The Onion Router (Tor) was conceived to implement onion routing using free and open-source software that would be available for anyone to use. Onion routing is a method of applying anonymity to network messages by wrapping each message in layers of protection to hide the routing of the messages between a client device and a destination device. Tor provides the means to implement this anonymized message routing.
Tor makes use of an array of internet-connected relay servers provided by volunteers distributed around the world. There are currently estimated to be more than seven thousand servers operating. The anonymity of the internet traffic can be significantly enhanced by using onion routing to pass internet traffic through a few of these relay servers.
There are many different reasons why an internet user would want the anonymity offered by Tor.
While there are criticisms that Tor’s anonymity can be used for nefarious and illegal purposes, bypassing censorship controls, anonymous defamation, distributing illegal content, delivering malware, even facilitating the sale of illicit goods. However, it’s worth remembering that such criminals have access to other methods of implementing anonymity, and so Tor does not provide such people services that they do not already have. The benefits of bringing anonymized routing to those who legitimately need it outweigh the negative aspects of its potential malicious use. Without Tor, some ordinary law-abiding users would have no access to robust anonymization.
While onion routing was developed in the mid-1990s by the US Navy and the Defense Advanced Research Projects Agency (DARPA), the onion routing project (now simply referred to as Tor project) was founded in 2006 as an educational institute-based nonprofit organization. While most funding derives from the US Government, it now has broader international funding sources and volunteer communities.
In the last five years, there has been a concerted effort to make using Tor simpler to widen access to a broader user base.
The mechanics of onion routing are discussed in more detail in an accompanying article. In essence, this works by creating an authenticated path through a preselected number of servers from the list of available internet-connected relay servers. The network path starts with the client device connecting to a designated entry server and ends with a designated exit server that connects to the destination device. The entry server and exit server are chosen randomly from a list of options stored in a directory node. The chain of relay servers between the entry server and exit server is again selected at random. The number of relay servers is limited by the processing requirements of the communications mechanism. Each relay server added to the chain will add an additional layer to the onion, adding overhead in encryption and decryption operations.
The onion routing is implemented using nested layers of encryption as part of the communication protocol. The information and the IP address of the next device in the network chain are encrypted in each layer. As messages pass across the network, each device decrypts the outer layer of encryption to reveal the next IP address for the message. This is analogous to stripping away the layers of an onion. This ensures that any device in the network chain can only know the IP address of where the message has come from and where the message needs to go to next. Only the client device and exit server will see the destination device’s identity. Still, the exit server will not know the client device’s identity unless this is included as plaintext in the message. Once communications between the client device and destination device are complete, the network chain is uncoupled, leaving no trace that communications took place along that route. Every new communications session will create a new network path, the randomization making it unlikely that the same path will be repeated.
The concealment of the routing path in the Tor network means that anyone eavesdropping on the messages passing over the network will not be able to link the client device to the destination device using information obtained from the message. This doesn’t make communications invulnerable to attack. Any compromise of the client device will render the use of onion routing redundant if the messages can be read before entering the Tor network. Similarly, any compromise of the destination device will reveal the identity of the client devices communicating with it unless those client devices hide their identity. It is important to remember that onion routing provides anonymous routing, not anonymity. The destination device receiving data will be able to identify which client device sent that data unless that client device has undertaken an additional step to anonymize the transmitted information.
Access to the Tor network requires the use of a Tor browser. The Tor entry servers are by their nature hidden on the internet and cannot be accessed using an IP address in the same way a destination device is accessed. The Tor browser allows the user to access an entry server using an onion address that provides access to the network and encryption key information necessary to initiate and authenticate a connection between the client device and the entry server.
The Tor Browser is a modified Mozilla Firefox Extended Support Release (ESR) web browser that can operate using the Microsoft Windows, macOS, and Linux operating systems. The Tor Browser routes all communications through the Tor network by default and comes with Firefox add-ons, including ‘HTTPS Everywhere’ and ‘NoScript’ that provide privacy protection. A version of the Tor browser is also available for Android devices, and a Tor browsing app is available for iOS devices. It is available from the Tor Project website. A list of alternative sources is maintained in a GitHub repository to circumvent any ISP or firewall blocks to the Tor Project website that a user may encounter.
When activated, the Tor browser automatically initiates all the required processes to implement onion routing, and whenever a session ends, it automatically deletes all sensitive records of that session.
A useful feature of the Tor browser is that it is a portable application, meaning that it does not need to be installed on the client device. This allows the Tor browser to be run from removable media, making it more difficult for anyone else to identify if a client device has used a Tor browser. This feature is critical if a user needs to undertake anonymous communications without anyone else with access to the device they use discovering what they are doing. This is particularly important for victims of abuse and whistleblowers.
In addition to the inherent weaknesses of onion routing, Tor is also susceptible to configuration issues that can expose information useful to an attacker to overcome anonymity protection. Typical problems include web server error responses containing identifying information, browser plug-ins leaking identifying data, or access to online websites or services not protected using HTTPS. The Tor Project website includes instructions for the correct use of the Tor browser.
In terms of maintaining anonymity, the most significant risk comes from the user. Accessing social media websites, posting on forums, or accessing unsafe multimedia files can expose the user’s identity irrespective of whether they are using Tor.
The main disadvantage of Tor is the reduced network latency as a result of the processing overhead for the multiple encryption and decryption operations as messages pass across the Tor network. While the latency is tolerable to passing messages between parties, it makes Tor unsuitable for operations that require high bandwidth, such as streaming media files or making video calls. The reality is that the latency limitations deter the use of Tor for activities such as distributing illegal images or copyright violations without impacting legitimate applications such as whistleblowing.
Tor provides a mechanism to allow network users to have very high anonymity levels to anyone monitoring the network. Tor prevents any eavesdroppers on a network from identifying which destination devices the user is communicating with using their client device.
The Tor Project has made access to Tor free and straightforward to use by providing a Tor Browser that manages all the technical aspects of connecting and authenticating a client device with the devices that form the Tor network.
Connection anonymity has practical applications. It allows users to hide who they are in contact with, providing a means for abuse victims to safely communicate with agencies that can help. It will enable whistleblowers to contact regulatory bodies or allow commercial organizations to collaborate in secret. While it is perfectly legal to use Tor for anonymous browser, some websites and services will block network traffic originating from known Tor exit servers.