There are many ways for a user to ensure privacy online. Even if they are not tech-savvy, one must have heard the terms proxies, VPNs, or Tor going around. These are tools and technologies that aid a user in his online security. A SOCKS5 is a proxy that aims to keep a user anonymous. A VPN tries to ensure the privacy and security of your online traffic. What about Tor? In general terms, it is a network, like a VPN, that aims to provide users with unrestricted access to the internet. However, it is not just limited to that.
With the help of Onion routing, The Onion router can have many implementations. Many users think of Tor as a replacement for VPNs. Although it does provide you with some functionalities of a VPN, it is essentially different from it. The Onion Router caters more to users’ anonymity. But unlike proxies, it is much more secure. To know more about the onion router and what it is, and how it works? Let’s continue further.
What is The Onion Router (TOR)?
The Onion Router or TOR for short is free and open-source software that enables anonymous communication. Derived from onion routing, it saw its first launch in the public sphere in 2003. Used primarily for anonymity, it also provides services to various servers across the globe. The main idea behind it is to protect the user from a mode of internet surveillance known as traffic analysis. Written in the C language, it has almost 146000 lines of source code. Tor consists of an immense database of proxy servers that users can access to protect their online activities. It is an implementation of onion routing. It has multiple applications: as a browser, remote login applications, and instant messaging apps. Like VPNs, it creates a tunnel by using browsers (aka clients) to access the onion network by running a proxy. It then bounces encrypted connections across relays to remain anonymous.
In short, it is an open-source, volunteer-run system network that allows users to remain anonymous on the web. The system uses a series of layered nodes with encryption to hide your IP address, online data, browsing habits, and blocks tracking and eves dropping. It also aids against browser fingerprinting. Tor uses the onion routing technique (hence the name) to route your online traffic through a vast network of relays (at least a random series of three nodes). Additionally, this traffic is subject to encryption at multiple layers, like an onion.
Tor is a buffed-up version of a proxy. It is much more secure due to layered encryption and random relay of communication. To get to the information that passes through a Tor network one has to intercept the communication that bounces of a series of random nodes across the internet. Then they have to work on decrypting the information layer by layer.
How does Tor work?
Tor uses Onion routing to relay communication across multiple, random nodes (servers) spread across the globe. It also ensures layered encryption. Though, it makes the process slow but much more secure. It is anonymous because the nodes used are random. They don’t know what traffic is passing through them.
Tor is an overlay network that runs on a volunteer system with multiple nodes. By default, any traffic has to pass through three nodes, called the circuit. The nodes in the circuit are always random and change every ten minutes. Tor browser (client) encrypts your traffic multiple times and forwards it to the network. The entry node intercepts your traffic and relays it further after decryption. These nodes decrypt a layer, but the communication is never at risk before leaving the final node or the exit point. As such, the target website knows the IP of the last node itself. Even the entry node will know only your IP and not your final destination. (Three nodes can balance between speed and security. However, one can use any number of nodes.) In this case, the multiple nodes work like VPNs.
The whole process looks like this:
- The Client — Encrypts the communication multiple times and forwards it to the network.
- Entry point/Guard node — Decrypts the first layer, knows your IP, and forwards it.
- Node relay — Doesn’t know anything, decrypts another layer and forwards.
- Exit point/Final node — Knows only the destination and not the origin, completes decryption, and contacts the target server.
- Target Web server — Can view the final IP address and can only communicate with it.
Note – Tor works like a VPN but is very different from it. Also, the multi-layered encryption is peeled off at several relays but never completely decrypted before it leaves the final node.
One of the implementations of the Tor network is in the form of a browser. The browser is what we generally refer to as Tor. And the network side is generally computed together with onion routing technology. In short, to enjoy the services of Tor or to access a network with onion routing, one has to install the browser.
The onion router project began the development of this browser in 2008. It is a modded Firefox browser that has NoScript and HTTPS Everywhere add-ons pre-installed. The browser works as the client that connects you to the internet via the Tor network. It is simple to install and use, and you can also run it off a flash drive, forgoing installation altogether.
To use it on your system, head to the official onion project website and download the browser. After you start the browser, it will ask for confirmation to connect you to the network. When you click connect, your browser (aka client) will connect you to a guard relay (entry point). Now whatever you do online will route through Tor and will remain private. It works almost like a VPN. But remember, in the case of VPNs, it protects your total online traffic that originates from the system itself. However, Tor only protects the traffic that routes through its network. In simple words, only the activities you do on the browser are subject to protection. The rest of your device will use the regular connection.
Note – Tor browser, the most well-known client; developed by the project, is only available for Windows. macOS, Linux, and Android. It uses the Mozilla Gecko engine and works on the stable ESR version. However, to use Tor services on iOS, you will have to download the WebKit-based Onion browser.
Level of security
Tor offers three layers of security for its browser. Besides the default settings, users can opt for two more levels. Each level provides a different magnitude of safety, with the third being the highest:
- The default setting is the most user-friendly but offers almost nothing different from a regular proxy.
Although the onion router is more secure than popular regular ones, it isn’t foolproof against cyberattacks. It is highly effective against traffic analysis but fails to make an impact against the end-to-end correlation. Other weaknesses include:
- Consensus blocking — Similar to DoS attacks, malicious users can temporarily block consensus nodes from communicating.
- Eavesdropping — Since an exit node doesn’t use E2EE, it is vulnerable to eavesdropping. It isn’t necessarily risky in terms of IP exposure but can point towards the source.
- Traffic analysis attack — In passive attacks, users can match extracted information against the network, and for active attacks, modified packets can assess the impact on traffic.
- Tor exit node block — One of the most common methods to refuse service to a Tor communication is to block the exit node, once discovered.
- Sniper attack — A type of DDoS attack that overwhelms the exit node until they run out of memory. Thus, with proper planning, attackers can control which exit node the communication will select.
- Mouse fingerprinting — Back in 2016, researchers discovered that one could track mouse fingerprinting at a millisecond level. Therefore, interested parties can cross-reference a user’s movement even on the Tor browser.
Does it actually work?
One thing for sure is that when using Tor, your online activity will remain hidden from your ISP. However, don’t think you are impenetrable, as there are ways to track users on a Tor network. But for the most part, your IP will remain hidden behind layers of nodes and encryption. The ISP can only learn the address of the entry node you connect to, and the target server will only glean the exit node IP, which will make you anonymous as far as anonymity goes online.
Tor is not foolproof, similar to the VPNs, but comes pretty close to online anonymity. Due to the multiple nodes and encryption, the off chance that your data gets intercepted or someone traces the source back to you is nigh difficult. Unless there is a coordinated plan in motion, you will remain safe on a Tor network. But being difficult doesn’t automatically equate to impossible. That’s why we recommend using Tor over VPNs or vice versa to compensate for the weaknesses of the onion router. It is not only that a VPN helps Tor; in cases where your VPN gets blocked, Tor can also help you circumvent it.
Who uses Tor?
Using Tor is entirely legal. However, most websites and official agencies frown upon the use of Tor, as it plays a critical role in aiding illegal activities on the darknet. Again, Tor by itself isn’t illegal but remember – using it for illegal activities will not help your case. Banned in several countries due to the stigma of illegality, it doesn’t help when criminals frequent Tor. Most will associate using Tor with something illegal, which is certainly not true. While the dark web has its problems, many prominent websites provide their services over the darknet. Some fitting examples are Facebook and BBC. They use it to bypass country-level restrictions, as well as aid users in fighting against censorship.
Although using a Tor browser will never be trouble-free, many use it to fight against authoritarian governments and censorship. In recent times, even the general populace of the internet has started adopting Tor as a countermeasure against online surveillance and their online health. There are multiple reasons behind using it legally, ranging from avoiding ISP data throttling to preventing data snooping and tracking.
Some professions that need a high level of anonymity prefer Tor, such as:
- Law enforcement officers
- Business executives
- IT professionals
Onion router & the darknet
Darknet refers to the part of the internet not indexed by search engines. Meaning, to reach these websites, you have to enter the correct address (URL) directly. However, traditional browsers are not configured to connect to these sites. Websites on the darknet use onion services and a format of “TLD.onion”. As such, one can only reach these sites via a Tor browser.
Since these sites are not restricted and do not exist virtually, they are often a hotbed for illegal activities. Given how only a Tor browser can access such sites, this leaves a bad taste in the mouth of several government agencies that directly associate Tor with such sites. It is those activities on the Internet that earned Tor its infamous reputation. Ergo, you should always be cautious when using Tor. In fact, unless necessary, we recommend that the general population avoid using Tor.
Advantages of Tor
There are several advantages to using the onion router. Some are:
- Free to use — Tor is open-source software and is entirely free of charge.
- Hides you on the net — By relying on multiple relay nodes and a layered encryption protocol, it can help you remain nearly anonymous on the internet.
- Provides security — Websites accessed via the browser are secure and encrypted. It lowers your risks of online tracking and protects you from malicious attacks.
- Helps against censorship — This is a decentralized network that can circumvent restrictions by relying on volunteer-run systems. It is a prominent tool in the fight against censorship, and helps with cyber activism.
- Can access deep web — You can use it to access non-indexed websites on popular search engines, .onion format websites, and non-indexed dark web.
Disadvantages of Tor
Similarly, there are also disadvantage to Tor, which are:
- Detectable by ISPs — Although the ISP may not discover what you are doing on a Tor network, it certainly will know you are on one. It can be risky according to the laws of your country.
- Blocked by network admins — Network admins often block Tor because of its reputation. Sure, there are ways to circumvent it, but this can be a hassle.
- Prone to attacks — With every passing day, technology is evolving. It is observable as Tor is becoming more and more prone to security threats and breaches.
- It has a slow network — Owing to the multi-layered encryption and multiple nodes, the flow of data on a Tor network is unsurprisingly slow.
- Too long to start up — Since it has to find and connect an entry relay and plan a route with multiple nodes, it takes time to load.
- Large files almost inaccessible — It is nearly impossible to upload/download large files on this network.
- Poor performance in speed — Tor is subject to inconsistent speeds. Depending on the bandwidth, latency, and real-time clients, it can be too slow at times.
- Prominent illegal usage — One of the glaring drawbacks of Tor is its criminal association. While itself being legal, most use it for illicit activities that make other bystanders suspect too.
- Not foolproof — Tor doesn’t enjoy complete encryption. It doesn’t offer anonymity across the device, which makes it an over-glorified proxy.
Do I still need a VPN if I use Tor?
Tor works almost exactly like a VPN. It hides your online activity by routing it through different servers and ensures security by encrypting the said traffic. However, it’s way different from a VPN. Honestly, Tor and VPN complement each other by overcoming the other’s shortcomings.
Tor is more about anonymity, whereas VPNs care about privacy. As such, when you use both alongside one another, they make up for each other’s weaknesses. When you use Tor, your ISP knows the entry point of the network. On the VPN side, ISP doesn’t know anything except that you’re using a VPN but your VPN provider can see everything.
Ideally, you will like your ISP to remain oblivious towards Tor and your VPN to be unable to read logs. It is possible by using both at the same time. Differentiating which tool you connect to first can provide different results:
- Tor over VPN. You connect to the VPN first, which will easily hide your association with Tor. Not only will it ensure that your ISP knows nothing, but it will also stop your provider from snooping and logging anything.
- VPN over Tor. This method doesn’t provide additional privacy, but can help you fight against exit node monitoring and attacks.
Other programs related to The Onion Router project
- Tor Messenger — It is a messenger that you can use alongside existing social networks like Facebook, Twitter, Google Talk, etc.
- Atlas — It is a web application that lists various relays and bridges in the Tor network.
- Nyx — Previously named Arm, it is a command-line monitor for users running relays for Tor.
- Onionoo — It is a web-based protocol. It provides data regarding relays and bridges to various network applications like Atlas.
- OONI — Open Observatory of Network Interference, or OONI for short, provides software tests.
- Pluggable Transports(PTs) — PTs can alter the traffic between a Tor client and network. It looks like regular traffic so that users can bypass blocks.
- Shadow — A Tor network simulator.
- Tails — The Amnesic Incognito Live System (TAILS) is a live operating system. It runs on your device without installation via a DVD or a flash drive.
- TorBirdy — It is a Mozilla Thunderbird email MOD that configures it for Tor use.
- Tor2Web — Allows users to access .onion sites without Tor browser, but is not secure.