Government funding is good because it lets us work, but it's bad because funders can influence our priorities," Dingledine said. "There's no conspiracy, we're never going to put any back door in Tor. But we don't have any funders who want to pay for better anonymity."
The past year also saw increasingly direct attacks on the network and its users by law enforcement and intelligence agencies seeking to pierce its anonymity.
In one instance, according to statements made in Irish courts, the Federal Bureau of Investigation took over Freedom Hosting Tor servers and used them to install malware on Tor users' computers, using a vulnerability in the Firefox browser. The surreptitiously loaded software was designed to establish anonymized surfers' identities.
Separately, documents revealed this year by Edward Snowden also showed that the NSA and Britain's analogous Government Communications Headquarters (GCHQ) have both sought to break Tor's anonymity, also by exploiting weaknesses in the Firefox browser.
The result is a project hard pressed from two sides -- in the media, and by law enforcement agencies in the same government that funds it. As a result, developers are casting their efforts in a more political light, appealing to pro-privacy forces to help the project diversify away from the government funding it now relies on.
"We need to recognize the political context we exist in, especially after the summer of Snowden," Appelbaum said. "There are almost no tools able to resist NSA and GCHQ. They were able to get some Tor users. But they didn't get them all."
