Tor: The smart person's guide

istocklofilolo.jpg

Image: iStock / lofilolo

When privacy is outlawed, only outlaws will have privacy. And digital outlaws will probably use Tor. An acronym for ‘the onion router’, Tor is a free web browser and suite of open source software that enhances user privacy by encrypting web packets and browsing activity.

Tor is complex, yet easy to install and operate. The tool is widely used by reporters, political dissidents, hackers, and Dark Web profiteers to communicate anonymously. Tor enabled the Arab Spring, is used by millions of Chinese users to skirt the Great Firewall, and helps sources and whistleblowers safely share vital information with reporters. Conversely, the encrypted browser also allows hackers to snoop safely, and has helped illicit Dark Web markets flourish.

SEE: Three ways encryption can safeguard your cloud files (Tech Pro Research report)

TechRepublic’s smart person’s guide is a routinely updated “living” precis loaded with contemporary information about about how the onion router works, who Tor affects, and why privacy-enhancing software is important.

Executive summary

  • What is it: Though Tor is built on the Firefox open source protocol, it’s actually actually a number of integrated technologies. The browser itself carefully mitigates common web tracking tools like cookies and analytics systems. The Tor network is composed of thousands of servers around the world. When a user browses with Tor, web activity and packets are bounced through each server, obfuscating the originating and destination IP address.
  • Why it matters: As web privacy erodes the Tor foundation argues that the platform helps preserve free speech free thought.
  • Who it affects: From activists to hackers to Dark Web surfers, many users depend on Tor to protect their identity, and often their lives. Companies and consumers may need Tor to protect sensitive web actions.
  • When it’s happening: The tech powering the onion router was built at the United States Naval Research Laboratory in the mid-1990s, and Tor launched in 2004. Today Tor is used daily by approximately 300 thousand users in the United States, and 1.5 million worldwide.
  • How to access Tor: Visit the Tor Project website and follow the instructions for downloading and configuring the application. Make sure you read and understand the FAQ before firing up the browser.

SEE: Check out all of TechRepublic’s smart person’s guides (TechRepublic)

What is it?

True to its name, at Tor’s core is technology that routes web traffic through several layers of relay servers. Similar to a VPN, the secure tunnel allows users to visit both public and secure Dark Web sites without compromising sensitive information like IP address, mouse and cursor movement (really), computer location, and personal data stored in cookies. Tor defends against deep packet analysis, and protects two specific points of information: website data payloads, and header information. The data payload is the content of a website, video, email, or chat conversation. Headers contain meta information—browser type, screen resolution, access time, user destination and origination IPs—about when and how website data is accessed. Marketers, Internet service providers, and site owners use this information to better understand user behavior, target ads, and serve targeted content. The Tor network prevents and discourages the collection of sensitive user data.

htw1.png

htw1.png

Image: EFF

Additional resources

Why it matters

Freedom of speech and thought is a fundamental component of democracy. Surveillance by marketing and advertising companies, and by government intelligence organizations like the NSA has a chilling effect. Privacy-enabling technologies like Tor help enable free speech.

Critics often point out that Tor enables criminal activity. And no doubt, odious actors do use Tor to commit crimes. The Tor Project—in conjunction with the Electronic Frontier Foundation (EFF), a digital privacy rights advocacy organization—disagree that the anonymous browser creates criminals. The foundation states:

Criminals can already do bad things. Since they’re willing to break laws, they already have lots of options available that provide better privacy than Tor provides. They can steal cell phones, use them, and throw them in a ditch; they can crack into computers in Korea or Brazil and use them to launch abusive activities; they can use spyware, viruses, and other techniques to take control of literally millions of Windows machines around the world.

Additional resources

Who it affects

Five types of users routinely rely on Tor:

  1. Companies that need to protect their most private and sensitive information.
  2. Private trans-national groups like NGOs, media companies, and companies that conduct business and and communicate in countries with varying degrees of legal privacy protection.
  3. Government organizations like the US Navy that operate in conflict regions and countries that censor the web use Tor to protect troops and civilian leaders.
  4. Reporters, whistleblowers, and activists who rely on anonymity and private communication to mask their identity.
  5. Consumers concerned about protecting personal privacy. For example, consumer web users frequently use Tor to block targeted advertising, and victims of domestic abuse use Tor to communicate with law enforcement and support groups.

Additional resources

WATCH: Cracking The ‘Great Firewall Of China’ (CBS News)

When it’s happening

Tor is used by millions of people every day. Security experts like Bruce Schneier argue that the large and sustained user base validates the need for encryption and privacy-enabling tools. An examination of Tor metrics confirms that the application rests on a massive foundation of concurrent users. To put Tor’s size in perspective, at any given moment more people connect to the onion router than some of the world’s largest video games. The top countries connecting to Tor are: the United States, Russia, Germany, France, the UK, Brazil, Italy, Japan, Spain, and Canada.

Additional resources

userstats-relay-country-all-2016-08-02-2016-10-31-off.png

userstats-relay-country-all-2016-08-02-2016-10-31-off.png

Image: The Tor Project

How to access Tor

First, visit the Tor Project website. Then make sure you read and understand Tor documentation information. Next, download and install the application. Finally, prior to using Tor, make sure the application is properly configured. Tor also provides an Android-application called Orbot. Though there is no Tor iOS application, the The Guardian Project, a Tor-affiliated group, is actively exploring iPhone and iPad options, and suggests using ChatSecure for cross-platform encrypted communication.

Additional resources

SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)

Tor does not offer complete anonymity. The FBI recently claimed to have infiltrated and infected a number of Tor nodes with malware, and user error can result in unwitting disclosure of personal information. Novices and experts should exercise care and caution when using Tor. TechRepublic does not condone illegal or unethical activity. Offensive material can sometimes be just a click away. Browse at your own risk. Never break the law. Use Tor safely, and for legal purposes only.

Additional resources