Home Cybersecurity Tor and the art of anonymity

Tor and the art of anonymity

304
tor
source: torproject

In the evolving digital world, privacy and anonymity are the two important factors for staying safe while surfing the web. We all want our data to be safe from the government, cybercriminal and spying organizations. Many intellectuals think that surfing in incognito mode makes all their connections private. Wake up from the fairyland buddy, your data is sold openly and you think you can secure it just by turning on incognito.

People think that just using an antivirus is enough, but you need to be more aware of your data safety. Conventionally, the connection between you and the website you are visiting is not encrypted, which means anyone who wants to decipher all your information can easily see your whole browsing profile.

“Just because you’re paranoid
doesn’t mean they aren’t after you.”

― Joseph Heller

TOR

The Onion Router (TOR) is a software that was developed in the early 1990s for the U.S. Navy to transfer important data within an anonymous network, but after navy started using its own secured VPN. Then Tor was converted into a Non-profit organization with an aim to provide anonymous browsing experience to everyone.

tor

Tor uses different servers across the globe, known as nodes to transfer your request to the website. The nodes are independent contributors and computers willing to contribute to the tor project. The traffic is routed from different nodes so that no one knows the message and its origin.

How it works

  • Tor browser or any other Tor enabled application selects 3 servers at random namely Guard node, Middle node, and  Exit node. It builds a path between the three nodes.
  • The message you are going to send via Tor is encrypted thrice providing Tor users triple layer encryption to send data.
  • The message first arrives at the Guard node which removes the first layer of encryption and receives the address of the middle node, the message is still safe by double layered encryption and is transferred to the middle node.
  • The middle node removes another layer of encryption to get the address of the exit node, the message is now encrypted by a single layer and is transferred to the exit node.
  • The exit node removes the last layer of encryption exposing the message and sends it to the destination.
  • Tor changes the nodes approximately every 10 minutes.

Insights

  • The guard node receives an encrypted message from your IP. So it knows your IP address but it does not know the message you have sent since it is encrypted. Therefore, they can’t know about your search history.
  • The middle node receives an encrypted message from the guard node. But the IP is masked by the guard node and the message is still encrypted so it doesn’t know about any of your credentials.
  • The exit node removes the final encryption to get the message since it has the message it can be read by anyone smart enough to compromise the node. But the exit node doesn’ t know where the traffic is coming from. It just receives the IP of the middle node, so the message cannot be linked to you. The address of the sender always remains anonymous.

As evident from above, different nodes peel the encryption layers one by one to expose the message at the exit nodes Therefore the name ” The Onion Router”. Moreover, in this type of data transfer, no one knows where the data came from and where it is going, this is how Tor provides anonymity.

TOR vs VPN

tor

Tor may seem like a VPN but they are both very different. Essentially, Tor focuses on anonymity and VPN focuses on privacy.

Tor uses random relay servers to transfer data anonymously, whereas VPN uses specific servers to transfer data in an encrypted format.

Tor doesn’t keep logs of your browsing information like a VPN. Most of the VPN keep logs of all your browsing history which can easily be handed over to government agencies compromising your security.

Tor is nearly impossible to shut down, as Tor does not have any fixed server or headquarters so it can’t be shut down by any organization or government. On the other hand, VPN companies can easily be shut down by the respective government and all the data can be seized to expose all the activities of the users.

Tor provides anonymity as no one knows the message and its source simultaneously, whereas VPN company knows every detail about you and keeps logs alongside your profile which can be used against you.

You need to be dependant on the VPN for your privacy and data security, whereas Tor users don’t have to be dependant on anyone, as no one gets the whole data during the transmission.

Tor drawbacks

  • Since Tor uses random relays to transfer messages, it is significantly slow and is not ideal for high-quality streaming.
  • Your ISP and other government organizations can easily know that you are using Tor, so they can pinpoint you easily, even though they would not know what you are browsing.
  • It is very difficult to browse Google through Tor, as you will be bombarded with captcha to prove that you are a human.
  • As Google is known to track users and their digital life since they can’t track you through Tor they make it very difficult to browse the web while using Tor with constant irritating captchas. Therefore, I would recommend privacy oriented search engines such as DuckDuckgo.
  • DuckDuckgo never tracks your online logs and browsing information and works fine with Tor enabled.

Dark web and its myths

tor

Tor is used to access the dark web which theoretically has enormous size than the surface web we are using. The websites comprising the dark web end with the extension of .onion and are only accessible by Tor. The dark web is a totally anonymous workspace away from the spying of NSA and other government agencies. The dark web is also very dangerous and can cause serious damage if not used properly. Let’s see what is this dark web actually.

  • Some people believe the myth that the Dark web is all bad and dangerous. But, did you know that Facebook also has its own .onion site for the users who want to chat anonymously? So, it is not a bad thing after all, huh!
  • The dark web is used to trade weapons, drugs and child pornography. This is true and going into this may get you into serious trouble. Tor tries to anonymize you but the data can be read at the exit node, any organization or group of hackers can determine your position if they want it that bad.
  • The payments done in the Dark web have no logs or records so there is no way you can complain about any scam or fraud.
  • It is used by the journalists or spies to transfer data anonymously without leaving a track.
  • Essentially, New York times whistleblowers also use Tor to give sensitive information anonymously.
  • Dark web contains many hackers who can easily hack into your pc to extract all information.

Guidelines for using Tor

  • Don’t use windows

Windows is not the operating system for using Tor due to various security flaws in its architecture, it can compromise your privacy even while using Tor. Also, Windows is more prone to viruses and malware attacks which are common while using Tor.

I strictly recommend you to use Linux for browsing with Tor. Linux works great with Tor and is immune to virus and malware, some Linux distributions come with Tor preinstalled such as Parrot security OS.

  • Always stay updated

Tor is simply a software that runs on the top of your operating system. This means Tor is only as safe as your operating system.

If an attacker is able to penetrate into the computer and get hold of your operating system, then even running Tor can’t protect you. Always stay updated to browse safely via Tor.

  • Don’t visit HTTP websites

Tor only routes your traffic, so if the website you are visiting is not HTTPS then the server acting as an exit node can read your Internet traffic in the form of plain unencrypted data.

  • Encrypt your data

It is important to encrypt the digital data on the computer while using Tor. You can use the Linux Unified Key Setup (LUKS) to encrypt your data on a Linux machine.

  • Disable JavaScript, Flash, and java

Tor can’t protect your data from the active content such as Javascript, Flash, QuickTime, etc. because these binary applications run with your user account’s privileges and may access and share your data.

Javascript is used by many websites to track you which is not possible to protect using Tor.

  • Delete cookies, cache, and local history every time

Tor hides your real identity from the websites using network packets to prevent them from gathering information about you. But websites may use workarounds such as cookies to track your online activities and detect your real identity. Tor can’t protect you from this. So, delete all the browser cookies for safe anonymous browsing.

  • Don’t use P2P

P2P is of no use in tor because the exit nodes are set up to block the file-sharing traffic. Using P2P sharing slows down the browsing of other Tor users.

Also, due to the insecure design of the BitTorrent, using tor with it doesn’t really hide your identity. Moreover, those BitTorrent clients send your IP address directly to the tracker and other peers, thus compromising your anonymity.

  • Never use your real credentials

You should never use your real email, phone number, or any information that can be used to identify you. How do you think you can hide your identity if you are giving out your real credentials? It’s just like going to a mask party and wearing a name tag.

You should create a virtual identity totally separate from your real identity for usage in the tor network.

Disclaimer: Kickgadget does not support illegal browsing and usage over Tor. The above article is just for educational purposes. I also need to mention that accessing the dark web for illegal stuff can be dangerous. Kickgadget is not liable for any damage caused due to the usage of TOR.

 

Did you like the Article? Feel free to comment and share the post. Do bookmark Kickgadget for more amazing content!

NO COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here