Keeping it open source baby. Tor Social Contract promises no backdoors and complete honesty with its users
The Tor Project has taken a leaf out of Google’s book and pledged to ‘do no harm’ to its users in the form of a ‘Social Contract‘ drawn up to ‘help promote and protect the essential human rights of people everywhere.’
The ‘Tor Social Contract’ covers six guiding principles that the Project intends to adopt after confidence in the network was shaken in recent months.
The anonymity search engine is often viewed as a gateway to the dark web and all its potentially nastiness. A study last year alleged that the majority of traffic to hidden sites on the Tor network for example was to those featuring images of child abuse.
But the Tor Project insists it has loftier principles than that.
“In order to ensure that project members build a Tor that reflects the commitment to our ideals, we’ve taken a cue from our friends at Debian and written the Tor Social Contract – the set of principles that show who we are and why we make Tor,” said the blog.
“Our social contract is a set of behaviours and goals: not just the promised results we want for our community, but the ways we seek to achieve them. The principles can also be used to help recognize when people’s actions or intents are hurting Tor. Some of these principles are established norms; things we’ve been doing every day for a long time; while others are more aspirational – but all of them are values we want to live in public, and we hope they will make our future choices easier and more open.”
Essentially, the Tor social contract is divided into six separate aims.
The first ambition is to “advance human rights by creating and deploying usable anonymity and privacy technologies.” Tor said that privacy, the free exchange of ideas, and access to information are essential to free societies.
Its second ambition is to be open and transparent. “We are committed to transparency; therefore, everything we release is open and our development happens in the open,” it said. “Whenever feasible, we will continue to make our source code, binaries, and claims about them open to independent verification.”
Its third ambition is to keep all its tools free to use, adapt and distribute. Its fourth is to make make Tor and related technologies ubiquitous through advocacy and education. The project said they are ‘ambassadors for online freedom.’
Its fifth pledge is to be honest about the capabilities and limits of Tor and related technologies. “We never intentionally mislead our users nor misrepresent the capabilities of the tools, nor the potential risks associated with using them,” it said. “Every user should be free to make an informed decision about whether they should use a particular tool and how they should use it.”
And finally Tor pledged, like Google did so many years ago, to do no harm. “We will never intentionally harm our users,” it wrote. “We take seriously the trust our users have placed in us. Not only will we always do our best to write good code, but it is imperative that we resist any pressure from adversaries who want to harm our users.”
“We will never implement front doors or back doors into our projects,” it promises. “In our commitment to transparency, we are honest when we make errors, and we communicate with our users about our plans to improve.”
It could be argued that confidence in Tor has been shaken somewhat by recent events. Last year for example it was claimed that researchers funded by the US government had launched a five month attack to unmask Tor users.
Tor alleged last November that the FBI had paid “at least $1m (£675,000)” to researchers at Carnegie Mellon university (CMU) in Pittsburgh to hack the Tor network. Tor made reference to an attack by the FBI in late 2014 which took down dozens of Tor sites, including the drug selling website Silk Road 2.
CMU denied the Tor allegation that the FBI had outsourced a cyber attack in return for cash payment, and pointed to “a number of inaccurate media reports”. But later court documents proved that the CMU was funded by the US Department of Defence, to try and identify users of the service.
Of course Tor was likely to receive attention from law enforcement.
Whilst it offers anonymity for web users, it is also widely used for criminal purposes, such as operating contraband websites. And it is increasingly being used by attackers to hide their identities as they scan for vulnerabilities or carry out attacks.
Tor was also rocked a couple of months ago when one of its developers, Jacob Appelbaum, was forced to step down amid sexual misconduct allegations.
Are you a security pro? Try our quiz!