It has been sixteen years since The Onion Router (Tor) was built by the U.S. Naval Research Laboratory to protect government communications. Now, it is used to give anonymity to any user online, including military personnel, journalists, activists, law enforcement, and others.
There are many common yet interesting uses for Tor. Though it can and has been used for terrible purposes, it is also used for some amazing and important things.
1. Circumventing Censorship: In countries that censor websites including Facebook and Youtube, many people use Tor to access the Internet.
2. Reporters without Borders: Reporters without Borders actively recommends that journalists, sources, bloggers, and dissidents utilize Tor to protect themselves and give themselves some level of privacy.
3. Anonymity on Tip Lines: Law enforcement officers encourage the use of Tor to access their online tip lines. It gives true anonymity to anyone who wants to submit a tip, which online anonymous tip lines are incapable of doing themselves.
Tor is the most well-known implementation of onion routing today. Onion routing is a method of encrypting and anonymizing communication through successive layers, similar to the layers of an onion.
Once a communication is encapsulated in layers of encryption and transmitted along a network of onion routers, the layers of encryption are removed one by one at each stop along the way. Each node along the route is only aware of the immediate preceding and subsequent node — not the entire route. That means not only is the communication secure, but it is also anonymous.
While onion-routed communication has already proven quite effective, thanks in large part to Tor, this is another area where WebRTC can significantly improve the status quo.
Onion-routed Communication Vulnerabilities
Despite the overall security and privacy of onion-routed communications, potential security and privacy issues still exist. In particular, the final node in the process is responsible for decrypting the last layer and relaying the information to the intended recipient. This makes onion-routed communications vulnerable to the last node being hacked — which leads to the risk that the unencrypted information it is responsible for relaying could fall into the wrong hands.
Additionally, onion-routed communication implementations such as Tor are no longer considered truly anonymous, as many of the exit nodes are controlled by government entities.
Why WebRTC for Onion-routed Communication?
WebRTC offers a number of features that mesh nicely with onion-routed communications and greatly improve them.
In-Browser Experience
The main benefit that WebRTC provides to onion-routed communication is that it enables easy deployment. A huge limiting factor for the adoption of onion-routed communication by regular users is that it is viewed as unwieldy to set up and use to secure individual communication. By implementing a cross-platform application in the web browser that allows individuals to use onion-routed communication to communicate anonymously, it can make Tor and other onion-routed communication projects more approachable by the general public.
Scalability
By using WebRTC, onion-routed communication projects are able to grow as the number of users increases. Since every end-user ideally contributes to the network and provides the service to other end-users, the network resources naturally grow as the number of end-users grows.
Security
WebRTCs decentralized nature makes it easy to mesh with onion-routed communication. Rather than relying on a node, the end-users become the nodes. Every end-user contributes to the network and becomes an entry and exit point. Ideally, in this system there are no real exit nodes, which yields a closed system of 100% end-to-end encryption. WebRTC already embraces the importance of end-to-end encryption by requiring and ensuring it. Assuming the developer makes use of a proper, secure signaling protocol, end-to-end encryption is possible with WebRTC. Combining these two elements produces a secure, anonymous tool for communication.
Harnessing the Power of WebRTC and Onion-routed Communication
Using WebRTC for onion-routed or similar routing networks is an appealing option for many companies, including Zyptonite. Zyptonite is an example of peer-to-peer, mesh-based messaging platform that uses proprietary signaling similar to P2PSIP for establishing connectivity between untrusted nodes. It is built with WebRTC to provide secure, encrypted communication across platforms and devices over insecure networks.
However, an exception to this is using WebRTC with Tor. Tor explicitly states that WebRTC is a vulnerability and should be blocked. In 2015, a vulnerability was found within WebRTC that reveals local IP addresses of users, including those that use a VPN. While some solutions have been created, including Perfect Privacy and ExpressVPN, the underlying issue has yet to be resolved. Until it is resolved, using WebRTC with Tor may not be viable.
The Future of WebRTC and Onion-routed Communication
WebRTC has features that make it a helpful companion for onion-routed communications. In-browser experience, scalability, and security combine to significantly improve the status quo.
Other WebRTC Use Cases
This post is the sixth in a series dedicated to WebRTC use cases. In this series, we explore several use cases of WebRTC. To read the first post in the series, please check it out here.
WebRTC and IoT
The second post in this series is dedicated to WebRTC and the internet of things. The internet of things device industry has expanded significantly in the past several years, and only has more room to grow. Using WebRTC with IoT devices is a natural fit, and can have a positive impact on communication between these devices. To read the second post in this series, please check it out here.
WebRTC and P2P Video Calls
The third post in this series is dedicated to WebRTC and P2P Video Calls. 66% of CXOs consider mobile video and real-time information sharing to be critical aspects of their daily communication. In this post, we explore how WebRTC is changing the video call landscape and making real-time video calls more accessible. To read the third post in this series, please check it out here.
WebRTC and P2P Messaging
The fourth post in this series is dedicated to WebRTC and P2P Messaging. P2P messaging is huge right now, popularized through apps like WhatsApp and Slack. What does WebRTC bring to the table, and where is it all headed? In this post, we discuss how WebRTC has improved P2P messaging, and what it holds for the future. To read more about how WebRTC is driving successful P2P messaging, check out this post.
WebRTC and Content Sharing
The fifth post in this series is dedicated to WebRTC and Content Sharing. WebRTC receives its fair share of focus and attention due to its ability to integrate audio, video and text communication within a web or mobile application. An often-overlooked feature, however, is the ability to use WebRTC to facilitate content sharing. To read more about how WebRTC is consistently enhancing content sharing, check out this post.
