01 logo

The TOR Browser: How Onion Routing Works

by Insaf Ali 4 months ago in cybersecurity

The browser governments hate.

Image @ TechRadar.com

It might not win any prizes for best name. But there's no doubt that you've heard some kind of news story that involved the TOR project or its flagship browser. But what actually is TOR?

How does it protect users' privacy?

How did TOR pave the way for websites like Silk Road to become a hot spot for illegal online activity?

Start with the name TOR which stands for The Onion Routing. Onion routing was a concept devised by members of the U.S naval research lab in the 1990s concerned by who might be able to track their internet usage and see who was communicating with whom.

Members of the lab came up with the idea of routing their traffic through multiple servers encrypted at every stage and with each server only able to see where the data had directly come from and where it would immediately be going next, not the origin, the destination or its contents.

With each level of encryption working like layers of an onion. This is basically how tall operates today with information encrypted three times by three different voluntary servers referred to as nodes located randomly around the world with each node unaware of its own position in the sequence.

The process was further developed by the United States Department of Defense before being released in the autumn of 2002 under a free and open software license that anybody could use.

Volunteer nodes were few and far between located mostly in the US and so in 2006, the TOR project was established as a non-profit organization focused on maintaining TOR development and promoting its uptake.

Onion routing was then starting to gain traction among privacy-minded tech users but the software wasn't very user-friendly and so the TOR browser was unveiled in 2008 bringing the organization's technology straight to the desktop of anyone who is interested in trying it.

The browser's user base has since grown into the millions and the program has been praised for helping vulnerable people, negotiate censorship, and government firewalls to access the open web.

For example during the Arab spring in 2011. Many locals relied on TOR to use social media platforms and news sites to keep their families safe.

Whistleblower Edward Snowden has also been a vocal supporter of TOR, describing the project as a critical technology and suggesting that it provides far better protection than typical alternatives like static VPN tunnels and as you might expect tor has sadly fallen into the hands of a less savory crowd too.

The organization's former executive director stated that "The criminal use of TOR has become overwhelming" and by his own estimates around 95% of all Onion Routing is for criminal activity.

In the eyes of many TOR has in fact become synonymous with the dark web as it's the go-to means of accessing the illicit corners of the internet. Like Silk Road, a marketplace made for the sale of illegal substances.

What's more, TOR may not even be as secure as first suggested.

Any data leaving an exit node that is the final server before its destination is reached is vulnerable to a cyber attack as the data is now decrypted. Although the original source of the traffic would not be traceable. The exit node floor serves as a reminder that Onioning may provide extra layers of security but not a watertight guarantee.

And by the organization's own admission the TOR browser may actually be slower than competitors. This is inherent in the routing model since data is sent all across the globe before displaying your desired web page.

The majority of tours funding is provided by the United States government while the foundation also accepts donations from other generous groups and individuals too.

Including Google, in the past few years, this system has proven controversial given that the upkeep of TOR is probably not in the interest of every American taxpayer. Plus the fact that the investment by a governing body is exactly what many TOR users are trying to avoid in the first place.

Either way, the TOR project certainly has its uses but whether they line up with your own interests is for you to decide.

cybersecurity
Insaf Ali
Insaf Ali
Read next: Wearables vs The Virus | João Bocas | Engati Engage
Insaf Ali

The world is a jungle: You either fight and dominate, or Hide and evaporate.

See all posts by Insaf Ali

Find us on socal media

Miscellaneous links