©2019 Security Unleashed | New Delhi

  • Animesh Gupta

A beginner’s guide to Tor

Updated: Aug 1, 2018

We live in an era of free-flowing data, where any person with an Internet connection has seemingly all the information in the world at their fingertips. Yet, while the Internet has greatly expanded the ability to share knowledge, it has also made issues of privacy more complicated, with many worrying their own personal information, including their activity on the Internet, may be observed without their permission. Not only are government agencies able to track an individual’s online movements, but so too are corporations, who have only become bolder in using that information to target users with ads. Unseen eyes are everywhere.

In this climate of data gathering and privacy concerns, a browser called Tor has become the subject of discussion and notoriety. Like many underground phenomena on the Internet, it is poorly understood, shrouded in the sort of technological mysticism that people often ascribe to things like hacking or bitcoins.

What is TOR?

Tor is a distributed anonymous communication service using an overlay network that allows people and groups to improve their privacy and security on the internet.Individuals keep tor to keep websites away from tracking them or connect to those services blocked by their Internet Service Providers(ISP).TOR hidden services let user’s publish their website and other services without needing to reveal the location of the site.

Why the Internet isn’t secure?

To understand how Tor is able to protect a user’s identity as they browse the Internet, it seems prudent to discuss exactly how the Internet works. The Internet is, at its most basic, the series of connections between computers across great distance. In the beginning, computers were isolated, unable to communicate with each other. As the tech got more advanced, engineers were able to physically link computers together, creating early networks. These networks still required the computers to be relatively near each other, however. Eventually, advances in fiber optics enabled networks to connect across continents, allowing for the Internet to be born.

Some computers house the data stored on the Internet, including web pages like Google. These computers are known as “servers.” A device used to access this information, such as a smartphone or PC, is known as a client. The transmission lines that connect clients to servers come in a variety of forms, whether fiber optic cables or wireless signals, but they are all connections.

Although clients initiate connections to get information from servers, the flow goes both ways. Data is exchanged across the Internet in packets. These packets contain information about the sender and the destination, and certain individuals and organizations can use this data to monitor who is doing certain things or accessing certain information on the Web.

It is not just the server that can see this data. Traffic analysis is big business, and many organizations, both private and governmental, can monitor the messages flowing between clients and servers. How, then, does Tor keep the user’s information secret?

How Tor has the answer?

There are two key aspects to onion routing. First, the Tor network is composed of volunteers who use their computers as “nodes.” As mentioned earlier, during normal browsing, information travels across the Internet in packets. When a Tor user visits a website, however, their packets do not simply travel to that server. Instead, Tor creates a path through randomly assigned nodes on that the packet will follow before reaching the server.

The other important aspect of onion routing is how the packets are constructed. Normally, a packet will include the sender’s address and the destination, not unlike a letter. When using Tor, the packet is wrapped in successive layers of packets, like a nesting doll.

When the user sends the packet, the top layer tells it to go to Router A, the first stop on the circuit. When it is there, Router A takes off the first layer. The next layer tells Router A to send the packet onward to Router B. Router A does not know the ultimate destination, only that the packet came from the user and went to B. Router B peels off the next layer, seeing that the next stop is Router C. The process continues until the message reaches its destination. At each stop, the node only knows the available information: the last place the packet was, and the next place it will be. No node knows the complete path, and neither would anyone who observes the message being sent from a node.

How to get Tor?

In keeping with the ideological aims of the Tor Project, Tor is free to use. Simply download and install the browser, which is a modified version of Firefox available for Windows, Mac OS X, and Linux. For mobile browsing, there is also an Android app called Orbot. Note that while the Tor browser is already configured to work properly, users on networks with firewalls or other security systems may experience difficulties. Moreover, careless Internet usage can still compromise one’s anonymity. Tor’s website has a comprehensive list of things to avoid doing while using the browser, as well as fixes for any problems that arise.

The Deep Web and Tor’s hidden services

Tor is valuable as a tool to protect the user’s privacy, but that is not its only function. The other, more infamous use for Tor is as a gateway into the Deep Web, the massive portion of the Web that is not indexed by search engines. The term “Deep Web” is thrown around in popular discourse, often in tones reserved for bogeymen. There are good reasons for this, but most of the Deep Web is fairly mundane. It is merely all the information that cannot be easily accessed through a Web search, which is a lot of data, actually.

The Internet, to use an old but apt cliche, is like the ocean. Like the surface of the world’s oceans, the surface of the Internet is mapped out, easily found via Google search. The bulk of the world’s oceans lie beneath the surface, however. The bulk of the Internet (around 80 percent) comprises pages unknown to most people, locked behind passwords and protocols.