With all of the recent NSA surveillance news reports, many people have wondered how to increase their own privacy, or that of their businesses, without losing too much convenience. TOR is a word that keeps coming up in many tech circles, and many sources will simply tell you to start using TOR in order to be anonymous and secure, so that none of what you do online is snooped upon.
Chances are you’ve heard about TOR before; you may even know some of the basic facts behind this project, like how it uses multiple routers to anonymize your traffic, or that everything stays encrypted. But how much do you know about the actual inner workings of this system? And most importantly, why don’t you use TOR on a regular basis? Many people are put off by TOR’s reputation as a place for criminals and content pirates to do their dirty business, and others may have heard that TOR is slow and unreliable. So let’s go over everything that makes TOR work and how you can start using it, either for personal or business use, along with how it will likely perform in real life situations.
The scoop on TOR
The Onion Router (TOR) is a non-profit, open, and volunteer project that has been around for many years now. This is the first important fact to know about TOR. This system has been around for a while and has proven itself. However, there are several critical things to know about what TOR can and cannot do for you. The name itself refers to both a piece of software you can run on your machine, and to a large network of routers on which your Internet traffic can bounce in order to be anonymized. In order to understand how that works, let’s start with a typical proxy.
When you open a VPN from your computer to a server, whether that be into your work machine or a client on the other side of the country, you basically open an encrypted tunnel between those two points. Using a protocol like PPTP, SSL or L2TP, you’re configuring your computer’s TCP/IP stack to send all your traffic to a specific gateway, an Internet address, encapsulated into an encrypted payload. The proxy server then receives that payload, decrypts it, and inside finds the original packet, such as your web request to your bank, the email you want to send, or that file you’re trying to share. The important thing to understand is how the VPN connection encapsulates everything you do online into an encrypted tunnel between yourself and a single server, before decrypting these packets and sending them off.
While this is great to foil a local attacker such as at an open Hotel wi-fi connection, it does nothing against ISP-level snooping or even a state actor, who can easily go upstream of your VPN server and tap everything that comes out. Also, because you always use the same server, it’s easy for them to be targeted by someone who wants to monitor you. TOR instead uses, at a minimum, three servers to pass your traffic on, each encapsulated with its own layer of encryption. This provides the anonymity that TOR is so famous for. All that these servers see is the IP that sent them the packet, and that’s it. The first server sees your real IP, but not your content or destination. Only the final server knows your true destination, but doesn’t know who you are. In order to trace you, someone trying to spy on you or censor your speech would have to compromise all three servers. And because TOR is a dynamic network that evolves constantly, the path your packets take change all the time.
As you can see, while TOR is not completely foolproof, it is as good as it gets. Even the NSA would have a very hard time tracking down all TOR users and monitoring their traffic, especially since TOR servers are all over the world. So now the question becomes, should you give it a try? First it’s important to understand that there are trade-offs. Many argue that if someone uses TOR or other extraordinary means to hide themselves, then they are pointing themselves out as a target. This may be true for now; however, many others believe that the goal here should be encryption and privacy for everyone, not just for those with things to hide. If everyone used encrypted connections, secure email systems, and anonymizing networks like TOR, then it would render that argument useless.
How to use it
Getting started is extremely easy. You can download TOR from the project home page, and once installed, you will get a Vidalia icon that allows you to start it. When you do, the software will basically scan the network and establish a secure tunnel between your computer and a random TOR router. It will then open an instance of Firefox that uses this tunnel. Anything you do inside of that browser is anonymized. That means if you go to a website, they will not know who you are unless you tell them in some way. This is great if you want to make casual uses of TOR. But this software can do far more. For example, you may want to act as a relay yourself. This will allow other people to use your computer to relay traffic. In order to do that, simply go to the Control Panel option inside of Vidalia and set up relaying. The thing to remember here is that by doing that, you are helping out the TOR community. However, you have no way to know what kind of traffic will transit over your system. Some of it may be illegal, and it may expose you to law enforcement actions.
So at the end of the day, is it really worth it to use TOR? Certainly, if you need temporary anonymity online, then TOR may be the quickest way to obtain it. But remember that this software solves just one part of the problem. If you identify yourself in any way, if you slip up at all using TOR, then you can be traced back. This includes sending cookies, logging into your accounts, or doing any type of financial transaction.
TOR does offer something called hidden services, which are anonymous sites that cannot be tracked. There’s TOR Mail, online stores, forums, and so on. However, for right now, TOR is not anywhere close to a perfect solution. The rumors that TOR can be slow are definitively true. It’s certainly fine for casual web browsing, but little more. This is because few want to run the risk of running a relay. One trick you can do here is to use the option to Use a new identity, which will switch servers and may increase your speed. Finally, even though projects like TOR are very important for people like whistleblowers, activists in oppressed countries, reporters talking to confidential sources, and more, there is still the stigma that TOR is mostly used by those wanting to hide criminal activities. Until more people learn about TOR and start using it, that stigma won’t go away.
What are your impressions of TOR?
Are you a regular user of TOR? Would you use it if performance were better? What are your reservations about using it?