Onion Routers, TCP and Tor
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol.
Tor offers anonymity online, avoiding “traffic analysis” — the discerning of who visited a website or sent and email, when they did it, etc., by looking at the headers, which are not encrypted even though the body of data may be. It does this by rerouting your traffic through a distributed network of volunteers’ servers, the “onion routers,” so called presumably because of the many layers.
Although the U.S. Navy seems to have developed this ability and practice — the site explaining onion routers is a U.S. Navy site — I imagine that Tor might give law enforcement and security people a few frowns if not outright headaches. Even so, or for that reason, Tor might be something that a security conscious law firm would wish to examine.
Law firms generally may want to think about what tracks their surfers leave behind. Lawyers doing pre-litigation, pre-takeover, pre-whatever due diligence will often leave tracks pointing back to their firm. All of this shows up in server logs, along with the site or search terms that got them there.
If I worked at a company and noticed a law firm trawling my site, I’d be nervous and likely tipped off that something was going to happen. What content is being looked at would also be a good hint of what is to come.
For this reason, law firms may want to take a look at preventative steps they can take to reduce the footprints their surfers leave. I am not a technical expert here, but the following should be a start: Make sure that your outgoing internet connection doesn’t trace back to your firm. Your ISP should be able to do this. Also, you can likely configure your outgoing firewall to block the “referer” in http requests, so that the users of your outgoing connection do not also send information about their previous surfing.
TOR is very slow, but in very sensitive matters would be a useful tool for lawyers doing online research.
I expect you’ve seen this.