What is Tor? A Closer Look at The Onion Router

What is Tor? A Closer Look at The Onion Router

blog


It’s been a hot topic in the news for years now.  Privacy on the Internet is something that users not only want but expect, even if they know they shouldn’t.  So much of our daily activity resides there.  From our entertainment and paying bills to shopping for gifts, clothing and bulk household items, Internet service has become a utility, not just a frivolous addition to your cable TV package.  With so much activity going on in the strange in-between world of the Internet, there was bound to develop an underground.  Much like in your day-to-day world where the world’s secret places thrive, there is an equivalent world on the Internet where anarchy is king and the rules are few.  One of the ways you can get to this place is called Tor.

In the Beginning:

Tor was once an acronym standing for “The Onion Router” which was a reference to how the program layered and encrypted the users on the network; it became its official name in early 2006.  Tor began as a project of the United States Naval Research Laboratory for reasons that to this day are shrouded in mystery.  When it came to be funded through the Electronic Frontiers Foundation (EFF), it ceased to be a military endeavor and took its first breaths as an independent project.  It is currently run by “The Tor Project”, an educational 501c3 devoting its time and services to developing a web browser designed to preserve anonymity on the Internet.

The gritty details

Let’s get a little more technical and see how this works.  Tor protects the user by taking the outgoing signal and bouncing it through various relays across the globe. In order to do this however, one must download and install a Tor browser package which is available on the Tor Projects homepage.  The browser itself is very pared down and as no-nonsense as it gets, allowing no scripts to come through that you do not by hand approve and no cookies to be saved so that your information remains private.

When you visit a website, it sends out the signal to the first relay and that relay encrypts it which sends it along to the next for further encryption, and so on.  By the time it reaches its destination, often hundreds of relays have been used to get there.  This still usually happens in a matter of seconds, making Tor browsing not that much slower than using your normal services.  The browser itself is set up to access a different type of web page called an “unindexed site” or a “hidden service”:  these are web sites that are invisible to everyday search engines.  They achieve this by using public encryption keys and 16 character hash tags followed by the pseudo-top level domain marker “.onion”.

Doesn’t make sense?  That’s the point: to most browsers, it’s not supposed to.  Normal web browsers cannot decrypt the information produced by a .onion service or page.  When a user starts the Tor/Onion browser and enters in a .onion domain address the information going forward to the first relay gets encrypted and sent forward to the next relay.  Because the next relay in the line cannot tell from where the incoming connection came, the user is effectively protected from any attempt at traffic analysis.   Even if someone could either decrypt one node or get some legal order to release the data, it’s one of dozens or hundreds of nodes.  In summary, the traffic is effectively impossible for anyone to trace, even the people who themselves take part in it.  There’s literally not a single person on the planet who could trace a request made through Tor.

Oooh, this is intriguing!  What can Tor be used to reach, then?

In a word: anything.  This is the Internet unchained, the picture that many of you probably had of it when you first heard of it.  This also includes all of your “normal” sites, though naturally browsing Sesame Street is not going to be the first idea that comes to mind.  What does come to mind is all of the stuff that you imagined must exist somewhere out there on the Internet, if only you knew how to find it.

It is at this point, then, that we have to issue more than just a typical warning, and state that there is no, we repeat, no endorsement of any activity through this article.  Truthfully, we know a lot of you will be naughty.  That’s the reality, and we can’t stop it, no matter how stupid it might make you.  But we can tell you that these things are underground for a reason.  You investigate any of this at your own risk, and that’s not a risk we want to see any of you take.  Are we all clear?

Tor in the News and the future of anonymous usage

The development of Tor is not an isolated phenomenon.  While it may have been a military project initially, it’s still true that there is a higher push for privacy on the Internet as time goes on.  Tor is a somewhat accidental response to it, but it’s nonetheless one that answers this call.

That being the case you would think that Tor would be in the headlines more.  It has instead attracted oddly little attention.  A branch of the collective Anonymous used it recently to infiltrate a child pornography web site.  It was the subject of governmental ire for giving access to a network that they couldn’t reach (ironic, no?).  It was also cited as a tool that was used by Egyptian rebels in their recent insurrection.  Despite these isolated incidents, though, this pathway to the electronic underground remains mostly as invisible as the sites that it accesses.

It’s hard to say what this all means.  One thing we can say is that the technology is solid.  One renowned security expert accessed a black market selling just about every manner of illegal goods, to try to find a security weak point anywhere whatsoever in the process.  Shockingly, he could find none.  Think for a moment about what that would mean if that were to remain the case and become more publicly known.

There’s really only about one thing we can say for certain regarding the future of Tor and its relationship to web security: it’s going to be mighty interesting.