This article is about TOR, a highly secure, efficient and one of a kind “anonymizing” network that aims to offer total privacy and hence protection to anyone who needs it.

Before diving into it, the answer to the question: “Why aren’t proxies and VPNs enough? Why the need for TOR?”

As we know, proxy servers and Virtual Private Networks act as middlemen through which we can, for example visit websites without revealing our identity, location and IP address (In theory, that is). We don’t connect to the website directly and neither the website to us. We are connected to the middleman and so is the website, effectively giving us, the users a dummy IP address that actually belongs to the Proxy or VPN server. So the website doesn’t know who we are - Goal accomplished. Then why are you seeing an article about another anonymizing service? It’s because proxies and VPNs are simply not as easy and effective as they want us to believe.

These are great for say, making more accounts when your IP address limit runs out on some website or maybe bypassing your school’s firewall that might have blocked websites like Facebook - But it ends there. Proxies and VPNs DO NOT offer complete anonymity and protection. True, the website you’re visiting will think it’s actually being visited by the proxy server, it cannot know who you are. But the problem is, the proxy server can (Does, actually). Obviously, any online proxy service will not highlight on their homepage something like “We keep a log of your browsing history! Come and Sign up Today!” Clearly, that’ll be bad for business and just plain stupid.

I’m not saying proxies and VPNs pass on our information to everybody, I’m saying - even if they did (knowingly or not), we have no way of knowing. Although that’s probably not true, most of them DO keep logs of browsing history, time etc. As a hacker you always have to assume the worst, you are henceforth not allowed to believe in coincidences. Best case scenario? The proxy service’s team is full of geeky saints, our data packets go in, then to the website and back to us. No logs, no history. Now, what if someone has hacked into the proxy server? It could be as simple as knowing the admin password. They could have access to our connections and could easily find out the source and destination of traffic coming from us, defeating the very purpose of using the proxy or VPN service. Hence, there is a need for something radically different, something that actually provides total privacy, no gimmicks, no loopholes, no BS.

Enter TOR.

(NOTE: Proxies and VPNs are absolutely great for any low key stuff you want to do mainly because nobody really cares if you want to use FB through your school’s wifi or maybe get a dummy Gmail account since your IP limit ran out. This kind of stuff has no real gain for any outsider. TOR is much more hardcore and it’s used with either really good or really bad intentions.)

So, here’s all about TOR in their team’s own (simplified) words .

TOR was originally designed, implemented, and deployed as an anonymous routing project for the U.S. Naval Research Laboratory. (No matter what anyone says about their ridiculously compulsive military expenditure, you can’t deny they do churn out a lot of good stuff). It was originally developed with the U.S. Navy in mind, for the sole purpose of protecting government communications. Today, however, it has exponentially expanded, almost beyond measure and is used for a wide variety of purposes by the military, journalists, law enforcement officers, activists, and really just anyone seeking online privacy and anonymity.

TOR is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. TOR provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Individuals use TOR to keep websites from tracking them, or to connect to news sites, instant messaging services, or the likes when these are blocked by their local Internet providers. TOR’s hidden services let users publish websites and other services without needing to reveal the location of the site. Individuals also use TOR for socially sensitive communication, Example: chat rooms and web forums for rape and abuse survivors, or people with illnesses. Journalists use TOR to communicate more safely with whistleblowers and dissidents (With Snowden, for example). Specialized government branches use TOR for “open source intelligence gathering”. Law enforcement agencies uses TOR for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

Let’s hold back a second to see how TOR actually works with an example. Consider a game of treasure hunt. You start off with a clue, and that clue sends you somewhere else where you find another clue which sends you somewhere else and so on till you find the treasure (or get fed up and go home).

Breaking down the metaphor, the person travelling from clue to clue is your data packet - what you use to communicate to websites. The clues are “relays” or checkpoints, each point knows where you’re coming from, and where you’re going. Nothing more, nothing less. Clearly, the treasure is your destination website, or any internet service.Now, TOR comes with a relay client and a browser (bundled together for convenience). The relay client, on starting up, configures your connection with the outside world. It finds other relays, other computers on which a TOR relay is running, finds a few of these (around 10) and forms a circuit (a network through which our data packet goes through). Now, each client is sent the information about which next client it has to pass on the information to. Not a single point in the chain knows where the message is coming from or where it is going. Since the network is randomly set up (and it changes every few minutes), you get a dummy IP address that has absolutely zero connection with you. Nobody ever directly handles your data, it just gets passed along since nobody knows where it is coming from or where it is headed. (Obviously, the last relay sends the data to our destination, but since it’s randomly assigned to us, anyone monitoring it will only get seemingly random and hence useless information). Unlike proxies and VPNs, TOR’s connection goes through several random systems which is the main reason for it’s superiority. The transfer of data is 100% safe. Although, it does affect browsing speed. While you can expect upwards of 95% of your internet speed while using a VPN, with TOR it’s more like 80% (My best guess). That’s the only price for security and it’s fair enough.

The variety of people who use TOR is actually part of what makes it so secure. TOR hides you among the other users on the network, so the more populous and diverse the user base for TOR is, the more your anonymity will be protected. An outsider may only find out that traffic is passing through the last link in the chain, but whether it originated there or not - There’s no way to find out.

Using TOR protects you against a (not so) common form of Internet surveillance known as “traffic analysis.” Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your internet traffic allows others to track your behavior and interests.

How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that’s an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you’re doing and, possibly, what you’re saying. That’s because it focuses on the header, which discloses source, destination, size, timing, and so on.

A basic problem for the privacy minded is that the recipient of your communications can see that you sent it by looking at headers. So can authorized intermediaries like Internet service providers, and sometimes unauthorized intermediaries as well (man in the middle attacks). A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, looking at headers.

But there are also more powerful kinds of traffic analysis. Some attackers (*cough* NSA! *cough*) spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers. Basically, they analyze everything that’s thrown at them from every direction, in the hope of finding the path a particular header is going through. It may then be traced back to the sender.

The solution: a distributed, anonymous network- TOR

TOR helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints. Instead of taking a direct route from source to destination, data packets on the TOR network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it’s going. For traffic analysis to yield any results while using TOR, the number of connections that will have to be tapped is simply too great to be practical. (Although, if the whistleblower Mr. Snowden’s intel is true , NSA has found a way to get around this. How exactly is currently unknown. For those who don’t know, Snowden recently spilled a lot of dirty secrets of the National Security Agency, USA to the whole world.)

To create a private network pathway with TOR, the user’s software or client incrementally builds a circuit of encrypted connections through relays on the network. The circuit is extended one hop at a time, and each relay along the way knows only which relay gave it data and which relay it is giving data to. No individual relay ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can’t trace these connections as they pass through.

Once a circuit has been established, all kinds of data can be exchanged and several different sorts of software applications can be deployed over the TOR network. Because each relay sees no more than one hop in the circuit, neither an eavesdropper nor a compromised relay can use traffic analysis to link the connection’s source and destination. (If you care, TOR only works for TCP streams and can be used by any application with SOCKS support)

For efficiency, the TOR software uses the same circuit for connections that happen within the same ten minutes or so. Later requests are given a new circuit, to keep people from linking your earlier actions to the new ones.

TOR also makes it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server. Using TOR “rendezvous points,” other TOR users can connect to these hidden services, each without knowing the other’s network identity. This hidden service functionality could allow TOR users to set up a website where people publish material without worrying about censorship. Nobody would be able to determine who was offering the site, and nobody who offered the site would know who was posting to it.

Best of all, there’s an app for this. Yes, there’s an official TOR app that you can download right now from the play store and start browsing anonymously through your android phone. Actually, it’s two apps : “Orbot” and “Orweb”. The first one is the relay client, sort of a plug-in that configures your internet connection to use a random TOR network. The second one is a browser specially made for using Orbot, that offers equivalent privacy protection as compared to using a computer. So to use TOR on your phone, you will have to download these two apps. Start up Orbot, it peacefully runs in the background and use Orweb as the browser. (There’s an option to re-route all internet traffic, but it requires rooting your android phone

For downloading the TOR bundle on a computer, see the website below:

Moving on.. TOR can’t solve all anonymity problems. It focuses only on protecting the transport of data. It provides no safeguards against, for example, sheer stupidity. A cyber criminal selling credit card numbers in one tab and a facebook chat opened in another tab deserves to be jailed for his idiocy, if not his crimes. It is up to the user to make sure they don’t enter any private data, not a single drop of information that could lead back to them even while using TOR.

TOR also cannot provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit. That is, if the attacker knows that your computer sent a request to a website and also knows that the website just received the same request, it’s very likely that this particular connection is yours and even if he had no interaction with the passing data, it can still be compromised. Mind you, this kind of attack is not something an average joe can even attempt. You would need to be the man-in-the-middle for your target’s ISP and at the same time be tapped into a website server which may be on the other end of the globe.

Ongoing trends in laws, policy, and technology threaten anonymity as never before, undermining our ability to speak and read freely online. These trends also undermine an individual’s and a nation’s security and critical infrastructure by making communication among individuals, organizations, corporations, and governments more vulnerable to unauthorized analysis. Each new user and relay provides additional diversity, enhancing TOR’s ability to put control over your security and privacy back into the hands of people, for the people. There are quite a few countries out there that have actually blocked websites like Facebook, twitter etc. due to fear of protests (*cough* CHINA!*cough*). Internet represents the biggest democracy there is, ever was and ever will be. It offers us among infinite other resources, a vast ocean of knowledge that one cannot hope to conquer in a thousand lifetimes. Such is the power and sheer practicality of the internet, it truly is one of the greatest accomplishments of all humanity. It is what binds us, it is what defines us. With great power, comes not only great responsibility but also greater threats. Threats to our security, threats to our privacy and threats to our very virtual existence. If and when the time comes, it will be up to us and us only to defend ourselves. In the end, the power lies with all of us.

If you would like to see more content like this, please consider supporting me on Patreon.

go to top