attr --&gi

Privacy is becoming more and more difficult to come by. Especially with sites like Facebook, Twitter, Pinterest, LinkedIn and a whole host of other “social media” or networking sites clamoring for their users to post ever more details about themselves online.

Most search engines and websites, not just networking and social media types, have ways of identifying who you are, what you are doing online and even where you access the internet at different times of day: your home, the coffee shop on the way to work, the office and the internet cafe you visit once in a while to “get away from it all”. Even your ISP keeps records of all your activity online.

All of this information can be used innocently enough to, say, provide customized advertising, custom tailored to match your browsing habits. After all, you may actually be looking for some of the products on offer, and if a custom tailored ad provides exactly what you’re looking for, at a price you’re willing to pay, you would be more likely to purchase and feel good about that purchase for a long time afterwards. It can also be used to refer you to other websites, specific content or even people in social media networks that are in alignment with you and your habits.

Of course, the not-so-innocent can use this information to steal identities, hijack on-line accounts, target people in certain professions for mistreatment or … well, I’m sure you’re already coming up with some pretty nasty scenarios of your own at this point.

Putting aside for a moment an individual’s right to privacy, consider the need for anonymity in other areas of life. Journalists need to keep their sources secret, a police detective needs to be able to investigate illicit activities online without giving away the fact that she’s accessing the dark web via a city government computer network or a corporate whistleblower trying to alert OSHA to a serious safety violation without risking his job.

These days even children need to be able to surf anonymously to avoid the staggering number of predators out there that are, quite literally, hunting for them.

According to our recent poll, about two out of three people are willing to make some pretty drastic changes to their computing environment in the interest of maintaining some form of privacy.

So what can you do? Allow me to introduce you to Tor, The Onion Router.
Tor Logo

What is Tor?

First, the interface, or “gateway” to Tor, is simply a web browser like Internet Explorer or Chrome, but this one is based on Mozilla Firefox and is specially configured with settings specific to Tor and maintaining privacy. This program is what you use to access the Tor “network”, where the real magic happens.

A computer network is simply a collection of two or more computers connected together via routers, switches, modems, hubs or any other devices that allow computers to talk to each other.

The Tor network (or simply “Tor”) is a special kind of network, though. Tor is made up of close to 7,000 relays and close to 3,000 bridges at the time of writing.
networksize-2016-05-09-2016-08-07 All of the relays and bridges are run, believe it or not, by volunteers–people donating some of their bandwidth and computing power to expand Tor’s capabilities.

Tor is setup this way to allow an internet user to surf the web anonymously by hiding their internet address (IP address) from the website and search engines that they access via Tor and by hiding their internet traffic from anyone monitoring their end of the connection. An observer will only see that the user is connected to Tor, and not see any other websites or online resources being sent to the user’s computer.

Also, as another part of the overall network, Tor offers certain hidden services in the form of .onion sites and an instant messaging server. The .onion sites are websites hosted on Tor servers and hidden by randomly generating paths to them from “introductory points” in the network. This allows users to access the sites, but not pinpoint the location of the servers hosting them.

How does it do that?

A relay is a computer inside Tor, listed in the main directory, that receives internet signals from another relay and passes that signal on to the next relay in the path. For each connection request (e.g. website visited) the path is randomly generated. None of the relays keep records of these connections, so there is no way for any relay to report on the traffic that it has handled.

A bridge is simply a hidden relay, meaning it is not listed in the main Tor directory of relays. These are provided for people who are unable to access Tor with the normal setup. This can be because the network they are using has a proxy (a sort of intermediary between the user’s computer and the internet gateway) that has been configured to block Tor traffic.

The last relay in the path is the “exit point”. The exit point is the only part of the network that actually connects to the server that the user is trying to access and is therefore the only bit that the server sees and it can only log the IP address of that relay.

So long as the user does not log in to that server with an existing account, that server (and it’s administrators) will have no way of knowing the identity of the person on the other side of Tor. It merely receives a request from the exit point for whatever services it’s offering and must respond to such a request, but it only knows that it is sending that information back to a relay. Beyond that, it hasn’t got a clue where that data will end up.

Am I completely anonymous using Tor?

Tor keeps the data traffic anonymous. The rest is entirely up to you. Some standard tips include:

  • Don’t provide any identifying information to websites while browsing anonymously
  • Don’t log in to any online accounts
  • Stay away from heavy traffic or heavy bandwidth sites

Keep in mind that because your information is being routed through a series of dedicated relays, the speed will not be what you are used to. It will be considerably lower than what you’re used to, actually. That is because the data is taking a much more circuitous path than normal and will be hampered by:

  • The speed of the internet connections of the various relays along that path
  • The amount of traffic on those relays
  • The overall congestion of Tor at that particular time
  • All the normal internet congestion that fluctuates throughout the day

Overall, Tor can be a valuable tool in keeping you and yours safe from prying eyes, but at a cost. You will need to brush up on your own skills of discernment when it comes to what information you give away while surfing and what you use it for.

The people at the Tor Project strongly urge their users to refrain from torrenting while using Tor. Torrent traffic, even through Tor, is not anonymous and will only serve to (a) slow down the network for everyone and (b) completely obliterate any anonymity you may have enjoyed previously. (Torrenting is a way of sharing large chunks of data between peers using special software called a torrent client.) You’re better off using a secure VPN for torrenting, then Tor.

There is the risk that your internet provider or the company where you work may be actively trying to block the use of Tor on their network. In which case you will need to learn a bit about using bridges or get a VPN to allow you access (subjects that will be addressed in later articles on optimizing the Tor experience).

There are other tools available to help maintain anonymity online. This is an introduction to one of them. What are your concerns about privacy? What tools do you use or would like to see put into development? Leave a comment and let us know what else you want to see.

See also: What is the best VPN to use with Tor

Related: Why Tor might not be as anonymous as you think

“Privacy” by NY licensed under CC BY-SA 3.0