Tor is one of the formidable tools for protecting your privacy in this digital age. Thanks to Senior Growth Marketer and a Net Neutrality advocate, Mr. Muhammad Saad Khan, we will be unveiling a one-of-a-kind interview with Shava Nerad.
Shava Nerad is one of the brains behind the creation of Tor. She worked hard in educating people about the importance of data privacy, especially in a scenario where your online privacy is not safe from hackers and others alike.
After reading the answers and information provided by privacy evangelist “Shava Nerad,” you will have goosebumps for sure. So without creating more curiosity, let’s move forward towards the answers provided by Shava Nerad.
Disclaimer: The views, opinions, and positions expressed in this article are that of the interviewee alone and do not necessarily reflect the views, opinions or positions of Onlineprivacytips.co or the author thereof. Assumptions made within the analysis are not reflective of the position of Onlineprivacytips.co or any of its team members.
Let’s start with you. Who is Shava Nerad? Where were you born?
I was born in Dayton, Ohio, in the United States. My parents lived in a tiny town, Eldorado, about 35 miles away, and when my mother went into labor, my father was still at university. So a neighbor was the local farm animal veterinarian — he got my mom in his WWII surplus jeep, and they drove over the rural bumpy roads to the Dayton hospital. Once or twice they stopped, and he checked my mom because they thought I would have to be delivered in a corn field!
But we made it! I was so ready for my appearance that, atypical for children in the 50s here in America, I was a “natural birth.” No anesthetics. No time! Lol.
What was your early life like? Any particular incident that helped shape your personality or views about the world?
Oh, well, so many. When I was born, my father was getting his divinity degree at Oberlin, and teaching high school math and science. There is a picture of me as a babe in arms cradled in the folds of his graduation gown. But he was an older student — nearly 40. I had two brothers who were teenagers in the 1960s, and my parents were born in the 1920s, so they were kids in the Great Depression. My mother’s father was born in 1882. My family was a mural of history, you know?
And my father had become a Universalist minister in part because of their connection to social justice, in the years before the merger of the Unitarian and Universalist denominations. He was active in causes such as the labor movement as a young man (as was my mother and her father, and her half-brother who introduced my parents).
My dad worked night security for the Southern Christian Leadership Coalition (SCLC) and Martin Luther King, Jr. on the summer marches in the 60s. The night security detail was all clergy, all sworn to strict nonviolence. It was like having your father off at a war. Those days were much like today, with “Communism” a frame for nationalism and white supremacist views and racism and anti-migrant sentiment. Every protest was termed a “riot,” and violence by the authorities was commonplace and minimized, and vigilante violence was tolerated and hardly reported.
I remember when my dad was going off to the Salem-Montgomery March, he was all packed and waiting for his ride, and at that time I was just starting public school. I told him that if people just let their kids play together they’d see there was nothing to be afraid of and they could be friends. My dad told me that someday I’d get my chance, but right now it was his turn to go talk to people, talk truth to power. But if I could grow up and get the chance to talk to all these people in a clear voice, I could go out and change the world.
Maybe it was one of those throw away remarks, but I took it to heart. I decided it was a calling, vocation. I listened, and learned, and tried to absorb everything I could about how to make people understand how not to hurt each other (while, simultaneously, having the crap being beat out of me at public school over my dad’s activism! Sigh.).
My parents and many others involved with the SCLC were under FBI (COINTELPRO) surveillance. Years later, my father requested his FBI file from those days — it came in a copy paper box, ¾ full, heavily redacted. Much of it was facsimiles of stenography notebook pages, redacted, but you could tell he recognized the handwriting. In 1964, all surveillance took was maybe $5 in someone’s pocket, a steno pad, and a #2 pencil. Today, it’s billions of dollars. Kind of funny, isn’t it?
People think of MLK’s work in saintly terms often today, but at the time, he was viewed as a terrorist, criminal, a troublemaker, nearly — even by blacks here. He was stirring up trouble for everyone, right? Inviting retaliation.
The year 1968, I was tiny, eight years old. I wanted to be either an astronaut (which everyone told me as a girl was impossible) or a great civil rights leader like King, or my dad (yes, well, he wasn’t “great” but this is a girl looking at her dad, right?). Then when the King was assassinated, we all held our breath waiting for the nation to erupt in riots. It didn’t really happen. Two months later, Bobby Kennedy was shot in California — he was the pro-civil-rights lead candidate for the Democratic nomination for president.
Oddly, everyone told me I couldn’t be an astronaut because it was too dangerous. But being a civil rights leader seemed so much more dangerous to me. Suddenly in 1968, at eight years old, it seemed too dangerous. Maybe, I thought, I should think about being a speechwriter, or do something in the back room, rather than be one of those people giving the speeches with a target painted on them.
Not many people outside of the movement remember this, but Peter Edelman was Kennedy’s aide and personal lawyer. Marian Wright was the first black woman to take the bar in Mississippi, and was MLK’s personal lawyer. The two of them met through their connections in the civil rights movement. Peter’s white, Marian’s black, and in a majority of states their marriage was still illegal, I think, in 1968 — “miscegeny.” But despite the assassinations of MLK and RFK, they were married in DC a couple months later. Again, many people worried that even the ceremony could be a target of domestic terrorism. But it was safe.
Peter went on to eventually serve as HUD secretary in Clinton’s cabinet and resigned in protest over “welfare reform.” Marian Wright Edelman founded the Fund for Children, the most powerful advocacy group for youth rights in the US.
When I lived in Portland, I got to know their son Jonah, who is founder of Stand for Children, an education advocacy group. I was a state committee woman for the Dems and chair of budget and finance for Multnomah County. I asked if he would have a talk, with his dad, on “Passing the Torch of Activism”.
You went to MIT. How was the experience? Please describe the experience of being among the best minds at one of the best institutions to learn technology.
I didn’t exactly “go” to MIT. It was more of a “Good Will Hunting” experience. I dropped out of Bryn Mawr at the end of 1977, and ran off to Boston to get a job in publishing. I arrived on the eve of the Great Blizzard of 1978, and got caught on the MIT campus. Holed up at the French and German House living group for weeks, I helped to organize running groceries into a nearby neighborhood using backpacks and cross-country skis, as a service project, and got to know a lot of folks stuck on campus through that. My parents travelled to Vermont for a lot of my youth, so a little blizzard wasn’t going to keep me inside!
Out of this I met a young man who was very skeptical about my publishing ambitions — why would I want to do glorified secretarial work when I knew how to program? He set me up with a job at Polaroid, doing computer operations and maintenance programming. I told him I wanted to work with people, words and ideas — not with machines! But the job offered twice minimum wage, and I was 18 with no degree. Hmmm…
I thought, “Well, I can decide what to do later.” So later, what I did was work with people, words, ideas — and machines.
That was Boolos, computational theory. He was in the habit of calling out questions to people by seating chart and adding your ability to answer to your grade. I gave him a good answer, but he asked me to see him after class. I was terrified. And I went down to the large slate covered desk at the pit of the amphitheater like classroom, and without looking up he said, “You’re obviously paying attention in class, but I don’t have you enrolled. I need your forms, at least pass/fail, by this week.”
Shyly, I said, “Sir, I can’t do that.”
He looked up at me over his glasses. “Why NOT?”
“I’m not enrolled. I work in Tech Square, and sit in on classes over here. I can’t afford tuition.”
He sniffed, looked back down at the pile of papers. “Well, you don’t think this gets you out of problem sets do you?” But he made me bring the homework to him, because he couldn’t ask the grad students to grade a stealth student. That’s what MIT was like, and why something like the Open Courseware project is not any surprise at all.
What societies you were a part of at MIT? Who are some people that inspired you during that time?
I was very active in the MIT Science Fiction Society, the MIT Strategic Games Society (Betsy and I were the only two women involved in the late 70s), and the MIT Educational Studies Program. But working full time, and attending classes, and not being a regular student, many traditional activities and societies weren’t open to me.
What made you become a privacy evangelist? What’s your opinion or observation about privacy in the post-internet era?
I often open lectures on privacy with this anecdote: “I grew up as the daughter of a minister in a rural small town in Vermont, so I knew all about privacy issues growing up — this is not a new thing with the Internet. And I was a teenager in that same town of 8000 people, so I also knew about maintaining multiple identities.”
People often think of privacy being a new thing, but it’s a human thing, a social thing. And it’s very different to different cultures, really.
I grew up surrounded by a movement of people interested in social reform. The formal nonviolence of the SCLC civil rights movement was not anti-government, but working toward uniting our people into the ideal of the Beloved Community — a community that understands one another with compassion.
Yet the government — at least, Hoover’s FBI — did everything they could to paint these people as anti-American, as “communists,” which is like calling someone a terrorist today. They spied on us, famously they tried to blackmail and drive MLK to suicide. This is all history! It’s not “conspiracy theory.” Much of it is in the Congressional Record. It was just wrong.
My parents explained to me, that no one or very few people act because they believe they personally are evil, but they will do bad things because they are afraid, because they have different understandings of the world. That hating them only hurts yourself, even the really awful harmful people. You need to protect yourself, but part of that is protecting yourself from hate and fear.
Maintaining privacy for yourself, and for your reform/dissent group, when there is something really questionable going on, is a way to protect yourself and your cohort while you clean up the bruised parts of society, corruption, and people with really dangerous ideas about hurting others.
When I helped to boost Tor from an unincorporated open source group into a charitable nonprofit, I had already been involved for a decade in the digital divide (now digital inclusion) and digital rights community professionally. When I first heard of the project it sounded sketchy, to be honest. I wasn’t a great crypto person or anything.
They had no money. One of the crypto guys paid me enough to keep my basic expenses — rent, food, utilities — for a couple months, until I could bring in some grants. It was very scrappy! But within a few months we had our tax exemption, and a few months after that we had millions promised. It was a project that had only been pitched to the crypto and open source communities — and I brought it to journalism safety, human rights, democracy promotion, free speech and other groups who were the best and highest and the intended end users.
Are we heading towards a “Privacy Apocalypse”? What are the major changes that you foresee over the next 5 to 10 years?
Well, we need a change in how we think, and I’ve seen that happen over and over — so I’m not sure that the apocalypse isn’t avoidable — like any good dystopian idea, it’s one we need to use in order to avoid the reality!
Look, when I took on Tor, most people — if you mentioned online privacy, their first thought was “fear of strangers.” I led the change in the culture starting in 2006 where we started everywhere to pair privacy and security.
Privacy is what you preserve with your passwords. Your bank records are private. Your medical records are private. And your credit card number is private. The people who want to violate your privacy are criminals and unscrupulous people in government.
Before then, most of the people who were spokespersons for privacy were very private, themselves, and were often not very relatable to the average person. I told people, “Privacy is a slider. You give up a certain amount of privacy for services — my email is at Google. I like their service. I also criticize it. You are never going to be private or not-private as an absolute. You used to see a raffle at the store and fill out a slip of paper, and they sent you spam in the post. Just a graying bookworm.
So here’s an example where we changed public opinion on privacy. It will change again. The problem is, privacy advocates are working with small budgets for outreach and media exposure. We have to rely on news events to propel us into the public eye, for the most part.
Google, Facebook, all of the people who profit from the public becoming the aphid cattle on the rosebush, being harvested for honeydew? Those who are the ants tickling the aphids will pay millions to promote ideas that slip people into easily sacrificing their privacy. And Google and Facebook are essentially the biggest honeypots in the world. Most users have no idea that they are the cattle, not the customers, there.
So it will take some series of events, like Equifax — why didn’t that lead to more privacy talk? Well, I think because of the dumpster fire in DC right now. But when we aren’t saving American democracy from itself, perhaps we’ll have time for this. (Why yes, I do have opinions, lol.)
Do you think Artificial Intelligence and Internet of Things will open new doors for evil than good in terms of privacy & security?
Here is another area where events will drive the conversation.
For AI? Already we have a crash in California with a self-driving car. The Teamster’s Union president says he is not worried about self-driving trucks because, you know, airplanes have had autopilot for decades, and there are still two pilots in every 747.
And I have followed AI since the 70s, when I arrived in Boston and worked a few yards from the MIT AI Lab in Tech Square, and had friends who worked at Symbolics. In the late 70s, we were just as close as we are today to a great breakthrough in AI.
And just as far from truly understanding what human intelligence is.
What we’ve created is a very advanced form of cybernetics. There is nothing natural about artificial intelligence, and we don’t know how to make it like natural intelligence.
What it is is very very fast computation and database manipulation, and essentially if/then and case statements. None of it has transcended the Turing machine.
But ask a dozen people on the street and you will find people who truly believe that animatronic toys like Sophia, who is a Siri-like personal assistant in a literal Disney Imagineer robot and has been granted Saudi citizenship? They’ll tell you that these creations are imbued with animistic life. These are the dangers of AI, these Mary-Shelley-Frankenstein myths.
It’s not the ethical responsibility of the creators, or the government.
It’s an artifact of the algorithm.
Not Facebook’s fault that people who promote racial divisions and strife buy ads on their social network. It’s the algorithm.
Well, the algorithm is there to save them from hiring human beings. Maybe they need to hire more humans? That isn’t paranoia against technology, it’s preventing them from using some weird contortion to deny ethical responsibility — to minimize staff and duck responsibility to maximize profits, and present the deflection of blame on the mythology of AI.
This is the great danger, not the technology, but how we think about it, as a society. None of this is a danger, but that we use it. It’s a tool.
Likewise with the Internet of Things — we had KayPro automated homes in the early 80s. SNMP (Simple Network Monitoring Protocol) allowed for some amazing set ups and the first internet controlled vending machine, also back in the 80s.
KayPro was LAN. SNMP was fairly esoteric, but not much different from today’s IoT — and expensive and complicated. What’s changed is the economies of scale and simplicity of interfaces — and the literacy of the public and popularity of cell phones, home computers, and devices running “assistants” such as Alexa/Google Home and so on.
It’s not the evil of having your fridge hacked — it’s the evil of having people wanting to sell these things who have no interest in educating the public, until something bad happens. Social responsibility has ceased to be a social mandate. Entrepreneurs are encouraged to fail, and have no shame in moving from a failed project to the next, so why should they worry if the project they are working on is sketchy, right?
So every business in America is a time bomb, potentially. I have lost faith in our business ethics, because of the objectivist ethics of Silicon Valley.
On the other hand, I am in my tiny studio apartment in subsidized elder housing, where I am often confined to bed with illness. And on the bookshelf next to my bed? There is an Amazon Echo Dot, playing WBUR-FM’s stream — my local public radio station. When I can’t move from bed, I can control the music or news. Alexa wakes me for my medicines when I am sleeping fitfully in my illness. This device has added to the quality of my life immensely.
What’s your opinion about the recent attempt by the FCC to end “Net Neutrality”? How, do you think, will this affect the world wide web?
I am waiting to see how much the decision will be exploited. And when it is exploited, we must move on those companies with extreme speed, or the impacts will be dire.
But we are not lost, we can make examples, and shut the impacts down.
I think Ajit Pai is completely without ethics regarding the public comment process, and I think everyone should follow the suits resulting from that brought by the attorneys general. It’s a major area of corruption that is clear within the Trump administration and where people can give support and aid in the spread of ideas.
You were fortunate enough to have met Aaron Swartz. What do you think about him and his stance on Net Neutrality?
Well, net neutrality has been used to cover a broad set of issues. In many ways you can say that net neutrality means equal access online and free speech online without artificial economic barriers to the net and public information. So if you define it that way, Aaron and I came through our careers through sort of complementary paths — he was a geek who grew into an ethics fellow. I have described my career as being one in “applied ethics” but that’s been expressed in technology and society. But I am not an archgeek, in terms of technical chops, unless you consider social engineering to be technical, lol.
And that’s where Aaron and I came together. We both understood how to look at a system, to think about society as systems theory, to translate it to others, and plan, and organize, and execute.
And we both were passionate about keeping the net from becoming an exclusive venue for the rich and powerful to set the rules.
If you look at him, me, Lessig, Carl Malamud (who far too often is left out of Aaron’s canonization story, unfortunately), the folks at EFF, the ACLU, EPIC, Amnesty and all the other digital rights and privacy groups? There is a whole society of people like Aaron, and a whole career path for this work, and support network for anyone interested in working in this area as a volunteer.
It’s not marginal any more, within professional circles, but getting these ideas better known takes more than just talking in closed circles, in silos, on the web. It takes resources, if we don’t want it to remain event driven by disasters and their reaction.
And me? I got scared to death when I was eight years old. Aaron didn’t. So after PACER, when he got the Justice Department furious with him, the whole issue with JSTOR came up and as my dad would have said, “They were waiting for him to jaywalk.” You know the saying? It means the government is waiting for any legit infraction because they can’t take you down for the activism you’ve done that isn’t illegal.
I don’t believe MIT or JSTOR wanted Aaron punished. I believe that an ambitious US Attorney, Carmen Ortiz, who had a record of staging show trials here, was trying to make Aaron the next notch on her gun.
She resigned and actually had the temerity to apply to Harvard’s Kennedy School of Government for a fellowship. Well, if they sent away Chelsea Manning, at lest they rebuffed Ortiz too.
It was pretty common knowledge that she was in line for governor here. She’d been named Woman of the Year by the Globe just before Aaron was arrested. She’s never going to run for office. We made sure of that.
Mourn, and organize.
Let’s suppose for a minute that Aaron was here today among us. Would you have partnered with him to save net neutrality, and what would your combined action plan be?
Oh my. Well, I would be hard pressed these days to partner for anything. It takes operational capacity! It’s like a war room — you are busy 18 hours a day a lot of the time. It’s a lifestyle. I certainly would have lent advice and contacts. But such leadership is multi-valenced, it’s incredibly exciting. It’s a game. It’s theater.
And it’s incredibly improvisational. It’s hard to describe what I might do because, not being in that situation the “fog of war” of the situation is vast, and I don’t know who the allies, the interested parties, all the issues that are of important to them — so many factors.
I teach a class called, “How to Save the World in Your Spare Time,” and one of the “tools” I teach is to view every issue as a “civic ecology,” where you think of an issue as being surrounded by interested parties. And then you say, ok, how are these groups are connecting or who are they connecting to by power, influence, or resources? Anywhere there’s a line drawn, there’s a place you can insert influence yourself, disrupt them if required, draw attention to a problem if you must — plenty of problem solving and planning, right? It’s a huge amazing human puzzle.
And a game with real stakes.
It amazes me how many people I find who say, “Oh I love Game of Thrones!” or they read world-building fantasy or science fiction. But they think politics is boring.
It baffles me.
You were the founding executive director of the Tor Project. How did it all start? Who were the key people behind the project?
Well, first off, I only founded the nonprofit as executive director. The tech started in the 90s at the Naval Research Lab as a tool for military intelligence to “phone home” over the open internet.
But there’s a problem with an online anonymity tool for military intelligence that is only used by military intelligence. It has a fingerprint — anyone can tell you’re using it. So sure, you have a special costume to hide your face, but you’re Batman standing on the roof, with a spotlight behind you. Everyone can see you’re there. Not very anonymous, if you’re trying to hide, right?
They funded two grad students, Roger Dingledine and Nick Mathewson, who were getting their doctorates at MIT, to rework it for general release.
Paul was a great mathematician, but he wasn’t really a network guy. So Nick and Roger had to rewrite the software from the bottom up, really, but the basic conception was still intact.
But when the guys graduated, they had no funding. EFF stepped up and said, “We usually get money, but this project is too important — we’ll give you funding for a year, but in that time you need to raise funds, and get self-sufficient.”
Well Roger and Nick went to hacker cons, open source cons, and people cheered, but they didn’t give them much money. At the end of a year, they were strapped. Nick went to work for PGP in California, and Roger was consulting.
A couple friends of mine had the idea of being the “Red Hat” to Tor. They would create a device that would be a Tor edge router (a device you can now get with a Raspberry Pi for nearly nothing). And sell it for a good chunk of change, along with a support contract. To groups like investment banks who want to obscure their traffic. And they’d get government grants for both sides of the house, to support Tor development and the business.
“Hey,” they thought, “Shava writes grants!” So they called me in.
The guy who was talking to Roger kept talking to Roger. And talking to Roger. And talking to Roger. Meanwhile, I’m holding my availability and not finding much short term stuff. So I finally say, “Can I go to the next negotiation?”
Well, it’s a little like a Vulcan at one end of the table, a Ferengi at the other, and I’m Dianna Troy in the middle. My friend, who was a great VP of Sales, was just not getting Roger, who was a hugely idealistic geek. Their priorities were just not on the same plane of reality. Finally I got to my friend that the software wasn’t ripe to be offering to high end business clients without pulling the devs into support so much that they couldn’t continue development — unless he gets a couple of six figure support techs. So likely the project wasn’t a go.
“You’re supposed to be on my side!” “I am.”
Roger offered me a ride home. Parked outside my apartment, we ended up talking for nearly two hours. I was so impress with his vision and devotion to this project.
He wanted to get Nick to come from California to meet me. A couple weeks later, the three of us met in a coffeeshop — Nick later confessed he was ready to hate me. My CV looks very straightforward. And these were two young men who felt that they had a lot of push-back from conventional sources. But within a half an hour, Nick and I bonded (I was happy to be at his wedding a couple years later — we remain great friends).
It started with the three of us — and thousands of volunteers.
How has Tor contributed to digital world?
The great temptation is to simply say, “No one knows and that’s our strength.”
Tor was created at first to help US military intelligence. But it can’t keep just one group of people truly anonymous. It’s a bit like they were wearing Batman outfits and backlit, standing on a rooftop, you know? There they were, in a costume and mask, but still a very clear target. To be truly anonymous, you need to be lost in a crowd.
So the military gave the software over to open source, and our purpose became to make it available to journalists, human rights workers, activists in labor, democracy building, reform movements, all kinds of free speech, as well as general privacy applications.
When we distributing the open source version, people could do the sort of thing you do with Tor by using single proxies. But it was easy to trace, or they could use botnets (networks of malware infected computers) as multiple relays, but these are generally control by criminal hackers or even large crime syndicates.
Now, imagine you are, say, a journalist in some hot spot somewhere, and you want to use the net to file your story, back to your editor. But you don’t want the hostile dictator or some military to know where you are, because they don’t like that journalists are reporting on war crimes or collateral damage or something?
Do you want to, say, go to the Russian mafia and say, “Please let me rent the use of your botnet so I can file my news story here, without being detected by the local authorities, and I’ll pay you [this much]?” What’s to keep them from going to the local authorities and saying, “Hey, we know where this journalist is, and for [this much plus a little more] we’ll betray their location to you.” They might even get paid twice that way, right?
So if you are a crook, you might want to go to the botnet brokers, but if you are an honest person, you need a way to stay private so that no one can reveal your location, so that there is no intermediary. And that’s where Tor comes in.
And sure, petty criminals can also use Tor. Big time criminals use leased fiber, just like big banks and financial institutions do. And you will never find them on the Tor network. They are “B2B” — Business to Business. Not these B2C or Peer to Peer petty criminal enterprises you find on the darknet.
The drug exchanges and so on may sound big. But they are nothing compare to the international arms, drugs. Counterfeiting and human trafficking and so on. We know are happening safely immune to detection on private fiber. But since those are immune to detection, Interpol and the FBI and so on are incredibly fond of making headlines busting crime on servers using Tor.
And they always mention it, as though it was a big deal. Where you will never hear an identity theft ring in Bangalore caught for running an IRS fraud ring running on Microsoft IIS. Even if that is the best architecture for international phone solicitation, say.
It’s all about the law enforcement budgets, heh. They have to show that they can bust some organizations in these international drugs trades and so on. And they will never bust the big fish on the blind fiber.
So Tor has to sit by and bear the abuse. Even though you never hear about a journalist, or a human rights worker, or a woman working for women’s rights. And you know, that’s amazing and wonderful. I hope you never do. You can go to the websites of the Committee to Protect Journalists, Human Rights Watch, Amnesty International or hundreds of NGOs and they are distributing or recommending the use of Tor.
Did you know, during Tahrir Square protests, that the people “organizing on Facebook” as they reported in the media, were using Tor? I mean, think about it. If they were organizing on Facebook, the government controlled the telecoms. They would have been traced, rounded up, and *poof!* That would have been it. But it was an Arab Spring because they used Tor, and the Egyptian authorities couldn’t track the organizers.
This is true right on down to Syrian resistance, to bloggers in dictatorships all over the world. To people submitting information to projects like Wikileaks. Or the many other journalist dropboxes that followed that seminal project at newspapers, at investigative journalism collaboratives, at magazines. You can even get to Facebook on the dark web. If your country blocks it (or if your company firewalls Facebook use and you want to play Farmville at lunch!).
What is Dark Web? How can someone differentiate between dark and deep web? The common impression or misconception about the dark web is that it’s a hub of illegal activities. Is it really so?
The deep web is simply the web that is not visible by typing in a URL. This is probably most of the web. That might be URLs that require password access. or web pages that develop on the fly by scripts or retrieved by scripts or are behind firewalls of various sorts. That’s a lot! For example, you might have to be local to a school to be able to see certain web pages. If you aren’t at that school, those pages are deep web. If you’re at the school, they aren’t under those conditions. There’s nothing really mysterious about that. The deep web is really just “web pages behind a door” of some sort. It sounds spookier than it is.
The dark web is made up of pages on cryptologically hidden overlay networks, primarily the .onion hidden network on the Tor network. An overlay network is a network that operates as a network on top of the tcp/ip network of the Internet, piggy-backing. Examples include BitTorrent, Akamai, and Tor. All of which have servers in overlays that aren’t simply web servers using http(s):// but which require a different client/server.
In Tor’s case you need a cryptologically hidden overlay client for Tor Hidden Services, and you go to sites that use the .onion extension instead of the .com extension. And the addresses are usually a string of numbers that is very user unfriendly. Which you get from a hidden service directory. I’m not going to go deeply into this — you can find more info on the Tor website at https://torproject.org.
Many things you would find on the dark net are illegal services. And it seems to be a sport for people to go looking for them. The dark net is much smaller than the open internet, and people will just pick an address and go there.
Now, let me tell you a secret. If you pick an internet address, a set of four numbers: xxx.xxx.xxx.xxx? And you just plugged it into your browser bar, and went there? It’s very likely that you would land on a porn site. There’s a song called “The Internet is for Porn,” and I’m rather afraid it’s true. In some countries whatever porn you find would likely be illegal.
Caveat emptor. I don’t wander around neighborhoods wandering into random houses. I don’t recommend doing anything like that on the dark web either. As I said earlier, there are versions of free speech sites, Facebook, various magazine and other journalistic sites, political art sites, support chats for incest survivors. And various applications that require high privacy,…and then there is a lot of terra incognito.
I compare it to Harlem during prohibition or the Harlem Renaissance here in the US. People came for the jazz, the art, the clubs. But they didn’t wander down the alleys. If they didn’t know the neighborhood, and they didn’t knock on a door. If they didn’t know the password. And just what kind of joint they were visiting. Some of the most amazing places aren’t lit by the brightest street lamps. But stay safe, and be sane about things.
What tools do you recommend to maintain privacy on the internet besides Tor? Do you believe a VPN service can help?
It entirely depends on your requirements. A VPN is particularly useful if your privacy requirements are not super high (after all the VPN operator can see what you are doing, right?). But your performance requirements are more important.
Everything in security is a trade off. Convenience is on one end, and security (and privacy is just a form of security) is on the other. In the middle is user operational security and education.
What’s your opinion on Edward Snowden and Julian Assange? Do you believe what they did is good or in the favor of humanity?
I am pretty sure that Snowden’s work is well intentioned. I am more and more disillusioned with Assange as time goes on. But more than any of this, I have become overwhelmingly sad about the “goldfish” memory of the general public. Whatever these two, or Manning, or Binney/Stark/Weibe, or any of the whistleblowers and advocates do, it’s nothing without public engagement and action. And there’s just not enough — for every scrap of engagement. There’s a pie slice of enthusiastic sacrifice of rights on the altar of Big Data or Big Brother.
We used to joke that you could ask people, “Would you give up your personal data to the government or big business?” and people would look outraged and say “HELL NO!” then you present them with a CGI form that says, “CHECK HERE (and give us the right to your genome) AND YOU’LL GET A FREE BIG MAC!”
And they’ll think, “Wow! A free Big Mac! Count me in!” and sign away the rights to their genome (or first born or whatever) and never think twice.
But you know, I think times have changed.
Now, I think most people wouldn’t say HELL NO! first, lol.
Besides you, who do you recommend our readers to follow to know more about online privacy and security? What communities should they join? What publications should they read?
https://staysafeonline.org/resources/ is a good place to go for anyone at any level to get the basics.
https://eff.org is my go-to source for online rights information and https://aclu.org too,
https://epic.org, https://cdt.org, and https://privacy.org are more rights advocacy groups to follow.
Here’s a slightly out of date but pretty cool twitter list of cybersec stars:
And Dark Reading is pretty cool in general.
To be honest, I’m behind on the field in general, though — since retirement. I’ve spent more time on public policy, politics, and rights work, than on privacy (per se) and security. Our political situation in the states has been…interesting times. And if you spend six months not tooling on things full time you are so out of date!
What advice would you give to a person like me who wants to become a privacy advocate like you? Where should I start? What books should I read?
To be honest, what I would recommend isn’t reading, but participating in academia and (hacker) conferences and development groups for privacy tools. Interact with people, not static dead trees, as it were. This field moves so fast! But the vanguard of privacy tends to be the EU, as much as I have listed a lot of resources in the States (after all, I am American, so I tend to be less Eurocentric — my battlegrounds aren’t there). Remember that these are multidiscipline struggles. We need lawyers, hackers, public policy folks, politicians, writers and graphic designers. To deal with the problem of privacy for the coming generation. Which is that we want to promote privacy “hygiene” on basically a tiny budget. When the interests of all these major governments and companies like Facebook and Alphabet have their budgets arrayed opposite us?
We are David to this Goliath. Code can’t save us, by itself. We need to be a thousand times as creative and to be world changers! We need to change the culture. To bring up people who are like the Rachel Carsons, the Marie Curies, the Mohandas Gandhis of privacy in whatever disciplines they emerge from.
Could that person be you? Could you find that person and help them? The odd thing is, that the champions of privacy have to be public. They have to be willing to be community organizers, they have to be passionate enough to take public risks.
Privacy isn’t on or off. It’s a slider. Sometimes it’s a currency. A particle and a wave, lol. And sometimes you have to spend some of your privacy so others can preserve theirs. That will be the story of the next generation of privacy advocates.