FindYourVPN

True Review from the Expert

Tor Fully Explained: How It Works & How to Use It?

Tor Fully Explained: How It Works & How to Use It?

By Elena Constantinescu

posted on

Tor facilitates an anonymous network within the Internet that allows anyone to connect, enjoy privacy, and surf the web anonymously. Unfortunately, it has gained a bad reputation throughout the years, mostly due to misinformed media channels, politicians, law practitioners, police officers, and government agencies.

For instance, the American ISP Comcast was misguided in 2014 when it threatened to terminate the contracts of customers who happened to be Tor users. The network is widely regarded as a haven for criminals because of the increased level of anonymity it provides. But the truth is on the other side of the spectrum: Tor fiercely condemns lawbreakers and endorses freedom of speech, online privacy, and human rights.

In this article, we are taking you on a full tour of the Tor anonymous network to learn what is so special about it. Here are the topics on today’s menu (click to jump):

What is Tor

Short for The Onion Router, Tor is a free and open-source network that allows any users to connect and browse the web while preserving their privacy and anonymity. Acting as a shield against any third party attempting to monitor and analyze your Internet traffic, it can be used for everything that normal browsing can be used. But there is a difference when it comes to anonymity (better for Tor) and speed (better for normal browsing).

Tor hides your IP address and makes it impossible for any third parties to track you, including marketing agencies, Internet service providers, law firms, government bodies. Your identity, location, and transferred data remain confidential, together with the visited websites, clicked links, and instant messages.

Brief history

Tor’s working model is an onion, hence the full name “The Onion Router.” It encrypts Internet traffic in multiple layers, like an onion, which helps strengthen the anonymity of contents, senders, and receivers.

Employees of the US Naval Research Laboratory introduced the concept of onion routing in the 1990s to protect US online communications. The Defense Advanced Research Projects Agency (DARPA) that belongs to the US Department of Defense took on the Tor project in 1997.

The US Naval Research Laboratory made Tor open-source in 2004. Since then, a variety of organizations have sponsored the project, from the Electronic Frontier Foundation (EFF), Humans Rights Watch and Google, to the US International Broadcasting Bureau, the University of Cambridge, and the US government for the most substantial part of the funding.

How it works

The anonymous service consists of two parts: the network of computers used to transfer data traffic across the Internet, and the software application you can download to access this network (Tor Browser).

More than 7,000 relays exist in the network, where each relay is a computer (also known as router or node) operated by a volunteer. The operators are willing to lend their bandwidth to the clients for free.

When Tor passes Internet traffic, it picks a random circuit of relays to direct data to its destination. The more relays exist in the network, the more secure and faster Tor is. This is why the EFF encourages people to become relay operators. No specialized hardware or software is needed to become a relay: just an ordinary computer with the Tor software configured to behave like a node.

Relays and bridges

The Tor anonymous network uses three types of nodes: middle relays, exit relays, and bridges. At least three routers are used to maintain security. The first two are always middle relays, and the last is always an exit point. The first node is also known as the entry or guard relay.

A middle relay receives and forwards data to another node. It exposes itself in the Tor network to permit users to connect. At the same time, it masks the operator’s identity to ensure it cannot be interpreted as the traffic’s source (point of entry). Generally, there are no risks for middle relay operators if someone connects to commit illegal acts.

An exit relay is a computer that pulls data from Tor, pushes it back into non-Tor Internet traffic, and makes sure it reaches its destination safely. Just like middle relays, exit relays are visible to the Tor network so that anyone can connect. However, the operator’s IP address can be misunderstood for the source of data traffic. As such, exit relay operators risk accusations when someone connects for wicked deeds.

A bridge is invisible to Tor and acts like a censorship circumvention tool. It is indispensable to countries with strict Internet policies and which prevent people from connecting to Tor by blocking the IP addresses of public relays. Just like middle relays, bridge operators are safe from harm.

Layered encryption and circuits

You might believe that trusting Tor with your traffic is the same as putting your faith in a VPN service: it has the technology to monitor and collect your data, but it chooses not to, and you have to believe that promise. It is not the case of Tor, though. The entire network is designed in such a way that it is not necessary to hope that the relay operators do not snoop around or divulge your info, thanks to Perfect Forward Secrecy and layered encryption (similar to an onion).

This is how a circuit looks like: when you connect to the Tor Browser and choose to send a piece of information (plaintext), the client encrypts the plaintext before transporting it to the first node. The encryption process utilizes a cipher that only the exit relay can use to decode the ciphertext and extract the plaintext. The final node can decrypt only the contents, not the IP address.

Afterward, Tor applies a new round of encryption before transporting the ciphertext to the following middle relay. It keeps doing this before reaching the exit node. Keep in mind that the middle nodes cannot decipher the original message. They only know where they got the ciphertext from and where to send it next (adjacent relays only).

True anonymity comes from the fact that, if anyone managed to intercept the transport between any two nodes of a circuit, they would not be able to identify both IP addresses of the sender and receiver. No relay holds both IPs in cleartext, so even if someone acquires an IP address, they cannot associate it with the other IP.

Governmental Tor blocks

Before transferring a piece of information through the anonymous network, the Tor Browser must obtain a list of all available routers (middle and exit relays) so that it can set up a circuit of nodes with a random path.

However, if users wanted to access a governmental site with content forbidden to the public, for example, they might hit a wall. The government may easily block the IP addresses of all known exit relays after acquiring the public list, thus preventing all Tor users from reaching the site in question.

To make matters worse, users living in strict countries with censored Internet networks may face a more severe restriction: the government may prevent all users from going into Tor by cutting off access to all middle relays (since any middle relay can become the entry point of a circuit).

Censorship circumvention with Tor

Bridges bring a solution to this problem: to prevent governments from restricting Tor access. Any bridge can become an entry node that connects users to the rest of the Tor network, even across censored networks.

The difference between bridges and middle relays is that bridges are not publicly listed, so their IP addresses cannot be obtained and blocked by an oppressive government. Instead, a subsidiary project of Tor called BridgeDB is in charge of releasing one random bridge at a time.

Even if a government agency was employed to find and cut off access to bridges, it could not possibly block all of them. Currently, no one has managed to discover all. However, the Tor Project proposed ten possible methods of determining Tor bridges and invited all types of Internet users to find a solution.

Onion services

With the help of Tor Browser, you can freely explore the Internet and access blocked sites while protecting your anonymity. But, in addition to regular domains, you can visit onion services (previously known as hidden services). They add more protection to both the website owners and visitors, including censorship circumvention.

Onion services are visible on the Tor network so that other users can connect. But they are anonymous because search engines do not index them. It means that only users who know the addresses from sources other than search engines can access the onion sites.

Moreover, it is not possible to find out their IP address, which could be used by governments to restrict user access. Since their IP addresses are unknown, onion websites can only be accessed using the Tor Browser (using any other web browser returns a “server’s IP address could not be found” error).

Caution is advised when exploring .onion services because numerous sites display, sell, or promote illegal content. To help you get started, here are a few legitimate .onion addresses of popular websites you can visit with Tor Browser: DuckDuckGo, The New York Times, CloudFare and Facebook. For more Tor onion services, check out this Wiki page.

Yes, as long as you are not doing illegal activities.

To clarify: using Tor to explore the web anonymously, protect your privacy, hide your browsing activity from your ISP and trackers is perfectly fine. However, using the anonymous network to break the law is not.

An instrument that grants you superpowers does not come with permission to commit illegal acts. Whatever action is illegal when using the public Internet (normal browsing) is still illegal when using Tor to anonymize your connection.

Who uses Tor

At the time of this article, the United States, Iran, and Russia were the top three countries with the most active Tor users. According to a paper published in 2016, 3.67% out of the top 1,000 websites ranked on Alexa were blocking the IP addresses of known Tor exit node operators.

Tor is for users who want to remain anonymous when surfing the Internet, having private conversations, and downloading or uploading files. As such, it can be used by casual users who wish to hide their browsing activity from their ISPs or prevent marketing services from using their data to create targeted ads.

The anonymous network is also beneficial to regular Internet users who have dealt with stressful or dangerous situations in the last, like cyberstalking or hate speech.

However, Tor has a more profound impact on journalists, political activists, human rights activists, and whistleblowers as well as anyone who fears government repercussions by criticizing the leaders of their countries. Some law enforcement officers use Tor to run anonymous investigations without advertising police IP addresses.

Illegal usage

Because Tor does not have control over who uses it and for what purpose, the anonymous network is also used to commit illegal acts like gambling, purchasing guns or drugs, hacking, counterfeiting, fraud, or pornography. Nevertheless, we would like to remind you that Tor advocates for freedom of expression, the right to be forgotten, and human rights. Anything goes, as long as the network is not used to break the law. Besides, there have been ample investigations to take down illegal onion services, so using Tor for the wrong reasons might become a thing of that past.

Online activities carried out through the anonymous network can be distinguished from regular browsing. To prove that Tor is 100% against illegal usage, it does not try to conceal its presence. Therefore, the websites you visit will be able to tell that Tor is facilitating the connection, and some may choose to block Tor users. But there are obfuscation plugins available for those who need to hide the fact they are using Tor (those living in countries with oppressive governments, for instance).

Is Tor safe?

Yes, generally.

As a casual Internet user

Theoretically, the data you pass through Tor could be analyzed by exit node operators, which could change the source code or install monitoring and logging software. But this is illegal in the US. There have been no reported cases of such events involving people that use Tor for legitimate reasons.

Nevertheless, you should take some precautions before sending a message to prevent exit node operators from decrypting contents, like avoiding the HTTP, FTP, and other cleartext protocols.

Common decency must not be forgotten: any personal information you freely give away on Tor, like name, address, email credentials, location or real IP address, can be used to identify you. Tor may be an anonymous network, but it cannot falsify reality.

Similarly, new Tor users should not be too eager about exploring onion websites. There are numerous scams and phishing pages, particularly in the dark web, waiting to trick gullible users into clicking their links to steal their data or infect their computers with malware. Again, Tor preserves your anonymity but does not put a shield in front of your computer to fend off the dangers of the Internet.

As a relay operator

If you want to become an exit relay operator, you will have the hardest job among all node operations, because you risk dealing with complaints or copyright takedown notices. As previously discussed, the IP address of the exit relay can be traced back to you and misunderstood for the source’s real IP address.

Let us assume that someone uploads a copy-protected movie to a torrent site using Tor. And you are their randomly chosen exit relay. A law firm represents the movie’s production company, which is in charge of pursuing illegal movie distributions. The law firm contacts the torrent website to find out who uploaded the video. In turn, the site hands over the only IP address they have: yours. The identity of the real sender is protected, and you are the one who has to take the fall.

Exit relay operators are the true heroes of Tor. No one has ever been sued or prosecuted for running Tor in the US. But a lead Tor developer and her family were harassed by the FBI, and the agency refused to explain its motives. Also, the Seattle PD raided a married couple of privacy activists. The police agents were searching for child porn just because the couple operated a Tor exit node in their home. They did not find anything and took no further action.

Where is Tor banned?

The total of countries who banned Tor is unclear. But we can make some estimations by taking into account the number of clients connecting to Tor using bridges as well as countries with possible censorship events.

Furthermore, the following countries have blocked Tor at some point:

What if Tor is blocked in your country?

If your country’s government banned Tor and you cannot directly download the Tor Browser from the official website, send a request to the Tor Project team via email. Make sure to specify your OS and preferred Tor language (if other than English). They will send a copy of the Tor Browser back to you.

Once you manage to download and install the browser, set up a bridge before connecting to overcome censorship if the government cut off website access to Tor users. And, if you fear repercussions, you can obfuscate your traffic to hide the fact that you are using Tor (obfs4, obfs3, or meek-azure if you live in China).

Vulnerabilities

Multiple vulnerabilities upset the anonymous network, such as eavesdropping on the exit nodes. In the most severe events, Tor users that were involved in onion services operating drugs and child pornography services have attracted the attention of law enforcement agencies. Here are some of the most famous cases:

NSA’s Tor cracking attempts

Among other things, the 2013 Snowden leaks revealed that the NSA attempted to crack the Tor network, although the US government was funding the project. NSA based its case on identifying Tor users and exploiting software vulnerabilities. An example was the modded Firefox version employed by Tor, which opened the door to computer files, pressed keys, and Internet activity conducted by the Tor user.

FBI’s EgotisticalGiraffe

In August 2013, FBI admitted that it took over Tor relays to launch a mass malware attack and apprehend the owner of Freedom Hosting, a former web hosting service for Tor, the largest at the time. The FBI-issued warrant described the owner, Eric Eoin Marques, as the planet’s biggest supplier of child pornography.

The agency exploited a JavaScript vulnerability in older Tor Browser versions, where NoScript was disabled by default. Through this attack (codenamed EgotisticalGiraffe), the agency captured the IP and MAC addresses and Windows computer names of Tor users coming out of the exit node.

FBI’s Operation Torpedo

In 2011, the FBI launched Operation Torpedo and unveiled three child pornography websites called PedoBoard, PedoBook, and TB2. They were hosted on onion services and owned by one man, Aaron McGrath. The FBI installed the malware agent they referred to as the Network Investigative Technique (NIT) on the exit routers and exposed the IP addresses, OSes and web browsers of the site visitors.

In 2014, it was uncovered that NIT was a Flash program that adapted a method utilized by “Decloaking Engine,” an old and abandoned project of Metasploit. It would send pings to the real IP address of a user and receive replies on a server controlled by the FBI instead of a Tor relay. Data traffic never reached the Tor network. The vulnerability stirred up trouble in older versions of the Tor Browser.

FBI’s Operation Pacifier

In 2015, the FBI launched Operation Pacifier, an investigation similar to Operation Torpedo. The agency shut down the most infamous child porn website hosted on an onion service, called Playpen. Again, the FBI infected the Tor exit nodes with the NIT malware.

But the NIT was somehow different from the one used in Operation Torpedo. The court dropped charges against one of the website owners in lack of evidence because the FBI refused to divulge how NIT was used to bring down Playpen. EFF later deduced how the Playpen NIT worked.

What we can conclude with these from these cases is that the law enforcement agencies were able to intercept the anonymous network by exploiting a vulnerability of an older Tor Browser version. The Tor Project has since resolved it.

Other weaknesses

The Tor network is opened to other weaknesses, too. Some are theoretical, while others took place. Here are a few examples:

  • Traffic-analysis attack. A research paper demonstrated how over 81% of Tor users can be unmasked with traffic-analysis attacks.
  • Bad apple attack. BitTorrent clients reveal IP addresses in Tor, and the same risk applies to any Tor-enabled application.
  • Sniper attack. DDoS attacks targeting Tor can deteriorate the network and ultimately force clients into connecting to relays operated by the attacker.
  • Heartbleed. The OpenSSL coding bug made Tor non-operational for a few days in 2014 until the private keys were renewed. It may have affected up to 586 relays, which were subsequently taken offline.
  • Mouse fingerprinting. In March 2016, a security researcher reported that a user’s mouse gestures could determine their IP address by exploiting a JavaScript vulnerability. The condition is that the user must open the same website in both Tor and regular browsing mode.
  • TorMoil. In November 2017, a critical flaw troubled Mac and Linux users of Tor. It exposed their IP addresses when clicking links starting with file:// instead of https:// or http://.

Tor Browser

Previously known as the Tor Browser Bundle, Tor Browser is a unique web browser created by the Tor Project and optimized for the anonymous network. Although it is possible to use Tor without the Tor Browser, it is not recommended, especially if you need to access bridges and onion services.

Tor Browser is made of multiple parts:

  • A modded version of Mozilla Firefox ESR.
  • NoScript: a Firefox extension that blocks scripts launched by untrusted domains to prevent security exploits.
  • HTTPS Everywhere: a Firefox extension that switches from HTTP to HTTPS automatically (if it exists) to ensure secure communications.
  • TorButton: a component that ensures app-level security and privacy, disables dangerous active content.
  • TorLauncher: the graphical interface that connects you to the Tor network.
  • Tor proxy: it sets the Firefox proxy configuration to SOCKS and secures DNS settings.

Wrapped in a portable package, the browser can be extracted to a removable flash drive and plugged into any Internet-enabled computer to connect to the Tor network. Anyone who has ever used Firefox can quickly get acquainted with Tor Browser. The most significant differences are in the settings related to privacy and security, though. For instance, the default proxy settings recommended by Tor are set to SOCKS5 127.0.0.1 over port 92150 and proxy DNS when using SOCKS5.

The default search engine is DuckDuckGo, renowned for supporting user privacy, which can be swapped for DuckDuckGoOnion (the search engine’s onion service) or something else. You cannot instruct the browser to remember logins and passwords like in Firefox. It is set to always use private browsing mode, enable tracking protection, and send “Do Not Track” requests. There are three levels that you can toggle to control your security (standard, safer, safest).

How to use Tor

It is quite simple to get the Tor Browser up and running to connect to the anonymous network and take advantage of private browsing. Just follow these steps:

1. Download Tor Browser

  • You can download Tor Browser from here. Setup packages are available for Windows, macOS, Linux, and Android.
  • You can also get the web browser in your native language (for Windows, macOS and Linux only).
  • There are distinct setup files for 32 bits (x86) and 64 bits (x64), so make sure to get the one that matches the architecture type of your operating system.
  • If you are interested in testing experimental features, finding bugs, and contributing to the future releases of Tor, you can download the alpha version.

2. Install, run and configure Tor Browser

  • Run setup, pick a destination to extract the files, and wait for the installation to finish.
  • Launch the web browser and configure Tor Network Settings.
    • If you are not behind a censored network or proxy server, just click Connect.
    • Otherwise, click Configure.
      • If you are behind a censored system, select Tor is censored in my country, then Select a built-in bridge and pick obfs4, obfs3, or meek-azure if you live in China. These are known as pluggable transports. Once you get familiarized with bridges, you can try the other two options to request a bridge or enter one that you already know.

      • If your Internet connection uses a proxy, then select I use a proxy to connect to the Internet and specify proxy details.
      • If your firewall has port restrictions, select This computer goes through a firewall that only allows connections to certain ports and then enter which ports to allow.
  • Note: You can later change the connection mode by clicking the onion button on the upper-right corner of the browser window to open a menu and go to Tor Network Settings.

3. Visit websites and enjoy anonymous browsing

Now you can visit websites just as if you were using a regular web browser. The difference is that Tor Browser protects your anonymity. Your IP address stays hidden and your connections are encrypted as long as the Tor Browser session remains active. To start a new session, you can manually restart the web browser, use a new identity, or request a new Tor circuit (more about this next).

Tips to maximize security and privacy

The default configuration of the Tor Browser is enough to keep your privacy protected and to make you anonymous across the Internet. Nevertheless, you should take note of the various ways meant to help raise the bar and maximize security:

  • Change your security level. Click the shield button on the upper-right corner of the browser, click Advanced Security Settings (or type about:preferences#privacy in the address bar), then go to Security Level and select Safest (default is Standard). But you should keep in mind that it will allow only websites with static pages and essential services, so many sites will not be loaded correctly.
  • Use a private search engine. Services like DuckDuckGo or StartPage promote user privacy and do not collect your data. Consider using one of these instead of Google, Bing or Yahoo, nefarious for collecting your data and tracking your browsing details.
  • Create a new identity from time to time. Click the onion button on the upper-right corner of the browser and click New Identity (or press Ctrl+Shift+U), then confirm the action when prompted by the browser. It dissociates your activities from your previous identity, closes all opened windows, and restarts Tor Browser for a new session.
  • Set up a new circuit. Click the hamburger button on the upper-right corner of the window and click New Tor Circuit for this Site (or press Ctrl+Shift+L). It optimizes your browsing session if the previous circuit could not set up a desired connection or if it was too slow. Unlike creating a new identity, requesting a new circuit does not clear your private information or reset current website connections. You can view the new circuit by clicking the certificate button (green padlock) next to the address bar.

  • Be wary of browser fingerprinting. Rethink your browsing habits. For instance, Tor recommends that you do not maximize the browser’s window since it could be used to identify the resolution of your monitor. This and other little things can contribute to narrowing down the search scope to track your location even without knowing your IP address. Frequently test your browser fingerprinting using a service like EFF’s Panopticlick to learn what to adjust.
  • Access .onion websites whenever possible. They offer more privacy and anonymity than their conventional counterparts. However, you should keep in mind that you can access onion services only with Tor Browser – any other web browser returns an error.
  • Always use HTTPS. It is ensured by the HTTPS Everywhere extension that is enabled in Tor Browser by default. Nevertheless, you should always check if a green padlock icon is visible in the address bar of visited sites. Otherwise, the exit relay might be able to determine your real IP address.
  • Use Tor with VPN. If you fear that the exit node can identify your IP address, you can hide your IP with a VPN before connecting to Tor. This way, any traced information will be associated with your fake IP provided by the VPN service.
  • Install Tails. It is an operating system created by the Tor Project, which ensures privacy and anonymity to all installed software with Internet access, not just Tor Browser. Based on Debian GNU/Linux, Tails can be launched straight from a USB flash drive and comes with some pre-installed tools, like web browser, email client, and office suite.

In conclusion

Taking everything into account, we can safely say that Tor is the first and only one of its kind. It gives back the free web to users who are oppressed by their governments, victims of hate speech or cyberstalking, or who are simply not comfortable with leaving all their online activity out in the open. The anonymous network has become an indispensable tool to Internet privacy, available to everyone.

What do you think about Tor? Do you live with or without it? Share your thoughts in the comment section below.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *