The number of people using the Tor anonymity network has doubled in a single week, reaching the highest levels since the Project starting recording traffic nearly four years ago.
The highly unusual spike began very suddenly on a single day, 19 August, taking the estimated number of clients connecting through a sample of several dozen mirrors to an astonishing 1.2 million per day, figures show.
For comparison, the average for the last year has been around 500,000 per day, with the odd peak of perhaps just under 600,000 users per day. Prior to that, there have been occasional spikes that have temporarily driven traffic beyond 500,000 per day, but the latest surge has proved hard to explain.
The rise doesn’t appear to have been driven by a ‘censorship event’ in one particular country so much a general awareness that Tor exists in the aftermath of the NSA surveillance drama and the closing of Edward Snowden’s secure email service Lavabit. A second firm selling privacy services, Phil Zimmermann’s Silent Circle, remains very much open but also publically closed the email element of its offering after “seeing the writing on the wall.”
A breakdown of the figures supports this hypothesis, showing the number of US clients as having spiked from under 100,000 per day to over 150,000 per day after 19 August. Likewise, in the UK numbers rose in the same period from 15,000 per day to north of 35,000 per day.
Another theory is the recent release of the PirateBrowser, a privacy browser based on Firefox. This software doesn’t actually guarantee anonymity but some users might think that it adds to the privacy already on offer through Tor.
Still, Tor’s volunteers remain baffled by the suddenness of the rise.
“It's easy to speculate (PirateBrowser publicity gone overboard? People finally reading about the NSA thing? Botnet?), but some good solid facts would sure be useful,” said Roger Dingledine.
The extra load doesn’t appear to have much effect on the performance of the service either way.
Tor conceals traffic by routing it through a series of encrypted volunteer relays, selected at random, as a way of obscuring the sender’s IP address. It was considered highly secure until in early August a Firefox 17 Windows zero-day flaw was revealed to be part of an effort to undermine the security of the network.
That event might (and equally might not) have been connected to law enforcement arrest of a man called Eric Eoin Marques, alleged by the FBI to be running a child porn system through Tor. And that is the risk that a privacy system such as Tor takes; that it will be used as much by the darknet users as people trying to evade detection by totalitarian states.
Certainly Tor is used and abused, sometimes in unexpected ways. In late July ESET researchers reported that it had discovered a bot using the system as an unorthodox command and control network.