Doug Vitale Tech Blog

Tor anonymity: how it works and how to use it

The Onion Router (TOR) network is intended to help protect the privacy of Internet users and promote greater freedom of expression online. Tor is a system of volunteer servers that acts as a buffer between Internet users and the resources they connect to. If you connect as a Tor client, your online access is channeled through this buffer before it reaches the general Internet. To understand clearly how Tor functions, you must first have a good idea of what proxy servers are, and of the role they play during network transmissions.

A proxy server acts as a middleman between a client computer and the target server or resource it is accessing. As such, proxies can be configured to log user activity and restrict Internet access; for example, by blocking certain websites or protocols. However, proxies can also help protect the client user’s privacy because the target server is only aware that it is communicating with the proxy, not with the client. For example, if you connect to a web proxy and then load a website, the site is only aware that it is being accessed by the proxy and it has no knowledge of your computer and IP address. The illustration below depicts network data flow when a proxy is deployed. Resources within the Internet icon (such as web servers) are only aware of the proxy server, not of the three clients behind it.

Internet access through a proxy server

The “Internet” only knows about the proxy, not the three clients

Now what if instead of using a single proxy server, you could connect to a network of them for increased bandwidth and availability? And what if you could encrypt your communication sessions for increased confidentiality? Using Tor, you can.

Jump to:

How Tor works

When you connect to the Tor network, your data packets are relayed multiple times through multiple Tor hosts before being passed off to the ultimate destination, such as the website you want to view. Simply put, you initially connect to the first Tor node, and then that node connects to the second Tor node, and then the second node connects to the exit node. Obviously each node forwards your packets to the next node in this circuit (data path). Because the internal Tor connections are encrypted, each node knows only about the nodes before and after it in the circuit, and no single node can infer both endpoints of an active circuit.

Example of Tor data transmission and encryption

Example of Tor data transmission and encryption. Notice the red line indicating the lack of encryption outside the Tor network.

The transmission is encrypted to protect the data in transit. As you can see, the main advantage of using Tor is that the origin of your traffic is disguised as it gets mixed in with the traffic of other Tor users, and random nodes within Tor forward it along.

Tor handles proxy chaining and hopping on its own. What this means is that periodically you get a new ‘identity’ in the network (Tor discards the current relay path and builds an entirely new path using new nodes). This presents a difficulty for censoring/spying authorities because the list of participating nodes is always changing.

Tor also implements websites with the top level domain of “.onion”. These .onion sites are sites stored on volunteer Tor hosts and hence, are only accessible through Tor using Tor DNS. .Onions are different than regular websites because not only is your IP address hidden from them, but their IP addresses are also hidden from you. This implementation gives them leverage to host content more freely; i.e., without the fear that a repressive authority will locate their web servers and shut them down.

There is no single repository of all .onion sites. However, the Hidden Wiki (accessible only from within Tor) is a useful place to start. TORDIR and Sites Deep Web are other collections of user-submitted links. If it’s a search engine you want, give Torch a try. There are several other sites with similar functionality listed on the Hidden Wiki page.

How to use Tor

The first step to utilizing the Tor network is to install the client software that can allow your PC to communicate with Tor servers (a Linux version is available, but check first if it can be obtained from your distribution’s software repositories via a package manager like Synaptic). The Tor Browser Bundle contains everything you need to run Tor on your PC. In Windows, you just unzip the .exe file to a location you specify, and then launch Start Tor Browser.exe. In Linux you need to unntar the tar.gz file and run start-tor-browser. In Mac OSX just run

Tor control applet

The Tor control applet appears when you launch a Tor session.

Tor will start running and a separate browser will launch. This browser is a copy of Firefox that is pre-configured to work correctly with Tor. If you are connecting from within a country that censors Internet access or from some other restrictive environment, you should now be able to access the entire Internet. To verify that you can access Tor properly, you can use this web page.

Tor connection verification

Verification that your computer can successfully communicate with the Tor network.

Tor configuration options

Tor configuration options

Be aware that if your Internet service provider (ISP) is actually worried about Tor usage, it can throttle Tor connections in the same manner it can throttle torrents and other P2P traffic. If your ISP were monitoring the connection between your PC and the outside Internet, what it would see would be an SSL connection on port 443 to a few select IP addresses. They could probably deduce that it’s a Tor connection and they can ascertain the amount of data transferred, but they would not be able to tell which sites you’re connecting to or what files you’re downloading or uploading.

Tor history and funding

A common charge made against the Tor application is that it was “created and funded by the Department of Defense” and therefore, should not be trusted. It is true that Tor was developed with DoD assistance, and this fact should come as no surprise as the official Tor website clearly states:

Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

In other words, we can surmise that since Tor was developed by the Defense Advanced Research Projects Agency (DARPA), an agency of the DoD and hence the State, its purpose is to provide a means for operatives (‘deep cover agents’) abroad to securely access the Internet by evading censorship and surveillance from foreign governments. An additional motive behind Tor may be to help people (‘dissidents’) living under repressive regimes to get access to censored information, report human rights abuses, etc.

The reality is that the DoD allocates no funds directly to the Tor Project. DARPA provides funds to non-profits that support advanced technology research, and some of those groups subsequently provide funding to Tor.

This charge becomes fairly inconsequential when you remember that the whole Internet itself was largely a result of DARPA funding. Furthermore, since Tor software is open source, any backdoors or covert channels in its code would have been revealed long ago. Therefore, whoever funds it is irrelevant to its operational trustworthiness and reliability.

Tor and anonymity

Now that you can connect to the Tor network, a question you might have is how truly anonymous your online activities are. The first rule of thumb to remember is that as long as your are using an IP address that can be tied back to you, you can never achieve total secrecy. Also bear in mind that Tor’s main strength is source anonymization, i.e. the hiding of your IP address. It as not as effective at securing data in transfer through its nodes. The biggest problem with Tor is that the exit node sees all your traffic and can potentially modify it unless otherwise protected (encrypted). Exit nodes can see exactly what the server (and any eavesdroppers on an unanonymized connection) can see. The main point to remember, though, is that the data can be decoded at the exit point – he won’t know who sent the file, but he’ll know what it is. The first Tor node (the one you connect to) will know who you are but not what data you are sending. So if you transmit sensitive data unencrypted over Tor, you are still not fully anonymous even though you are using an “anonymizing” network and therefore, it’s advisable to keep identifiable information going over Tor to a minimum. Using HTTPS for Web traffic helps mitigate the risk.

There is also the interesting paradox that using Tor might actually decrease your level of anonymity because Tor traffic is more likely to be monitored and scrutinized by agents and organizations searching for illegal activity. Why? Because any technically savvy user intending to engage in unlawful online activity is going to try to conceal his online tracks using Tor and similar tactics and technology (I say ‘illegal’ knowing that the definition of this term varies from country to country). Think about it: if you were tasked with finding users engaged in criminal online activity, where would you first look and concentrate your efforts? Would you be surprised to learn that the government or anti-piracy groups are running their own exit nodes? Remember that running a Tor exit node can put you at risk because the traffic traversing it can be traced back to you if it is unencrypted.

How governments have tried to block Tor

I2P: an alternative to Tor

I2P is an anonymous network consisting of multiple peers. Like Tor, I2P traffic goes through several peers (for example from you to peer A, from peer A to peer B, etc.) before eventually reaching the destination. Furthermore, each peer only knows about the preceding peer and the upcoming peer after itself. Inside this ‘private’ I2P network, users can host servers such as IRC, web servers, email servers, torrents, etc. The specific differences between I2P and Tor are spelled out here. Some places to search for I2P torrents are Tracker2, Difftracker, the I2P Torrent Repo, and Colombo-bt.

Further reference

General online privacy, Network forensics evasion: How to exit the Matrix, Tails, a Linux distro for online privacy, Search engines and privacy concerns, Defensive Technology, Selected papers in anonymity, How to secure your computer and surf fully anonymous

Advanced Tor, Nmap portscans through Tor, Flaws in Tor anonymity network spotlighted, Not anonymous: attack reveals BitTorrent users on Tor, August 2013: Tor usage mysteriously doubles (update: Mevade/Sefnit botnet), On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records (1.2 MB PDF) (paywall), How Anonymous Is the Tor Network? A Long-Term Black-Box Investigation
Cornell University Library, How China is blocking Tor, High-traffic colluding Tor routers in Washington, D.C., and the ugly truth about online anonymity, Tor made for US government spying, says maker, The EFF Tor Challenge, HTTPS and Tor: Working together to protect your privacy online, Mysterious scans on Tor from China’s firewall, Tor Path Simulator (TorPS), Attack on Tor Has Likely Stripped Users of Anonymity, Google and the Tor Project, Exploiting P2P Applications to Trace and Profile Tor Users, Ultimate security proxy with Tor, Introduction to Anonymizing Networks, Tor and I2P, Spoiled Onions: Exposing Malicious Tor Exit Relays (395 KB .pdf), How not to use Tor, Noisebridge Tor exit nodes, Traffic Correlation on Tor by Realistic Adversaries (1.79 MB .pdf), Tor Guide for Hidden Services, Cybercriminals using the Tor network to control botnets, The Tor hack of the year, Why you need extra courage to operate a Tor exit node, Router with Tor built in, Active and passive Tor detection, Tor alternative Vuvuzela removes weak link in private messaging platform, Top Secret presentation on Tor, How the Chinese Firewall blocks Tor, Tor Mail, a free anonymous email service provider (update: warning about Tor Mail here and here), Tor and the Beast SSL attack, Tor Frequently Asked Questions (FAQs), Tor Abuse Frequently Asked Questions (FAQs), Transparently Routing traffic through Tor, Tor usage metrics portal, BitTorrent Hydra: anonymous hidden tracker via Tor, Attacking a Tor network, Swedish researchers uncover key to China’s Tor-blocking system, Rise of TOR-based botnets, FBI Admits It Controlled Tor Servers Behind Mass Malware Attack

Recommended reading

If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!

DarkMarket: Cyberthieves, Cybercops on Amazon DarkMarket: Cyberthieves, Cybercops Internet Privacy, Anonymity & Security on Amazon Internet Privacy, Anonymity & Security

Anonymous File Sharing & Darknet on Amazon Anonymous File Sharing Complete Internet Privacy on Amazon Complete Internet Privacy

Peer-to-Peer: Harnessing the Power of Disruptive Technologies on Amazon Peer-to-Peer Disruptive Technologies Darknet: A Beginner's Guide to Staying Anonymous Online on Amazon Darknet: Staying Anonymous Online


Written by Doug Vitale

May 29, 2012 at 11:06 PM

%d bloggers like this: