Everything you wanted to know about Tor but were afraid to ask

Posted on August 21, 2018 By Dennis

The Tor project.

If you’re interested in online privacy, then you’ve no doubt heard about Tor (The Onion Router). The Tor Network (or just “Tor”) is an implementation of a program that was originally developed by the US Navy in the mid-1990s. It enables users greater anonymity online by encrypting internet traffic and passing it through a series of nodes.

Chances are, you have lots of questions about this project you’d like answered before you jump in. However, due to the negative associations many people make with Tor and related projects, it’s understandable that potential users are afraid to discuss their interest.

In this post, I’ll ask (and answer) those questions for you. I’ll explain everything you need to know about Tor, including how anonymous it is, whether it’s legal, and if you still need to connect to a VPN while using Tor.

What is Tor and how does it work?

The Tor network, often referred to as just “Tor,” is a volunteer-run system that helps make internet use more anonymous.

When a user is connected to Tor (often through the Tor browser), their outgoing internet traffic is rerouted through a random series of at least three nodes (called relays) before reaching its destination (the website the user wants to visit). Your computer is connected to an entry node, and the final node traffic passes through is the exit node, after which it reaches its destination (the website you want to visit). Incoming traffic is rerouted in a similar manner.

A simplified version of how Tor works.

A simplified version of how Tor works (Source: EFF via Wikimedia)

Aside from passing through several nodes, the traffic is encrypted, multiple times in fact. It loses a level of encryption at each node, but is never fully decrypted until it leaves the exit node for its destination.

Each node has an identifying IP address, which is also encrypted. The only IP address visible to the destination website is that of the final node, known as the exit node.

In total, the Tor network is currently made up of about 7,000 relays (nodes) and 800 bridges. Bridges are similar to relays, but they are not listed in the Tor directory. These are typically used by anyone who is unable to access the Tor network by regular means, for example, if it has been blocked. They may also be used is a website or app blocks traffic from a detected Tor node.

Does Tor hide IP address?

While connected to the Tor network, activity will never be traceable back to your IP address. Similarly, your Internet Service Provider (ISP) won’t be able to view information about the contents of your traffic, including which website you’re visiting.

Your ISP will see that you’re connected to a Tor entry node, and the website you’re visiting will simply see the IP address of the Tor exit node.

How to use Tor: getting started

The simplest way to use Tor is through the Tor browser. This is a Firefox-based application which can be downloaded and installed on your computer.

The Tor browser homepage.

Versions are available for MacOS, Windows, and Linux. Once you’ve downloaded and installed, you’ll be able to access clearnet and .onion sites through the browser.

In some cases, use of the Tor browser may be blocked. As mentioned earlier, using a bridge should overcome this issue. In the past, this was fairly complex, but is a lot easier in the latest version. You’ll need to first locate a bridge and then configure it with the Tor browser.

Does Tor really make you anonymous?

It’s very difficult, if not impossible, to become truly anonymous online, but Tor can certainly help you get there. All of your traffic arriving at its destination will appear to come from a Tor exit node, so will have the IP address of that node assigned to it. Because the traffic has passed through several additional nodes while encrypted, it can’t be traced back to you.

However, one of the issues lies in trusting the operator of the exit node. If you’re visiting an unencrypted (non-HTTPS) website, it’s possible the node operator can track your activity and view your information. They could collect data such as which webpages you’re viewing, your login information, the content of your messages or posts, and the searches you perform. Although, there’s no way to trace that information back to you or even back to the entry node.

It’s worth noting that using the Tor browser only protects traffic going through that connection and won’t anonymize other apps on your computer (although many can be configured to the Tor network via other means). Also, your ISP can still see that you’re using Tor. For improved privacy, you can use a VPN alongside the Tor browser.

What is the darknet and how is Tor related to it?

If you’re familiar with the term, the “clear net”, you’ll know that it refers to the portion of the internet that can be freely accessed, that is without Tor or an alternate browser. On the other side you have the deep web. This includes content that isn’t indexed by search engines, including outdated content, private files, and web pages that have barred search engines from crawling them.

Also within the deep web is the darknet. This content can usually only be accessed using special tools like Tor. The darknet houses some legitimate websites, but it is better known for being a place rife with illicit activity.

You can access the clear net with Tor, but you can also access darknet websites, specifically .onion sites. These are sites which only people using the Tor browser can access, and have .onion as part of their URL. They are also referred to as “Tor hidden services.”

They’re not indexed by search engines and can be difficult to find if you don’t know where to look. Tor protects the anonymity of the operators of .onion sites, so it would be difficult to find out who is running them. Of course, the combination of both operator and user anonymity is what makes the darknet ideal for criminal activity.

Aseizure notice for the AlphaBay website.

The (now seized) website for the infamous AlphaBay marketplace was a .onion site. (Source: US Department of Justice via Wikipedia)

That being said, there are plenty of legitimate websites that have .onion versions. For example, VPNs are geared toward privacy-conscious users and some offer .onion versions of their site, ExpressVPN being one example. You can even set up a .onion site of your own through the Tor browser.

Why would someone want to use Tor?

As mentioned, Tor is often associated with illegal activity and users wanting to access the dark web. Because of this, there is often an assumption that anyone using Tor must be up to no good. On the contrary, Tor can simply be used by privacy-conscious users for day-to-day browsing on clearnet sites, to help maintain user anonymity and privacy while online.

There are a vast number of reasons your average internet user might want to be more anonymous. These include stopping ISPs and third parties collecting data about online activity, bypassing censorship, protecting children’s privacy, or researching taboo topics, such as birth control or religion.

There are also many professions in which it would be necessary or helpful to keep an anonymous online profile. Some of those legitimately using Tor include:

  • Journalists
  • Law enforcement officers
  • Activists
  • Whistleblowers
  • Business executives
  • Bloggers
  • Militaries
  • IT professionals

Although Tor doesn’t track what users are doing online, it does offer aggregate statistics telling you where users are located. You can see graphs by country and read about events that may have contributed to drastic changes in user numbers.

Agraph showing the number of US Tor users.

For example, the above graph shows the number of US users connecting over the past year. In dated commentary below each graph, Tor provides notes about things like updates, outages, and major events such as government blockages.

Is using Tor legal?

It’s true that the nature of Tor makes it a popular choice among criminals wanting to access some of the shadier parts of the darknet and conduct criminal activities. This includes buying or selling illegal products or services, or participating in forums that spread hate speech and encourage extremism.

However, as outlined above there are plenty of reasons non-criminals would want to use Tor. Indeed, it is perfectly legal to use Tor, although it has been or is currently blocked in certain countries. Plus, there is still a stigma attached to it, so you probably shouldn’t assume you can use it trouble-free.

ISPs have been reported to throttle the bandwidth of Tor users and have even contacted customers to tell them to stop using the Tor browser. Users may be questioned by ISPs regarding which websites they are connecting to through Tor.

Authorities themselves could become suspicious of Tor users and conduct investigations into their activities on those grounds alone. Although, there haven’t actually been reports of fines or charges related to the use of Tor.

Are there any downsides to using Tor?

Tor is popular with many users — there are currently around 2 million users connecting to relays at a given time.

Graph showing total number of users.

But it does have its downsides. Here are the main cons of using Tor:

  1. Slow speeds
  2. Detectable by ISPs
  3. Blocked by network administrators
  4. Vulnerable to attacks

Let’s look at each of these in a bit more detail.

Slow speeds

The major downside to using Tor is that its slow. Traffic isn’t going directly to its destination, so this will slow things down. Plus, the speed of traffic flowing between the nodes could be slower than your regular internet connection, further dampening the overall speed.

What’s more, the number of volunteer nodes available is very small compared to the amount of traffic flowing through the network. The resulting congestion will slow down traffic, especially during peak periods.

Due to these issues, the main use for Tor is general browsing. It isn’t suitable for streaming or torrenting, or anything else that requires a lot of bandwidth.

Detectable by ISPs

Another downside is that your ISP will be able to see that you’re using Tor. It won’t be able to read the contents of your traffic, but the fact that it detects you’re using Tor could have some repercussions. As mentioned earlier, using Tor alone is enough to raise suspicion from ISPs and authorities. One way around this is to use a VPN with Tor (more on that below).

Blocked by network administrators

Tor is often blocked by administrators of certain networks. One way around this is to use bridges which shouldn’t be detectable as Tor nodes. If the blockage is more sophisticated and uses deep packet inspection, you may need to use an additional tool, such as Pluggable Transports (see below). This will mask your Tor traffic as regular traffic to bypass the block.

Vulnerable to attacks

While it hasn’t been confirmed, there have been reports that traffic analysis on Tor has been successfully used to find incriminating evidence. One case that stands out is the Silk Road takedown of 2013. Silk Road was a marketplace run through the Tor network and was involved in the sale of an estimated $1 billion worth of drugs, along with other illicit goods and services.

There have been various theories regarding how the FBI identified the criminals involved, but the case suggests that there are vulnerabilities in the Tor network as an anonymity tool.

There are also the aforementioned rumors about exit node monitoring to be wary of. Bear in mind that these reports don’t appear to have been confirmed so can be viewed with skepticism.

Does Tor work on mobile?

The Tor browser is only available for Windows, MacOS, and Linux operating systems which might be disappointing if you’re looking to connect to the Tor network from a mobile device.

If you’re an Android user, you’re in luck. Orbot, a free proxy app sends your traffic through the Tor network.

The Orbot homepage.

There’s also an Android browser available called Orfox, which is built on Firefox.

The Orfox homepage.

If you’re an iOS user, things aren’t as simple. There is a fairly popular free Onion Browser app available for iOS, but this is not considered as secure as Orfox, and doesn’t offer a great user experience. It is possible to connect to the Tor network manually, but you’ll need to jailbreak your device first.

Do I still need a VPN when using Tor?

In very basic terms, Tor is more about anonymity, whereas a VPN is more concerned with privacy.

Using Tor, all of your traffic in encrypted, but your ISP can still see that you’re connected to Tor. Additionally, the Tor entry node can see your real IP address.

Using a VPN, all of your traffic is encrypted and your ISP can’t see which websites you’re visiting. It only sees that encrypted traffic is going to and from a VPN server. However, your VPN provider does have the capability to read your traffic, even if it says it won’t. So there’s always a certain amount of trust that has to be placed in any VPN provider, whereas Tor is “trustless”.

In an ideal world, you don’t want your ISP to see you’re using Tor, Tor entry nodes seeing your IP address, or to have to trust your VPN provider not to view or log your activity. Using a VPN alongside Tor can alleviate these issues. There are two options for doing this: Tor over VPN or VPN over Tor. The main difference here is which you connect to first.

Tor over VPN

This is the method I recommend and you’ll soon see why. With Tor over VPN, you connect to the VPN first, then use the Tor browser. It’s simple and effective.

Your traffic will go through the VPN server before it gets to the Tor entry node. This means that the VPN server can only see that you’re connected to Tor and can’t see where your traffic is going. Going back to your ISP, it only sees that you’re connected to a VPN server, and nothing beyond that. This means your ISP can’t see that you’re connected to a Tor entry node.

NordVPN's Onion Over VPN page.

Several top-rated VPNs, including NordVPN, integrate access to the Tor network into their service. You connect to a specialized server and all of your internet traffic goes through the Tor network. However, this is should probably be limited to use with apps other than web browsers. Browsers like Chrome and Firefox have so many identifiers that it could be difficult to stay anonymous even when connected to the Tor network. So, for browsing, connecting to the VPN and then opening up the Tor browser is still probably your best option.

VPN over Tor

This setup is a little more complex and doesn’t really offer additional anonymity. In this case, your traffic goes through Tor first. Your ISP can still see you’re connected to the Tor network, the Tor entry node can see your real IP address, and you still need to trust you VPN as it can see where your traffic is going.

One issue VPN over Tor does alleviate is the Tor exit node being able to see which site you’re visiting. Instead, it simply sees that you are connecting to a VPN server. One downside to this is that your VPN login information could be viewed by the Tor exit node operator. Another benefit of this setup is that websites which normally block Tor traffic will be unblocked.

See also: Why you can’t always trust the so called best vpn services

Does Tor work in China?

Any anonymity tool that helps users bypass censorship is clearly not going to be very popular with the relevant regimes. China, of course, is known for its heavy censorship of the internet and actively tries to block its residents from connecting to the Tor network. This country has been cracking down on Tor connections for many years and doesn’t show signs of giving in.

A browse of relevant subreddits will tell you that users aren’t having much success, if any at all, connecting to Tor in China. It appears that most relays are blocked and many bridges too. It’s suggested that China’s tactics include testing Tor bridge servers and blocking those associated with any successful attempts.

And China’s not alone. Other countries, including Russia and Venezuela, actively try to block their citizens and visitors from connecting to the Tor network.

Can I help with the Tor network?

I mentioned earlier that the Tor network is supported by volunteers who run the individual nodes. If you are enthusiastic enough about Tor and want to help speed up the network, then you can join the force and become a volunteer, too. Really, you just need a spare computer or server that can be used as a node. You can find instructions for how to set up a relay on the Tor website.

Note that are potential consequences for doing this. Anyone known to be involved with the Tor network will probably come under scrutiny at some point or another. Either your ISP or a law enforcement agency might question you about your involvement in the project.

As we’ve discussed, while much of the activity on Tor is legal, some of it is not. So it’s certainly possible for your IP address to be involved in some illegal activity. And if you’re running an exit node, there’s even more chance you’ll be questioned, as these IP addresses are visible to destination websites.

What is the Tor Messenger system?

One Tor-related project you may be familiar with is Tor Messenger. This open source software was designed for use alongside existing networks such as Facebook, Twitter, and Google Talk. All Tor Messenger traffic is sent over Tor, and Off-The-Record chat is used to enforce encrypted conversations between users.

The Tor Messenger homepage.

Tor Messenger is based on Instabird and has a similar interface. Although, one of Tor Messenger’s major problems has resulted from the fact that Instabird is no longer under development. This, along with other issues, including metadata leaks and limited resources, has resulted in the cessation of the development of the Tor Messenger project.

What other projects are related to Tor?

The Tor network isn’t just the Tor browser. Various other projects have been developed to complement the network. I mentioned .onion sites, the Tor instant messaging system, and a couple of Android projects earlier, but here are some of the other projects you may come across:

  • Atlas: This is a web application that shows you details about the various relays and bridges in the Tor network. You can perform searches and find out information such as bandwidth, exit policies, and uptime.
  • Nyx: Previously called Arm, Nyx is a command line monitor for users running relays in the Tor network. It will provide information in an easy-to-view format, such as bandwidth usage and connection logs.
  • Onionoo: This is a web-based protocol that provides data about relays and bridges in the Tor network. Unlike Atlas, it wasn’t designed to present data directly to humans, but rather to deliver information to other applications (like Atlas) and websites.
  • OONI: The Open Observatory of Network Interference (OONI) provides free software tests, including those to detect the blocking of websites and instant messaging apps. You can also detect the blocking of tools used to bypass blocks, such as Tor.
  • Pluggable Transports: Pluggable Transports (PTs) make Tor traffic between a client and a bridge look like regular traffic. This is helpful for bypassing censors that use deep packet inspection to recognize Tor traffic flows.
  • Shadow: This is an open source software which provides users with a simulation of Tor for experimentation purposes.
  • Tails: The Amnesic Incognito Live System (Tails) is a live OS that can be started on your computer from a DVD or USB. It’s built on Debian and sends traffic through Tor.
  • TorBirdy: This is designed specifically for use with the Mozilla Thunderbird email application. TorBirdy enhances Thunderbird’s privacy and configures it for use with Tor.
  • Tor2web: Tor2web helps users access Tor Onion Services without the use of the Tor browser. However, it won’t give you anonymity, just access to the .onion sites.

Leave a Reply

Your email address will not be published. Required fields are marked *