The Heartbleed OpenSSL bug disrupted the Tor network for several days in April 2014 while private keys were renewed. The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor’s multi-hop design minimizes the impact of exploiting a single relay. 586 relays later found to be susceptible to the Heartbleed bug were taken off-line as a precautionary measure.
Controversy over illegal activities
Tor has been described by The Economist, in relation to Bitcoin and the Silk Road, as being “a dark corner of the web.” It has been targeted by both the American NSA and the British GCHQ signals intelligence agencies, albeit with marginal success. At times, anonymizing systems such as Tor are used for matters that are, or may be, illegal in some countries, e.g., Tor may be used to gain access to censored information, to organize political activities, or to circumvent laws against criticism of heads of state. Tor can also be used for anonymous defamation, unauthorized leaks of sensitive information and copyright infringement, the distribution of illegal sexual content, the selling of controlled substances, money laundering, credit card fraud, and identity theft; furthermore, the black market which utilizes the Tor infrastructure operates, at least in part, in conjunction with Bitcoin. Ironically, Tor has been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously; likewise, agencies within the U.S. government variously fund Tor (the U.S. State Department), the National Science Foundation, and (via the Broadcasting Board of Governors, which itself partially funded Tor until October 2012), Radio Free Asia, and seek to subvert it.
Many organizations argue or acknowledge that Tor has legal, legitimate uses. In its complaint against Ross William Ulbricht of the Silk Road the FBI acknowledged that Tor has “known legitimate uses”. According to CNET, Tor’s anonymity function is “endorsed by the Electronic Frontier Foundation and other civil liberties groups as a method for whistleblowers and human rights workers to communicate with journalists”. EFF’s Surveillance Self-Defense guide includes a description of where Tor fits in a larger strategy for protecting privacy and anonymity. The Tor Project’s FAQ offers supporting reasons for EFF’s endorsement:
Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides….
Tor aims to provide protection for ordinary people who want to follow the law. Only criminals have privacy right now, and we need to fix that….
So yes, criminals could in theory use Tor, but they already have better options, and it seems unlikely that taking Tor away from the world will stop them from doing their bad things. At the same time, Tor and other privacy measures can fight identity theft, physical crimes like stalking, and so on.