What Is Tor?

What Is Tor?

Tor (short for The Onion Router) is an open source research and development project aiming to provide online privacy and anonymity for browsing the Internet, by routing Internet traffic through specially crafted relays that encrypts and decrypts transient data in a layered fashion. The overall goal is to hide the IP addresses of its users (anonymity) in addition to encrypting (secrecy) the traffic while browsing online.

What is It?

Tor (short for The Onion Router) is an open source project and a free software that aims to provide online privacy and anonymity for browsing the Internet. Tor achieves this privacy and security by routing Internet traffic through specially crafted relays that encrypts and decrypts transient data in a layered fashion. Fundamentally, it hides the IP addresses of its users (anonymity) in addition to encrypting (secrecy) the traffic while browsing online.

The relays, a.k.a. onion routers, are non-proprietary and operated by thousands of volunteers around the world. This mechanism of exchanging traffic over a number of onion routers makes it extremely hard for anyone to identify the source of the information. Additionally, encrypting data multiple times in layers further prevents prying eyes from eavesdropping and analyzing your data.

In addition to surfing anonymously and in secrecy, Tor also allows for hosting specially designed hidden web sites, a.k.a., onion sites, that are accessible only through Tor network.

Who Created Tor?

Tor (The Onion Router) was developed during the early 2000s by Naval Research Lab and the Defense Advanced Research Projects Agency (DARPA). The project was mostly funded by the US State Department and Department of Defense (DoD), though there were other supporters too, such as Electronic Frontier Foundation, Knight Foundation, and Swedish International Development Cooperation Agency. After its public release in 2002, it has transformed into what is now known as Tor Project, an open source anonymity service project.

Who Uses Tor?

After NSA surveillance revelations in 2013, the number of people using Tor has increased tremendously. As of this post’s date, approximately, more than 40 million people are using Tor world wide.

These users mainly fall into three groups. The first group consists of ordinary people who want to protect their Internet activity from observing eyes or advertisers. Ordinary users, as well as the activists and journalists who want to evade censorship in some countries can also be counted in this first group.

As a second group, governments and institutions can also benefit from using Tor. For instance US Navy, as the developer of the project, is still a key user. Or, other organizations like Facebook and The New York Times have their own onion sites to provide security and anonymity to their users or to the whistleblowers. To give another example, even CIA has established an onion site to allow anyone to communicate or send information in secrecy and anonymity.

The third group of users represents the dark side of Tor. The secrecy and anonymity provided by Tor makes it also attractive for malicious people. Through the hidden onion sites, a.k.a. dark web, many criminal activities are conducted, such as drug trafficking, arms trading, establishing hacking groups etc.

Why to Use Tor?

To explain why to use Tor, let’s first go over briefly how ordinary web browsing normally takes place and then discuss the threats that one could face while surfing the Internet with normal web browsers.

When a URL is typed on an ordinary browser (like Safari, Chrome, Edge, Firefox etc.), basically a TCP connection is made directly between a computer and the website’s server (Assuming a VPN or Proxy is not used). Through this connection, either HTTP or HTTPS data is exchanged between the communicating parties. Basically, the difference between these two is that HTTPS is the encrypted and more secure form of HTTP, thus the naming HTTP Secure.

Threats Caused By the Third Party Actors

Threat 1: Any third party (whether your ISP, a government agency or a hacker) eavesdropping on a communication can inspect IP packet headers to deduce between whom the communication takes place. More over, traffic analysis can be conducted to determine when and how often the communication takes place between two parties, leading to information inference by the threat actors. This threat is relevant both for HTTP and HTTPS traffic, since HTTPS does only encrypt data in IP packets and sends the packet headers in clear.

Threat 2: A governing body (such as ISPs or IT administrators in the corporate networks) interfering in a communication can block making connections to certain web sites since they can easily identify which web site is being requested, as explained above.

Threat 3: Internet web browsing traffic between two parties can be sniffed and analyzed in clear text if the communication is made over HTTP instead of the more secure and encrypted form of HTTPS.

Threats Caused By the Website

But, third party actors trying to interfere with a communication are not the only threat sources with respect to protecting privacy when surfing online. The website with which a connection has been established could also pose a significant threat to privacy and anonymity by collecting a variety of information about the user and the computer.

Threat 4: Evidently, websites know the source IP of each packet they receive, and through this knowledge, location and the ISP being used could be identified easily. But there is more to it. The operating system and web browser being used and screen resolution of the computer can also be detected and used to help identify a user uniquely. JavaScript and plugins used in a web browser could also reveal more information than these to breach the privacy of users.

Threat 5: Last but not least, cookies reveal a lot about users and their surfing habits. Information that could be exposed through cookies include, but not limited to, how often a web site is visited, how long a user remain on the site, credit card information or credentials being used to access a website, ads seen or clicked by users, online searches conducted etc.

How Tor Provides Anonymity?

To protect against the threats mentioned above, Tor browser does not connect to the web server directly. Instead, it constructs a virtual circuit that consists of a random set of 3 onion routers. Connection is established through this path and web surfing traffic exchanged over it.

Tor browser encrypts any data in 3 layers before sending the packets to the first onion router, a.k.a. the guard node. Guard node decrypts the first encryption layer only to find out to which middle node it needs to transfer the packet. Then the middle node decrypts the second layer of encryption before passing it to the last onion router, a.k.a. the exit node. Lastly, the exit node decrypts the last encryption layer on the packet to determine the IP of the website and then forwards it to the destination.

This model provides perfect security against third party actors interfering with the communication. If any traffic is captured between the source (web browser) and the first node, no information can be deduced about the final destination, that is the website. Regarding the traffic exchanged between the middle node and the other nodes, it is not possible to gather any information about both the web browser and the website. Lastly, the traffic between exit node and the web server hides the source (the web browser) successfully.

In this model, the website can not detect the IP of the web browser either, since it is masked by the IP of the exit node. The Tor browser also takes additional measures to prevent any unintentional data leaks. For this purpose, it disables scripts (such as Java Script), plugins and cookies, and blocks transfer of any data (such as user’s operating system, screen resolution etc.) that could help identify a user uniquely.

To learn more about how Tor works, you could also watch the following YouTube content.

How Tor Works

How To Install and Use Tor?

Though it was more tricky to use Tor in the past, thanks to the efforts made by the Tor Project, all a user needs to do is just to download and install the Tor Browser to surf anonymously.

But note that, since many features that are common on ordinary web browsers are blocked in the Tor browser, it can not be used for all web surfing needs. Secondly, due to multiple encryption and decryption conducted and the additional routing over the onion routers, the connection speed shall be significantly slower compared to a normal web surfing experience.

How Secure Is Tor?

Tor has been designed securely and currently there is no publicly known attack to break its security and anonymity functionality. However, it should be kept in mind that a number of governments are developing and trying repeated attacks against it.

For instance, NSA has revealed that they could de-anonymize a small fraction of Tor users, though they couldn’t and will never be able to de-anonymize all of the users. However, through other practical attacks, such as infecting the computers or exploiting the vulnerabilities on users’ machines, it is possible to identify the Tor users and reveal their secret communications.

Quote by Edward Snowden
Quote by Edward Snowden

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

Edward Snowden

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

To learn more about Tor and using it correctly, you could also read our article How to Use Tor Safely?