In this article I'm talking about the Tor network. You may be familiar with the Tor Browser, which is an integrated solution to access the Tor network.
So how is Tor different from a VPN?
A VPN service forwards your traffic via their server so that you appear to come from a different region or IP address than normally. Sort of like an ISP on top of your ISP. They do this while encrypting your traffic so that others participating in routing your data, like your ISP or local WiFi, can not see the contents of your communication. Though apparently 18% of the 283 tested VPN apps did not bother to even encrypt traffic. Even with encryption, the routers can see who you communicate to (the VPN), when, and how much data you are sending. It is possible to statistically analyze which webpage your traffic belongs to or what type of data is being transferred. This is also one of the main attempted attacks for de-anonymizing Tor traffic. Same techniques are use in classifying encrypted traffic that belongs to malware. This is sometimes called traffic fingerprinting.
Back to Tor. The Tor network encrypts your data in layers that obscure the future destination of your traffic and hides it's contents. It then routes your traffic via three points in the network. The first point sees your IP address and forwards your encrypted traffic. The second point only knows that someone is relaying data through point one and sends the data to a third point, which can allow your data to exit the network, only seeing the data without knowing where it came from originally.
from Wikimedia
This has the effect of protecting your privacy at and beyond the exit node. Anyone looking at your traffic will still see the traffic, encrypted or not, but will not be able to trace it back through the network. Also there is nobody they can threaten or legally require to reveal data about you in a meaningful way.
So this way Tor can route you via various jurisdictions around the world, possibly allowing you to avoid geo-blocking and usually bypassing censorship. Millions of people use Tor, with traffic going to Facebook, news sites and other content that many countries may wish to censor.
As you may have discovered form the Facebook wiki link above, some companies have a presence on the Tor network. This is possible because of onion services, which allow a site to exist within the Tor network, without anyone knowing where it is hosted or by whom. Onion services all have a .onion-address which is actually the public key (or is derived from it) for accessing that encrypted site. So those that understand public key cryptography know that this both uniquely identifies (as a pseudonym) and authenticates the site, as the address is a component in traffic encryption to the site itself. This just means that Onion services are automatically end-to-end encrypted and can only be controlled by the person who holds the key corresponding to the site address. This gives you some certainty that you are on the same site and not a copy, unless the secret key has leaked.
The anonymity given by the network has allowed people to act relatively freely and makes it easier to attempt scams, cloned sites and various other activities within the network. Tor is well known for hosting hidden markets for controlled items and materials, however at that point, people are often tracked down by following the money or the material.
Tor is run by volunteers and managed by a non-profit. It is possible to run a Tor relay or bridge yourself and that may be an interesting future article. I do not recommend it for novice users. It is best to have a reasonable understanding of server systems and the legal issues involved. However there is a very simple and important way to volunteer, by running Snowflake. Snowflake is a browser extension that allows you to share your connection as an alternate entry point into the network. You will be helping people access the network with minimal risks, as traffic will only flow in encrypted form into Tor. This is important as many networks do not allow people to reach Tor, so new addresses and therefore new ways into the network are required.
What's a good use for Tor?
Tor is especially well suited for the following purposes. However, I feel I should tell you to follow your country's laws and avoid doing things that are against the law in your area.
- Hiding your origin on the internet
- Circumventing censorship online
- Anonymously contacting the press
- Protecting you from malicious local networks (like hotel/cafe/conference wifi)
- Protecting your privacy
- Running an anonymous Onion service or website
- It is also the only way to securely visit an anonymous onion service
So will using Tor automatically keep you safe and ensure privacy? No. Sadly you still need to be smart and not reveal too much info about yourself. Just like malicious VPNs, there are also malicious exit nodes on Tor. The difference is that on Tor, you start with anonymity. It is your job to not reveal yourself by logging in to your email or other regular services in a way that would identify you.
Is Tor a good or bad thing?
Firstly, I believe tools to be neutral since they do not (for now) have a will of their own. However if you want to categorize a tool by how it is statistically used by people...
If you compare the total relay traffic figure of over 400 Gbit/s to the traffic to onion services that recently topped 4 Gbit/s, you should come to the conclusion that 1% of traffic goes to hidden services. Those services include the .onion site for Facebook, Pirate Bay, multiple news papers and a handful of illegal markets. So we can say that a large majority of traffic seems to be what we call normal on the mostly free side of the internet. If you are reading this in a totalitarian regime, Tor may look like a bad thing. As Tor user amount are known to spike heavily when a country censors any large service. For a welfare society or a developed country, most of Tor activity would conform to your values. I am not saying Tor users are by default good or bad, just that they seem to be more or less regular internet users, which is legal and good in most places. And this point is important for may of the use cases for Tor. It can not and should not be a tool for only illegal activity, as some have falsely described it to be.
So in conclusion, it depends on the value system of the reader. Based on keywords on my site and the topics I cover, you are likely to be in a society that likes and endorses freedom and therefore is ok with Tor as well.
How I use Tor personally
Personally I use Tor for several purposes. For web- and software development I use Tor Browser to test access and usability of my site from various location and with a secure browser. This allows me to easily use a fresh session that will not remember my past cookies and also allows me to view the site with various levels of scripts being disabled.
For security I often pop open the Tor browser to check suspicious links as the browser will not reveal who I am or run scripts without permission, which gives an added layer of safety. Tor Browser is configured for maximum security and privacy, which can be bothersome on more advanced sites, but permissions can easily be given for those.
Tor Browser also allows me to access my e-mail and social media when I'm experiencing routing difficulties. That FB onion-address comes in handy sometimes.
How can we know if Tor is actually secure or not?
This depends on many things, such as what you are protecting and from whom. To take the scientific approach, no system can be proven to be secure. However, we have good reason to believe that it actually is highly secure. Some of the things you can take into account are found in stories and published documents. For example the story of Dread Pirate Roberts and Silk Road. I recall a part of the story where the authorities had to catch a person while they were logged on to the hidden service, as they were not able to penetrate the technical defenses, including Tor. Also the degree of anonymity can be inferred form the size and duration of the operation that took down Silk Road. Other less notorious cases have become public as well.
Another more direct piece of evidence came with the documents revealed by Edward Snowden, which stated Tor to be troublesome for the NSA. Which is why Snowden has said he uses Tor to avoid being tracked by his former employer. Now some may say that this could all be fake, but the further we go into the conspiracy theories the more unlikely they are to be true. Very few tools have been this controversial and have been discussed and evaluated to this degree. Tor is on a very short list of secure software in the world, partly because it is so decentralized and so often tested.
Now this gets us very close to talking about the virtues of encryption and the current discussion on lawful access or backdooring everything, but that is again a different article.
Here is a relatively recent talk on Tor that covers many interesting points
If you use Tor or wish to support its open source development consider donating on their website. Tor has recently had a tough time with funding as many have many other projects that work on securing and keeping the internet free.
Sources
- https://www.torproject.org/download/
- https://www.researchgate.net/publication/326277327_Fingerprinting_encrypted_network_traffic_types_using_machine_learning
- https://biblio.ugent.be/publication/8559975/file/8559977.pdf
- https://www.theregister.co.uk/2017/06/22/ciscos_encrypted_traffic_fingerprinting_turned_into_product/
- https://www.ptsecurity.com/ww-en/analytics/knowledge-base/network-traffic-analysis-what-is-it-and-why-do-we-need-nta-systems/
- https://2019.www.torproject.org/docs/onion-services
- https://metrics.torproject.org/bandwidth.html
- https://en.wikipedia.org/wiki/Facebookcorewwwi.onion
- https://en.wikipedia.org/wiki/SecureDrop
- https://2019.www.torproject.org/about/overview.html.en#whyweneedtor
- https://www.wired.com/2017/02/beware-mobile-vpns-arent-safe-seem/