Interview with Tor Project Representatives
Date: February 15, 2022
Introduction
Gus: My name is Gus. I work at The Tor Project as a community manager. My team handles translations, digital security training for human rights defenders, user support, and other community-related tasks. We also run campaigns encouraging people to set up Tor bridges and increase the number of nodes in the Tor network. We work closely with the Tor community.
Meskio: I’m Meskio, and I work on the anti-censorship team at Tor. I’m a developer, and I work on tools that help people access the Tor network where it’s blocked or restricted.
What is The Tor Project?
Vadim: What exactly is The Tor Project? I’ve used Tor for many years, but I’m still not sure. Is it a company, a non-profit, an anarchist community where people work when they want and can disappear at any time?
Gus: When we say “Tor,” we can mean different things: the browser, the Tor network, the American non-profit organization, or other parts of the project. Let me explain the different parts of the Tor Project.
- First, it’s a non-profit organization where people work and develop the Tor application. The Tor application is a program that helps you connect to the Tor network.
- The organization also has a team that develops the Tor Browser, which is based on Firefox.
- Then there’s the Tor network, which is not maintained by The Tor Project itself. The Tor network is an open network supported by volunteers worldwide who collaborate with The Tor Project.
If you want to be part of the Tor network, you just need to install Tor on your server, and that’s it—you’re part of the network. The Tor Project doesn’t control the network itself.
Vadim: So, you don’t control it?
Gus: Right, the community does. We encourage people to set up Tor nodes and support the network, but the network isn’t part of the non-profit organization. The non-profit’s goal is to support the “health” of the network, but in practice, it’s run by volunteers. That’s important because if someone told us to stop supporting the Tor network, we’d say, “We can’t do that, because The Tor Project supports the Tor application, not the network itself.”
Vadim: If you wanted to shut down the Tor network, could you?
Gus: The Tor Project can’t do that, because it’s free software—another organization could take it and keep developing it.
Vadim: So, you don’t have a magic button that turns everything off, like a config file where you set it to 0 and it all shuts down?
Gus: No, there’s no such button. That’s what makes Tor different from VPNs. Usually, a VPN is a company, and if they get a court order to shut down, they have to comply. With Tor, that’s impossible, because we don’t control the exit nodes or other nodes in the network. Different organizations or people in different countries run them, so we can’t say, “Turn off all Tor exit nodes in France”—we don’t have that authority.
Meskio: Also, Tor wasn’t originally designed as a censorship circumvention tool—that’s just a side effect. The main goal was privacy, and with privacy, users also get free access to the internet. There are many tools for bypassing censorship, but Tor focuses on privacy. Not every tool offers the same level of privacy, and often, you can’t be sure the developers aren’t watching what users do.
What Does “Privacy” Mean in Tor?
Vadim: When you say “privacy,” what do you mean? That word has so many meanings.
Meskio: I agree, it’s not a trivial definition. When I say “privacy,” I mean the ability to prevent others from knowing what a user does online, who they are, what sites they visit, and so on. In terms of censorship circumvention, Tor is unique because it includes many other tools. We use a technology called “pluggable transports”—small programs designed to bypass censorship. There are many such tools, and depending on the situation, you can use one or another. You can configure this in the Tor Browser settings.
For example, if you use a technology called Snowflake, you connect to Tor, but it looks like you’re participating in a video conference, just like the one we’re having now. Or there are “bridges,” and if someone monitors their traffic, it looks like random data, indistinguishable from other random internet traffic.
Gus: Our products have features for both bypassing censorship and resisting surveillance. If you use Tor Browser, you get both in one browser. Other products usually do one or the other, but with Tor, you get both at the same time. That’s one thing that sets Tor apart. Another is that we’re a fully decentralized project, unlike a VPN, where you can shut down or hack a server and collect user data. In Tor, before you connect to a site, your traffic passes through several different servers around the world. The way it’s set up prevents any single party from collecting user data. That’s what makes Tor different from VPNs. With a VPN, you have to trust the provider’s promises. With Tor, privacy is built into the network’s design. We simply don’t have that information—it’s a completely different approach. We’re not saying, “We have your data, but we won’t give it to the government.” We’re saying, “We really don’t have it,” because the Tor network is supported by different people and organizations. Yes, some of them could be “bad,” but the rest won’t be. You’d have to compromise a significant part of the Tor network to collect information. That’s how Tor differs from other solutions.
Tor Censorship in Russia
Vadim: What happened with access to the Tor network in Russia? It’s clear that the Tor Project website is blocked—there’s an official registry of blocked sites in Russia, it’s updated many times a day, and all operators are required by law to block sites on that list. torproject.org was added to that registry, that’s straightforward. But what about access to the Tor network itself? This was in early December, right?
Gus: Yes, I’ll explain what happened, and then Meskio will talk about the technical ways Tor was blocked. In short, when a user launches Tor Browser on their computer, it first downloads a list of Tor nodes—servers around the world—and then connects to one of them as the first step to joining the Tor network.
Vadim: How many are there? Let’s pretend I don’t know. You said the first step—how many nodes are there?
Gus: There are about 7,000 nodes worldwide in the public list. It’s important to note that, according to our statistics, between 2 and 8 million people use Tor daily. I say 2 to 8 million because Tor is anonymous and doesn’t require registration, so we don’t have an exact number. We have a methodology to estimate the number of users, and it’s between 2 and 8 million. Russia is the second-largest country by number of Tor users.
Vadim: Who’s first?
Gus: The US is first, then Germany, France, and other countries. But if you look at who runs Tor nodes, Russia isn’t second or third—I’m not even sure where it ranks. Running Tor nodes in Russia isn’t very popular. The top countries for nodes are Germany, France, the US, and other “Global North” countries where internet is cheap.
Russia started blocking, first, the entry nodes to Tor, since that list is public. They downloaded Tor, looked at the node list, and blocked those addresses. Second, they started blocking the censorship circumvention mechanisms built into Tor Browser—specifically, the “pluggable transports” Meskio mentioned. Those stopped working, and users had to find other ways to connect to Tor. We found out because users started writing to us saying, “My Tor Browser suddenly stopped working—what’s going on?” I thought it was strange, because Tor had usually worked well in Russia before.
Meskio: I talked about different ways to bypass Tor blocking—bridges and Snowflake. In Russia, they managed to block both, using two different methods. We were surprised at how technically advanced this was, because we’re used to dealing with countries that have resources, but until now, they hadn’t managed to block everything. In that sense, Russia surprised us. They didn’t block absolutely everything, but they did manage to block the most effective access methods.
Vadim: How did they do it? Gus mentioned blocking 7,000 entry nodes by IP address, right?
Meskio: They blocked bridges and Snowflake differently. First, about bridges: the idea is that entry nodes are public, so a country or organization can just download the list and block all those IPs—problem solved, Tor is inaccessible! The simple solution is to have some nodes not on the public list—these are called bridges. The challenge is how to give users the addresses of these bridges. We have several ways to distribute bridge addresses. The most common is called Moat, a setting in Tor Browser that requests bridges via an API, the user solves a CAPTCHA in the browser, and gets a few bridge addresses. If someone wants to block bridges, they’d have to solve CAPTCHAs and make lots of requests from different addresses. We have ways to make this harder.
Vadim: Got it—you can download the full list of entry nodes, but not bridges. You only get a few bridges at a time, and you have to solve a CAPTCHA.
Meskio: But the organization responsible for blocking in Russia managed to enumerate almost all the bridges distributed via Moat in Tor Browser. So the main way users got bridges stopped working, because the bridges themselves were blocked. Other methods still worked, like requesting bridges by email: you send an email and get bridge addresses in reply. But you can only email from Gmail or Riseup addresses, because if you allow any domain, the censors could create lots of addresses and enumerate all the bridges. They really did block the bridge IPs. How they did it is a good question—probably by solving CAPTCHAs and making requests from different addresses, but we don’t have data, so I can only guess.
Snowflake uses a mechanism where traffic looks like a video conference (WebRTC). They managed to find a small difference between our protocol and the standard one used in browsers, and used that to detect and block Snowflake. This is called fingerprinting—they detected our protocol by its fingerprint.
Vadim: Wow, Snowflake is pretty new, right? I think it appeared in April 2021?
Meskio: Yes, it’s very new, and this was the first time it was blocked. I think it worked everywhere else, so we were surprised. Luckily, we have great people on our team, and they quickly figured out the problem and fixed it in a few weeks. Snowflake now works in Russia.
Vadim: We noticed, and correct me if I’m wrong, not all providers blocked access to Tor—some did, some didn’t. Do you know why? In our Telegram channels and chats, there was a lot of debate—some people said “nothing works,” others said “turn on Snowflake, it works,” others said “no, it doesn’t,” and some said “I’m not blocked at all, what are you complaining about?” It was confusing.
Gus: When we started investigating on December 1, we noticed that some providers really did block Tor, and others didn’t. In fact, most Tor users in Russia can still connect to the network without bridges. The blocking mainly affected users in Moscow and a few other cities, and it’s hard for users to understand why. It’s because the government installs equipment at ISPs, and not all ISPs have the equipment that can block Tor. So, in some places Tor works, in others there are problems. The main reason is that the Russian organization responsible for blocking hasn’t yet installed the equipment at all ISPs that can block Tor and do other types of blocking.
Vadim: Have you seen any changes in how Tor is blocked since December 1?
Meskio: The methods haven’t changed, but as I said, they managed to enumerate all the bridges distributed via Tor Browser, but they only do this from time to time. When we saw that bridges distributed via Tor Browser were being blocked, we asked the community to set up more bridges. We stopped giving out old bridge addresses to Russia and started giving out only new ones. These new addresses worked for a few weeks, then the censors caught up and blocked those too.
Vadim: A few hours?
Meskio: Weeks.
Meskio: So, we see that blocking rules are updated from time to time, not constantly. So, we know that whatever we do will work for a couple of weeks at worst.
Vadim: Interesting, I even participated in a discussion about this. At one point, many bridges stopped working at once. Some thought their addresses were added to the blocking equipment, but others said bridges just don’t last long and disappear. What do you think?
Meskio: I think it’s more likely that new addresses were blocked by the equipment. Yes, bridges sometimes disappear from the network, since they’re run by the community, just like nodes and other network elements. The Tor organization doesn’t own them. So, yes, people can turn off their bridges. But in general, the bridges we distribute are pretty “resilient,” and they don’t usually disappear in groups. So, I think it’s blocking, and we’ve seen such blocks: from time to time, the censors enumerate bridge addresses and block them. That’s why we’re moving to other ways of distributing bridges.
At one point, when we had problems with bridges distributed via Tor Browser, Gus suggested using Telegram, since there are many Telegram users in Russia. So we started doing that. With Telegram, we have more information about the user. When a user requests bridges via Moat in Tor Browser, we don’t know who they are. In Telegram, we know more, so we can give the same bridges to one user for a long time, and it would take many accounts to get many bridge addresses, or the accounts would have to be old enough to get bridge addresses (for example, if Russian authorities wanted to enumerate all addresses via this tool). There are various tricks like that.
Gus: We’re also launching a support channel for Russian users on Telegram, so users who need help and don’t use email, but use Telegram (like young people), can contact us there. We’ll help them learn how to use Tor and bypass blocks. We have a Telegram bot, and we’ll also have user support where you can ask questions if something isn’t working, and we’ll help. We can also distribute Tor site mirrors there, and if users can’t access the documentation, they can get links in the channel. We can even generate PDF files of the documentation and send them to users.
Meskio: Besides the support service, we have an email service—send an email to [email protected], and a bot will send you download links for Tor. These links are on cloud services that are hard to block. Usually, these links are hosted by cloud providers and are hard to block, and we maintain them ourselves, so you can trust the versions of the app there.
How Does Snowflake Work?
Vadim: By the way, how does Snowflake work?
Meskio: There are a lot of details, but briefly, Snowflake works similarly to bridges, in that it’s also provided and supported by volunteers. Snowflake is much easier, because most people who run it just have a browser plugin installed. You just install a plugin in Chrome, Firefox, or another browser, and other people can use your computer to access Tor. Here’s how it works: there’s a protocol called WebRTC, used for web conferences. It’s peer-to-peer, so when two people have a video call, one browser connects directly to the other. We do the same thing, but instead of video, Tor data is transmitted, and people who have the plugin act as proxies, passing other users’ data to a special server we set up, which then sends the data into the Tor network.
Official Reasons for Blocking Tor in Russia
Vadim: Am I right that there was no public explanation from Russia about why Tor was blocked? Did you see any explanation?
Gus: There was some legal process in 2017, but we didn’t know about it. We contacted local NGOs to find out what happened and why, but there was no public statement explaining the reason for the block. So, we don’t know what’s going on. There were articles in Russian linking Tor to illegal activity, but we never received any official notification. We only got one notice in December (I don’t remember the exact date, maybe December 7, 2021), saying, “We will block your domain,” and that’s it. That’s the only legal contact we’ve had in recent years.
Vadim: So, you don’t know?
Gus: No, we don’t know.
Vadim: I’ve read Russian articles, and while they weren’t official explanations, they linked Tor to illegal activity, like buying drugs. There are .onion sites on Tor where people buy drugs. I’m just speculating, since I haven’t heard an official explanation. But if someone decided to block Tor because drugs are sold there, what would you say?
Gus: What’s next? Ban electricity or block the internet entirely? People use electricity to do bad things, or cars, or knives—where do you draw the line? Should we turn off the internet because people do bad things on social media? There are right-wing extremists, fascism, and other terrible ideas online, but we don’t give up the internet. I know there’s a lot of debate about regulating social networks, but I don’t think we should destroy or block technology just because some people use it for bad things.
Is There Anything Useful on Tor?
Vadim: Let me play devil’s advocate. Is there anything useful on Tor? Not everyone uses Tor to access .onion domains. But still, what do you think? Many people genuinely want to know.
Gus: Yes, that’s a common question. When I do Tor trainings for human rights defenders, I ask, “Have you heard of Tor?” and no one knows, maybe one person in the group. But when I ask if anyone’s heard of the Dark Web, people say yes, they’ve heard of all the horrors. It’s important to clarify that the Dark Web is a myth, and I don’t believe the iceberg diagram with internet “levels” is accurate. That was invented by companies selling products to protect you from “Dark Web” threats. Sometimes they say the Dark Web is the Tor network, but that’s nonsense, and I’ll explain why.
- First, the Tor network isn’t bigger than the internet or the web. Tor is part of the internet—if there’s no internet, there’s no Tor. There are no “levels.” The internet either exists or it doesn’t. If a government shuts off the internet, there’s no Tor access either.
- Second, how many web pages are there? Seven, ten billion, more? There aren’t more .onion sites than the rest of the web. It’s just a part of the internet, and not a very big one. Most of our users use Tor to access sites like YouTube, Facebook, Twitter. They want privacy and to visit sites without being tracked. So, most Tor traffic is people visiting regular websites.
- Finally, there are .onion sites—a way to visit a site without sharing metadata, and so the site doesn’t know who the user is. Anyone can set up such a site; they don’t belong to the Tor Project. You don’t need to pay for a domain name or register anywhere. People use Tor to visit .onion sites that use onion technology.
It turns out the biggest .onion site is Facebook—they’ve supported their site on Tor since 2014. They do this because they’re blocked in some countries and want users to access their site via Tor Browser while staying safe and private. So, probably the biggest “Dark Web” site is Facebook—so what does “Dark Web” even mean?
Another popular program using Tor technology is Securedrop, which lets people securely and anonymously send information to journalists. The main purpose of Tor services is to let people safely and anonymously share information with journalists, when email or WhatsApp is too risky. With Tor, you can send information secretly.
Tor Usage in Russia: Current Situation
Vadim: As of January 20, is Tor still blocked in Russia? (at the time of the interview) Approximately how many providers are doing this? Are people in Russia still using Tor? Have users learned to use pluggable transports like bridges and Snowflake? Has the number of users dropped?
Gus: Right now, users of many providers can connect to Tor directly, but some are blocked and need bridges or Snowflake. According to our data, the number of users connecting directly from Russia dropped from 300,000 to 200,000. But the number of users connecting via bridges—I don’t remember exactly, but I think about 60,000 connect to Tor via bridges. That’s a very modest estimate. The real number of Tor users is probably much higher. Since we use different counting methods to preserve anonymity and account for how users connect, the number could be five times higher. It’s important to mention that you can check metrics.torproject.org to see the number of users from Russia, and you’ll see that the number of users via bridges is growing.
Final Thoughts for Privacy Day
Vadim: Let’s wrap up. We have an event called Privacy Day. The audience is mainly people interested in privacy, professionals in the field, and IT specialists. Do you want to say anything to them?
Meskio: I think many of you already use Tor, but I still encourage you to use Tor and help our project in various ways, as Gus mentioned earlier. Tor is a very open organization, and you can help in many ways. For example, we need help with Russian translations, because we want to be accessible to users. You can also set up nodes and bridges, and help us in other ways.
Gus: First, I want to thank the entire Tor community in Russia, because without you, The Tor Project wouldn’t have figured out what happened. Everyone working to restore access, actively using Tor, and interested in privacy—your feedback helped us understand what happened, and you helped us test and figure out what wasn’t working. That feedback from the community is important for us to know how to respond to blocks in Russia. Thank you so much for your work and for helping us get Tor working in Russia again. It means a lot to us.