– Reading time: 9 minutes-
Hello, welcome to this new article. As you might have understood from the title, today I will talk to you about Tor. You’ve probably heard of it before: the Tor browser is well-known for allowing access to the infamous Dark web. If you’re interested in the topic, I recommend an article I wrote where I debunked some myths about it. Despite having touched on the concept in the previous article, today I will present in detail the mechanisms on which the Tor browser and the Tor network are based.
Internet and anonymity
Tor, which stands for “The Onion Routing”, is a real network infrastructure created to ensure anonymity on the web. You should know that when you browse the Internet using conventional tools, unfortunately, you are not anonymous at all. In fact, the Internet itself makes us entirely traceable: attributing any action you take is always feasible. This is because all the traffic you generate always passes through your ISP (Internet Service Provider1). This entity ensures your access to the websites you’re interested in, and as a result, it knows precisely who you are, which sites you visit, and when you visit them. Furthermore, your ISP assigns you a public IP address that you carry with you for every web service request. If you’re unfamiliar with the concept of an IP address, just imagine it as a value that identifies you on the web: any site receiving a request from you will perceive this address as the “sender”. If you wish, you can independently check your public IP and the associated information by searching “What is my IP?” on your preferred search engine. Most likely, the results will include various websites that not only provide your IP but also disclose your ISP’s name and your geographical location. Simply looking at the information offered by these websites should convince you that it’s quite straightforward to trace your activities back to you.
VPN and anonymity
At this point, you might wonder if using a VPN can solve this problem and guarantee anonymity. The answer is: it DEPENDS. When you connect to a VPN, in short, all your traffic is rerouted to the VPN’s servers, which handle forwarding requests on your behalf. So yes, it’s true that your ISP will no longer be able to see your traffic, and it’s true that the websites you visit will perceive your requests as coming from a different geographical location. The problem, however, is that the VPN service provider will now have access to all the information that your ISP used to see. They’ll know exactly who you are, which sites you visit, and when you visit them. Of course, VPN providers often claim to implement a no-logging policy, which means they state they don’t retain any user data. Unfortunately, there’s no way for you to independently verify this, and you must simply trust their word. With Tor, on the other hand, you don’t need to rely on anyone’s trust: its mechanism is entirely transparent and verifiable. With Tor, no one will know who you are, which sites you visit, or when you visit them. Additionally, its security mechanism is extremely challenging to break, making it one of the few avenues you can currently take to achieve genuine anonymity on the Internet.
Tor: The Onion Routing
To fully understand why Tor is an excellent solution for anonymity, you need to grasp how it works. Let’s see what happens when you browse using this infrastructure:
When a user connects to a regular website through the Tor network, an anonymous circuit is established towards the destination server. A typical Tor circuit usually involves three nodes called the entry guard, middle relay and exit relay, respectively. These nodes are simply computers that handle packet2 transit and route them towards the destination web server. For example, a packet created by the user, let’s call him Bob, will first pass through the entry guard, which will then send it to the middle relay, and finally, the exit relay will forward it to the ultimate server. This circuit is not fixed, entry guard, middle relay and exit relay are chosen periodically from a list of known Tor nodes: generally you will never use the same circuit for too long.
Once these nodes have been chosen, to create this circuit, three symmetric keys, k1, k2, and k3, are used, each serving for secure communication between the user and one of the three nodes. I won’t delve into too many encryption concepts that would unnecessarily complicate the article. Just know that a symmetric key is what two entities use to encrypt their communications. For instance, if Bob wants to communicate with the entry guard using the key k1, he will encrypt each message with that key before sending it over the network. On the entry guard’s side, it will use the same key k1 to decrypt the message. Only the encrypted message will travel over the network, and the key k1 is needed to decipher it. Therefore, if only Bob and the entry guard possess k1, no one else can read their conversations.
But how are the encryptions related to keys k1, k2, and k3 combined? Let’s see step by step what happens each time Bob wants to send a packet to the website server he wants to access:
- The initial message m3 will first be encrypted with key k3, resulting in c3. Only Bob and the exit node can understand c3 because they are the only ones with k3.
- At this point, key k2 is used to encrypt c3, obtaining c2. Only Bob and the middle relay can understand c2 because they are the only ones with k2.
- Finally, key k1 is used to encrypt c2, yielding c1. Only Bob and the entry node can understand c1.
In other words, before sending it over the network, the original message m is encapsulated in a series of “cryptographic layers”, creating a sort of onion, hence the term “Onion routing”.
After encrypting the message m as described, Bob will get c1. c1 will be sent to the entry guard, which will decrypt the first layer with its key k1, obtaining c2. Let’s pause for a moment at this first step and reflect: can the entry guard break Bob’s anonymity with c2? The answer is obviously NO. The entry guard cannot further decrypt c2 because it would need key k2 to do so. All it knows is that c2 was sent by Bob. Thus, the entry guard knows that Bob is using a Tor circuit but knows nothing about the final destination.
With no other option, the entry guard will send c2 to the next node in the circuit: the middle relay. The middle relay, starting from c2, can then remove one layer of encryption with its key k2, obtaining c3. Similarly to the previous case, c3 will not provide any information to the middle relay. It won’t know that the sender is Bob since the message came from the entry guard, and it won’t know the final destination without key k3 to decrypt c3.
As you might have already understood, at this point, the middle relay will send c3 to the exit node, which can decrypt it and retrieve m. Obviously, having received c3 from the middle node, the exit node won’t know that m was formulated by Bob. But being able to read m, it knows that it needs to be sent to the destination server. Therefore, the exit node knows that someone is contacting that particular website at the moment but has no idea who that someone is. In conclusion, to finish the job, it will forward m to its destination. At this point, m will finally reach the target website. Even the website won’t know anything about Bob: it received the message m from the exit node and knows nothing about the true sender.
If you’ve followed my reasoning, I imagine you’ve understood the significant protection this tool provides. Through this circuit mechanism, both fascinating and intricate, Tor manages to guarantee full anonymity for its users. The rest depends on how users use it themselves. In simple terms, if Bob, using Tor, were to publish an article with his full name, surname, and home address, all the Onion routing encryption would be of little use, and anonymity would be completely nullified.
Obviously, to use Tor, there is no need for registrations, no need to disclose any of your information to anyone, and you don’t even need to worry about making this whole mechanism work. The only thing you’ll need is the Tor browser, which you can download for free from the official website. All the functioning I explained happens behind the scenes when you connect to the Tor network through the Tor browser. The browser itself selects the Tor nodes to contact, establishes the circuit through them, and forwards the request. As a user, the browsing experience is pretty much identical to what you would do with a regular web browser like Firefox, Chrome, Safari, etc. The only perceived difference lies in the slowness of page loading (quite understandable given the application of various encryption layers).
Before concluding, you should know that the same level of anonymity can also be achieved on the server side. For example, if Bob wanted to create his own website but wished to remain anonymous, how could he do it? In this case as well, he could utilize Tor and set up a so-called hidden service, but we’ll discuss that in a dedicated article. That’s all for today, thank you for reading this far. Best regards!
1 ISP (Internet Service Provider) refers to the company you have chosen to provide your internet connection. ↩
2 A packet is a fundamental unit of data transmission in the context of computer networks and the Internet. Every time you connect to a website, your computer sends messages in the form of network packets. ↩
3 m represents the actual network packet to be sent, and remember that it also contains the web address of the final destination site. ↩