The internet that you’re probably using to read this article is far from private. Observers can figure out where you are, and with things like cookies or device fingerprinting, they can glean a surprising amount of information about your online habits.
You might be okay with that. But not everyone shares the sentiment, particularly when readily-available software can enhance your privacy with relative ease. In this article, we’ll take a look at Tor, a tool hailed by privacy activists worldwide.
Tor (an abbreviation of The Onion Router) is a technology for protecting your online activity from eavesdroppers. It relies on a distributed network of peers to pass along your messages to the server you want to interact with.
Because of the network’s structure, the server doesn’t know who you are – unless you log in, that is. Your Internet service provider (ISP) can see that you’re using Tor, but they have no way of knowing what you’re browsing.
The anonymity of Tor is achieved through something called onion routing. By encrypting your communications and “bouncing” them around a network of nodes, no one can tell where they originate from.
Let’s answer that question with another question – what could onions possibly have to do with privacy?
As it turns out, just like onions (or loveable green ogres), the packets you send through the Tor network have layers. You take your message and encrypt it to form the first layer. You then take this wrapped message, and add another layer – but this time, you encrypt it with a different key. You do this a third time (again with a different key), and you end up with something that structurally resembles a cryptographic onion.
You’ve wrapped your data in multiple layers of encryption.
If someone wanted to get to the core of our onion, they would need to be able to decrypt all three layers. For our purposes, we ensure that no single person can do that. We select three peers in the network (call them Alice, Bob, and Carol). We use three keys, but each peer can only knows one.
Before the message reaches its endpoint, it will first be sent to Alice, then to Bob, and finally to Carol, who acts as the exit node.
Carol is the last person to receive the onion, so we first encrypt our message with the key that she knows. Bob is in the middle, so we encrypt our data with the key he knows next. But we’ll add a bit of information beforehand that tells Bob where he needs to send the data (i.e., to Carol). Lastly, we’ll wrap all of that information (plus the instruction to send the packet to Bob) using the key that Alice knows.
Ever played that game where you wrap a reward in several layers of paper and pass it around a circle, with players unwrapping as it goes? What we’re doing is a bit like that. Except in onion routing, you can’t see the other players. You’re all in different rooms, but you can pass the parcel through holes in the walls.
You make the parcel. The outermost wrapper has a label that says “Alice,” which means that only she can open it. You pass it through the hole in the wall.
Alice tears off the layer. She sees that the next recipient is Bob, so she hands it through another hole in the wall. He peels off the layer and gives it to Carol. When it gets to her, she unwraps it to find the message – send me some of that quality content from Binance Academy.
Carol prints out an article, then wraps it in her paper and passes it back to Bob, who wraps it in his. Lastly, Alice wraps it in the third layer and gives it to you. You can unwrap all three layers. Before long, you’re enjoying some of the finest cryptocurrency content known to man.
Tor is just one implementation of onion routing and is maintained by the Tor Project. Like our illustration above, it uses three hops to obfuscate the source of the message. There’s no reason to limit yourself – you could have a protocol with several layers of encryption if you wanted to.
Additional hops come at a cost, however. If you’ve ever used the Tor Browser, you’ll have probably noticed that it’s considerably slower than your regular browser. That makes sense because you’re not communicating directly with the server. The information is taking a convoluted path to the destination and must be altered every step of the way.
The more hops you have, the longer it will take to communicate. Three is considered private enough. It should be noted that the exit node – Carol – is able to see what you’re sending to the server unless it’s encrypted (i.e., with HTTPS). So you can ruin any privacy benefits if you’re passing credentials (email, password) in plaintext. Additionally, if you sign into Binance Academy as email@example.com, then the server will know who you are.
Tor gets a bad rap – to many, it’s synonymous with markets for drugs, weaponry, and other illicit goods and services. Alongside other privacy-enhancing technologies like cryptocurrencies, onion services, and public-key cryptography, Tor allows users to interact with a high degree of confidentiality.
In a way, the use of Tor by criminals is a rousing endorsement for the system. If someone’s freedom is dependent on their privacy, then the tools they’re using are probably fit for purpose. You could be a whistleblower on the run from three governments. Or you could be an average person that just doesn’t want your ISP snooping on your conversations with friends and family. It doesn’t matter – technologies like Tor are agnostic tools for enhancing everybody’s privacy
Tor – and onion routing in general – are integral components in the digital privacy landscape. It’s virtually impossible to obtain total anonymity online, but with a simple download, users can enjoy a browsing experience free from prying eyes. Such tools are crucial for evading censorship and defending your fundamental right to privacy.