Tor is one of the most powerful tools for protecting your privacy on the Internet. But, as one recent experiment proved, its power comes with serious limitations. Today, we’re going to talk a little about how Tor works, what it does and does not do, and how to stay safe while using it.
Tor in a Nutshell
Tor works like this: when you send a message through Tor, it’s sent on a randomly-generated course throughout the network, using a cryptographic technology known as “onion routing.” It’s a bit like sending a message sealed inside a series of envelopes. Each node in the network decrypts the message (opens the outermost envelope), and sends the still-encrypted result (inner sealed envelope) to its next address. As a result, no individual node can see more than a single link in the chain, and the path of the message becomes extremely difficult to trace.
Eventually, though, the message has to wind up somewhere. If it’s going to a “Tor hidden service,” which is a server connected directly to the Tor network, there’s no problem. If, however, you’re just using Tor as a proxy to access the regular Internet, it gets a little more complicated. At some point, your traffic needs to go through what’s called an ‘exit node’ – a Tor node which passes your packets along to the regular Internet.
Your traffic is vulnerable to snooping from these exit nodes. How bad is the problem? Luckily, some intrepid researchers have been doing some research on the subject.
Catching Bad Nodes
Mononymous Swedish security researcher “Chloe,” developed a clever technique for tricking corrupt nodes into outing themselves. Basically, it works like this: Chloe set up a website, using a legitimate-looking domain names and web design, to serve as a honeypot. For this specific test, she created a domain intended to resemble a Bitcoin merchant. She then downloaded a list of every exit node, logged onto Tor, and used each exit node in turn to log into the site, using a unique account specific to the exit node in question.
Then she sat back and waited for a month. Any nodes that were attempting to steal login credentials would see her login, steal her user name and password, and attempt to use it. Her honeypot websites would notice the multiple login attempts, and make a note. Because the passwords are unique to each node, Chloe can pin down exactly which node took the bait.
The results of the experiment are interesting. Of about 1400 exit notes, 16 attempted to steal the password and log in. This number isn’t too alarming on the face of it, but there are a few facts it’s worth remembering.
First, this is only picking up only the nodes that were interested in quickly stealing a few quick Bitcoins – in other words, the ambiently unscrupulous. More ambitious criminals, in contrast, probably wouldn’t show up in such a simple honeypot.
Second, the damage that can be done by even a single unscrupulous exit node is considerable, as an unrelated Swedish research learned in 2007. Security consultant Dan Egerstad ran five compromised Tor exit nodes as an experiment, and quickly found himself in possession of login credentials for thousands of servers all over the world – including those belonging to Australian, Indian, Iranian, Japanese, and Russian embassies. This came along with a tremendous amount of sensitive information.
Egerstad estimated that 95% of the traffic running through his nodes was unencrypted, giving him total access to their contents. After publishing some of this information online, Egerstad was raided by Swedish police, and taken into custody. He claims that one of the officers told him that the arrest was due to international pressure over the leak.
This was just five corrupt nodes! Clearly, even a scattering of corrupt Tor exit nodes poses a real problem. And, as Chloe has reported, Tor’s semi-centralized system for purging bad nodes has totally failed to take action against the bad nodes she did identify – they are still operating, and, presumably, still snooping.
How to Use Tor Safely
Luckily, the foreign powers whose information was compromised in this way were all making a basic mistake: namely, they misunderstood what Tor is, and what it’s for. Many people tend to assume that Tor is an end-to-end encryption tool, and it isn’t. Tor is designed to anonymize the origin of your browsing and messages – not their contents. If you’re using Tor to browse the web, any messages you send are easy for your exit node to snoop on. That provides a powerful incentive for unscrupulous people to set up exit nodes solely for espionage, theft, or blackmail.
The good news is, there are some simple tricks you can use to protect your privacy while using Tor.
Stay on the Dark Net
The easiest way to stay safe from bad exit nodes is not to use them: by sticking to using hidden services within Tor itself, you can keep all communication encrypted, without it ever having to cross over into the broader Internet. This works well when possible – but it’s not always practical. The dark net contains a tiny fraction of the websites available on the wider Internet, and what you want often isn’t available without leaving the network.
Another way to make Tor more secure is to augment it with an end-to-end encryption protocol. The most useful is probably HTTPS, which allows for you to communicate with websites in encrypted mode. HTTPS is enabled by default in Tor for sites that support it. Check to make sure that the HTTPS button is green before transmitting any potentially sensitive information.
Use Anonymous Services
You can also improve your safety by using websites and services that don’t report on your activities as a matter of course. For example, Google correlates your search activity to try to figure out who you are. Not for any malicious purpose – simply as part of their business model. As a result, you may want to use a service like Duck Duck Go, which retains no information about you as you use it. You can also combine Tor with services like Cryptocat to have (very) private conversations.
Avoid Personal Information
Going a little further, the safest way to avoid having personal information spied on is to avoid transmitting any to start with. Using Tor for research is fine, but avoiding uploading information to the greatest extent possible. Avoid chat, email, and forums whenever possible.
Finally, as a general rule, avoid websites that require you to login. Using Reddit through Tor is a potentially risky proposition, because it ties many different behaviors (browsing, posting, and commenting) together, giving a potential attacker a rich supply of information that could be used to identify you. You should also be careful to avoid services like Facebook which already know your identity, and give it to advertisers as a matter of course. Tor isn’t magic, and can’t protect you if you choose to give identifying information to a counterparty with no interest in protecting your privacy.
How to Help
This is all well and good for those who are well-informed enough to use these tricks, but (sadly) many of those most in need for Tor (for example, citizens of oppressive regimes) are the least likely to be well informed about how to use it properly. Luckily, Chloe, the researcher who set up the original sting, has created a rundown of the project (called “BADONIONS”), along with some of the resources used. If you have the expertise, you can set up honeypots of your own and help identify bad nodes and keep Tor safe.
Got questions? Use the comments to start your discussion.