Tor Browser
What is Tor?
Tor stands for “The Onion Router”, it's an open-source browser that allows anonymity and privacy online by redirecting internet traffic through a series of servers known as nodes, or relays, which are hosted by volunteers all over the world. Thanks to its distributed network, users are allowed to browse the internet anonymously. The name itself, is a reference to the different layers of cypher, and encryption.
Who and why?
Tor is used by many types of people that perform different types of activities online, going from journalists, and whistleblowers to a group of folks that care about their online privacy. Activists in countries with tight controls also use Tor to get around censorship, or to maintain hidden in the shadows, away from the governmental agencies’ eyes. Even researchers and security geeks use it to explore online security without being tracked.
The main purpose is to maintain browsing activity anonymous and private but can also be used to access certain websites which might impose strict rules by your country of residence, or to visit .onion sites, which are a more secretive and private than the clear net.
Although, we also need to be conscious about the bad content we might be exposed to in Tor’s .onion services. While many .onion sites serve legitimate purposes, some are notorious for illegal activities, which can overshadow the positive uses of Tor. It’s crucial to note that Tor doesn’t inherently imply illicit activity. Anyways, as long as you are using the browser for the good, you don’t have to worry. Just like any other browser, or application, don’t click on random links, or try to go into sketchy places.
What are .onion sites?
A .onion domain is only accessible through the Tor browser, which means that in order to access it we are forced to navigate through the Tor relays. Onion services do not use traditional IP addresses, since the service itself acts as an overlay on top of the TCP/IP infrastructure.
We connect to domains in the clear net using IP addresses, that look something like this “https://172.16.254.1" , made of 32 bits (1’s and 0’s). Although, we don’t always see this thanks to the Domain Name System (DNS) service which takes the load of remembering all of those numbers for each site that we want to access. Onion sites look more like this “vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion", see the difference? There’s no IP addresses or names, just a bunch of random characters. These random characters are actually a base32-encoded version of the public key associated with the Tor hidden service. The .onion address serves as the identity public key of the service, allowing users to connect to it through the Tor network. Unlike regular domains that rely on DNS, .onion addresses provide a level of anonymity and security by directly using cryptographic keys.
How does Tor Work?
To understand how Tor works, we must understand how the internet works first. Normally, when you attempt to connect to a website, your device makes a request to the server where the target domain is hosted. This process is efficient, and fast, but not secure, because it reveals the recipient’s IP address, approximate location, and identity to the webserver and anyone snooping the traffic.
By accessing the tor network, your traffic is rerouted through 3 different relays before reaching the internet. Between those 3 relays, our traffic is encrypted, the only time where our traffic is not encrypted is when it’s going through the exit node. By the time traffic exits the exit node, it will be very hard to find the original source of your requests.
Entry Node: Your traffic first enters the Tor network through an entry node. Here, your data is encrypted, but the entry node can see your original IP address.
Middle Node: The encrypted data is then sent to a middle node, which further anonymizes your traffic by encrypting it again. The middle node cannot see your IP address or the final destination of the data.
Exit Node: Finally, your traffic exits the Tor network through an exit node, where the encryption is removed. This is the only point at which your data is decrypted and sent to the final destination. Note that If the website you’re accessing is not using HTTPS, the exit node can see the content of your traffic, potentially exposing sensitive information. However, the exit node cannot trace the traffic back to your original IP address.
