TOR Explained

TOR logo

Today’s blog is all about “The Onion Router”, better known as TOR used to keep our online activities away from prying eyes of governments, advertisers, stalkers or may be even me(pun included).

But how does it work?

Why is it considered so secure?

Does it have any weaknesses?

Fasten up as we are going to dive into it for detailed information. TOR tries to anonymise your online activity by encasing your traffic in multiple layers of encryption, then sending it through number of nodes that peel back those layers one at a time, hence the onion nickname. Each node only decrypts enough information in the package to where to send it next, so none of the node know both your identity and identity of whatever website or server you are trying to connect to. This high level of encryption and repeated bouncing of network traffic makes TOR quite secure. Wait, you know what it still isn’t full proof.

About TOR

So at some point your data has to leave the TOR network to get to wherever it needs to go through something called the exit node. The very last TOR node, that your data travels through. When you data leaves an exit node and send to it’s destination, it is no longer necessarily encrypted. Though it’s very difficult for the recipient to tell that it is you connecting, any unencrypted personal information can be read by the operator of exit node and whatever site you are connecting to. In fact a team of researchers have harvested a bunch of unencrypted email ids and passwords even though they were sent over TOR. The fact that anyone can run an exit node, also means that you don’t know who could be looking at your information on the other end.

To eliminate this problem somewhat, the TOR foundation provides the TOR browser for free which is a modified version of Mozilla Firefox that among other things attempt to use the encrypted https rather than regular http for as much of web activity as possible. Also disable certain plug-ins that can leak your IP address. Many plug-ins and applications won’t run over the TOR network by default and can give away your IP even when your other traffic is going over TOR. Some users have tried to use VPNs in conjunction with TOR to create an encrypted tunnel at every point of the connection. The best idea is not to share any personal information over TOR. TOR also has the limitation to be a slow network and will not be useful to download large amount of stuff or streaming in 4k.

TOR may not be perfect but it is a good first line of defense.