Becoming Anonymous LIke a Pro: The Inner Workings of TOR

Becoming Anonymous Like a Pro #3: The Inner Workings of TOR


TOR as we know has been broken and hacked, which is why many people are now discarding TOR and moving on. As you should too, because it used to be a great anonymization tool. As we’ve seen with Sabu.

How TOR Works

  • Node = Router

When connecting to the TOR network, your real IP address is connected to the entry node, and you’re then connected to a second node called the relay node which then connects you to a third node called the exit node. All of this happens in mili seconds.

Your real IP is only visible to the first node, and that node has its own IP, where the second node is the only one who can see that IP. So as you’ve guessed, whoever sniffs the traffic from X server that you’re connected to, will see the exit node.

For the encryption part, it’s been criticized a lot that TOR has a weak encryption protocol, because it doesn’t provide end-to-end encryption which is a big factor as to why you shouldn’t rely on it either.

Now this is where the main reason as to why TOR is a no-go when wanting to become anonymous. Whoever can obtain control of the exit node can see everything. Because all of the traffic is exiting from that node, so if you are in control of the exit node, you’re in full control

Also because anyone can setup their own nodes to the TOR network, incl. the NSA, a malicious hacker etc.

Is TOR Dead?

If you ask me, TOR should not be used for anything else than bypassing a website’s censorship on its content. Many sites restrict their content to foreign users abroad, so bypassing that feature with TOR is very easy, and that is all I recommend doing with TOR. Nothing more nothing less.

Good news is…

There is a new software in progress at the writing of this article. That particular software is the successor of TOR. It’s called Riffle and it’s currently in it’s beta version, so the official launch is yet to come.

It is faster than TOR and more secure because Riffle is based upon a protocol called anytrust model which means all it needs is one server to be secure, and as long as that is secure, the entire network is secure.


Riffle (unlike TOR) shuffles every message in the network making it nearly untraceable. So, when a user (e.g., you), sends a message to the Riffle network, your message is sent to something called mixnet which means that your message is sent to a node alongside thousands of other users, which is then mixed up before it’s sent to it’s successive node. In other words, the destination.



Sorry, but your real IP is not the entry node! These are two completly different things. The entry node is the first node you connect to. So your real IP can only be seen when the entry node (Again, that’s not you!) and the exit node work together. The second node is not required to examine your IP. The entry and exit nodes can identify your traffic by special anlysis, so that they know that both work in the same chain. Then they know your real IP.

It can be seen here:

  • TOR-browser (You)
  • Entry node: Germany
  • Second node: Sweden
  • Exit node: Germany

To capture my real IP both nodes from Germany have to be compromised!

// Edit: Good post from @unh0lys0da



Sorry, you are right. I wasn’t paying attention when composing the article, ill fix it.

1 Like

Thank you :slight_smile:. Just wanted to point that out, before anyone believes TOR works with such a bad 2 node system :wink:.


This topic was automatically closed after 30 days. New replies are no longer allowed.