With so much intrusion on our privacy these days, many people are turning to the Tor browser to keep snoopers out of their business. Tor is very effective — but it has its limitations. The advantage is that no one knows who is transmitting the data under all those layers of encryption. But that protection is only good while the data is passing through the Tor network, and it won’t help you at the entry and exit points. If you’re curious about how Tor really works, then read on.
What Is Tor?
The word Tor is an abbreviation for the onion router. The way that Tor ensures privacy for users is that it hides their identity and network traffic beneath several layers of encryption — like the layers of an onion. For a hacker to get down to the actual data, he would have to peel away the onion by deciphering complex encryption keys for each layer. And none of the layers can communicate with each other.
To understand the concept, it might help to have an understanding of the origins of the technology. In 1995, the Office of Naval Research (ONR) initially funded the Tor Project. Their purpose was to protect confidential military communications online by wrapping messages multiple times to make them more difficult to read. It was also important to hide the identity and location of the spies who were sending the messages. Tor was really a tool for secure communications in the U.S. intelligence community. It was a way for spies to remain anonymous on the web.
There is a general impression among the public that Tor is merely a grassroots project created by those on the fringes who were looking to go under the radar. But further investigation of the history of Tor reveals that the U.S. military designed, developed, and built The Onion Router network. Anyone who thinks Tor is a means of escape from legal responsibility should be aware that government agencies — the NSA, the police, the FBI — know their way around the Tor environment too. And they have their ways.
Anonymous browsing with an onion browser has its uses, both legitimate and otherwise. Users in countries that put a damper on internet freedom, such as China, may use Tor for unrestricted browsing and messaging. Similar to Tor’s roots in military espionage, dissenters can find some measure of freedom when open browsing is restricted. On the other hand, many people use Tor as the gateway to the dark web, where nefarious activities such as illegal drug and arms sales or the illicit distribution of obscene images takes place. Onion routing is all about privacy and anonymity on the public web.
How Does the Tor Browser Work?
Onion routing is a method of encapsulating data in encryption several times. The default number of times a message is encrypted is three. That means that the user shares encryption keys with three different Tor routers, with separate secure data tunnels to each router. Volunteers host Tor routing software on thousands of servers across the world. The image below will give you some idea of how onion routing wraps messages.
The selection process for the Tor routing path is part of the protocol. It involves the use of a rendezvous point within the Tor network. In the end, the technology creates a path between the user and the server that includes an entry guard, a middle relay, and an exit node. The illustration below from Whizlabs shows how this works.
Tor users should be aware that Tor does not address all issues when it comes to internet privacy and security. While encrypted messages remain hidden while moving through the secret tunnels of the Tor network, they don’t enjoy those protections at the entry and exit points of the journey. A clever hacker could still tap into data in its unprotected state while you are on a public wi-fi, for instance, or closer to the destination server. That’s why many users couple their Tor browser with a virtual private network (VPN) application.
How to Use Tor
To use Tor, first you need to download the Tor browser. You will find software for Windows, Mac, or Linux at the Tor Project website. You can also get a Tor browser for Android. Once you have downloaded and installed the browser software, you will then have access to special onion routing websites that have the .onion extension. But don’t think that it’s easy from there. True to the secretive nature of the Tor network, many onion routing hosts use URLs that are anything but obvious. Someone who wants to limit access to their website might use a totally random domain name. Getting around the Tor network can take a bit of work.
One way to have a look around is to start at at the Hidden Wiki. Here you’ll find a listing of onion URLs and links to get you started. You can also find a listing on Wikipedia. But you should know that any such directory could get stale pretty fast. A site that might be live and active today could very well be defunct tomorrow.
Once you get on the Tor network, keep in mind that you can do everything on there that you can do on the regular web. You can log into Facebook, check your favorite news sites, or send email. But any time you log into a server, you no longer retain the anonymity that you were seeking. Your Tor traffic may be anonymous, but what you do on the destination server is just as exposed as with any normal browsing.
Another important fact that you should know: Tor browsing can be extremely slow. Tor is a kind of proxy service. You are not only dependent on the speed of your own computer, your internet connection, and the destination server. You will also be at the mercy of the processing capacity of the Tor nodes through which your traffic passes. An onion router along your path may become a bottleneck because of both Tor and non-Tor data traffic, and it all becomes compounded because of the multiple layers of encryption in your Tor data stream.
Tor vs VPN
You might think that Tor is the ultimate solution for network security, but you would be wrong. The main benefit of Tor is the promise of anonymity while browsing. But it won’t necessary protect you from the risks of “promiscuous” browsing. Malware can still wreck your system, and the bad guys use aggressive tactics to get at your confidential data.
If you really want to secure your network data transmissions, you should consider the use of a VPN. It will safeguard your data all along the network path, and it will help keep your private data private. Onion over VPN gives you the double whammy of Tor anonymity and VPN security and privacy.
Is Tor Safe?
A lot of people have reservations about using a Tor browser, and they may wonder if it’s safe. We could look at that in two different ways. First, will Tor help me to avoid the surveillance of nosy governments, internet service providers, or hackers? And second, can I remain safe from those on the Tor network who may be there for criminal, unethical, or immoral purposes?
You may want to back up here and ask yourself why you would want to use Tor at all. As we have said repeatedly in this space, we would like to greatly discourage the use of privacy tools for the wrong purposes. On the other hand, if you worry about privacy and keeping others from knowing what you are doing, Tor may be the right solution.
But everyone knows that you have to be careful wherever you go. You would not walk down a dark alley in a strange city alone, and you should not mess around on the dark web looking for trouble. If you know what you are doing and where you are going, fine. But whether on Tor or on the normal web, it makes sense to stay with websites that you trust and avoid places that you don’t. Remaining safe on the web is a personal responsibility.
Tor browsing is not the end-all-be-all of internet security. If offers some measure of anonymity, but it won’t provide complete end-to-end security for your data transmissions. Using Tor can be confusing and difficult, but that may be by design. Onion routing obscures data and obfuscates messages that are nobody else’s business. If you really want to use Tor to hide your internet activity, you can do it. But you should also be aware of its limitations, risks, and the accompanying stigma. We love our freedom, but simply using Tor can raise a red flag to federal investigators. Whether that makes you more motivated to buck against government control and use Tor anyway — well, that’s entirely a matter for you and your conscience to determine.