Tahoe And Tor: Building Privacy On Strong Foundations

Tahoe-LAFS draws from a combination of computer security philosophies, backed up with cryptography implement in open-source code.

The Principle of Least Authority
In computer science, the principle of least authority means granting the minimum set of permissions necessary to accomplish a task. For example, someone who is a contributing blogger on a website doesn’t need full administrator access to a site. Tahoe attempts to apply this principle to online file storage by ensuring through encryption that the organization storing your data can’t see all your data, and that users can be given fine-grained access through cryptographic capabilities.

Cryptographic capabilities
In Tahoe-LAFS, you can read or write a file in the system only if you know a (rather long) set of characters, or key. The capability keys are different for each file, which means you can share a picture by sending a friend one capability key without giving them access to everything. You can also give people power to create or even edit files by sending them different keys. Using capability-based security means there’s no central authority that manages access control for you, as with Dropbox or Google Docs. You’re in charge of spreading (or withholding) your capability keys.

Erasure coding
A method of redundantly storing data over a number of servers that allows data to be reconstructed, even if a certain number of those servers get shut down or corrupted. In the default Tahoe network, data is spread over 10 drives and can be read even if seven of those servers are lost. That means you don’t have to rely on one provider and makes Tahoe storage harder to disrupt.

This post, by International Director Danny O’Brien, originally appeared on the Electronic Frontier Foundation website on Sept. 6.

Many people want to build secure Internet services that protect their users against surveillance, or the illegal seizure of their data. When EFF is asked how to build these tools, our advice is: Don’t start from scratch. Find a public, respected project that provides the privacy-protecting quality you want in your own work, and find a way to implement your dream atop these existing contributions.

So, for instance, the New Yorker’s Strongbox, a dropbox for anonymous sources, uses Tor as its basis to provide anonymity to its users. If you want anonymity in your app, building your tool on top of Tor’s backbone means you can take advantage of its experience and future improvements, as well as letting you contribute back to the wider community.

Anonymity is only one part of what will make the Net secure and privacy-friendly, though. The recent National Security Administration revelations as well as glitches and attacks on single services like GitHub, Amazon, Twitter and The New York Times, have prompted demand for online data storage that doesn’t depend on companies that might hand over such data or compromise security to comply with government demands, nor depend on one centralized service that could be taken down through external pressure.

The Tahoe Least Authority File System (Tahoe-LAFS) has been actively developed since 2007. Just as Tor concentrates on anonymity, Tahoe-LAFS’s developers have worked hard to create a resilient, decentralized, infrastructure that lets you store online both data you’d want to keep private, as well as data you want to share with selected groups of friends. It’s also able to protect against a single source of failure or censorship, like a commercial service being attacked or responding to a takedown.

Tahoe-LAFS is open source, but this month, some of the Tahoe project’s founders launched S4, a commercial “PRISM-proof” secure, off-site backup service that uses Tahoe as a backend and Amazon as a storage site.

Tahoe’s protections against third-party snooping and deletion have the kind of strong mathematical guarantees that reassure security experts that Tahoe-LAFS is well-defended against certain kinds of attack. That also means its privacy and resilience are not dependent on the good behavior or policies of its operators. (See the box for more information.)

Secure online backups like S4 are one possible use for Tahoe’s time-tested code and approach. You and your friends can run your own Tahoe network, sharing storage space across a number of servers, confident that your friends can see and change only what they have the caps to see, and that even if a sizable number of those servers disappear, your data will still be retrievable. Services like git-annex-assistant, a decentralized Dropbox-like folder synchronizer, already optionally offer it as backend. Some privacy activists have run private Tahoe networks over Tor, creating an anonymous, distributed and largely censorship-proof storage system.

It’s great to see commercial services like S4 emerging in the face of our new knowledge about pervasive online surveillance. Even better is the possibility that others, including entrepreneurs, designers and usability experts, will stand on the shoulders of the secure possibilities that protocols like Tor and Tahoe provide and give us all innovative Internet tools that can truly keep users and their data safe and sound.

Personal Liberty

Electronic Frontier Foundation

From the Internet to the iPod, technologies are transforming our society and empowering us as speakers, citizens, creators, and consumers. When our freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense. EFF broke new ground when it was founded in 1990—well before the Internet was on most people's radar—and continues to confront cutting-edge issues defending free speech, privacy, innovation, and consumer rights today. From the beginning, EFF has championed the public interest in every critical battle affecting digital rights. https://www.eff.org/

Join the Discussion

Comment Policy: We encourage an open discussion with a wide range of viewpoints, even extreme ones, but we will not tolerate racism, profanity or slanderous comments toward the author(s) or comment participants. Make your case passionately, but civilly. Please don't stoop to name calling. We use filters for spam protection. If your comment does not appear, it is likely because it violates the above policy or contains links or language typical of spam. We reserve the right to remove comments at our discretion.

  • Mr Diesel

    You do know that Tor is no longer secure or anonymous don’t you? The NSA has nodes setup so that when traffic enters or leaves the Tor network it can then be observed and tracked back. There is also a very good chance they have already broken Tor.

    • peter

      Spot on – anything that can be devised will be undone by those who are so inclined. There are good and bad folks around or have we forgotten that? Hint:- look at some of our so called leaders.

  • Cliffystones

    The article briefly mentions “Tor” but doesn’t explain what “Tor” is. Sorry I’m not a super-geek, but a little background on “Tor” (like with “Tahoe”) would have been nice.

    • Mr Diesel

      The Onion Router. Google it.

  • Timothy Butterworth

    Encryption is not that useful against the NSA, any time a new encryption mechanism comes into existence The NSA blocks the sale of that encryption method within the USA until they have the algorithms and the ability to break the encryption! Simply utilizing a stronger encryption can help and makes the process longer to crack, but in order to prevent it in the long run then encrypted items need to be re-encrypted on a regular basis utilizing different parameters to perform the encryption!

    A general rule of thumb in Computer security is anything you do not want divulged to the world keep on a stand alone system with no internet access and encrypt it with the strongest encryption you can as well as utilizing over lapping encryption methods.

    For example utilizing both full disk encryption to encrypt the entire hard drive and then utilizing a separate encryption technique to encrypt the already encrypted data files provides a stronger encryption and requires the breaking of two different encryption mechanisms!

    LUKS encryption is useful for this in Linux and Windows https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup With Linux it can be configured during the installation of the Linux System to provide for the full disk encryption! It is also possible to create a hardware key by placing the unencrypted /boot directory on a removable thumb drive! You can also specify different encryption keys for each Linux Partition! I recommend this if you really want additional security. I use this when I install my systems to protect my data in the event they are stolen! Free Linux Distributions such as Fedora and openSUSE offer a graphical wizard to set this up. When you do this utilizing the strongest encryption key possible is useful such as a long 64 character quote! Also selecting the highest encryption bit rate available also makes breaking the encryption harder but not impossible it will just take longer. A long key and a high bit cipher are both key to deter any would be cracker! It is also possible to utilize PKI and store the keys on a thumb drive for two factor authentication to perform the encryption/decryption!

    Microsoft disk encryption is relatively useless, it is incredibly easy to simply boot a Windows system from a Winternals recovery disk and change the admin password. Logged in as a local system admin you can decrypt and encrypted documents! Linux systems are primarily better and much more secure in my opinion.

    If you are concerned with Security and you are using Windows, then chuck it and migrate to Linux. For any MS Windows apps you absolutely need just install a Windows VM using Virtual Box for example so the entire windows virtual hard drive is protected and encrypted through the security of the host system. Internet traffic if you connect it is also restricted by the firewall on the host system. You can also utilize the snapshot feature to restore the MS windows system back to its initial state after each and every use to get ride of viruses, Trojans or any other malicious software that may have worked its way onto the system! Linux distributions have only very few malicious software risks currently! Installing a standalone Linux system with the DVD is also easy and can be easily upgraded as new editions are released.

    One system to utilize the internet and one to keep everything you do not want on the internet!

    The more encryption layers you create the more system overhead will exist and the slower the system will be.

  • Over21

    Why on earth should we even have to be worrying about this? Have they completely forgot we have a United States Constitution and Bill of Rights to protect us from them? GOOD GRIEF!!!!!