Doug Vitale Tech Blog

Tor anonymity: how it works and how to use it

The Onion Router (TOR) network is intended to help protect the privacy of Internet users and promote greater freedom of expression online. Tor is a system of volunteer servers that acts as a buffer between Internet users and the resources they connect to. If you connect as a Tor client, your online access is channeled through this buffer before it reaches the general Internet. To understand clearly how Tor functions, you must first have a good idea of what proxy servers are, and of the role they play during network transmissions.

A proxy server acts as a middleman between a client computer and the target server or resource it is accessing. As such, proxies can be configured to log user activity and restrict Internet access; for example, by blocking certain websites or protocols. However, proxies can also help protect the client user’s privacy because the target server is only aware that it is communicating with the proxy, not with the client. For example, if you connect to a web proxy and then load a website, the site is only aware that it is being accessed by the proxy and it has no knowledge of your computer and IP address. The illustration below depicts network data flow when a proxy is deployed. Resources within the Internet icon (such as web servers) are only aware of the proxy server, not of the three clients behind it.

Internet access through a proxy server

The “Internet” only knows about the proxy, not the three clients

Now what if instead of using a single proxy server, you could connect to a network of them for increased bandwidth and availability? And what if you could encrypt your communication sessions for increased confidentiality? Using Tor, you can.


Jump to:


How Tor works

When you connect to the Tor network, your data packets are relayed multiple times through multiple Tor hosts before being passed off to the ultimate destination, such as the website you want to view. Simply put, you initially connect to the first Tor node, and then that node connects to the second Tor node, and then the second node connects to the exit node. Obviously each node forwards your packets to the next node in this circuit (data path). Because the internal Tor connections are encrypted, each node knows only about the nodes before and after it in the circuit, and no single node can infer both endpoints of an active circuit.

Example of Tor data transmission and encryption

Example of Tor data transmission and encryption. Notice the red line indicating the lack of encryption outside the Tor network.

The transmission is encrypted to protect the data in transit. As you can see, the main advantage of using Tor is that the origin of your traffic is disguised as it gets mixed in with the traffic of other Tor users, and random nodes within Tor forward it along.

Tor handles proxy chaining and hopping on its own. What this means is that periodically you get a new ‘identity’ in the network (Tor discards the current relay path and builds an entirely new path using new nodes). This presents a difficulty for censoring/spying authorities because the list of participating nodes is always changing.

Tor also implements websites with the top level domain of “.onion”. These .onion sites are sites stored on volunteer Tor hosts and hence, are only accessible through Tor using Tor DNS. .Onions are different than regular websites because not only is your IP address hidden from them, but their IP addresses are also hidden from you. This implementation gives them leverage to host content more freely; i.e., without the fear that a repressive authority will locate their web servers and shut them down.

There is no single repository of all .onion sites. However, the Hidden Wiki (accessible only from within Tor) is a useful place to start. TORDIR and Sites Deep Web are other collections of user-submitted links. If it’s a search engine you want, give Torch a try. There are several other sites with similar functionality listed on the Hidden Wiki page.


How to use Tor

The first step to utilizing the Tor network is to install the client software that can allow your PC to communicate with Tor servers (a Linux version is available, but check first if it can be obtained from your distribution’s software repositories via a package manager like Synaptic). The Tor Browser Bundle contains everything you need to run Tor on your PC. In Windows, you just unzip the .exe file to a location you specify, and then launch Start Tor Browser.exe. In Linux you need to unntar the tar.gz file and run start-tor-browser. In Mac OSX just run TorBrowser_en-US.app.

Tor control applet

The Tor control applet appears when you launch a Tor session.

Tor will start running and a separate browser will launch. This browser is a copy of Firefox that is pre-configured to work correctly with Tor. If you are connecting from within a country that censors Internet access or from some other restrictive environment, you should now be able to access the entire Internet. To verify that you can access Tor properly, you can use this web page.

Tor connection verification

Verification that your computer can successfully communicate with the Tor network.

Tor configuration options

Tor configuration options

Be aware that if your Internet service provider (ISP) is actually worried about Tor usage, it can throttle Tor connections in the same manner it can throttle torrents and other P2P traffic. If your ISP were monitoring the connection between your PC and the outside Internet, what it would see would be an SSL connection on port 443 to a few select IP addresses. They could probably deduce that it’s a Tor connection and they can ascertain the amount of data transferred, but they would not be able to tell which sites you’re connecting to or what files you’re downloading or uploading.


Tor history and funding

A common charge made against the Tor application is that it was “created and funded by the Department of Defense” and therefore, should not be trusted. It is true that Tor was developed with DoD assistance, and this fact should come as no surprise as the official Tor website clearly states:

Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

In other words, we can surmise that since Tor was developed by the Defense Advanced Research Projects Agency (DARPA), an agency of the DoD and hence the State, its purpose is to provide a means for operatives (‘deep cover agents’) abroad to securely access the Internet by evading censorship and surveillance from foreign governments. An additional motive behind Tor may be to help people (‘dissidents’) living under repressive regimes to get access to censored information, report human rights abuses, etc.

The reality is that the DoD allocates no funds directly to the Tor Project. DARPA provides funds to non-profits that support advanced technology research, and some of those groups subsequently provide funding to Tor.

This charge becomes fairly inconsequential when you remember that the whole Internet itself was largely a result of DARPA funding. Furthermore, since Tor software is open source, any backdoors or covert channels in its code would have been revealed long ago. Therefore, whoever funds it is irrelevant to its operational trustworthiness and reliability.


Tor and anonymity

Now that you can connect to the Tor network, a question you might have is how truly anonymous your online activities are. The first rule of thumb to remember is that as long as your are using an IP address that can be tied back to you, you can never achieve total secrecy. Also bear in mind that Tor’s main strength is source anonymization, i.e. the hiding of your IP address. It as not as effective at securing data in transfer through its nodes. The biggest problem with Tor is that the exit node sees all your traffic and can potentially modify it unless otherwise protected (encrypted). Exit nodes can see exactly what the server (and any eavesdroppers on an unanonymized connection) can see. The main point to remember, though, is that the data can be decoded at the exit point – he won’t know who sent the file, but he’ll know what it is. The first Tor node (the one you connect to) will know who you are but not what data you are sending. So if you transmit sensitive data unencrypted over Tor, you are still not fully anonymous even though you are using an “anonymizing” network and therefore, it’s advisable to keep identifiable information going over Tor to a minimum. Using HTTPS for Web traffic helps mitigate the risk.

There is also the interesting paradox that using Tor might actually decrease your level of anonymity because Tor traffic is more likely to be monitored and scrutinized by agents and organizations searching for illegal activity. Why? Because any technically savvy user intending to engage in unlawful online activity is going to try to conceal his online tracks using Tor and similar tactics and technology (I say ‘illegal’ knowing that the definition of this term varies from country to country). Think about it: if you were tasked with finding users engaged in criminal online activity, where would you first look and concentrate your efforts? Would you be surprised to learn that the government or anti-piracy groups are running their own exit nodes? Remember that running a Tor exit node can put you at risk because the traffic traversing it can be traced back to you if it is unencrypted.


How governments have tried to block Tor




I2P: an alternative to Tor

I2P is an anonymous network consisting of multiple peers. Like Tor, I2P traffic goes through several peers (for example from you to peer A, from peer A to peer B, etc.) before eventually reaching the destination. Furthermore, each peer only knows about the preceding peer and the upcoming peer after itself. Inside this ‘private’ I2P network, users can host servers such as IRC, web servers, email servers, torrents, etc. The specific differences between I2P and Tor are spelled out here. Some places to search for I2P torrents are Tracker2, Difftracker, the I2P Torrent Repo, and Colombo-bt.


Further reference

General online privacy

BillStClair.com, Network forensics evasion: How to exit the Matrix
Boum.org, Tails, a Linux distro for online privacy
DontTrack.us, Search engines and privacy concerns
EFF.org, Defensive Technology
FreeHaven.net, Selected papers in anonymity
Pastebin.com, How to secure your computer and surf fully anonymous

Advanced Tor

Aldeid.com, Nmap portscans through Tor
ArsTechnica.com, Flaws in Tor anonymity network spotlighted
ArsTechnica.com, Not anonymous: attack reveals BitTorrent users on Tor
ArsTechnica.com, August 2013: Tor usage mysteriously doubles (update: Mevade/Sefnit botnet)
Cornell University Library, How China is blocking Tor
Cryptogon.com, High-traffic colluding Tor routers in Washington, D.C., and the ugly truth about online anonymity
Cryptome.org, Tor made for US government spying, says maker
EFF.org, The EFF Tor Challenge
EFF.org, HTTPS and Tor: Working together to protect your privacy online
Forbes.com, Mysterious scans on Tor from China’s firewall
Github.io, Tor Path Simulator (TorPS)
Google-opensource.blogspot.com, Google and the Tor Project
Hal.inria.fr, Exploiting P2P Applications to Trace and Profile Tor Users
HowToForge.com, Ultimate security proxy with Tor
InfoSecInstitute.com, Introduction to Anonymizing Networks, Tor and I2P
KAU.se, Spoiled Onions: Exposing Malicious Tor Exit Relays (395 KB .pdf)
Makezine.com, How not to use Tor
NoiseTor.net, Noisebridge Tor exit nodes
Ohmygodel.com, Traffic Correlation on Tor by Realistic Adversaries (1.79 MB .pdf)
Pastebin.com, Tor Guide for Hidden Services
PCWorld.com, Cybercriminals using the Tor network to control botnets
SMH.com.au, The Tor hack of the year
SpyBlog.org.uk, Why you need extra courage to operate a Tor exit node
TechnologyReview.com, Router with Tor built in
TenableSecurity.com, Active and passive Tor detection
TheGuardian.com, Top Secret presentation on Tor
ThreatPost.com, How the Chinese Firewall blocks Tor
Tormail.org, Tor Mail, a free anonymous email service provider (update: warning about Tor Mail here and here)
TorProject.org, Tor and the Beast SSL attack
TorProject.org, Tor Frequently Asked Questions (FAQs)
TorProject.org, Tor Abuse Frequently Asked Questions (FAQs)
TorProject.org, Transparently Routing traffic through Tor
TorProject.org, Tor usage metrics portal
TorrentFreak.com, BitTorrent Hydra: anonymous hidden tracker via Tor
USCyberLabs.com, Attacking a Tor network
V3.co.uk, Swedish researchers uncover key to China’s Tor-blocking system
WeLiveSecurity.com, Rise of TOR-based botnets
Wired.com, FBI Admits It Controlled Tor Servers Behind Mass Malware Attack


Recommended reading

If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book or two using the links below. Thanks!

DarkMarket: Cyberthieves, Cybercops on Amazon DarkMarket: Cyberthieves, Cybercops Internet Privacy, Anonymity & Security on Amazon Internet Privacy, Anonymity & Security

Anonymous File Sharing & Darknet on Amazon Anonymous File Sharing Complete Internet Privacy on Amazon Complete Internet Privacy

Peer-to-Peer: Harnessing the Power of Disruptive Technologies on Amazon Peer-to-Peer Disruptive Technologies Darknet: A Beginner's Guide to Staying Anonymous Online on Amazon Darknet: Staying Anonymous Online

About these ads

Written by Doug Vitale

May 29, 2012 at 11:06 PM

%d bloggers like this: