Tor - Anonymous Communication Network

About 2 min read

Tor (The Onion Router) is a communication network that ensures the anonymity of the sender by routing traffic through multiple nodes, adding a layer of encryption at each stage. Because the encryption is layered like the skin of an onion, it is called "onion routing." While journalists, human rights activists, and whistleblowers use it to evade censorship and surveillance, it is also known as the underlying technology of the dark web.

Development History

Research on onion routing began in the mid-1990s at the U.S. Naval Research Laboratory (NRL). Its original purpose was to allow U.S. intelligence agencies to communicate anonymously over the internet. However, because anonymity cannot be achieved if the only users are U.S. government personnel, it was released to the public as an open-source project in 2002. Today it is developed and operated by the nonprofit organization The Tor Project, and it consists of more than approximately 6,000 relay nodes run by volunteers around the world. Part of the funding comes from grants from U.S. government agencies, but its operation is independent.

How Onion Routing Works

Before transmission, the user's data undergoes three layers of encryption. Each node decrypts only its own layer and forwards the data to the next node. Because no single node can grasp the full picture of the communication, it becomes extremely difficult to link the source to the destination.

Legitimate Uses

Tor is not a tool for criminal purposes; legitimate uses account for the majority. Journalists and activists under authoritarian regimes use it to disseminate information while evading censorship. SecureDrop (a whistleblowing platform) runs on Tor, and outlets such as The New York Times and The Washington Post have adopted it to protect the anonymity of their sources. Corporate security teams also use Tor when investigating whether their own information is being bought and sold on the dark web. For ordinary users as well, it is an effective means of avoiding tracking by ISPs and ad networks.

Relationship with the Dark Web

On the Tor network there are hidden services (Hidden Services / Onion Services) accessed via `.onion` domains. These cannot be found by ordinary search engines and make up part of the dark web. As explained in the article Password Leaks on the Dark Web, the buying and selling of leaked credentials takes place on the dark web. However, the vast majority of Tor users are simply accessing ordinary websites anonymously, and dark web use is only a tiny fraction of the whole.

The Difference from VPN

The article VPN Basics and How to Choose One explains in detail the means of protecting your privacy on a daily basis.

Limitations and Vulnerabilities

Tor is not omnipotent. Because encryption is removed at the exit node, non-HTTPS communication can be intercepted by the operator of the exit node. With timing attacks (traffic correlation analysis), attempts to break anonymity by matching the communication patterns of the entry and exit nodes have been researched. In addition, if an application other than the Tor Browser (such as an email client) communicates without going through Tor, the IP address leaks. There are also techniques for identifying Tor users through browser fingerprinting. Please also refer to the article Balancing Privacy and Convenience.

Real-World Use Cases

"When our security team conducts dark web monitoring, we use the Tor Browser to patrol .onion sites. We check weekly whether our domain's credentials are being bought and sold, and if we find any, we immediately carry out a password reset."

For those who want to deeply understand anonymous communication and privacy technologies, anonymous communication books on Amazon are helpful references.