Every day, thousands of people turn to the Tor network to enhance their internet privacy. From paranoid web-users to people living under a dictatorship, these users utilize onion routing to keep their browsing habits a secret.

But what is "Tor," and how does onion routing protect people from prying eyes?

What Is "Tor"?

The Tor logo

"Tor" refers to the Tor Project, a non-profit organization that receives funding from the US government. The primary focus of the Tor Project is secrecy; they promote the ability for people to browse the internet and speak out without government surveillance. The Tor Project's most notable product is the Tor network, which maintains privacy through what's called "onion routing."

People interact with the Tor network via the Tor Browser. This is a modified version of Firefox which allows people to use the Tor network. You don't need any special addons or tools in order to surf using the Tor Browser, so anyone can use it without needing to know how it all works.

How Does Onion Routing Work?

The Tor network uses onion routing to preserve its users' privacy, but how does it work?

To better understand how onion routing works, let's say you want to send an item to someone, but you don't want anyone to know that it was you who sent it. You don't even want the couriers of your item to know you sent an item to this person specifically.

Sending Items Securely Using Layers

To achieve this, you first hire three couriers---let's call them Courier A, B, and C. You tell each one that they'll receive a chest and a key to unlock it. When they get the chest, they must unlock it with their key and take out the item within. The item will be addressed to the courier's destination.

Then, you take the item you want to send and address it to your recipient. You put this in a lockbox, lock it, then write Courier C's address on it. You put this lockbox into a larger one, lock it, then write Courier B's address on that. Finally, you put this double-lockbox into an even bigger one and lock that.

Now you have a Russian nesting doll situation with a lockbox inside a lockbox, which too is inside a lockbox. For sake of clarity, let's call the largest box Lockbox A, the middle-sized one Lockbox B, and the smallest one Lockbox C. For the final step, you send Lockbox A's key to Courier A, Lockbox B's key to Courier B, and Lockbox C's to Courier C.

Then you give Lockbox A to Courier A. Courier A unlocks it to reveal Lockbox B, which is addressed to Courier B. Courier A delivers this to Courier B. Then, Courier B unlocks Lockbox B to reveal Lockbox C, addressed to Courier C.

Courier B delivers it to Courier C. Courier C opens up Lockbox C to reveal the addressed item, which Courier C delivers.

How This Method Secures You

The best part about this method is that no courier has the complete story. One courier can't deduce that you sent an item to your recipient.

  • Courier A knows you sent an item, but doesn't know who the end recipient is.
  • Courier B knows a lockbox passed by but has no idea who originally sent it (you) or where it's headed (your recipient).
  • Courier C knows what the item was, and who it was sent to, but not who sent it originally.

How This Method Defends Against Spies

After you use this method enough times, a nosey organization wants to know what's going on. They plant some courier moles to relay back on who's sending lockboxes and who they're for. Unfortunately, the next time you use this lockbox method, two couriers are moles!

There's no need to panic, however; this system is resistant against snooping couriers.

  • If Courier A and B are moles, they know you sent a delivery, but not who you're sending to.
  • Similarly, if Courier B and C are moles, they know what the delivery is and who it's for, but not who sent it.
  • The most dangerous combination is if A and C are moles. They know you sent a lockbox to A, who then sends it onto B. Courier C knows that they receive a lockbox from B, and they know the final recipient. However, because neither A nor C has concrete proof that the lockbox A received contained the lockbox that C handled. Only Courier B would know that information.

Of course, in a real-world scenario, the third case is easy to crack. The mole will just go for the one weirdo that keeps sending lockboxes in the mail.

But what if thousands of other people used this same method? At this point, the moles at A and C have to rely on timing. If A delivers a lockbox from you to B, and B gives a lockbox to C on the next day, then A and C will suspect they're both on your chain. One case isn't enough to go on, so they have to see if this pattern repeats several times before confirming it.

The Risk of Sending Sensitive Information

There is another problem with Courier C being a mole. Remember that Courier C gets to see the item you're sending. This means you shouldn't send any information about yourself through the lockbox system, else Courier C can piece together the details.

The best way to prevent leaking sensitive information is to not trust Courier C in the first place. However, you can also work out an encryption key with your recipient, which allows you to send encrypted messages without any spying.

How This Relates to Onion Routing

How the Tor network adds layers to a message

This is how onion routing works. Onion routing is when a packet of data is protected with three "layers" of encryption. These layers are what give the onion routing technique its name---like the layers of an onion.

When a packet is sent through onion routing, it goes through three nodes; the Entry, Middle, and Exit node. These are the three couriers in the above example. Each node only knows how to decrypt its designated layer, which then tells them where to send the packet next.

You may imagine that Tor owns all of the nodes in their network, but it's actually not the case! Having one company control all the nodes means it isn't private. The company can freely monitor the packets as they travel, which gives away the entire game. As such, the Tor network is run by volunteers all around the world. These are typically privacy advocates who want to help strengthen the Tor network.

When you boot up the Tor browser, it randomly selects three of these volunteered servers to act as each node. It gives each server a key to decrypt its layer of encryption, much like the keys for the chests in the above example. Then the browser encrypts its data with three layers of protection and passes it across these nodes.

The Weaknesses of Onion Routing

There are organizations who dislike what Tor is doing. These groups often act as volunteers and put servers onto the Tor network in hopes of analyzing traffic. However, much like the above example, the Tor network can resist spies to a certain degree.

If your Entry and Exit nodes are owned by an espionage organization, they can somewhat monitor your activity. They see you sending data into the Entry node, and then some data leaves the Exit node to its destination. If the mole monitors the time it takes, they could theoretically tie the traffic to you. As such, while it's extremely hard to monitor someone on the Tor network, it isn't impossible.

Fortunately, for an organization to do this, they need to get lucky. At the time of writing, Tor Metric reports that there are around 5,000 relays in use. The Tor browser will randomly select three of them when you connect, which makes it hard for an organization to target you specifically.

On top of this, some users use a VPN before connecting to Tor. That way, any spies on the Tor network will trace the user back to their VPN provider. If the user is using a privacy-respecting VPN, the spies will be out of luck.

Another point the above example made is that you can't trust the couriers with private information. This is because Courier C (the Exit node) can see what you're sending. If they're malicious, they can use the network as a means to harvest information. Fortunately, there are ways to stay safe from a malicious Exit node, such as only using HTTPS.

How to Access the Tor Network

Accessing the Tor network is easy. Visit the Tor Browser download page and install it onto your system. Then, use it as if it were your normal browser. You'll notice that things will load a little slower. This is because your traffic will go through the three nodes; much like how sending an item via three couriers is slower than sending it directly. However, your browsing will be very secure and it'll be hard for people to track you.

A word of warning: the Tor Browser is the same tool criminals use to access the dark web. When you use the browser, you gain the ability to access the dark web, too. If this makes you uneasy, don't click on or visit any websites that end in ".onion," as these are dark web pages. Fortunately, you won't find onion websites if you're not actively searching for them.

It's also worth learning the best tips for using the Tor Browser, so you can get the best out of your browsing experience.

Securing Your Privacy on the internet

The Tor network is an amazing tool for anyone who wishes to hide their identity. Thanks to its onion routing technology, it's very hard for someone to work out your browsing habits. Best of all, accessing this network is just as easy as using Firefox!

If you want to stay even safer, be sure to grab a free VPN service for further privacy.