5 Ways to Stay Safe From Bad Tor Exit Nodes
Whatsapp Pinterest

Tor is one of the most powerful tools for protecting your privacy Really Private Browsing: An Unofficial User’s Guide to Tor Really Private Browsing: An Unofficial User’s Guide to Tor Tor provides truly anonymous and untraceable browsing and messaging, as well as access to the so called “Deep Web”. Tor can’t plausibly be broken by any organization on the planet. Read More on the Internet. But, as one recent experiment proved, its power comes with serious limitations. Today, we’re going to talk a little about how Tor works, what it does and does not do, and how to stay safe while using it.

Tor in a Nutshell

Tor works like this: when you send a message through Tor, it’s sent on a randomly-generated course throughout the network, using a cryptographic technology known as “onion routing.” Anonymous Internet Surfing with Tor Anonymous Internet Surfing with Tor Tor is a freely accessible network that allows Internet traffic to flow through it securely and anonymously. Read More It’s a bit like sending a message sealed inside a series of envelopes. Each node in the network decrypts the message (opens the outermost envelope), and sends the still-encrypted result (inner sealed envelope) to its next address. As a result, no individual node can see more than a single link in the chain, and the path of the message becomes extremely difficult to trace.

Eventually, though, the message has to wind up somewhere. If it’s going to a “Tor hidden service,” which is a server connected directly to the Tor network, there’s no problem. If, however, you’re just using Tor as a proxy to access the regular Internet, it gets a little more complicated. At some point, your traffic needs to go through what’s called an ‘exit node’ – a Tor node which passes your packets along to the regular Internet.


Your traffic is vulnerable to snooping from these exit nodes. How bad is the problem? Luckily, some intrepid researchers have been doing some research on the subject.

Catching Bad Nodes

Mononymous Swedish security researcher “Chloe,” developed a clever technique for tricking corrupt nodes into outing themselves. Basically, it works like this: Chloe set up a website, using a legitimate-looking domain names and web design, to serve as a honeypot. For this specific test, she created a domain intended to resemble a Bitcoin merchant. She then downloaded a list of every exit node, logged onto Tor, and used each exit node in turn to log into the site, using a unique account specific to the exit node in question.

Then she sat back and waited for a month. Any nodes that were attempting to steal login credentials would see her login, steal her user name and password, and attempt to use it. Her honeypot websites would notice the multiple login attempts, and make a note. Because the passwords are unique to each node, Chloe can pin down exactly which node took the bait.

The results of the experiment are interesting. Of  about 1400 exit notes, 16 attempted to steal the password and log in. This number isn’t too alarming on the face of it, but there are a few facts it’s worth remembering.

First, this is only picking up only the nodes that were interested in quickly stealing a few quick Bitcoins – in other words, the ambiently unscrupulous. More ambitious criminals, in contrast, probably wouldn’t show up in such a simple honeypot.

Second, the damage that can be done by even a single unscrupulous exit node is considerable, as an unrelated Swedish research learned in 2007. Security consultant Dan Egerstad ran five compromised Tor exit nodes as an experiment, and quickly found himself in possession of login credentials for thousands of servers all over the world – including those belonging to Australian, Indian, Iranian, Japanese, and Russian embassies. This came along with a tremendous amount of sensitive information.


Egerstad estimated that 95% of the traffic running through his nodes was unencrypted, giving him total access to their contents. After publishing some of this information online, Egerstad was raided by Swedish police, and taken into custody. He claims that one of the officers told him that the arrest was due to international pressure over the leak.

This was just five corrupt nodes! Clearly, even a scattering of corrupt Tor exit nodes poses a real problem. And, as Chloe has reported, Tor’s semi-centralized system for purging bad nodes has totally failed to take action against the bad nodes she did identify – they are still operating, and, presumably, still snooping.

How to Use Tor Safely

Luckily, the foreign powers whose information was compromised in this way were all making a basic mistake: namely, they misunderstood what Tor is, and what it’s for. Many people tend to assume that Tor is an end-to-end encryption tool, and it isn’t. Tor is designed to anonymize the origin of your browsing and messages – not their contents. If you’re using Tor to browse the web, any messages you send are easy for your exit node to snoop on. That provides a powerful incentive for unscrupulous people to set up exit nodes solely for espionage, theft, or blackmail.

The good news is, there are some simple tricks you can use to protect your privacy while using Tor.

Stay on the Dark Net

The easiest way to stay safe from bad exit nodes is not to use them: by sticking to using hidden services within Tor itself, you can keep all communication encrypted, without it ever having to cross over into the broader Internet. This works well when possible – but it’s not always practical. The dark net contains How to Find Active Onion Sites (And Why You Might Want To) How to Find Active Onion Sites (And Why You Might Want To) Onion sites are hosted on the Tor network. But how do you find active Onion sites? And which are the ones you should go to? Read More a tiny fraction of the websites available on the wider Internet, and what you want often isn’t available without leaving the network.



Another way to make Tor more secure is to augment it with an end-to-end encryption protocol. The most useful is probably HTTPS, which allows for you to communicate with websites in encrypted mode. HTTPS is enabled by default in Tor for sites that support it. Check to make sure that the HTTPS button is green before transmitting any potentially sensitive information.

Use Anonymous Services

You can also improve your safety by using websites and services that don’t report on your activities as a matter of course. For example, Google correlates your search activity to try to figure out who you are. Not for any malicious purpose – simply as part of their business model. As a result, you may want to use a service like Duck Duck Go, which retains no information about you as you use it. You can also combine Tor with services like Cryptocat to have (very) private conversations.

Avoid Personal Information

Going a little further, the safest way to avoid having personal information spied on is to avoid transmitting any to start with. Using Tor for research is fine, but avoiding uploading information to the greatest extent possible. Avoid chat, email, and forums whenever possible.

Avoid Logins 

Finally, as a general rule, avoid websites that require you to login. Using Reddit through Tor is a potentially risky proposition, because it ties many different behaviors (browsing, posting, and commenting) together, giving a potential attacker a rich supply of information that could be used to identify you. You should also be careful to avoid services like Facebook which already know your identity, and give it to advertisers as a matter of course The Complete Facebook Privacy Guide The Complete Facebook Privacy Guide Privacy on Facebook is a complex beast. Many important settings are hidden out of sight. Here's a complete look at every Facebook privacy setting you need to know about. Read More . Tor isn’t magic, and can’t protect you if you choose to give identifying information to a counterparty with no interest in protecting your privacy. 



How to Help

This is all well and good for those who are well-informed enough to use these tricks, but (sadly) many of those most in need for Tor (for example, citizens of oppressive regimes) are the least likely to be well informed about how to use it properly. Luckily, Chloe, the researcher who set up the original sting, has created a rundown of the project (called “BADONIONS”), along with some of the resources used. If you have the expertise, you can set up honeypots of your own and help identify bad nodes and keep Tor safe.

Got questions? Use the comments to start your discussion.

Image Credits: red onion via Shutterstock, Wat is Tor, Surveillance Camera, Tor, Privacy

Explore more about: Encryption, Online Privacy, Surveillance, Tor Network.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. anonymous
    July 8, 2016 at 12:57 am

    here yes, lol

  2. Anonymous
    July 3, 2015 at 12:07 am

    As a home PC user who use TOR on occasion, the civic-minded part of me wants to volunteer as a TOR exit node -- but like many others -- the pragmatic part of me worries that the FBI might come knocker if people use my node to jump to pirate or child porno sites. Wonder what (if any) safeguards can be put in place??

    • hbrillie
      February 11, 2016 at 2:33 pm

      if people use pirate or child porno sites, will the fbi come to you? so basically those assholes are safe and you are the bad guy?

    • HyPy
      March 13, 2016 at 10:43 pm

      You should do some research on how to run an exit node, if FBI, Interpol or whoever knocks your door complain about it, you just say that you're running an exit node and everything else should be fine. Also, if you want to run it, I recommend using a Linux live distribution with no persistence to do it.

      • sk
        April 9, 2016 at 6:30 pm

        Are you sure that running an exit node is totally legal in every country on the Earth?