Gaining Anonymity: The Tor Network & Tor Browser Bundle
My first step in looking at anonymity is making use of the TBB and the Tor network. Tor was released in 2002 and has since evolved into a tool that is used by millions of people worldwide. Tor enables users to browser the internet, chat with other people, and access “hidden sites” (websites with .onion appended to the end of them that generally cannot be viewed in a normal browser over regular internet). The Tor network is used by freedom rights activists, privacy advocates like myself, whistleblowers, journalists, and even criminals doing illegal things like selling drugs. Because of that last little bit, I dislike the fact that Tor shields individuals so well from being caught, but I also feel that it is a great tool for protecting your privacy in a world where we are constantly being monitored and watched. It’s a hard boat to be in when on one side of the river, you have people literally fighting for their right to freedoms and free speech, but only the other side of the river, you have people doing ridiculously illegal things.
To understand how Tor works, you first should see this picture published by the EFF:
Basically you are connecting to a network that is routed through three separate servers from around the world before sending out data from your computer to a website and then returning data from said site back to your system. These servers are referred to as “nodes” and make sure that your data is fully encrypted while in transit to the destination site. If the site you are connecting to over Tor does not make use of HTTPS (SSL Certificate for encryption), then the connection between the last node (Exit Node) to the website’s server will not be encrypted but you will still be anonymous to the site.
The encryption that happens is done at the packet level see:
Which means information isn’t viewable even if it is intercepted in the middle. There are a few known attacks on .onion sites but many of them fall into the category of failing to correctly setup the server hosting the site. A prime example of this would be with a hidden service known as doxbin. The server it was hosted on was seized after 3 months of denial of service attacks to pinpoint its location.
Related Categories on PrivacyTools.io: