In a previous article, we talked about how using a Virtual Private Network (VPN) can help provide better security and privacy when you use your computer.
A VPN can help obscure your location, and also provides additional encryption to prevent snoops from seeing what you are doing, and to hide sensitive data.
But, there is another solution for those who are privacy conscious – The Tor Browser.
First of all, what is the Tor browser?
TOR stands for the The Onion Router. It’s a system built to help provide privacy and can help you browse the web in anonymously.
The Tor Browser is a special version of the FireFox web browser – so if you’ve used Firefox it will feel very familiar.
And it’s free.
But there are MAJOR changes under the hood.
Let’s talk first about what the benefits of using the Tor browser are.
Benefits of using the Tor Browser
Firstly, the Tor browser blocks trackers. Third-party trackers and those annoying ads that follow you around the Internet can’t happen when using the Tor browser. It is constructed in such a way that those things simply can’t work. Your cookies are also cleared automatically with each new session.
The Tor browser can’t be fingerprinted effectively – this is one of many techniques that websites use to know who you are (or at least that you are a repeat visitor.).
Secondly – it keeps network snoops from seeing what you are doing (which sites you are visiting). Isn’t this what VPN does? Yes – but Tor is a cooperating set of servers run by volunteers across the Internet and gives you a level of privacy that VPN can’t match.
Your Internet traffic is relayed and encrypted three times as it passes over this network of servers. The triple layers of encryption is where the “onion” moniker comes from – think of it as similar to the layers of an onion.
The Tor browser also helps you circumvent censorship – you can visit websites that your government or employer may have blocked at the firewall. Tor can do this because of that network of servers globally – your traffic is routed through these, and unless all Tor “relays” and “bridges” are blocked – you can browse in peace.
Need to browse a website and not leave logs in the corporate (or government) firewall? Tor is a great option.
Want to ensure your online activity won’t “follow” you around the internet via third-party trackers? Use Tor (with some other common sense things).
Need to access an Internet site your government has blocked – Use Tor.
Tor vs VPN
OK, so far the benefits sounds awfully similar to a VPN.
But, here’s some things to consider.
Your VPN service is provided by a single commercial entity. They may claim a “zero logs” or no logging policy – but how do you really know that is true?
Secondly, is it possible an oppressive government has infiltrated the provider and is monitoring traffic? (whether by legal power or covertly?)
These are realistic possibilities.
Tor, on the other hand, is not a single commercial entity. It’s open source software provided by a non-profit organization.
But, more importantly the “network” of servers used as relays and bridges are run by volunteers worldwide – there is no single corporate entity that could be strong-armed into surveillance cooperation.
There’s no single point for “logging” to happen.
Secondly, your traffic is routed through multiple relay nodes.
And a different layer of encryption is used at each “hop”.
These network nodes have no information about the original source of the traffic.
Downsides of Tor
OK, so Tor gives us great privacy and helps foil surveillance – whether by corporations or government agencies.
But, that additional encryption and multiple network hops (world-wide) mean that web browsing is significantly slower than normal.
That’s the price you pay for the extra privacy.
That’s due to two things.
First of all, your traffic is being randomly bounced around the world – and that adds time.
Secondly, those Tor relay servers are run by volunteers – and there are only several thousand worldwide.
That means those nodes can be pretty heavily utilized – and they only have so much resources (network bandwidth, RAM, CPU for processing encryption) etc.
But, having said that – if you need to navigate the web in extreme secrecy Tor is your best bet.
Can my ISP determine that I am using Tor?
Generally speaking, yes, your ISP (or employer) will know you are using Tor – given the way the traffic exits their network.
What can you do about this?
You can potentially use a VPN along with the Tor browser.
In this scenario, you’re Tor traffic would be routed through the encrypted VPN tunnel – and then out to the Internet.
Your employer or ISP would still know you are using a VPN though – but that may raise less suspicion.
There are some advanced techniques you can use – including accessing the Tor network via unlisted “bridge” servers – but those are beyond the scope of the article.
Onion Services – The Dark Web
Tor can anonymize the origin of network traffic – but here’s another interesting feature.
Onion services can be created that help keep the destination website’s location hidden also!
These so-called Onion Services are what the “Dark Web” is built on.
In short, the Tor Browser and the Onion Service use that same network of Tor relay servers to “rendezvous” in secrecy.
The destination web site doesn’t know who you are – and you don’t know where they are located – but you can still browse the website.
As such, this so called “Dark Web” has been (and is currently) used for nefarious, illegal purposes. You may have heard of the “Silk Road” and other marketplaces that offer illicit items for sale. These are built on Onion services.
Using Tor doesn’t mean you have criminal intentions. There are Onion services that serve all kinds of purposes – some illegal, but many not.
At the end of the day you can use the Tor browser to browse securely and privately – and never touch an Onion service site if you so wish.
Before we move on from the topic of the dark web – here’s an important caveat.
The Tor browser and relay network help you to securely and anonymously browse websites.
But, there are additional methods someone could use to track your usage of the web.
First of all – you have to understand that the Tor “exit node” – the last relay in that chain of random hops – will potentially be able to see the network traffic – as well as know where the ultimate destination is. It has to – as it is the last node in the chain.
This means if you are connecting to a plain HTTP site (and not HTTPS) all that traffic can be viewed by a compromised exit node.
The solution is to ALWAYS use https – This end to end encryption ensures even the exit node can’t see the contents of your conversation (But the exit node will know where the destination is.)
Also remember that the goal of Tor is not to protect you from the destination web site. There is nothing in Tor that prevents you from giving details to the destination website that identify your location (username, password, shipping address, bank account, payment details).
It’s also possible for a government or other organization to use a “timing analysis” attack to determine you are accessing a given website. This can be done when the snooping entity can scan traffic going from your computer to the first node (the “guard” node) and between the exit node and the final web destination.
Here’s some other things to consider.
For example, has anyone installed a covert key logger or screen recording malware on your computer?
If that’s the case – they can view all your activity – Tor browser or otherwise!
Have they infiltrated or taken over the destination web site you are going to? This technique has been used many times by law enforcement to identify and apprehend sellers of illegal items on dark web sites.
We don’t condone illegal activity – and using Tor browser isn’t a magic bullet that will make you “invisible.”
Tor Browser – In Summary
We hope we have provided some insight into what the Tor Browser is and how you can benefit from it.
It’s another tool in your toolbox for protecting yourself from government and corporate surveillance – and we recommend you use it – if those things are important to you.