Tor



The Tor Network (not TOR, which some incorrectly call it ) is a global volunteer-run that enables its users to anonymously connect to the internet. The Tor Project is a 501(c)(3) US nonprofit dedicated to maintaining and improving the software necessary for the network's operation, such as the Tor relay/proxy software, and the Tor Browser, a fork of Firefox that natively routes all its traffic through Tor (notorious for its ease of use). Tor is one of the most powerful tools available for achieving privacy and anonymity on the internet. It is an effective way to bypass most forms of and even provides a way to anonymously host network services (most notably HTTP websites) in the form of onion services.

Tor is a (a network that requires specialized software to access ). The "dark" part of the name simply refers to how this type of network appears invisible (or dark) from the outside world, regardless of the connotations it may have recently acquired. In fact, the term was originally used to refer to networks that weren't connected (or only partially connected) to the ARPANET, despite using the same protocols. Web content that is served through a darknet is often called the. For some reason, it is often conflated with terms like. Deep web in particular refers to the discoverability of websites by search engines and has nothing to do with Tor.

A common misconception is that Tor will make one invincible. Tor is simply a tool — an incredibly powerful one at that, but a tool nonetheless — which can and has been misused. Good opsec practices are beyond the scope of this article, but it is important to keep in mind that ultimately you are responsible for your own privacy and anonymity. Tor won't magically protect you from using weak passwords, or leaking personal information online, or the many ways there are to creatively shoot yourself in the foot.

Tor is perhaps the most widely used anonymizing overlay network, and has attracted a lot of attention from the media and popular culture. A lot of this attention comes in the form of fearmongering about Tor's potential for abuse and criminal activity. The thing is, it is by design impossible to get good statistics on Tor's (ab)usage. And, as always, when there's an information vacuum it quickly fills up with freshly produced woo. Does Tor occasionally get used for abuse and committing crimes? Yes. Is it significant in the grand scheme of things? Not really. Tor's legitimate uses (like circumventing censorship in countries like China, or allowing normies to get some damn privacy online) simply outweigh its potential for abuse. And even if they didn't, all cover traffic (even if illegal in nature) is welcome — an anonymizing network isn't very anonymous if it only gets used for a single purpose. Having diverse traffic is essential for the network's anonymity properties.

How does Tor work?
The basic idea is centered around a special type of machine called a relay. These relays only really have one job: receive a packet, and bounce it to another relay. Tor packets are encrypted in layers, like an onion (hence the onion metaphors) and within each layer is contained the address of the next relay in the circuit. This means that each relay only knows who the next hop in the circuit is. It has no information on who originated the packet (since it's been bounced to them by another relay) or who the final destination of the packet is (since it's encrypted, potentially a few layers down). Even if a few of these relays are malicious, there's not much they can do other than keep cluelessly bouncing packets around. Since circuits are built by choosing relays at random from the pool of available relays, it's unlikely for a circuit to end up being composed entirely from relays controlled by one singloe attacker. Hence, an attacker must control a significant portion of the network in order to be able to reliably compromise the anonymity of connections (that is, correlate who originated a packet with whom said packet was directed towards).

Yes, many different types of attacks are known, and yes the Tor developers are hard at work to find mitigations and improve the software, and yes, this is a massive simplification. It is only meant to be a very high-level overview, not an accurate description of Tor's design, but it should at least provide the reader with a good intuition on how and why Tor works the way it does. If you'd like to learn more, the Wikipedia article on is a good place to start.

Should I use Tor?
Even if your country or school doesn't censor the internet, there are many good reasons why one would want to use Tor. For example, some people just don't like being spied on all the time. You'll also be providing cover traffic for those who actually need it! (that is journalists, whistleblowers, people living in certain countries, etc.)

If you want to connect to the web through Tor, don't use a regular browser and proxy it manually, there are very easy ways to fingerprint those. Use the Tor browser instead, which comes with built-in mitigations to many web-specific anonymity-breaking attacks and fingerprinting methods.

If you want, you can help Tor by hosting a relay yourself, but that is beyond the scope of this article.

Onion services
Traffic through the Tor network exits into the internet through a special type of relay called an exit node. These allow users to connect to clearnet services anonymously, but they don't protect the anonymity of said services. Furthermore, exit nodes are a major bottleneck since they're troublesome to operate and as of September 2022 make up a little under 30% of all relays.

Tor offers onion services, a scheme that enables traditional client-server connections while the server remains anonymous. Moreover, the traffic never leaves the Tor network, so the exit bottleneck is avoided entirely. These services are identified by their self-generated public key (base32 encoded into RFC 7686 compliant domain names), eliminating the need for centralized naming schemes like DNS.

Onion services are pretty infamous for having been used for illegal purposes. When the media talks about all the horrible stuff that's out there, below your kid's bed in your kid's browser, this is usually what they're talking about. So, is it true that most onion addresses get used for distributing meth, fake IDs and child porn? Well it's by design impossible to know for sure, but probably not. It is true that most publicly listed onion services are illicit, but that's because those are the only ones with incentive to publicize themselves. Yes, there are a few popular sites who have set up onion mirrors, and activist organizations whose homepage is an onion site, and the occasional tinhat-wearing paranoid crank whose personal blog is an onion site; but apart from those and illicit marketplaces, there's not much reason for you to publish your onion address. In fact, for all we know, 90% of onions could very well be people's Raspberry Pi SSH servers. When it comes to media coverage drug marketplaces are usually the go-to, but fake IDs, child pornography, hitman services and crypto scams are pretty popular as well.