CSAM distribution on Tor is not inevitable; The network’s creators have the power to act
Lloyd Richardson, Director of Technology, Canadian Centre for Child Protection
Why has the Canadian Centre for Child Protection been notifying the organization behind the “Dark web” of the mass distribution of child sexual abuse material on their network?
Because they have the power and resources to dramatically reduce one of the most abhorrent forms of victimization impacting children.
Tor, short for The Onion Router, is open-source software that enables anonymous communication. It directs internet traffic via a free, worldwide, volunteer network of thousands of servers. Tor can be used for anonymizing a user's activity on the internet, as well as creating Tor-based websites known as “Onion services.”
Tor Onion services are one of the most common online resources used to host or make child sexual abuse material (CSAM) available on the internet. Onion services are often generically referenced in the media under the umbrella term: “Dark web.”
Onion services on the Tor network are made possible through software developed by the Tor Project, a U.S.-based organization. The operation of Tor Onion services is also dependent on what is referred to as the “directory authorities” — a collection of individuals who run servers critical to the operation of the network.
Quantifying the scale of CSAM-related harm facilitated by Tor
Onion services on the Tor network have long been a source of harm to children in society, a fact that is unambiguously reflected across countless news reports, law enforcement investigations, and studies over the last decades.
The exploitation of children through the distribution of CSAM is facilitated by Tor Onion services in two main ways.
-
Tor Onion services as direct CSAM hosters
A staggering number of onion services directly host CSAM. Since the launch of Project Arachnid in 2017, C3P has identified:
- 44,336 unique onion services that have directly hosted CSAM;
- 2,853,485 CSAM images or videos that have been directly hosted on Onion services.
These figures, of course, only represent what we found with our limited resources. The total number remains unknown.
-
Tor Onion services as gateways to hidden CSAM hosted on the clear web
In addition to hosting CSAM within the safe confines of Onion services, hundreds of thousands of anonymous users participate in highly organized communities (often referred to as “forums”) where information related to accessing CSAM as well as tactics to sexually abuse children are openly exchanged.
Users within these communities collectively publish tens of thousands of URLs that point to curated image and video collections of child sexual abuse actively hosted on clear web file hosting services.
Without the existence of these Tor-based communities, such large scale CSAM distribution would not be possible.
In total, since the launch of Project Arachnid in 2017, C3P has identified:
- Over 29.9 million images and videos that are CSAM or suspected CSAM hosted on the clear web, but were made accessible through Onion services at some point in time.
Notifying the Tor Project about harms on their network
The Tor Project has designed its network in a way that makes it nearly impossible to identify the location of the sites hosting this material. Tiplines or law enforcement across the world are left with no entity other than the Tor Project itself to send a removal notice.
In the absence of meaningful action by the Tor Project, CSAM has continued to flow without interruption across their network. This revictimizes and irreparably harms the victims depicted in the CSAM. It also enables the emergence of social connections and relationships among communities of users who, without constraint and sanctions, are freely able to exchange CSAM and links to CSAM, methods to commit abuse, and countermeasures to evade or hinder detection.
In light of the ever-increasing harm to children occurring directly on Onion services, in 2024, C3P issued a number of notifications directly to the Tor Project, including key members of the leadership team. These notifications quantified both the number of Onion services identified as being linked to CSAM, as well as the number of images/videos being hosted directly on them.
The following table shows the figures C3P reported directly to the Tor Project. These figures are point-in-time numbers based on data generated by Project Arachnid’s web crawling activities. These numbers do not include figures related to images or videos hosted on the clear web but that are made accessible through Onion services.
Time period Number of identified Onion services hosting CSAM Number of Onion service hosted CSAM images/videos identified 2024-08-10 to 2024-09-23 30,536 885,501 2024-06-25 to 2024-08-09 17,101 699,292 2024-06-06 to 2024-06-24 20,642 695,793 2024-05-23 to 2024-06-05 8,234 513,160 2024-05-06 to 2024-05-22 8,975 461,503 2024-04-19 to 2024-05-05 20,629 538,983 2024-04-11 to 2024-04-18 14,126 419,985 2024-04-03 to 2024-04-10 20,918 464,263 2024-03-18 to 2024-04-03 21,812 757,473 2024-03-10 to 2024-03-17 5,240 424,949 Technological innovation does not absolve responsibility
The Tor Project has a responsibility to address the ongoing and significant harm to children their software and network facilitate.
Given the lack of clear actionable steps to combat harms that occur in this space, C3P has determined that giving these harms and human rights abuses impacting children public attention may help spur action to address this long-standing problem.
The Tor Project’s own history of intervention when the integrity of their network has been under threat shows they have the capacity to engage with its network collaborators and to explore software designs that mitigate exploitative activities. Likewise, similar efforts can be mobilized to addressed child sexual exploitation.
This is not a question of technical feasibility — it is a question of values, moral responsibility, and genuine action.