The Onion Router (TOR)

I was asked about whether someone should be using The Onion Router (TOR) and I thought I would answer this as best I can here.  So let’s look at the 5Ws+H that I might ask about TOR.

  • What?
    • What is TOR?
  •  Who?
    • Who created TOR?
    • Who is running TOR?
    • Who needs to use TOR?
      • Do you need to use TOR?
  • When?
    • When was TOR created?
    • When might you need to use TOR?
  • Why?
    • Why was TOR created?
    • Why would you want to use TOR?
  • Where?
    • Where would you use TOR?
  • How?
    • How do you use TOR?

Somehow I don’t think that those are the only questions to answer, but let’s look at them piece by piece.

The Onion Router (TOR):
The 5Ws and H of TOR

We are going to look at the 5Ws and H of TOR here:

What?

Just one sub question here (for now).

What is TOR?

TOR was setup as a proxy system for mostly (if not entirely) web traffic.  It can be viewed as a virtual private network, but it is more than just that.  Now I have a new topic to look at…  What a virtual private network (VPN) is.

Briefly a virtual private network is a system which allows a person to connect privately.  There are several reasons a person would want to do this, but essentially it is a way to ensure that your communication from your computer, to “the network” is secure.

With TOR they add another layer of security to the system, which is that they pass the traffic (which actually is encrypted) through a number of different machines.

Who?

We have three different questions here.  This is where I am starting to work off of information I don’t actually have off of the top of my head.  So here goes.

Who created TOR?

This is something interesting for me.  It was created by employees at United States Naval Research Laboratory which I had no idea that it was actually created by any organization at all.  This project appears to actually be a US government one.  It moved from there to DARPA (Defence Advanced Research Project Administration).  From there it moved to an open source project funded by the Electronic Freedom Foundation (EFF).

Who is running TOR?

Currently that is a bit of a complicated question.  There is the TOR Project, which from what I can see is primarily funded by the EFF.  Or at least started out that way.  These are the current developers of TOR.  But…

TOR the network is not really “run” by anyone.  There may be a number of core servers which are run by specific people, and agencies.  I don’t know enough about the way that the technical stuff works to really know what might be central, and what might be distributed.

My understanding is essentially that it is setup like a distributed network with nodes of three types. Each node can operate as one (or more) of “entrance,” “exit,” or “mid”.  I think that all nodes operate as “mid” nodes.  But I’m not sure about that.

“entrance” nodes are setup so that people can connect outgoing traffic from their computer, to those nodes.  These nodes tend to be very publicly known.  The list is published.

“exit” nodes are nodes where traffic leaves the TOR network, and moves in the “public” internet.  These nodes are not publicly known.  Well, not officially.  They are not listed by the network itself as being “exit” nodes.

“mid” nodes will accept connections from other nodes “in the network” but will not connect out to the internet, nor will accept general connections in from the internet.

All of these “nodes” are run by a variety of people.  In general if you are running TOR on your computer, you are “hoped” that you will offer your computer as a “node” in the TOR network.  Which means that anyone can really run TOR machines.

Who needs to use TOR?

The purpose of TOR is to keep your privacy secure.  While TOR itself is not a full solution to ensuring online privacy, it is well part of it.  All traffic which goes through TOR is encrypted.  It is supposed to be encrypted end to end.  It almost always is encrypted from your computer to your “entrance node”, and it is encrypted within the network.

If your connection to the server would normally not be encrypted (if you are going to a website with an HTTP rather than the encrypted “secure” HTTPS protocol the server expects your request in plain text), then the exit node is responsible for sending that out as plain text.

Further, because of the way that TOR works, the “path” through TOR is very difficult to trace without a significant percentage of “mid” nodes under your control.

So, people who need a high level of security and privacy can well benefit from TOR.

Also, certain services are only available if you connect to them through TOR.  This is sometimes called “The Dark Net”.  Generally these services are hidden services which are hidden for a good reason (reasons do vary).

Do you need TOR?

Briefly, the answer is “likely you don’t” and further “you may well find it more trouble than it is worth unless you are needing very high security”.

There are other reasons you may want to use a service like TOR than simply protecting your privacy.  Because TOR nodes are all over the internet (and thus all over the world (some may even be off planet at this point)) there is an idea that you would be able to use a service like TOR (other VPNs offer this too) to do things like watch BBC programmes only available in the UK through TOR.

That is, you can use TOR to break through geofencing on the internet.  TOR, to my knowledge is the cheapest way to accomplish this.  That is, it is the only service I know which offers the possibility of breaking geofencing which is free (well, mostly, you still need hardware, and a connection to the internet, but that’s as free as things get really).

When?

Only two questions here.

When was TOR created?

TOR development started in the mid 1990s.  It has continued to today.

The first version I can find released to the public was released in the early 2000s.

When might you need to use TOR?

I can think of two use cases:

  • You want to make private communications, which cannot be traced (questionable whether this is still true)
  • You want to appear to be coming from somewhere else than you really are (questionable whether this really works)

So, the first case, is essentially why TOR was created.  By routing your traffic securely through a number of third-party machines.  Which in theory should not be tracking traffic (though there is evidence that certain TOR nodes are doing just that) it is supposed to be next to impossible to figure out where you are, and where you are trying to “get to” with any ease.

For the most part, unless you are doing stuff which would warrant a great deal of scrutiny (planning a military strike or something) this probably is, more or less, true.

The second use case I think was a “discovery” of sorts.  Certain people were starting to find that they could actually appear to be somewhere else (usually a different country) than they actually were.  During the early development this worked fairly well.  Now there is a bit of a problem with this.  Certain sites are well aware of the use of VPNs to allow the spoofing of destination.  And because of this, they will outright block any known VPNs that may be allowing this.

That means that while technically you can connect to the BBC so it looks like you are in the UK, it is less likely that it will actually “fool” them into thinking you really are from the UK.  They will see the “TOR Exit Node” and will say “hey no idea where you’re from, but I bet it’s not where that exit node is,” and respond with that in mind.

Why?

This is maybe more to this than I thought.  I’m not really sure how to answer these questions, but I think that part of what I have to say may help explain it better.  So I have broken this into two sub questions.

Why was TOR created?

If I am understanding correctly it was created to protect communications for the US government.  With their need for having a robust system, and thus a good deal of resources, TOR ended up being treated like ARPANET, and USENET getting thrown out into the public.  This is a very good thing for both the United States Government, and the general population of the word.  Without these things (not TOR but ARPANET and USENET) you wouldn’t be reading this, or not reading this the way you currently are.  Large portions of “how the internet works” were created for use by the US Government, by the US Government, but for a number of reasons got released to the public.

Why would you want to use TOR?

I answered this above.  Another reason “I’m geeky, and I roll that way”.  In fact, a lot of the “nodes” which are in the TOR network are essentially these people.

Where?

Where can be tricky…  But here goes…

Where would you use TOR?

I think there is one use case which I think is probably very important to consider:

You are connected to a public network.  There can be two definitions of that:

  • The network you are connected to is not protected by any password, or is essentially not.
  • The network you are connected to is provided to the public, or you otherwise have no idea how it is being maintained.

In both of these situations, you do not know what is happening with your data.  With this in mind, a virtual private network (which TOR is one) is pretty much essential.  So in this case, I would say while I’m not sure TOR is the “right” solution to making sure you aren’t getting spied on by those “close up” to you, it certainly is “a” solution.

How?

This is something that probably in the end would have to be handled in an entirely different post, but I will try to answer briefly.

How do you use TOR?

There are several ways to set this all up.  All of that can be found on the Tor Project site.  This really is a great place to start with trying to figure out some of this stuff.  There is the TOR Browser, and a number of other TOR projects.  I would say that for most things, you probably just need to get the TOR Browser to work.  The TOR Browser really does work quite well, and from experience is pretty simple to set up.

On the other hand, if you want a fuller solution, you may have to dig deeper.  There are ways you can set your machine up (at least with certain operating systems) so that you control which traffic goes through, and it can even be setup so that all your traffic of a certain type will go through it.

Heck, I suspect if you are running a firewall based on an operating system which you can really tweak things, you probably can get it so that all your network traffic goes through, without anyone really noticing.  But that could be an “evil thing to do” if you are sharing a network.

This entry was posted in Computer Security, Computer Support, Network Security, Research and tagged , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.