This guest post is written by Ed Geraghty, Technologist, Privacy International.

No one shall be subjected to arbitrary interference with [their] privacy, family, home or correspondence, nor to attacks upon [their] honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. - United Nations Declaration of Human Rights (UDHR) 1948, Article 12

The right to privacy is a qualified, fundamental human right. We at Privacy International (PI) work hard with our network of partners to ensure this fundamental right is protected - it is essential to autonomy, the protection of human dignity, and is the foundation upon which many other human rights are built.

This is becoming ever-more important in an age of ubiquitous, indiscriminate mass surveillance, especially as more and more aspects of our daily lives - interactions with friends, family, companies, and the state - are dependent upon technology. In order for individuals to fully participate in the modern world, developments in law and technologies must strengthen and not undermine the ability to freely enjoy this right.

We challenge governments' powers by advocating and litigating for stronger protections. We lead research and investigations to shine a light on powers and capabilities, and to instigate and inform debate. We advocate for good practices and strong laws worldwide to protect people and their rights. We equip civil society organisations across the world to increase public awareness about privacy. We raise awareness about technologies and laws that place privacy at risk, to ensure that the public is informed and engaged.

Tor is an important tool in our arsenal - a technology which allows people to communicate, use the internet, and browse the web in a manner which evades censorship.

Many of our partners work in challenging environments, with massive state surveillance and/or ongoing censorship programmes. Giving them an ability to securely browse the web (both clear and onion) in a way which allows them to evade dragnet surveillance also allows them to conduct investigations securely.

Running an onion address provides our community with an additional set of cryptographic protections to traffic than are available on the clear web, both in terms of security as well as assurance that when they visit privacyintyqcroe.onion they are communicating with the *genuine* PI website (serving content to the onion address is cryptographic proof that the server side possesses the corresponding private key).

We at PI offer an onion address for people to visit our website who would otherwise not wish to flag themselves as "an activist" or someone 'interested in surveillance capabilities', perhaps because of where they're based, or the work they do.

Our setting up an onion service with automated redirection if a exit node is detected has also shown Tor's popularity if the option is organically given; over 1/5 th of traffic by bandwidth to our website is conducted using our onion address.



The process for setting up an onion address for PI was, all in all, a fairly painless process. The part which took the longest amount of time was generating our "vanity" address of privacyintyqcroe.onion.

We did this in the same way as Facebook using Scallion - randomly generating addresses until we generated one starting with "privacyint". Although not a required step by any measure, we also then applied for, and received, an Extended Validation (EV) SSL certificate, so people visiting the onion address of our website could be sure that they were talking to the real PI.

Since then, we have refined our infrastructure, taking advantage of OnionBalance to provide some load balancing in order to remove single points of failure, as well as taking advantage of the additional security provided by keeping the private key on a separate machine from the onion service. In addition, we now check if someone visiting our clearnet address is coming from a known Tor exit node, and then seamlessly redirect them to our onion address so they can benefit from the extra protections offered by the network.

We have rolled this code into our configuration and auditing platform, Thornsec, basing this part (albeit loosely) on Alec Muffett's Enterprise Onion Toolkit.

As the web becomes ever-more mined, censored, and surveilled, offering a .onion alternative for privacy-conscious users is something which should be welcome, and we recommend more organisations do so. Although since most websites' business model seems to be mining data without their users' knowledge (as we've seen with GDPR alerts), we know that this will require some prodding. That's what PI's here for.

---

*Privacy International is a registered charity based in London that works at the intersection of modern technologies and rights.*