Tor, is it as bad as you think?

torTor, or The Onion Router has been around for a while now, but is it making the news for the right reasons? Before getting into the nitty gritty, lets find out what makes Tor tick.

What is Tor?

The Tor network intercepts network traffic from your computer (or mobile device) by typically using your web browser and transferring your traffic through a number of randomly chosen computers before finally routing your traffic to its destination.  An example of this communication is shown below:

What’s the reason for this method of routing your traffic?  Doesn’t it take longer to get the information you want? Isn’t there more chance of peopling sniffing your data?  These are all good questions, but there is logic to this.

Firstly, all traffic is encrypted throughout the Tor network, the random path of communication also helps to disguise your location and makes it harder for you to continuously use the same servers on a regular basis.  This results in attempting to track your internet usage much more difficult.

Secondly, the Tor network uses the .onion TLD, which isn’t routable on the “normal” internet, which means that anything that is located on the Tor network isn’t easily found unless you actually use Tor.

The actual Onion Router network is made up of thousands of computers which are known as “relays” and are used to do the onion routing.  These computers are provided by volunteers from all over the world and anyone can volunteer to be part of the network, all it takes is a bit of computer knowledge and lots of bandwidth.  This is not for the novice user – so if you aren’t confident in networking, the TCP stack and encryption, now may be the time to stop thinking about trying to contribute relays to Tor.  Fear not though, they are always willing for contributions in other ways –

How does Tor work?

Now that we have the basics of Tor under our belt, lets look at how the actual journey of a packet leaves your device and gets to the destination.  Before anything is sent from your device, a random list of relays is chosen and then repeatedly encrypts the data in multiple layers, which is where the Onion part of Tor gets its name.

Once the initial relay path is chosen and the information is encrypted, the information is sent on its journey.  At each relay point, the relay strips off a layer of encryption before it hands it off to the next relay node in the list.

The best way to think of this, is the game, pass the parcel, where a price is wrapped up I multiple layers of wrapping, the parcel is sent around and around, a layer being unwrapped at every point.  In the case of Tor, the relay node can only tell where the next point is (sort of an address label).  The nodes in the chain know nothing of what’s in the message apart from who sent it to them and where the next point in the chain is.  This ensures that privacy is kept in check as much as possible.

Once the information finally gets to the last relay node, the node can read the contents, but doesn’t have any idea of who actually sent it, due to the numerous relays involved in the routing of the traffic.  Then once the information has been received, the whole process is then sent back to the client.

Make sense?

What can you use Tor for?

If, like me when I first started looking at Tor or the “Dark Web”, you think what’s the point of all this?  There’s way too much complexity and involvement in simply browsing for information.

Advantages of using Tor:

  • Increased privacy – Through using multiple layers of encryption and random relay nodes your location remains secret.
  • Tor refreshes the relay list – Around every 10 minutes, Tor will refresh the relay node list, ensuring that your traffic is routed through new computers on a regular basis.
  • Facebook – Facebook now support the use of Tor from their mobile apps if configured properly.
  • Safer to use untrusted networks – Tor helps prevent your network traffic being sniffed and intercepted.

Disadvantages of using Tor:

  • The last hop isn’t encrypted – Although Tor relies heavily upon multiple layers of encryption, the last hop of the communication isn’t encrypted, allowing the potential for eavesdropping.
  • Tor doesn’t control all of your network data – Tor will only route data to Tor enabled / configured websites and software.
  • There are a lot of unsavoury websites – Tor is used by a lot of bad guys, always be careful when browsing unsuspected websites, you may be breaking the law.

Where do I start?

So, after reading all of this and your still not off put, your asking yourself where do you start?  First things first check out the following links, then explore.

Hope this post has opened your eyes to the dark web and you enjoy surfing.

Previous Post
Security incidents and how companies act
Next Post
Glibc: Stack-based buffer overflow vulnerability

Related Posts

No results found.

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.

15 − 15 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.