your arse kicked?”
As it now stands, WikiLeaks claims to be uncensorable and untraceable. Documents can be leaked on a massive scale in a way which “combines the protection and anonymity of cutting-edge cryptographic technologies”. Assange and co have said they use OpenSSL (an open source secure site connection system, like thatused by online retailers such as Amazon), FreeNet (a peer-to-peer method of storing files among hundreds or thousands of computers without revealing where they originated or who owns them), and PGP (the open source cryptographic system abbreviated from the jocular name “Pretty Good Privacy”).
But their main anonymity protection device is known as Tor. WikiLeaks advertises that “We keep no records as to where you uploaded from, your time zone, browser or even as to when your submission was made.” That’s a classic anonymisation via Tor.
US intelligence agencies see Tor as important to their covert spying work and have not been pleased to see it used to leak their own secrets. Tor means that submissions can be hidden, and internal discussions can take place out of sight of would-be monitors. Tor was a US Naval Research Laboratory project, developed in 1995, which has been taken up by hackers around the world. It uses a network of about 2,000 volunteer global computer servers, through which any message can be routed, anonymously and untraceably, via other Tor computers, and eventually to a receiver outside the network. The key concept is that an outsider is never able to link the sender and receiver by examining “packets” of data.
That’s not usually the case with data sent online, where every message is split into “packets” containing information about its source, destination and other organising data (such as where the packet fits in the message). At the destination, the packets are reassembled. Anyone monitoring the sender or receiver’s internet connection will see the receiver and source information, even if the content itself is encrypted. And for whistleblowers, that can be disastrous.
Tor introduces an uncrackable level of obfuscation. Say Appelbaum in Seattle wants to send a message to Domscheit-Berg in Berlin. Both men need to run the Tor program on their machines. Appelbaum might take the precaution of encrypting it first using the free-of-charge PGP system. Then he sends it viaTor. The software creates a further encrypted channel routed through the Tor servers, using a few “nodes” among the worldwide network. The encryption is layered: as the message passes through the network, each node peels off a layer of encryption, which tells it which node to send the payload to next. Successive passes strip more encryption off until the message reaches the edge of the network, where it exits with as much encryption as the original – in this case, PGP-encrypted.
An external observer at any point in the network tapping the traffic that is flowing through it cannot decode what is being sent, and can only see one hop back and one hop forward. So monitoring the sender or receiver connections will only show a transmission going into or coming out of a Tor node – but nothing more. This “onion” style encryption, with layer after layer, gave rise to the original name, “The Onion Router” – shortened to Tor.
Tor also allows users to set up “hidden services”, such as instant messaging, that can’t be seen by tapping traffic at the servers. They’re accessed, appropriately, via pseudo-top-level domains ending in “.onion”. That provides another measure of security, so that someone who has sent a physical version of an electronic record, say on a thumb drive, can encrypt it and send it on, and only later reveal the encryption key. The Jabber encrypted chat service is popular with WikiLeakers.
“Tor’s importance to WikiLeaks cannot be overstated,” Assange told Rolling Stone , when they profiled Appelbaum, his west coast US hacker associate. But Tor has an