Anonymity: Tor Explained-ish


(Valentine) #1

Tor: “is free software for enabling anonymous communication. The name is derived from an acronym for the original software project name “The Onion Router”.[7][8]”

( https://en.wikipedia.org/wiki/Tor_(anonymity_network) )

Tor, probably the most famous proxy of all time. I’m gonna try my best to explain in detail how Tor works and why it’s a double edged sword. I claim no responsibility if you get caught while using Tor.

Tor’s original purpose can be read on the wikipedia site dedicated to Tor:

“Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays[9] to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”.[10] Tor’s use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.”

But as we all know, Tor is a double-edged sword in so many ways. One such example is the Dark Web. If you want to read up on the Dark Web please click this link:

https://www.quora.com/What-is-the-deep-web-and-how-do-you-access-it

Tor is (in my opinion) very interesting on how it works keeping anonymity. Remember what Shrek said? Ogres are like onion, they have layers. The same concept can be applied with Tor. what happens is that with each individual “hop” the Ip address is encrypted, and the data, multiple times. Sending the encrypted data through multiple virtual circuit comprising successive, randomly selected Tor relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it. Thus like a onion each layer is partially peeled off, the final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address. A bit more detail can be seen in this paragraph:

“Onion routing is implemented by encryption in the application layer of a communication protocol stack, nested like the layers of an onion. Tor encrypts the data, including the destination IP address, multiple times and sends it through a virtual circuit comprising successive, randomly selected Tor relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address. Because the routing of the communication is partly concealed at every hop in the Tor circuit, this method eliminates any single point at which the communicating peers can be determined through network surveillance that relies upon knowing its source and destination.”

Now the NSA claims to have cracked Tor and I believe them because as with my last “tutorial”, nothing is one-hundred percent anonymous. Don’t rely on Tor to hide your Ip address completely. Instead, try combining Tor with a VPN and proxies, hence creating multiple “locations” which you may or may not be at. I’m saying, don’t be a idiot and rely on one tool to get the job done.

If you want to download Tor (browser) the link is:

https://www.torproject.org/

and a good source for reading up on Tor is:

And that’s that for this article.


(oaktree) #2

There’s a difference between the Dark Web and the Deep Web. The Deep Web is accessible through any browser, yet is not indexed by search engines. The Dark Web is the stuff like Silk Road – the .onions.


(Valentine) #3

My bad, I’ll fix that. Thank you.


#4

Yeah, and it’s funny because when people usually think of the Deep Web they think of it as really important and to some extent dangerous. Many who aren’t educated about it assume that if you go on the Deep Web you happen to be some sort of Criminal or you’re doing something shady. Little do they know that whenever you log into your private bank account you by technicality are on the Deep Web due to it not being indexed by a search engine. Although I am a bit confused about one thing, would things such as certain webcams or street lights by technicality be on the surface web as they are indexed by a search engine. The search engine in this case being Shodan or something similar. Or am I being completely wrong?


#5

Oh and good article by the way! Really enjoyed reading it!


#6

From an anonymity and security point of view, Tor is well more tricky to use. Indeed, there are a bunch of best practices that have to be followed in order to avoid any possible confidential information disclosures.

http://digital-era.net/tor-use-best-practices/

Moreover, it is important to check that the entry and the exit node don’t belong to the same person. Otherwise, your anonymity will be compromised.

Hope it helps.

Best,
Nitrax


(Valentine) #7

Interesting. Thank you for sharing.


(Merozey) #8

Tor is definitely out-of-date if you ask me. It just pulls of the job to bypass censored websites, other than that, you shouldn’t rely on it as it’s also been stated above. I2P would be a more ideal approach since it’s encryption has continued from where Tor left off to put it bluntly.

Combining your anonymization methods with Virtual Machines, Tor, VPN and preferably also proxies is definitely recommended, however it will slow down your connection (big surprise)


(Valentine) #9

Yep, I agree but lt2p alone doesn’t encrypt your connection. I was told via IRC that if a hacker wants to find your Ip they will find it.


(Monkey Wrench) #10

@Valentine I2P and L2TP are different things, check 'em out.

Also > Now the NSA claims to have cracked Tor > they compromised custom Firefox browser, which comes with the default package. The onion protocol is still valid, but anonymity on it depends on many factors, as you mentioned, and the truth is that the protocol is somewhat outdated, as @Merozey mentioned.

Check out Tails, a project (product) which combines several technologies mentioned in this thread.

And GJ on the article, nice read.


#11

Another interesting link about TOR issues.


(system) #12

This topic was automatically closed after 30 days. New replies are no longer allowed.