Dr Steven Murdoch of the University of Cambridge looks at the pros and cons of Internet privacy at next week's AppSec Europe Conference and presents the latest developments of The Tor Project for anonymous communications
17 June 2014: While it is extremely difficult to be completely anonymous on the Internet, new technology is making it possible to protect users' privacy far better than it is done today, according to Dr Steven Murdoch, a Royal Society University Research Fellow in the Security Group of the University of Cambridge Computer Laboratory. At next week's AppSec Europe Conference in Cambridge, Dr Murdoch will be looking at the growing number of users of anonymous communications and presenting new research on the Tor Project that will help prevent abuse of Internet anonymity tools, while still protecting the safety of those who rely on them.
The current default on the Internet is no privacy, which makes it easy to track everyone all of the time. But there is a growing community of users, from the military and law enforcement officers to journalists, human rights workers and political activists that are using anonymous Internet communication for good reasons.
"Better Internet privacy is certainly a good thing," says Dr Murdoch. "Journalists need the ability to communicate with sources working in hostile environments; law enforcement needs to collect intelligence without being tracked; and ordinary people need the ability to build private spaces online. Without strong Internet privacy, many applications are impossible to deploy safely such as electronic voting or online healthcare."
Tor, originally developed by the U.S. Navy to protect government communications, is now the most widely used open system to provide anonymity on the Internet. It protects Internet traffic via a series of computers selected from the volunteer-operated Tor network to disguise where the traffic is coming from and going to. Tor users are also recommended to use a customised web browser based on Firefox, which helps to prevent tracing based on web browser characteristics.
"In recent years there have been dramatic changes in how anonymous communication systems have been built and how they have been used, including web taking over from email as the major means of communications and users of anonymous communication systems prioritising censorship-resistance over privacy," says Dr Murdoch.
"Commercial and political realities are also affecting how projects such as Tor are run and software is designed and it is clear that anonymous communication systems will have to adapt themselves to changing circumstances and try to prevent malicious use of Internet anonymity tools. Law enforcement agencies already have a wide range of tools to detect and prevent Internet crime and the vast majority of these will still work when anonymous communication tools are used."
Dr Murdoch will be speaking at AppSec Europe, from 23-26 June, organised by the OWASP (Open Web Application Security Project) Foundation, an open-source organisation with over 45,000 corporate, educational and individual participants from around the world. OWASP, which provides free, vendor-neutral guidance and is the de-facto source for open knowledge, tools and research around web application security, runs AppSec conferences annually in North America, Latin America, Europe, and Asia Pacific.
OWASP is the foremost web app security organisation in the world, with thousands of members globally, including some of the biggest names in the industry. The goals of OWASP are to make web applications safe and to educate users, developers, governments, and business leaders on how to protect vulnerable information and avoid dangerous hacks that can cost millions of pounds to fix. OWASP has a strong open and global community with more than 45,000 participants, more than 65 organisational supporters and over 60 academic supporters, via 200 local chapters across six continents in 117 countries. Everyone is free to participate in OWASP and all materials are available under a free and open software license.