Interview with Roger Dingledine, Co-Creator of the Tor Project

We are excited to welcome Roger Dingledine, co-creator of the Tor Project, to CloudFest 2025 as one of our headline speakers. The Tor Project (and browser) has been a pioneer in advancing privacy, anonymity, and censorship resistance across the Internet. From journalists in authoritarian regimes to everyday users wanting to maintain their privacy, Tor has empowered individuals to take control of their digital identities. 

In the spirit of instant gratification, let’s not wait until March—and sneak in a quick pre-CloudFest conversation.

The current geopolitical landscape feels… chaotic. Do you see any familiar patterns compared to the time when you, Paul Syverson, and Nick Mathewson were first building Tor? How are you responding differently this time around?

The early days of Tor lined up with the “war on terror”, with unjustified invasions of other countries, with US government programs like Total Information Awareness and Carnivore. So yes, the patterns of government overreach, misinformation campaigns, and the push between fascism and freedom aren’t new.

I think the answer continues to be community-building and relationship-building: we can’t build all of Tor on our own, and we certainly can’t do all of the support for activists around the world by ourselves. Getting help from everybody else around the world comes down to building trust between people. Thanks to our thousands of volunteer contributors–whether it’s relay operators, translators, developers, and donors–Tor continues to serve vulnerable internet users worldwide who rely on the strong privacy protections of Tor and Tails. 

The development of the internet and many of its core tools is very closely tied to the U.S. military, from ARPANET to the birth of Silicon Valley. Tor began as a project with the United States Naval Research Laboratory (their website is shockingly bad) with DARPA funding. Can you tell us what that experience was like for the three of you?

You’re right that many internet projects have benefited from government funding. Over Tor’s lifetime, most of its funding has looked a lot like that professor funding model: you find individual people inside the funding agencies who value what you’re doing, and then you learn how to frame your research and development goals in ways that match their mission so they can justify funding you.

This type of funding lets us pay developers to build more Tor, but yes, it also means that transparency is even more critical for us—because we need to teach the world what we’re doing and why having these funders doesn’t mean users are at risk.

In the early days I did a talk at the Computers Freedom and Privacy conference with the title “What do the Electronic Frontier Foundation and the Department of Defense have in common?” and the answer—which surprised both sides—is that they were both funding Tor development. 

This apparent contradiction helped us learn how to emphasize why Tor needs many different kinds of users to be safe. The fact that we have military people relying on Tor, and human rights defenders relying on Tor, and everybody in between, is part of why it is safe for all of them. You can’t have an anonymity system only for cancer survivors, or everybody can guess why you’re using it.

Tor is your most famous undertaking (so far), but I suspect many in the CloudFest community—especially storage providers—would be interested to learn more about the Free Haven Project, which is sort of like Tor’s “parent”, right?

Free Haven was my thesis project at MIT. It was one of the early cypherpunk projects that brought together a bunch of technical ideas like reputation and micropayments, mixnets, and anonymous storage. You can see these ideas today in more modern projects like IPFS, Filecoin, and Wikileaks.

But also, it was only a research paper, and in particular one of the building blocks that was missing from the world at the time was an anonymous communication infrastructure. When I presented Free Haven at the workshop that eventually turned into the Privacy Enhancing Technologies Symposium, Paul Syverson was another presenter, and we realized that Onion Routing could fill that gap. That’s how I got pulled into onion routing research, and it quickly became clear that the world needs Tor a lot more than it needs Free Haven.

What isn’t scaring internet service providers enough right now?

I worry about clandestine collaborations between internet service providers (ISPs) and governments. In recent years we’ve seen high profile examples of ISPs handing over traffic and user data to governments without requiring proper warrants or other procedures. This is happening even in countries like Germany that are supposed to have strong privacy protections for their citizens. 

Where does it go from here? Will we reach a point where users lose trust in their ISPs, or in the internet as a whole? When this “extra-judicial” sharing gets more publicity, users might want to move to ISPs that genuinely care about user privacy, but will they be able to distinguish those from providers that happily monetize their user traffic and otherwise don’t put their users first?

I’d like to think it’s just a small number of ISPs who are choosing clandestine government collaboration over user safety, but how do we know? Is your upstream doing it without telling you? I think if this trend continues it could represent a real problem even for honest ISPs.

What is perhaps scaring them too much?

Speaking of trends, it seems like IP blocklist companies continue to grow in power. The pattern is that somebody starts a new blocklist, users adopt it to prevent spam or attacks or whatever, and then it gets so much adoption that it starts bullying other groups on the internet into changing their behavior and policies to appease the blocklist company. A concrete example (not naming names) is when a spam blocklist starts telling people that your IP address is a spammer when what they really mean is that somebody elsewhere on your /24 is running a service they don’t like.

From an ISP perspective, the collateral damage is that everybody stresses about “IP reputation”, leading them to refuse services and traffic and users that might otherwise make the internet stronger and more innovative.

This is a collective action problem: so long as some people use the blocklists, we’re all forced to be scared and conservative for fear of “ruining” our IP space. But if we can figure out how to group together to resist the abusive blocklists, we will all be better off.

The CloudFest community loves to support Groundbreaker Talents, provides full-time residential scholarships in Software Engineering to students from financially constrained communities. These young women will soon be taking on the world—what advice would you give them that they wouldn’t learn in class?

Last year I did a keynote at SINFO, a conference run by students at the Instituto Superior Técnico in Lisbon. They had many other keynotes, from big companies like Apple, Meta, Google, Microsoft, Disney, Pixar, and each of those speakers ended their talk with a pitch for how the audience could come to work for their company. I realized that I was the only keynote from a nonprofit, and that I had a responsibility to end my talk by reminding people that there is a whole universe out there called Civil Society. 

You don’t need to go to the huge for-profit surveillance capitalism companies. Nonprofits need developers to support human rights and civil liberties. Newspapers and journalists need technical help keeping their sources safe and keeping their news accurate. Governments need smart engineers who can give them the right technical advice and steer them toward policies that are genuinely good for society. So, I don’t want to stop you from going to work for Big Tech, but make sure you consider the other options!