TorYesterday I announced my new software project called 1985 (Web Site | fundraiser), which uses peer-to-peer encryption and relaying to prevent your call — and the “metadata” about your call — from being intercepted. While we work to bring this to cell phones and voice traffic, this already exists for Internet browsing, and it’s called Tor.

Here’s how Tor works: you connect to a network of Tor users and get a list of peers that will help you. You select 3 peers at random, take your message (data), and encrypt it so that only the third peer can read it. Then you take that encrypted message and encrypted it so that only the second peer can read it. Then you take that encrypted message and encrypt it so that only the first peer can read it. Now in order to read the message, all three peers are required, in order, to unwrap each of the three layers of encryption. The message is then sent to the first peer, who unwraps a layer and forwards to the second peer, who unwraps a layer, who forwards to the third peer, who unwraps a layer, and forwards to the destination (Facebook, Gmail, whoever).

The second and third peer have no idea who you are since they got the message from the previous peer, not from you. The first and second peer have no idea what your message is, since there will still be encryption layers on it. The ultimate destination of the message is also included beneath the three layers, so they also have no idea to whom your message is to. What this means is that no peer has all the information, and in order to piece it together, all three peers would have to collude.

Take a look at the Tor Web site and Wiki page for details on how you can use it. It requires a little bit of technical skill to use in a way that affords you strong security, but not too much technical skill just to get going. The best part is that the more people who participate in Tor, the more anonymous it is because the peers are selected from a larger random pool.


This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.