In the mid-1990s, three researchers at the Naval Research Laboratory sat with a narrow, awkward problem: how do you hide the fact that intelligence communications are intelligence communications? Encryption could scramble the content of a message, but it could not scramble the existence of the message itself. Anyone watching the wires could still see who was talking to whom, and from where, and how often. In intelligence work, that pattern is often as sensitive as anything being said.
Their answer was onion routing, and the network it eventually grew into is the same one most people now associate with the worst corners of the internet.
I find that most conversations about the dark web collapse almost immediately into moral panic. The image is consistent: shadowy marketplaces, ransomware operators, the kind of content that makes you want to close the browser and go outside. Those things are real. I’m not going to pretend otherwise. But every time I hear that conversation, I notice what gets skipped: the origin story. And the origin story is one of the most philosophically strange things I’ve come across in tech. Tor, the network that makes the dark web possible, was not built by criminals or anarchists. It was built by the United States Navy. And the reason it had to become a public tool, open to everyone, including the people the Navy would least want using it, is not a cautionary tale about unintended consequences. It is a logical necessity built into the mathematics of privacy itself.
The problem the Navy was trying to solve
The three researchers at the Naval Research Laboratory were mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag. Encryption handles content. But encryption does not hide the fact that two parties are communicating. Traffic analysis, watching who talks to whom, how often, from where, can reveal an enormous amount even when the actual messages are unreadable.
Their solution was onion routing: wrapping data in multiple layers of encryption and bouncing it through a series of relay nodes, each of which peels away one layer and learns only the next hop, never the full picture. The metaphor holds. You can peel it endlessly without ever seeing all the layers at once.
The paradox they couldn’t engineer around
What I find genuinely arresting about this story is what happened next. The researchers ran into a logical problem that no amount of cryptographic ingenuity could solve.
If only Navy personnel used the network, then anyone watching internet traffic could immediately deduce that any communication flowing through it belonged to the Navy. The anonymity set, the pool of users among whom any individual traffic becomes indistinguishable, would be tiny. And a tiny anonymity set is barely anonymity at all. You’d be hiding your messages inside a crowd of one. The protection only worked if everyone used it. Journalists. Activists. Ordinary people with no particular agenda. And yes, criminals. The uncomfortable logic was inescapable: a network built to protect classified government communications could only do that job if it also protected people the government would rather not protect. The math didn’t care about the moral hierarchy. It just needed a crowd.
Open source, by necessity
In 2002, Syverson, together with Roger Dingledine and Nick Mathewson, launched the alpha version of what became Tor. In 2004, the Naval Research Laboratory released the code under a free licence. The Electronic Frontier Foundation stepped in to fund its continued development.
That decision was not principally ideological. It was structural. Releasing the technology to the public was the only way to make the anonymity set large enough for the system to work for its original, classified purpose. The Navy’s best tool for protecting its own communications required, as a precondition, being a public good. That is not an irony or an accident. It is the design.
What I think this actually tells us
I keep coming back to this story because it exposes something about privacy that most technology debates obscure. We tend to treat privacy as a personal preference, a setting, a choice, something individuals opt into or out of. You decide your level of exposure, and that’s your business.
What the Navy researchers had to confront is that this framing is structurally wrong. Privacy is not an individual property. It is a collective one. Your anonymity depends not just on your own choices but on who else is in the crowd, how many, how diverse, and critically, whether the people we find least acceptable are allowed to stay. The moment you start filtering the crowd by moral approval, you destroy the thing you were trying to protect.
This is, I think, the hardest part of the argument to sit with. It is not that we should be indifferent to what happens on networks like Tor. Dark markets are real, and exploitation is real, and none of that is abstract. But the alternative, a curated anonymity, privacy for the approved, is not actually privacy. It’s a permission system, not a privacy one.
The Navy researchers understood this in the 1990s. In 2012, Foreign Policy named Dingledine, Mathewson, and Syverson among its Top 100 Global Thinkers for making the web safe for whistleblowers. That’s true. But the fuller version is stranger and more demanding: they made the web safe for whistleblowers by making it impossible to make it safe only for whistleblowers. That’s the part worth sitting with.
