The current default on the Internet is no privacy, which makes it easy to track everyone all of the time. But there is a growing community of users, from the military and law enforcement officers to journalists, human rights workers and political activists that are using anonymous Internet communication for good reasons.
“Better Internet privacy is certainly a good thing,” says Dr Murdoch. “Journalists need the ability to communicate with sources working in hostile environments; law enforcement needs to collect intelligence without being tracked; and ordinary people need the ability to build private spaces online. Without strong Internet privacy, many applications are impossible to deploy safely such as electronic voting or online healthcare.”
Tor, originally developed by the U.S. Navy to protect government communications, is now the most widely used open system to provide anonymity on the Internet. It protects Internet traffic via a series of computers selected from the volunteer-operated Tor network to disguise where the traffic is coming from and going to. Tor users are also recommended to use a customised web browser based on Firefox, which helps to prevent tracing based on web browser characteristics.
“In recent years there have been dramatic changes in how anonymous communication systems have been built and how they have been used, including web taking over from email as the major means of communications and users of anonymous communication systems prioritising censorship-resistance over privacy,” says Dr Murdoch.
“Commercial and political realities are also affecting how projects such as Tor are run and software is designed and it is clear that anonymous communication systems will have to adapt themselves to changing circumstances and try to prevent malicious use of Internet anonymity tools. Law enforcement agencies already have a wide range of tools to detect and prevent Internet crime and the vast majority of these will still work when anonymous communication tools are used.”
Dr Murdoch will be speaking at AppSec Europe, from 23-26 June, organised by the OWASP (Open Web Application Security Project) Foundation, an open-source organisation with over 45,000 corporate, educational and individual participants from around the world. OWASP, which provides free, vendor-neutral guidance and is the de-facto source for open knowledge, tools and research around web application security, runs AppSec conferences annually in North America, Latin America, Europe, and Asia Pacific.