Tor or The Onion Router, allows anonymous use of internet veiling the actual identity of the user. It protects the user from any traffic analysis and network spying. Tor is perhaps the most popular and secure option available for anonymous internet connectivity.
Where it came from?
Tor is based on the principle of ‘onion routing’ which was developed by Paul Syverson, Michael G. Reed and David Goldschlag at the United States Naval Research Laboratory in the 1990’s. The alpha version of Tor named ‘The Onion Routing Project’ or simply TOR Project was developed by Roger Dingledine and Nick Mathewson, launched on September 20, 2002. Further development was carried under the financial roof of Electronic Frontier Foundation (EFF).
The Tor Project Inc. is a non-profit organisation that currently maintains Tor and is responsible for its development. It is mainly funded by the United States Government, further aid is provided by Swedish Government and different NGOs & individual sponsors.
How it Works?
Tor works on the concept of ‘onion routing’ method in which the user data is first encrypted, and then transferred through different relays present in the Tor network, thus creating a multi-layered encryption (layers like an onion), thereby keeping the identity of the user safe. At each relay, one layer is decrypted and the remaining data is forwarded to any random relay until it reaches its destination server. For the destination server, the last Tor node/exit relay appears as the origin of the data. It is thus very difficult to trace the identity of user or the server by any surveillance systems acting in the mid-way.
Other than providing anonymity to standalone users, Tor can also provide anonymity to websites and servers this comes under the category of hidden services. Also, P2P applications like Bittorrent can be configured to use tor network and download torrent files.
Controversies and Influence:
Tor has been eulogized for the anonymity and privacy it provides to the users who want to bypass censorship, who are abused and traumatized by stalkers and social activists who are afraid of being arrested by the authorities. It has been used by different security agencies to share confidential information.
The NSA whistle-blower Edward Snowden used Tor to leak information about PRISM to The Guardian and The Washington Post.
Tor has been criticized for the reason that it acts as a medium for different illegal activities like data breaching, drug dealing, gambling etc. Tor is also used by malevolent people to communicate over the internet while keeping their identity hidden which makes it difficult for the security agencies to trace them.
The U.S. National Security Agency (NSA) has called Tor “the king of high-secure, low-latency Internet anonymity” and similar comments by BusinessWeek magazine, “perhaps the most effective means of defeating the online surveillance efforts of intelligence agencies around the world”.
Another speculation made is that Tor takes its funding from the U.S. Government which may lead to the assumption that NSA may have compromised the identities of individual Tor users, but the executive director Andrew Lewman has disclaimed any confederations with NSA.
Can it be Compromised?
Various claims have been made to compromise Tor’s anonymity and security from time to time. The most famous is the Bad Apple Attack in which the researchers claimed to have identified around 10k IP addresses of active Bittorrent users who were connected via Tor.
Another famous compromise was done by the Heartbleed bug in April 2014 which halted Tor network for several days.
Traffic Fingerprinting is a method used to analyse web traffic by analysing the patterns, responses and packets in a particular direction. This can be used to attack the Tor network by making the attacker’s computer act as the guard.
The main vulnerability found is at its exit points where the level of security is very low as compared to the rest of the Tor network.
Products based on Tor:
The Tor Project Inc. has released Tor Browser which is a modification of an Extended Support Release version of Mozilla Firefox browser. The browser is made portable so that it be used from an external media and reduces the hazel of installation. It removes the user history after every use, thus reducing the risk of any kind of cookie tracking.
Other products like Orbot – an android version of Tor, Orfox – a mobile version of Tor Browser are developed by The Guardian Project which is a global developer community founded by Nathan Freitas.
We can set-up SOCKS (Socket Secure) based applications to use the Tor network by configuring them with loop-back address.
Hornet is a new anonymity network that provides higher network speeds compared to Tor. I2P, Tails, SubgraphOS, Freenet and Freepto are other top alternatives that can be used.
Tor has proved to be a great medium for safe, secure and anonymous web presence that can be provided to a user at no cost. Although it is available for a positive intention, but is also used by malignant people in fulfilling their needs. The Tor project has led to an optimistic approach towards censorship and surveillance-free internet.
For more idea about ‘How Tor works’, please have a look at his video:
Having something to add? Tell us in the comments below.
Posted by Shubham ;)