How Tor Works

By Peter Johansen


Today, Tor is already in its third generation. To hide the identities and the activities of its users, the system uses a routing process where separate cryptographic keys are created for each segment of the information flow. These cryptographic keys are purposely created to be short lived to prevent anyone from retrieving old traffic to decrypt it. It then makes the encrypted communication ricochet across a network of volunteer-run computers which act as relays. This way, if the NSA succeeds in taking down one node, the rest of the system won’t be compromised. The original design of the onion router, a single node run by a hostile operator, can take a snap shot of all the traffic – thus compromising the whole system. The third-generation Tor has solved this and kept the NSA continually frustrated.

From a technical point of view, the way Tor ensures privacy is by keeping identities separate from routing. Normally, when you go online, your router or your laptop is given its own IP address. Every online activity emanating from your router or from your laptop sends out this IP address as the end-point where your requested information will be sent. Whether you like it or not, your IP address becomes a unique identifying mark with which all your online activities can be traced quite easily.

In the Tor Network, however, all your communications (including the URL of the site you type on the browser) do not follow a straight path directly to the site from whom information is requested. Instead, each request is made to bounce through three or more of the Tor nodes run by volunteers before making an exit from the network and subsequently sends the requested data to the intended destination.

The Tor process uses multi-layered encryption, which is nested much like layers of onion skin. It encodes the data along with the destination site not once but multiple times before bouncing it to several Tor nodes selected at random. Each node decodes only a single layer of coded data and then passes on the remaining encrypted data to other nodes, which in turn decrypt the multi-layered encryption one by one. It is the final node cracks the last encoded layer (innermost), revealing the original message which is then sent to the intended recipient without unravelling, or revealing, the IP address of the data source. The darknets other than Tor which we mentioned earlier use pretty much the same process of trans-mitting data anonymously.

This way, the site from which information is requested won’t be able to know the IP address of the requesting party, much less trace its origin. It is only at the instance when one enters the Tor circuit and makes the request for the first time that the IP address of the requesting party is identifiable. Thereafter, the communication goes through several Tor-initiated actions, winding and bouncing across several relays that cloaks the IP origin of the request – making it completely undetected. This, however, will also slow things down significantly. On top of that, by default, the Tor settings also disable some functions – obviously, for security reasons. This includes the plugins that allow you to access and view videos on your browser. This is of no consequence though, since you can easily turn them back on when you go back to regular browsing.

Apart from allowing you to surf the surface web anonymously, Tor also has what are known as the ‘hidden services’. This is the hidden layer of the Tor network which constitutes the Tor dark net. This is a collection of sites with the dot onion extension (.onion) which cannot be accessed using deliberate vulnerabilities into software and hardware which they intend to use for spying activities.
Another area of Tor vulnerability which unscrupulous individuals try to exploit is the fact that Tor has little or no control over the volunteers who operate the Tor nodes and relay Tor dark net traffic. Researchers have uncovered proof that some node operators were spying on Tor darknet traffic. While this is unavoidable, it is not unpreventable. To address the problem, Tor developers rank the relay nodes according to their trustworthiness and gave its users the power to choose which set of trusted nodes to use for their start point relay.

Nevertheless, Tor has managed to stay one step ahead of those who try to undermine its encryption process as well as with its so-called Tor adversaries. For example, when China attempted to block the IP addresses of all of Tor’s publicly-listed relays in 2009, Tor created unlisted relay bridges which they made available on request. It is difficult to block the bridges because they are unlisted.

Theoretically, the NSA and other government agencies may be able to track several individuals in the anonymous dark net but the truth is, they are often unsuccessful. The Tor structure and processes are so complex that it would be very difficult for them to do it large scale – much less tracking every one surfing the deeper dark web. It will require a tremendous amount of resources without any guarantee of success.

The dark web is known to be home to clandestine marketplaces where stolen credit card numbers, drugs, firearms, and illicit goods exchange hands freely. The darkest side is home to gun-for-hire professionals and shadowy creatures who engage in child pornography and human trafficking. The lighter side of the dark web though contains blogs, chat rooms, and forums where you can retrieve valuable information in complete anonymity.

Bitcoin FAQ

Inside Darknet: the takedown of Silk Road