The cutting edge of internet privacy and anonymity today is Tor, The Onion Router. Developed at the U.S. Naval Research Laboratory in the mid-1990s as The Onion Routing program, Tor came about as a next-generation implementation of the original project.
Tor is the most widely used software in the world for anonymously accessing the internet. Tor is made up of close to 7,000 relays and close to 3,000 bridges at the time of writing, all of which are operated by volunteers.
You’ve already been introduced to Tor with a beginner’s guide and a how-to for creating your own relay, giving you a grasp of just how important and rare online privacy is. Anyone wanting to keep their information to themselves has to use tools like Tor to accomplish this.
Who uses Tor?
The number of people accessing the internet through Tor changes almost every day. Between August 2012 and July 2013 the Oxford Internet Institute and the University of Oxford calculated that “over 126,000 people access the Internet through Tor every day from the United States.” This translates to somewhere between .025% and .05% of internet users in the United States.
True to their claim, there are no stats available from the folks at TorProject concerning what their userbase is doing online or what sort of content they are accessing. It’s a safe bet that most of the users of Tor are legitimately just trying to maintain their anonymity for obvious reasons. There are journalists who are protecting their sources, whistleblowers trying to keep their jobs, law enforcement officials trying to track down criminals and not blow their cover in the process, corporate IT professionals conducting security testing on their own networks and a bunch of other users that need the anonymity that Tor provides just to do their jobs. For a more concise list of possible legitimate uses of anonymity, check out Tor’s description of their userbase.
Some folks are interested in accessing information that is not indexed by any search engine, can be considered questionable or possibly even illegal, and can only be accessed with the right tools. The vast majority of the internet is actually considered the deep web. You won’t find it using Google or Yahoo! or any of the other normal search engines. Of course, most of it is information that you wouldn’t be interested in anyway. However, there is a small section of the deep web that deals with the seedier side of things known as Darknet. Darknet exists on hidden servers on the internet without being cataloged by any of the popular search engines. The only way to access it is through special search engines and anonymous access tools, like Tor.
Is Tor legal?
But is it enough? Unfortunately, even though using Tor is completely legal, simply connecting to it is cause for suspicion in some areas of the world. No one has ever gone to prison or even been fined for using Tor. But there have been reports of people being questioned by their ISP and local law enforcement regarding their browsing habits simply because the ISP’s logs show that they are connecting to Tor.
Those that are running a Tor relay are cautioned that they will eventually be contacted by either their ISP or local law enforcement, maybe both, regarding some illicit activity online that is linked to the IP address used by their relay. To date, in all instances, simply informing these entities that the IP address in question is assigned to a node of the Tor network and that no logs are kept on that server has been sufficient.
In 2005, Bruce Schneier coined the phrase “Four Horsemen of the Information Apocalypse” referring to terrorists, drug dealers, kidnappers and child pornographers. These are the primary groups of law breakers that agencies like the FBI, NSA and Homeland Security are interested in finding. Unfortunately, the four horsemen are going to use every tool or trick available to them to avoid being identified. As such, the alphabet soup agencies are actively and passively seeking ways to find these people and bring them to justice. If this means they have to break an international network like Tor’s, do you really think they will say, “Oh shucks! They’re hiding in Tor. I guess we’ll have to go look elsewhere for our evidence.”
Combining Tor with a VPN
Because of this, the best way to stay private is to use both Tor and a VPN together. A VPN, or Virtual Private Network, is an encrypted tunnel on the internet from your computer to a VPN server. Any web surfing you do over a VPN looks like it is coming from the VPN server, and not from your computer.
By way of example, a user in New York, NY can connect to a VPN server in Los Angeles and any websites that she accesses will see her as being a user in California, not New York. Alternatively, she could connect to a VPN server in London, England for her browsing session. Again, any websites that she accesses will see her as a London local, and not a New Yorker.
Also, her ISP in New York will not be able to see any of her web traffic. In fact, all that the ISP will see is that she has encrypted data going back and forth between her computer and the VPN server that she is connected to. Nothing else.
Basically, a VPN is used to encrypt your data and conceal your actual location. It does not make the user anonymous. It only provides an encrypted tunnel between your computer and the VPN server that you are connecting to.
Tor is used to make your connection to any websites that you visit anonymous. Your computer connects to a Tor entry node, and all of your traffic then hops through an intermediary relay to an exit node before finally reaching the destination website. Your ISP only sees that you are connecting to a Tor entry node.
A Tor node is a server that has been setup to act as either an entry or exit point of the Tor network, while a relay is a sort of middle-man between an entry point and an exit point. A special kind of entry point is called a bridge. This is a dedicated entry point that is not indexed in the Tor database of entry points.
The solution seems simple enough. Connect to a VPN, then open the Tor browser and surf anonymously in private. This solution appears to have created a bit of confusion, though. There are people wondering if it is better to connect to the VPN first or Tor.
The easier option is to connect to your VPN and then launch the Tor browser. The more complicated option is to do it the other way round. This requires a remote secure shell connection to the VPN server or a VPN client that has this capability built in as a configuration option. You will most likely see something along the lines of using Tor as a “proxy” for the VPN client. That should initiate the secure connection through Tor.
In the first setup, Tor over VPN, your ISP sees that you’re computer is sending and receiving encrypted information with a specific server, and that is all. The VPN server only sees that it is connected to a Tor entry node and that all of your surfing is being handled through that network. All of the websites on the other end of Tor do not see any personally identifiable information. NordVPN operates servers with Tor over VPN pre-enabled so you don’t have to use Tor Browser, but bear in mind that Chrome and other common browsers might give websites other identifying information.
In the second setup, VPN over Tor, your ISP sees that you’re computer is communicating with a Tor entry node. The VPN server gets your login information from a Tor exit node, which can be considered personally identifiable information, thereby breaking Tor’s anonymity. The websites that you connect to only see the VPN server’s address. AirVPN and BolehVPN are just two VPN providers that allow users to connect using VPN over Tor.
If your VPN provider does keep logs of activity, any benefit you might have received from the Tor connection is lost.
What are Tor’s known weaknesses?
In 2013 Tor went under the microscope due to the now infamous take down of the Silk Road servers and the arrest of Ross Ulbrecht by the FBI after a six month operation. Many people speculated that in order to pull this off, the FBI had to “break Tor” in order to find all of the Silk Road servers and Ulbrecht himself. However, the simple truth is that Ulbrecht made enough mistakes online to lead the FBI right to his front door. The FBI didn’t need any sort of back door or secret access to Tor. They found him through good old-fashioned detective work.
Then, near the end of 2014, the Silk Road 2.0 was taken down and it’s alleged owner Blake Benthall was arrested, again by the FBI. Again, the FBI claims that detective work was the key to finding Mr. Benthall and that an undercover agent was used to pinpoint the location of the first server. It didn’t help Mr. Benthall any that one of the Silk Road 2.0 servers was registered by him with email@example.com as the administrator’s email address. However, the FBI this time provided no details on exactly how they found the server. Coincidentally, a presentation for a Black Hat conference was announced in which a pair of researchers from Carnegie Mellon University claimed they were going to expose a hack of Tor that they had already exploited “in the wild.” A couple months later, the talk was canceled. The crew at Tor then released a patch to their software and urged users to upgrade. They had found a group of relays that were deanonymizing users who were accessing hidden services on the network. To accomplish this it is estimated that at least $50,000 was spent on Amazon hosting services for hosting all of the compromised relays. The folks at Tor have also received information indicating that the researchers at Carnegie Mellon University received a payment in excess of $1 million from the FBI to pull this attack off. In spite of this latest blow to Tor’s reputation, Silk Road 3.0 is already up and running.
These sites and the people behind them, along with several others that were hit as part of the same operation, were taken down primarily due to human error. Tor is only anonymous when you use it anonymously. The hidden servers are only as secure as the code that is installed on them. Using any personally identifiable information while inside the deep web or DarkNet will break your anonymity a lot faster then the law enforcement agency of your choosing can. Using outdated or flawed code on a hidden server opens that server up to security exploits which will eventually be used to take it over. By some nefarious individual looking to virtually “steal” a server that they don’t have to pay for, someone looking to break its anonymity or possibly even law enforcement looking for evidence, especially if it is suspected of trafficking in anything illegal.
As a tool for maintaining privacy and anonymity, Tor is an excellent resource. But it’s only as good as those who use it. The weak link here is not Tor, but it’s user base. The only exception is when someone sinks a whole bunch of money into modifying the code and hosting a hundred or more of their own relays for six months or more, or they create a honeypot as a hidden service in Tor, designed to specifically break Tor’s anonymous capabilities, or even, as in the case of the Silk Road 2.0, they pay a huge amount to someone else to do this in the name of research.
Tor’s main weakness is that it is susceptible to traffic analysis attacks, but this isn’t exactly news. The original design documents even outlined this type of vulnerability. That being said, Tor was never meant to stand up to a large scale attack of poisoned nodes. In the case of the Carnegie Mellon attack, only about six percent of the Tor nodes were “compromised.”
A “honeypot” is a server that has been setup to “catch flies,” so to speak. It is used by corporate IT professionals to trace attacks on their web and database servers as well as by law enforcement to track the trade of illicit or illegal goods. There is some speculation going around that the Silk Road 3.0 site may be a honeypot put in place by law enforcement. Please bear in mind that Tor does not condone the use of their network for any illegal activity on their network. They are all about privacy, freedom from unwarranted surveillance, and anonymous access to information.
So what else is there? Currently, Tor is the largest anonymous network on the planet, but is it the only option? Of course not. When it comes to software, there’s always more than one way to skin a cat.
Alternatives to Tor
One thing that is obvious is that Tor is not finished. In spite of that, some of you are already asking yourselves “Ok. What else is out there?” Well, you’re in luck. As it so happens there are other tools out there for those who wish to avoid being tracked. Here are a few of the most popular that are currently available.
Similar to Tor, I2P, or the Invisible Internet Project, uses a distributed network database and peer selection for anonymous traffic. Also susceptible to traffic analysis attacks, I2P does have some benefits over Tor. The peers are selected through continuous profiling and ranking performance. It is also small enough that few, if any, active blocks are in place to prevent access.
Unlike Tor, Freenet does not rely on dedicated entry and exit points. Instead users connect to Freenet preferably through their friends computers. If you don’t have any friends on Freenet, you do have the option of connecting through strangers computers, but that is considered less secure then connecting to the computers of trusted friends. Freenet also is a file distribution service where encrypted files are stored on computer hard drives throughout the network. Due to the encryption it is unlikely that a user would be able to determine what that file actually is.
Another onion routing-type anonymizer for web surfing, JonDoFox is a profile for Mozilla Firefox or Firefox ESR. The user’s computer connects to a series of Mix operators that anonymize the user’s web traffic and wrap it in several layers of encryption. Just like Freenet, the network size is considerably smaller than Tor’s. This is primarily due to their certification process. In order for you to become a mix operator, you must go through their certification process. Theoretically, this could lower the chances of an attacker sneaking in modified servers, but such a claim would have to be tested in a simulated environment.
GNUnet is a peer-to-peer file sharing tool that relies on large groups to obfuscate the identities of those that are attached to the group. An individual in the group is virtually indistinguishable from any other user by anyone but the initiator of the group.
Stronger solutions currently in development
The following projects are still in development, but are working toward creating even stronger anonymity networks, but for more specific applications. Tor was created as a sort of generic, one size fits all solution for anonymous web use. These projects are more focused on specific applications of web use.
Aqua is a file sharing network designed to be completely anonymous, while Herd is an anonymous Voice over IP network. The designers are working up a means of stripping the metadata from the network traffic, which is the primary way of tracing a client and the server that client is communicating with.
Alpenhorn is the second iteration of Vuvuzela, named after the horn normally used at soccer matches in Latin America and Africa. Alpenhorn is an anonymous, metadata free chat program that can be scaled to millions of users, in theory. Expect a public beta in the near future.
If anonymity is more important to you than latency, then Dissent offers some of the strongest available anonymity. Due to the higher latency and low bandwidth, dissent is best used for blogging, micro-blogging or even IRC type communications. The way Dissent works is rather simple, but bandwidth heavy. When one client transmits anything, all the other clients transmit a package of the same size. Instead of using onion routing, Dissent is based on DC-nets, a dining cryptographers algorithm. Combine that with a verifiable shuffle algorithm and you end up with the most anonymous design being looked at by researchers today.
Anonymous file sharing is becoming more and more sought after. Riffle is yet another attempt at providing an anonymous way for a user to share files of any size. However, it is not meant as a replacement for Tor, mainly because file sharing over Tor breaks anonymity. Riffle is meant to augment Tor by providing Tor users with a truly anonymous way to share files, without choking the Tor network. Inspired by Dissent, Riffle also uses a shuffle algorithm, but drops the DC-net cryptographic algorithm.
Riposte was inspired by Dissent, but focused on micro-blogging. Micro-blogging is currently the realm of Twitter, Pinterest and other such services where users update their “blog” with small snippets of information like quotes from famous people or requests for feedback or even requests to join networks. Riffle is designed to allow a user to micro-blog anonymously at the expense of internet speed. Following in the footsteps of Dissent, Riposte also uses the DC-net type setup for hiding the original transmission in a storm of transmissions of random data bits of the same size.
Finally, as an added bonus, here is a list of all the other projects in the works over at TorProject, all with an interest in maintaining internet privacy for any and all who wish to make use of their products. Some of these are rather obvious and user friendly, while others are more behind-the-scenes. A couple of different programming libraries are available for software developers to allow their products to communicate with The Onion Network.
The Tor browser
This is what most people use to access Tor. It’s very simple to acquire and use. The browser is actually a customized version of Mozilla Firefox, and therefore looks and feels like any other web browser. The customization is designed to leave no trace of your web surfing on the computer. Simply download the compressed file for your operating system, be it Windows, MacOS or Linux, extract it to it’s own folder, run the executable file inside that folder and surf to your heart’s content in complete anonymity. When you close the browser, all traces of your browsing are cleared from memory. Only your bookmarks and downloads are left behind.
.onion web sites
These are websites that are only accessible within the Tor network, and by knowing where to go. There are special search engines like Onion.city and Onion.to, as well as a host of others. Keep in mind, though that there are hoaxes, scams and honeypots strewn throughout the DarkNet. Be wary of what you click on. There are also some very disturbing images available in there. You have been warned.
You can access the Tor network on your Android device using Orbot. Orbot creates a Tor proxy on your device so that all internet traffic from your device goes through the Tor network. That means that all the apps on your phone or tablet will have their traffic routed through Tor as well. Of course, some apps are designed not to be anonymous and will break the anonymity provided by the Tor network. True anonymity requires just a few steps to make sure tattlers are disabled or, at the very least, not running while you’re tapping into Tor. Remember to disable auto-sync and shut down any apps that automatically log you in to an account, like Gmail, Yahoo!, Facebook, Twitter and the like.
To go along with Orbot, there is also a browser for Android devices that allows you to surf the net using Tor. However, this only applies to web surfing in a browser. All the other apps on your Android device will be communicating through normal lines of traffic without the benefit of anonymity provided by the onion router.
This might be the ultimate usage of Tor. It is a “live operating system” that is run either from a CD or a USB thumb drive or memory stick. Put this in a computer right before you restart. If the computer’s BIOS is setup correctly, it will load Tails instead of the OS that is loaded on the computer’s hard drive. Perfect for using a computer that does not belong to you for surfing the web anonymously and leaving no trace of your browsing anywhere on the computer. The computer’s internal hard drive is not touched while the computer is running Tails and the computer’s memory is erased with each reboot. Also, any cookies or temporary internet files that are loaded into Tails are not recorded to the CD or thumb drive while in use so those are also lost as soon as the computer is restarted.
You were first introduced to Arm at the end of the “How to build your own Tor relay or node” article. Arm is a command line-based monitor for a Tor relay. It displays real-time information for a relay or bridge in the Tor network. This helps you keep an eye on your relay by providing statistics, metrics and health reports. You can learn how many Tor users have accessed Tor through your relay or how much of your available bandwidth is being used in support of Tor.
Atlas is a web application that provides information on the current status of the Tor network’s relays. Type the name of a relay into the search box at the top of the site and get a basic overview of it’s current status. Click on the relay’s nickname to get a much more detailed report along with an explanation of all the flags that apply to that particular node.
Used to change the way your data stream appears. This is yet another way of keeping you connected to Tor. Some entities have started blocking Tor traffic based on the traffic itself, not the IP address of the relay or bridge that is being used to connect to the network. Pluggable Transports change the look and feel of Tor traffic to appear to be normal, un-Tor-like traffic to escape detection.
While Atlas is a site showing the status of the Tor network, OONI is the site showing the status of censorship in the world today. It does this by probing the internet using a known good result and comparing that result to an unprotected, unencrypted result. Any changes in the results are evidence of tampering or censorship.
Onionoo is a web-based protocol that gets information relating to the current status of The Onion Network. This information is not in a human readable format. It is meant to act as a service for other applications like Atlas or Tor2Web.
As the name implies, this is where you get metrics relating to the Tor network like available bandwidth and the estimated size of the current userbase. Any researcher that is interested in any specific, detailed statistics about the Tor network can find it here, or submit a request for the metric that they are looking for.
A simulation of a network using the real Tor browser. This is most useful in a lab type setup when you want to see how Tor can affect your network, without impacting your real network. Perfect for experimenting with Tor and various other programs before allowing or implementing them on your local area network.
Grants non-Tor browser users access to websites running in Tor hidden services. The idea is to allow internet users the option of sacrificing their anonymity while still granting them access to information hidden inside the Tor network, while at the same time not sacrificing the anonymity of the websites that they are accessing.
An instant messenger client that uses the Tor network for all of its transmissions. Secure by default with cross platform capabilities, it is an ideal chat program for anyone wanting to stay secure and anonymous.
This is a programmers library for writing Python based applications that talks to or launches a Tor program. It contains all the utilities for accessing Tor’s circuits, streams, logging functions and hidden-services.