Tor (The Onion Router) - secuguru/security-terms GitHub Wiki

Tor (The Onion Router) is a free, open-source software that enables anonymous communication by routing internet traffic through a network of volunteer-operated servers (relays). Its primary goal is to provide users with privacy and anonymity while browsing the web, protecting them from surveillance, censorship, and tracking.

How Tor Works

  1. Multi-Layer Encryption (Onion Routing):
  • The term “onion routing” comes from how Tor encrypts user data in layers, similar to the layers of an onion. When a user sends data through the Tor network, the data is encrypted multiple times, with each layer corresponding to a different Tor relay.
  • As the data passes through each relay, one layer of encryption is removed, and only the next destination (the subsequent relay) is revealed. This process continues until the data reaches the exit relay, where the final layer of encryption is removed, and the data is sent to its destination.
  • This multi-layered encryption makes it difficult for anyone to trace the origin, destination, or contents of the data.
  1. Relays:
  • Tor traffic is routed through a series of relays (usually three) chosen at random. These include:
  • Entry relay: The first relay in the chain, which knows the user’s IP address but not their final destination.
  • Middle relay: The second relay in the chain, which knows only the IP addresses of the entry and exit relays but not the user’s IP or final destination.
  • Exit relay: The final relay in the chain, which sends the user’s request to the intended website or service. It knows the destination but not the user’s IP address.
  1. Anonymity:
  • Because the data is relayed through multiple servers and encrypted in layers, neither the relays nor any potential eavesdroppers can fully trace the user’s activity. The entry relay knows the user’s IP address but not the final destination, while the exit relay knows the destination but not the user’s IP address.
  • This separation of information protects the user’s anonymity by preventing any single entity from knowing both the source and destination of the traffic.

Common Uses of Tor

  1. Privacy Protection:
  • Users concerned about privacy use Tor to hide their IP addresses and protect themselves from being tracked by websites, advertisers, or government agencies. This is especially important in countries where internet surveillance or censorship is prevalent.
  1. Avoiding Censorship:
  • Tor helps users bypass censorship and access websites or services that may be blocked in their region. For example, people in countries with heavy internet restrictions use Tor to access information that is otherwise unavailable.
  1. Whistleblowing and Journalism:
  • Tor is often used by whistleblowers, activists, and journalists to communicate securely and anonymously. This is particularly important in environments where sharing sensitive information could lead to persecution.
  1. Accessing the Dark Web:
  • Tor provides access to the “dark web,” a part of the internet that is not indexed by traditional search engines. Dark web websites, or .onion sites, can only be accessed through the Tor network. While many legitimate uses exist, the dark web is also known for hosting illegal activities, so it is important to use caution.

Tor vs. VPN

While both Tor and VPNs provide enhanced privacy, they work differently:

  • Tor is decentralized and uses volunteer-operated relays to anonymize traffic. It offers greater anonymity but may be slower due to multiple relays.
  • VPN routes traffic through a single secure server, offering better speed and encryption but requiring trust in the VPN provider to protect privacy.

Limitations of Tor

  1. Slow Speed:
  • Due to the multiple relays through which data passes, Tor can be significantly slower than a normal internet connection. This makes it less suitable for high-bandwidth activities like streaming or large downloads.
  1. Exit Node Risks:
  • While the data is encrypted within the Tor network, it is decrypted when it exits the network at the exit relay. This means the exit relay can see the content of unencrypted traffic (like HTTP). However, it still cannot trace the origin of the traffic. Using encrypted websites (HTTPS) mitigates this risk.
  1. Blocked Access:
  • Some websites or services block access from known Tor exit nodes. This can make it difficult for Tor users to access certain content.
  1. Association with Illegal Activities:
  • While Tor has many legitimate uses, it is also associated with illegal activities, particularly on the dark web. This association can lead to scrutiny or restrictions from certain services when using Tor.

Conclusion

Tor is a powerful tool for ensuring privacy and anonymity on the internet. By routing traffic through multiple encrypted relays, Tor makes it difficult for anyone to trace a user’s online activity. It is widely used for protecting privacy, avoiding censorship, and enabling anonymous communication. However, it comes with limitations like slower speeds and the potential risks associated with exit nodes. Despite these drawbacks, Tor remains a valuable tool for those seeking greater anonymity and security online.