Tor Project exploring ways to keep its software and users safe
In view of the recent legal battle between the FBI and Apple regarding phone encryption, and this article revealing that there have been many instances where the US Department of Justice demanded source code and private encryption keys from tech companies, the Tor Project decided to voice their support for Apple, and to outline their current protections against their software being backdoored, as well as their active work on adding new ones.
“For all of our users, their privacy is their security. And for all of them, that privacy depends upon the integrity of our software, and on strong cryptography. Any weakness introduced to help a particular government would inevitably be discovered and could be used against all of our users,” noted Mike Perry, lead developer of the Tor Browser.
The Project’s mechanisms for ensuring the security and integrity of their software are as follows:
- The Tor Browser is open source (the code can be reviewed by interested third parties)
- It downloads its software updates anonymously using the Tor network, and update requests cannot be tied to specific users, so targeting a specific user with a malicious update is impossible.
- Update requests are made over HTTPS, and use pinned HTTPS certificates
- Updates are cryptographically signed by the Project (two keys, not accessible by the same people, and secured in different ways).
These mechanisms are implemented so there is not a single point of failure in the system, but as Perry pointed out, even if a backdoor is somehow covertly introduced, their code review and open source development processes make it likely that it would be quickly discovered.
“The threats that Apple faces to hand over its cryptographic signing keys to the US government (or to sign alternate versions of its software for the US government) are no different than threats of force or compromise that any of our developers or our volunteer network operators may face from any actor, governmental or not. For this reason, regardless of the outcome of the Apple decision, we are exploring further ways to eliminate single points of failure, so that even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue,” he added.
Finally, Perry stated that “The Tor Project has never received a legal demand to place a backdoor in its programs or source code, nor have we received any requests to hand over cryptographic signing material.”