Tor Co-Founder: It’s “A Daunting Sense of Responsibility”

by Joe McGonegal on August 28, 2014 · 1 comment

in Engineering

A decade ago this month, Nick Mathewson ’00 MEng ’00 co-presented a paper at the USENIX Security Conference in San Diego on a project the U.S. Naval Research Laboratory hired him to code. The paper was “Tor: The Second-Generation Onion Router.”

8-28-14 mathewson

Nick Mathewson ’00 MEng ’00.

Those who have followed the headlines of the last year know what a remarkable run the free anonymity software has had. In its use both within and without of government walls, Tor has become at times both a rallying cry and an enigma for hackers, bureaucrats, and ordinary citizens the world over. This week, Mathewson talked to Slice about his creation.

You’re the chief architect of Tor. What does that mean?

It’s kind of a silly title. I tend to have the final word in a lot of its architectural discussions. But I don’t use it much, because I prefer that we work by consensus. Sometimes I use a soft veto on implementation ideas that I think are bad ideas: ultimately, an idea can only go into Tor if somebody builds it and merges it. There are a few veto points in the process. Roger [Dingledine ’00, MEng ’00] is another.

Is Tor a day job, or a labor of love that you moonlight on?

Tor is my day job. We’re a nonprofit now, and I’ve been there since before we first incorporated. Previously I worked for an Internet startup that was working in B2B ecommerce but that never really got its act together. It was a good learning experience.

How many can call Tor their day job?

On the order of eight to fifteen people, depending on whether you count full-time, part-time employees, and those on contract.  At our biannual meetings, where we invite lots of people working on Tor, including volunteers whom we’d pay if we could, there are usually 40-50 people.

How did you feel when you heard that Edward Snowden had used Tor to help reveal what he claimed were governmental abuses of power?

It made me feel a daunting sense of responsibility.

And when monthly Tor downloads reached 5 million afterward—that was daunting too?  

It’s good to know we became a lot of people’s choice for how they get privacy. Knowing how the software fits together, though, and how far we have to go between where we are now and where I want us to be in five years…it makes me wish everyone could postpone their privacy needs for five or ten years while cryptographers and developers get to work on it. But I still think that we are one of the best choices for anonymity right now. Possibly the best.

Did the popularity result in an influx of talented programmers helping out?

We had more interest in developer growth, but the challenge there is getting a number of people up to speed. We’re trying to put out fires simultaneously while working on developer events. We don’t have an HR department.

Businessweek reported that Tor headquarters is a rented room at the YWCA in Central Square. Is that true?

Yes, our official offices are there because we need official offices. Our executive director is there and I’m in there at most one day a week.

Reports also suggest that some Tor relays are located on the MIT campus.

There is a directory authority server on campus.  Students have also hosted relays there, though I’m not up to date on whether any are hosted currently. What’s important to us is that we don’t have anything hosted on campus that’s a single point of failure. The directory authority, for example, is one out of nine, and you’d need to compromise half of them in order to mount a good attack on the directory system.

Tor is sometimes criticized as being a refuge for drug traders or child pornographers. But it has also helped protect activists from repressive government regimes. What makes you most proud to be its co-creator?

The journalists who use our software to do reporting from difficult places—that makes me happy, as do people who want to participate in political discussions while remaining in the good graces of local authorities. I’m also proud of all the use we get for censorship circumvention, though that wasn’t a use I originally predicted.

Before Tor you created Mixminion, an anonymous email service. Why didn’t that take off?

I needed a side project at the time because I was bored at work. No email product at the time was offering really good anonymous communication, and we saw and continue to see a need for email anonymity as a building block for pseudonymous communication. Commercial offerings in the privacy space have continued to be pretty weak. Anecdotally, it seems most companies that don’t go out of business realize a marginal dollar spent on advertising gets farther than dollar spent on engineering.

People in the [email privacy] field need to take a step back and look at user requirements and consider how to deliver an adequate user experience for the inbox. I had a great time programming and learning what I learned coding Mixminion, but I think at the peak I was surprised if there was a thousand users at any one time. And what if only one person in a month sends an email in the same language as you? That’s the other reason I moved on: an hour spent working on Mixminion helps twenty or thirty people. An hour working on Tor helps hundreds or thousands.

{ 1 comment… read it below or add one }

Sondy August 28, 2014 at 2:08 pm

Nick, you rock!

Reply

Leave a Comment

Previous post:

Next post: