Disclaimer:
This article is outdated and speaks more about theory than practice. As anyone who has followed Tor news knows, there have been numerous cases of deanonymized hidden services and harassments by "law enforcement". Sadly, one has to always
assume that the software (even hardware!) contains deliberate or accidental security holes and doesn't work as claimed/supposed. It's not possible for us to know for sure which methods they use and whether it's really due to issues with Tor
itself, or just bad OPSEC and/or general lack of security routines.
Tor ("The Onion Router"), first appearing in 2002, is a piece of free software to enable anonymity over the
Internet. The system is not developed commercially and is not centralized, just like Bitcoin. It can be described as a virtual Internet inside the Internet, with its own technical rules and limitations. In stark contrast to the ordinary
Internet, which is practically designed to violate your privacy in every way you can't imagine, the purpose of Tor is to provide total anonymity.
While there
are
some alternatives, they are even less
known than Tor, which is by far the biggest and most popular of them all. Considering how obscure it still is on a mainstream level, and how it has no real show-stopping negative downside, I still consider it the only real
option at the time of typing.
As with so many other things that are in the least bit complex, there is massive confusion concerning Tor.
Basically, you can use it in two distinct ways:
- As a way to anonymize yourself on the normal Internet, by using it as a kind of advanced proxy.
- Never leave the internal Tor network but use its "hidden services", entirely without ever "exiting" to the normal Internet.
Naturally, you can do both at the same time. Nothing forces you to choose one way. Personally, I find the latter
by far the most fascinating. The former is impractical as so many "normal" services ban Tor use entirely due to expected/experienced abuse. It is easy to block Tor on the normal Internet because there is a public list of all so-called "exit
nodes". More on that later.
Just like
my Bitcoin article, this document tries
to explain the important aspects of Tor in a sensible manner, without going into every single detail.
Roughly how it works
Everyone who uses Tor must have a Tor client installed on their computer. Once it's running, you can set up
various software (such as Web browsers) to connect through Tor. The developers are nice enough to provide a "Tor browser bundle" for the sake of simplicity, which is basically a heavily secured version of the most stable current Firefox Web
browser with the settings and various precautions already set up, meaning that anyone can simply download that and be using Tor within a few minutes. As long as private Web browsing and using Web Tor sites is their only need, it works fine and
won't leak information (which could be the case if you set up your normal browser incorrectly, or if you are using unsafe plug-ins/settings).
Once you have Tor running, you are a node of the network. Ignoring "bridges" and "hidden services", one could say
that there are three different kinds of nodes:
- A plain user. This is the default and simply means that your own traffic is juggled around the Tor network instead of connecting directly to the target
server. Nobody else on the Tor network uses your computer as a "jumping point".
- An internal relay. This is if you want to help out the Tor network by allowing other nodes to juggle encrypted data through your machine internally
(safely). This does not put you at any risk, but naturally uses bandwidth from your Internet connection. (Tor has nice support for easily configuring how much of your connection may be used for this.)
- An "exit node" (also functions as an internal relay), which is relatively very risky for the operator. This is where all the data, after it has been
juggled around internally, actually "exits" to the ordinary Internet. In other words, if you connect to Microsoft's normal Web site through Tor, the exit node chosen at the moment (automatically, randomly) will appear to be the one which
connects to their site. As you can imagine, this might get you in serious trouble if a user downloads/uploads child porn, blueprints of the White House coupled with instructions on how to make a bomb, sends death threats to various
politicians, etc. (from/to the normal Internet). Still, there needs to be sufficient exit nodes if Tor is going to work with the Internet and not just be an internal affair (which, if you read on, I wouldn't really mind).
Tor is a simplified subset of the Internet, inside the Internet. While not just WWW is supported, everything
needs to use the "TCP" protocol. Tor is literally a virtual network with emulated routers/circuits through software. To me, Tor in many ways works the way Internet should have worked in the first place, although with lots and lots of overhead
(necessary due to its nature), just like Bitcoin works in the "obvious" way a virtual money system should have all along.
The boring stuff: using it as a normal Internet proxy
When using the Tor browser (or any other Internet-facing software correctly configured to use Tor), and you
connect to any normal Web site, they will not see your IP address/hostname, but a random exit node's. What actually happens is that the Tor software on your computer takes your request, throws it into the "magic black box" that is the Tor
network, juggles it around for a bit (going through internal relays that just pass the encrypted data along), until it finally is spat out by an exit node to the final location. The same thing happens in reverse when the target server
responds.
It's important to understand that while all the data inside of Tor is encrypted — you are never letting anyone
who acts as an internal relay in the Tor network read/sniff/capture/modify even your plaintext data — the data exiting Tor and the data which gets back in
is not and cannot be encrypted unless your traffic already is encrypted in the first place. If you use a plaintext protocol such as HTTP, which is not encrypted
in any way on the Internet, it does not magically become encrypted when exiting the Tor network, nor will its response data. Because it doesn't make any sense. However, if you do use a protocol that
is
already encrypted on the Internet, such as HTTPS, it is encrypted all throughout the journey. While it's inside the Tor network, it's encrypted twice: your data is already encrypted, then it is encrypted by Tor. Nobody except for you, the exit
node, the destination server (obviously) and its service provider have any technical means to see/modify even your plaintext
traffic.
Since the world is full of lowlifes who want to ruin anything good, you can just imagine how much abuse goes
through Tor. Lots and lots of people can't seem to handle any kind of anonymity. However, the solution is
not
to rape everyone's privacy in a vain attempt to get to those people. Even so, many people in charge think like that, and simply block all the Tor exit nodes (which, again, are publicly known in a list and thus easily done), refusing service to
everyone
using Tor. This has made Tor of rather questionable use on the normal Internet as you can't participate in many major places, and brings me to the really good part of Tor…
The exciting stuff: "Tor sites"
This is where things get interesting. A Tor site, commonly known as a "hidden service", is a special Web site (or
other Internet service) hosted not on the normal Internet but only inside the Tor network, with the special top-level domain ".onion" instead of ".com" or anything like that. This feature was added in 2004, but still could use some extra work
to become really stable. These cannot be accessed without running Tor, do not use the Domain Name System, cannot be traced to an IP address/country/location/server (unless the server leaks this information by other means through security
holes, of course), and is simply a fantastic concept.
A Tor site is simply served like any other Web site, but is specifically configured to route everything through a
Tor client. This means that there is no need to use HTTPS, because everything inside the Tor network is already encrypted. No traffic leaves the Tor network when you access a Tor site; no exit nodes are used and there is no direct technical
way of telling visitors apart.
Nobody can know where an .onion site is hosted. The people in the data center (or at the Internet service
provider) are only able to see that some kind of encrypted Tor traffic goes in and out of the server, which doesn't mean anything except that you are a Tor node. As long as they don't specifically ban Tor usage, that's not a problem.
I could be running a commercial Bitcoin child porn/warez/terrorist/money laundering service right now and nobody
would know. Or you could be. That's the beauty of Tor. There is no way to know, and no way to shut down an .onion short of overloading it with traffic, which is much harder than with a publicly known Internet server. Well, you could of course
also hack into the server through some exploit in the Web server, take over the private key and stuff like that, but that's almost too obvious to even mention and nothing that happens if the owner is competent.
In reality, the true scum don't actually need to use Tor, but are able to get away with doing anything openly on
the normal Internet, so this kind of "darknet" is basically only necessary for people doing great things but are being harassed for it by evil people, such as the government. In other words: the exact opposite to the typical bullshit
propaganda about "shady" people doing "evil" things and must be stopped and "regulated" at any cost. Quite ironic.
The sad fact is that as soon as there is even the slightest possibility of regulating anything, idiots will find
a way to abuse it to harass people they don't like, and the big players will rule freely in practice and play by their own rules while silencing all good forces. That's why it must not be possible to touch any Tor site. You can't get around
the truth that the ones in charge are incompetent, greedy, spineless human waste. I know this better than most, having dealt with so many criminal liars in positions of great power and influence. They cannot be trusted for one second as they
will turn against you at the slightest risk of bad PR for themselves, regardless of any promises, which is why things such as Bitcoin and Tor are simply
necessary.
When nobody is actively accepting/turning a blind eye to some controversial site, because they can't do anything
about it, the problem of questionable morals/guilt trips solves itself. That is, until Tor is outlawed/blocked on a massive scale because it "allows kiddie porn, terrorists, piracy and money laundry". Or when people with money start putting
pressure on the developers to keep a list of "undesirable" .onion addresses and build this into the protocol (even if it's extremely unlikely that they would agree to do that).
A couple of practical problems with Tor sites
For those running a Tor site, every single request will appear to come from the IP address 127.0.0.1 (localhost).
Naturally, it would seem, this introduces some serious problems in fighting abuse. However, speaking as somebody with a lot of experience in this, it is largely irrelevant which IP address abuse comes from; most people use major Internet
service providers with millions of paying customers, all sharing the same IP address ranges. Banning them frequently has little to no effect in practice, and additionally often blocks legitimate, unrelated and innocent customers. Not even
"weird countries" where lots of compromised machines and (non-Tor) proxies are located can be safely blocked. As for reporting abuse to providers, this is always ignored anyway. Not having the option to trick oneself into thinking there is a
meaningful pattern in the origin is liberating in a way; you can simply focus on each case.
The addresses for .onion sites are not very pretty:
http://5onwnspjvuk7cwvk.onion/
(fixed at 16 characters). This is not really a problem in my opinion as the alternative would be the domain name nightmare we have today in the normal Internet all over again. Still, it makes it impractical to, for example, put up a poster
with the address to an .onion site. You're going to want to have it in a "copy-and-pasteable" context, or use a normal domain which simply links to the .onion. It is actually possible to run software to generate a "vanity" .onion address, such
as http://silkroadvb5piz3r.onion/
, but this is only practical for the first few characters. The rest will have to be random unless you have a computer that is
infinitely faster than anything that is known to exist today or is expected to exist for a
very
long time.
Main problems with Tor in general
- Accessibility. While almost anyone has the
necessary IQ to download the Tor browser, install it and click a button to run it, you have to convince people to do that if they aren't already Tor users. That's a hopeless nightmare comparable to trying to get people to grasp what Bitcoin
is and what it's good for. When was the last time you downloaded a plug-in for your browser to view some content? Flash Player is so widely used that it's got the "network effect" going for a long time. It's not an attractive thought, but you
simply can't have things "just work" because they simply aren't there. Tor is its own thing.
- The speed. Using Tor, whether as a proxy on
the normal Internet or for an internal Tor site, is painfully slow for most people used to blitzin' fast connections. It often feels almost like going back in time to dial-up Internet, although content typically comes in "chunks" with lots at
the same time instead of gradually appearing little by little.
- Video streaming, file sharing and really even radio is much too demanding for Tor. While it's still done (at least file sharing), it is heavily
discouraged, unreliable and slow. Hopefully, this will improve in the future as Tor grows.
External links
- Official Tor Web site
- Tor2Web
— a service to let non-Tor users view content hosted on Tor sites (not safe and should only be used when absolutely necessary)
Now what?