HAMBURG, Germany—Shari Steele, the new executive director of the Tor Project, wants you to know that the anonymizing Internet network is on stronger footing than ever.
“Tor is an important player in the whole freedom infrastructure. That’s why I took this job,” she told The Parallax at the Chaos Communication Congress, Europe’s largest hacker and computer enthusiast conference, and her first major opportunity to meet and greet the hacker faithful.
The head of the online privacy rights group the Electronic Frontier Foundation for the past 15 years, Steele’s no stranger to creating paths to success for underdog organizations. Under her leadership, the EFF added technologists to its team of legal experts and attorneys, who have been involved in nearly every major digital-rights case of the past two decades.
Tor hides the location and identity of its users by bouncing their traffic across different computers around the world. These routes, called nodes, change every time somebody uses Tor.
Originally founded by the U.S. Navy in 2006 to help political dissidents fight censorship, Tor continues to receive the vast majority of its funding from various U.S. government groups. Documents leaked by Edward Snowden revealed that the National Security Agency had attempted (and failed) to break through Tor’s veil of anonymity.
The Parallax sat down with Steele to discuss the challenges facing Tor and how she plans to face them during her first year at the helm. Here is an edited transcript of our conversation.
Q: Why is Tor important to people in the United States?
A: Tor is the best way to protect your privacy when you’re doing online communications. In order to have a populace that’s able to think and act freely, you need to have privacy.
But the more that not just government, but companies, know about you, the more they can predict things about you and take things from you that you don’t want to share. Maybe you want to research a disease that you don’t want people to know you’re interested in, or you’re a journalist, and you want to protect your sources.
There are myriad reasons why you might want to have strong privacy protections.
How do you respond to people who worry about being tracked, even when using Tor, or worry that Tor was hacked?
Tor wasn’t hacked. There was a circumvention that was orchestrated, and as soon as the Tor folks heard of it, the Tor folks shut it down. Even in a weakened state, before we got a chance to plug any of those holes, Tor is better than anything else out there. You shouldn’t be discouraged by that.
You should understand that there is constantly a battle between the bad guys who are trying to take your data, and the good guys who are trying to protect it. It’s going to constantly escalate where the bad guys get smarter, and the good guys get smarter. We’re really trying to make it as safe and protected as we can.
Where would you like to take Tor in the next year?
A year from now, I’d like to see the organization not feeling stress about money, instead feeling like we’re working on exactly the things we want to be working on and don’t have to think about it.
And that the community feels a sigh of relief, that the organization is protecting them the same way that they’re protecting the organization. I feel like there’s been a lot of stuff in the past where people feel like they’re giving everything to Tor, and then bad things are happening to them, and then there’s no response.
There have been times when people have been trolled. There have been others who’ve made them feel bad for their work with Tor. And the organization hasn’t come out with any response for them.
How do you feel about the perception that using Tor is difficult?
The reputation of Tor being difficult to use comes from a time several years ago, when Tor was difficult to use. We have a usability team now that focuses on making it easier to use.
What are the biggest issues facing Tor?
The biggest issue is money. We have money, we’re solvent, and we’re going to do just fine. But it’s all restricted funds. We’ve been very limited in the kinds of projects we can take on.
We have this blue-sky list of things we’d like to do, features we’d like to add, and support we’d like to provide. But the funding we have is limited to working on particular things, so we can’t roll those things out unless we get volunteers. And so there are lots of volunteers doing lots of things, but it’d be great to get more unrestricted money so we can do some of the things.
Or even to get money that is less restricted, we go to a foundation, and we say, “We’d like to have money so we can work on this particular privacy-enhancing thing,” and the foundation says, “We love privacy, and we’d love to let you do that.”
Where does the money come from right now?
Most of it comes from various U.S. government sources. It’s not ideal. They’re government contracts. The contracts are very specific, with specific deliverables. There are things that may not be what the community thinks are the absolute most important things to work on, but they’re things that need to be done.
The Help Desk is a perfect example. There apparently had been funding in the past for a Help Desk, which is when people are having issues setting up Tor or using Tor. There were people being paid to work on that.
For some reason, there’s no longer a contract for it. Those people have turned into volunteers. The quality of the help, basically because of the quantity of what they can do as volunteers, is worse.
The community recognizes this is something that we’d like to provide more of, but there isn’t funding. When people have extra cycles, they’re doing it. The Tor community is incredible. It’s been great meeting everybody. They really roll up their sleeves and tell me what I can do to help, but it’d be better if there were funding for dedicated people.
Is there any company or group or country that Tor wouldn’t take money from?
That’s a really interesting question. I come from the Electronic Frontier Foundation, where we didn’t take any government money. There was a line there.
But Tor doesn’t have that line. In some ways, it’s really nice because there isn’t a limitation on being able to ask that. I assume there’s got to be some evil sources of money, but we take money from the Department of Defense, so I don’t know what those evil sources would be.
What about taking money from an organization on the fringes of society, otherwise abhorrent to mainstream society but willing to donate a significant sum to Tor?
I wouldn’t think so. I would be uncomfortable taking it. I suspect the organization would be uncomfortable as well. I haven’t had this conversation yet, so I don’t want to back us into a corner. I would imagine that some of the folks getting arrested on the Dark Net for the stuff they’re doing—we wouldn’t take money from them.
What other major areas need work at the Tor Project?
Major infrastructure work. I came from the EFF, and one of the key things I’ve found to make a successful organization is to hire the brilliant people, and then empower them and enable them to do their very best work.
A lot of the support systems in place right now were sort of kludged together by people who were really focused on some other thing, and needed to get this in place so they could keep doing that other thing. I’d like to go back in there and figure out what the most supportive way we can do this is, and allow people to be focused on their brilliant work here.
It enables the whole organization to function better because people are doing the thing that they’re best at, instead of having to spend cycles on things that they don’t really want to be focused on.