How Tor is funded
Tor is 100% free and open source, although it does accept donations. In a curious twist of fate, the Tor Project was developed in the mid-1990s by the United States Naval Research Laboratory, in order to assist people living under oppressive regimes to bypass censorship and exercise free speech.
To this end, the Project continues to receive substantial funding from the US government. This is singularly peculiar, because other branches of the US government routinely spend large amounts of money, time, and resources trying to compromise the Tor network!
Despite this somewhat bizarre situation, Tor remains completely independent, and its open source code remains among the most thoroughly and regularly audited in the world. Sensitive to criticism, however, Tor has also made substantial efforts to widen its funding base. For a full list of Tor’s sponsors, please see here
How Tor works
The name Tor originated as an acronym for The Onion Router, and refers to the way in which data encryption is layered. When using Tor:
- Your internet connection is routed through at least 3 random “nodes” (volunteer run servers)
- These nodes can be located anywhere in the world
- The data is re-encrypted multiple times (each time it passes through a node)
- Each node is only aware of the IP addresses “in front” of it, and the IP address of the node “behind” it
- This should mean that at no point can anyone know the whole path between your computer and the website you are trying to connect to (even if some nodes along the path nodes are controlled by malicious entities)
The real beauty of the Tor system is that you do not have to trust anyone. It is designed so that no-one can discover your true identity, and (if you connect to a secure website) no-one can access your data.
Tor relay circuits are randomly reset every 10 minutes so that your actions cannot be linked to earlier actions.
Each node is run by a volunteer, and therefore the more volunteers there are, the more secure the whole Tor network is.
The last node in the chain, the one that connects directly to the wider internet, is called an “exit node”. Data enters and leaves this exit node unencrypted by default, and can be “seen” by the operator of the exit node. See later for a discussion on the security implications of this.
Volunteering to run an exit node is therefore of great service to the Tor community, and strikes a meaningful blow for freedom and against oppressive censorship. It is also not difficult to set up.
However, running an exit node means that other Tor users’ activity, including potentially highly illegal activity, will appear to originate from your IP address, which may lead to trouble. There is an article on how to minimize the risks available on the Tor website.
Tor as an anti-censorship tool
Tor randomly routes your connection so that it outputs through a node located somewhere else in the world. As long as there is little or no censorship practised in the county where the exit node is located (most exit nodes are located in “free” countries), then you can access the internet uncensored.
This ability to evade censorship (which will also evade lesser censorship measures such as school or work firewalls) is a core design feature of Tor. Of course, countries (and other organizations) that are really serious about their censorship try to counter this by blocking access to the Tor network (see below).
Tor is slow
As we can see, Tor is designed to be very secure, but this comes at a cost – speed. Your data is routed through at least 3 random nodes that can be anywhere in the world (reset every ten minutes), and is re-encrypted each time (which requires processing power from each node). The result? Tor is slow (see example speed test results later).
If you are lucky enough to have a fast broadband connection (many countries that can most benefit from Tor do not have this kind of infrastructure), you might not notice this slowdown while simply surfing the web, but activity such as streaming video content will likely be all but impossible thanks to buffering issues.
Don’t use Tor for P2P downloading (“torrenting”)
Not only is torrenting over Tor very slow, but:
- It slows down the network for all Tor users (many of whom rely on Tor for reasons related to human rights, and whose internet connection is very basic in the first place!)
- Volunteers who run Tor exit nodes can be held accountable for copyright abuses traced to their IP addresses.
It is therefore considered extremely bad form to torrent using Tor (a point that probably also applies to attempts to stream content).
Blocked exit nodes
The list of public Tor relays (nodes) is publicly available (see here for an explanation why). This makes it easy for websites to block Tor users. Although not usually a problem for most users (except those trying to access geo-restricted services, which almost always block Tor exit nodes), CloudFlare has recently taken a more aggressive stance towards Tor users.
Because CloudFlare hosts a very large percentage of the world’s websites, Tor users are likely to find themselves increasingly challenged by CAPTCHAs and other similar security measures.
Censorship of Tor
Restrictive countries with advanced internet censorship systems (such as China and Iran) attempt to block all access to the Tor network, using Deep Packet Inspection (DPI) to identify Tor traffic.
In many cases this can be countered using the obfsproxy pluggable transport tool, which wraps data with an obfuscation layer to make look like innocent traffic, rather than Tor traffic.
Security & Privacy
I think it fair to say that Tor uses a complex encryption system – the key simplified points of which are highlighted in the box. At heart, however, Tor uses the TLS 1.2cryptographic protocol.
Older nodes may still use RSA-1024 handshakes, but it should be noted that even so, Tor’s use of Perfect Forward Secrecy (where new keys are generated for each exchange) should seriously hamper any adversary’s ability to compromise communications (as it would have to crack a new key every time a new Tor connection is made).
Data is protected using AES-128. Although much of the VPN industry now uses AES-256, AES-128 remains secure as far as anyone is aware, and in fact has a stronger key schedule than AES-256. It should also be remembered that Tor traffic is re-encrypted multiple times, providing additional layers of protection.
Those interested in a very detailed analysis of the encryption used may be interested in this paper by Tor, and this excellent paper by independent analysts. For a layperson-friendly discussion about many of the encryption terms used here, please refer to VPN encryption terms explained (AES vs RSA vs SHA etc.).
“As long as Tor is a magnet for “interesting” traffic’, Tor will also be a magnet for those who want to eavesdrop on that traffic.” Bruce Shneier.
Despite some occasional limited successes, however, the prevailing opinion among experts is that Tor remains fundamentally secure, and that you are more likely to “be caught” through carelessness or improper use of the network, than through any major design flaw.
Achieving anonymity is hard, and there is no guarantee that Tor can provide it. Tor is, however, a very secure system that has proven itself extremely resilient to even the most sophisticated and well-funded attacks.
In documents released by Edward Snowden, the NSA admitted “‘major’ problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network.”
In short, Tor may not be perfect, but when it comes to protecting your online anonymity, Tor is as good as it gets (and that’s pretty darn good!).
No-one knows what the NSA is really capable of, but below are the two most understood threats to Tor users.
Malicious exit nodes
As I mentioned earlier, internet traffic enters and leaves a Tor exit node unencrypted, and can be monitored by whoever runs that node. Given that anyone can volunteer to run an exit node, this clearly presents a major security issue.
It is therefore important to bear the following points in mind:
- Thanks to the random chain of Tor nodes your data passes through between you and the Tor exit node, the owner of an exit node cannot directly know who you are
- You may, however, give away your real identity either directly or indirectly through your communications or internet behavior
- In addition to snooping on your data, malicious Tor exit nodes can perform a man-in-the-middle (MitM), typically redirecting your page request to a dummy website.
- As long you connect to secure SSL encrypted (https://) websites, your data remains secure and cannot be intercepted by a rogue exit node
- And you are immune to any MitM attack
SSL secured websites are increasingly becoming the norm (especially thanks to the EFF’s Let’s Encrypt campaign), and as long as you stick to connecting to these, you are safe. If you do connect to unencrypted websites, please be careful about what information you divulge (which is good general internet security advice anyway!).
Research has found that roughly 2.5 per cent of all Tor exit nodes are run by malicious entities. Although the NSA is suspected of running many such “spoiled onion nodes”, most of these appear to be run by petty criminals.
End-to-end timing attack
In 2013 a Harvard student made a very ill-advised bomb threat to his campus (in order, rather amusingly, to get out of and taking a final exam!). He was caught because, although he made the threat over the Tor network, he made the mistake of doing so while using the Harvard campus WiFi.
All Harvard security had to do was check their logs to see who was using Tor at the time the emails were sent, and the police could then bring him in for questioning (and it is very possible that Kim was the only person using Tor at 8:30am that day).
This is de-anonymization technique is known as an end to end (e2e) timing attack, and is a known vulnerability with Tor. It should be noted, though, that Kim was only caught because he made the rather stupid mistake of connecting to Tor over the campus WiFi, which is not an issue likely to affect most Tor users.
In order to have any chance of pulling off a successful e2e timing attack against a Tor user on the open internet, an adversary would need to control a high percentage of all Tor nodes in existence. This is because the more nodes an adversary controls, the higher the chance it can correlate the timing of activity at an exit node with an individual’s initial connection to the Tor network.
Even so, given the high number of Tor users online at any one moment, such a correlation would require extensive and prolonged statistical analysis.
On the face of it, then, this task appears so difficult as to be effectively impossible. No-one really knows, however, what organizations such as the NSA, GCHQ, Mossad, and even the mafia, which have almost unlimited power and a truly global reach, are actually capable of.
In theory at least, such an adversary, if it was determined to throw enough effort and resources at the problem, could use an end-to-end timing attack to de-anonymize a Tor user.
Tor Hidden Services
Tor was primarily designed as a means to access the open internet that we all know and love uncensored and anonymously. As should be clear by now, however, the Tor exit node – the node that connects the Tor network to the open internet – is a major weakness in the system. It can be controlled and monitored by malicious entities for a variety of reasons, and is the necessary focus of almost any attack on the Tor network or its users.
In response to this, Tor has developed its Hidden Services protocol, which allows Tor-only websites (.onion) and services to exist entirely within the Tor network, so that users do not have to access the visible internet through potentially dangerous exit nodes at all. Tor Hidden Services therefore also acts as a Dark web (and is by far the most popular such Dark web in terms of the number of users it has).
Traditionally (and notoriously) the preserve of pedophiles, terrorists, drug dealer, gangsters and other people and material that most right-headed internet users want nothing to do with, increasing awareness of pervasive government surveillance (thank you Mr Snowden) and ever more draconian copyright enforcement measures are fueling a surge of public interest in an internet that is “off-grid”.
.onion websites (such as https://facebookcorewwwi.onion/) can only be accessed when connected to the Tor network, and doing so is much more secure than connecting to regular websites.
The Tor network is the only way to access Tor Hidden Services (.onion dark web websites)
Want to know more about accessing the dark web?
If you are looking for more information about this topic, then take a look at our article on how to access the dark web securely. We list the steps you need to take in order to access dark web sites in a safe, secure, and private way.
Tor vs. VPN
In many ways the purpose of Tor is very similar to that of a VPN – to maintain internet users’ online anonymity/privacy, and to evade censorship. Like VPN, Tor can also be used to spoof geo-location by the user continually re-connecting until the exit node is in the desired country (quite easy if you want a US-based exit node, less easy for smaller or less internet connected countries).
However, not only is the technology used quite dissimilar, but the case-use scenarios in which Tor and VPN are best used are very different:
- Highly anonymous
- No trust required
- Distributed network – almost impossible to shut down or attack in a meaningful way
- Tor Hidden Services (access to .onion websites)
- Very slow – because your data is randomly bounced through a number of nodes, each of which could be anywhere in the world, using Tor can be painfully slow
- Not suitable for P2P filesharing – while there is no way to stop you from using BitTorrent over Tor (and people do it) it is a) very slow, and b) very bad form as it slows down the entire network for every other user, for some of whom access to the internet via Tor may be of critical and possibly life-threatening importance
- While it can, at a pinch, be used for location spoofing (see above), Tor is a very fiddly and inefficient way to go about it. In addition to this, the slowness of Tor means that using the service to stream geo-restricted media services is unfeasible.
- Fast – generally speaking you will see very little slowdown to your raw internet connection speeds when using a VPN service
- Location spoofing is very easy – most VPN providers offer servers in many locations worldwide. Because connections are fast, VPN is ideal for streaming geo-restricted media content
- Ideal for P2P filesharing – while many providers prohibit it, many are set up with filesharing in mind
- The VPN provider can see your internet activity – and in many countries is required by law to keep records of it, which may be handed over to the authorities or to copyright lawyers. VPNs are also vulnerable to server raids by the police, in an effort to obtain the information they may contain. This is why it is vital to choose a provider who keeps no logs (and is in a position to keep this promise). Of course, even when a VPN provider promises to keep no logs, you must trust them to keep their word…
- Costs money (although typically under $10 a month, or less if you buy in bulk)
Using Tor and VPN together
It is possible to use Tor and VPN together to provide meaningful security benefits. For a full discussion about this, plus some suggested VPNs that support such configurations, please see 5 Best VPNs when using Tor.
The Tor Project website provides extensive manuals, installation guides, a FAQ, and a Wiki (which also includes links to a wealth of unofficial documentation). If you get really stuck, however, support is available via email, IRC and Twitter.
The website itself is well presented, and the frankly intimidating volume of resources available are sensibly organized and easy to access.
No signup is required to use the Tor network, which is designed to provide it with the maximum possible true anonymity.
The simplest and most secure (and therefore recommended) way to access the Tor network is using Tor browser (which has replaced the old Tor Bundle). This is a version of the open source Firefox browser which routes all internet connections through the Tor network, and which has been “hardened” for improved security.
Key features of this “hardening” include:
- Uses HTTPS Everywhere and NoScript (all scripts disabled by default) plugins
- Blocks other browser plugins such as Flash, RealPlayer, and QuickTime
- Disconnect.me used as default search engine
- Always uses Private Browsing mode (tracking protection, no browsing history, passwords, search history, cookies or cached web content saved)
It is not recommended to change Tor browser’s settings or to install additional privacy add-ons, as these make your browser more unique, and therefore more vulnerable to browser fingerprinting techniques.
The Tor Browser is available for Windows, Mac OSX, and Linux, and can be downloaded from the Tor website. A special hardened version of the Tor Browser is also available for Linux, which features additional security measures.
In Windows, the Tor Browser does not install itself on your computer – it simply runs from the executable file. When you start the Tor Browser, it must first establish a Tor circuit. For me this takes only a couple of seconds (great reflexes were needed to grab this screenshot!)
In normal use the Tor Browser is almost identical to surfing the web using the regular Firefox browser. You should be aware, however, that using the Tor Browser will break some websites
It is recommended to run the Tor Browser in windowed mode in order to help defeat browser fingerprinting (which can detect the size of your screen in full-screen mode).
A new random Tor circuit is created every 10 minutes by default, but you can manually force the creation of a new circuit at any time. It is not normally possible to choose where the exit node is located
In Privacy and Security settings you can harden the Browser even further
Android users can use the Orbot app to route their device’s connections through the Tor network. Orfox (still in beta, requires Orbot) works much like the desktop version of the Tor Browser on which it is based. Both apps are open source, and are officially supported by the Tor Project.
iOS users have the Onion Browser. This is independently developed, but is open source.
Other software and hardware products exist that claim to provide increased security and anonymity by connecting to the Tor network. Pleases be aware, however, that many of these are not as secure as using the hardened Tor Browser.
Performance (Speed, DNS, and WebRTC leak Tests)
Please note that these tests are highly provisional, because when using Tor you connect to the internet via at least three random nodes which could run on servers of any speed, and be located anywhere in the world.
Despite the inherent randomness of these results, I think they do give a useful general indication of the performance hit experienced when using Tor.
Speed tests were performed using a 50Mbps/3Mbps UK broadband connection. I refreshed the Tor circuit (random Tor node) between each test, and used a UK test server.
As we can see, download speeds are hit particularly hard (although my upload speeds are none too great to begin with!).
I detected no DNS or WebRTC IP leaks.
- Anonymous internet access
- Great anti-censorship tool
- Very secure
I wasn’t so sure about
- It is impossible to 100% guarantee anonymity
- Please do not use Tor for P2P downloading
- Tor is too slow for day-to-day use
If you require very high levels of true anonymity while using the internet, then Tor is a fantastic tool (and is, indeed, your only real option). As such, it is a godsend to dissidents, whistleblowers, and others the world over who require the maximum possible anonymity.
It also makes a good free anti-censorship tool, although this functionality can be somewhat damaged if attempts are made to block access to the Tor network.
For day-to-day use, however, Tor is too slow, breaks too many websites, is of limited use for geospoofing your location, and is not suitable for popular internet activities such as torrenting.
VPNs therefore makes a much better general-purpose privacy tool, but if you require true anonymity, you want/need to use Tor.
Please remember that 100 per cent anonymity can never be guaranteed (especially if a very powerful adversary really wants to get you, and is willing to spend considerable spend time and resources doing so). Tor is, however, as close we currently get.