Tor

Tor logo

Someone is wrong on The Internet

Log in:

Godvine Scam site Science and Math Defeated Talk.origins Moonbattery Gethin ap Gruffydd Michael Snyder Sockpuppet Slender Man Logically Fallacious Epik Internet Research Agency v - t - e

The Tor Network (not TOR, which some incorrectly call it^[1]) is a global volunteer-run mixnet that enables its users to anonymously connect to the internet.^[2] The Tor Project is a 501(c)(3) US nonprofit dedicated to maintaining and improving the software necessary for the network's operation, such as the Tor relay/proxy software, and the Tor Browser, a fork of Firefox that natively routes all its traffic through Tor^[3] (notorious for its ease of use). Tor is one of the most powerful tools available for achieving privacy and anonymity on the internet. It is an effective way to bypass most forms of internet censorship and even provides a way to anonymously host network services (most notably HTTP websites) in the form of onion services.

Tor is a darknet (a network that requires specialized software to access^{[note 1]}). The "dark" part of the name simply refers to how this type of network appears invisible (or dark) from the outside world, regardless of the connotations it may have recently acquired. In fact, the term was originally used to refer to networks that weren't connected (or only partially connected) to the ARPANET, despite using the same protocols.^[4] Web content that is served through a darknet is often called the dark web. For some reason, it is often conflated with terms like deep web. Deep web in particular refers to the discoverability of websites by search engines and has nothing to do with Tor.

A common misconception is that Tor will make one invincible. Tor is simply a tool — an incredibly powerful one at that, but a tool nonetheless — which can and has been misused. Good opsec practices are beyond the scope of this article, but it is important to keep in mind that ultimately you are responsible for your own privacy and anonymity. Tor won't magically protect you from using weak passwords, or leaking personal information online, or the many ways there are to creatively shoot yourself in the foot, and there're ways to neuter it.

Tor is perhaps the most widely used anonymizing overlay network, and has attracted a lot of attention from the media and popular culture. A lot of this attention comes in the form of fearmongering about Tor's potential for abuse and criminal activity. The thing is, it is by design impossible to get good statistics on Tor's (ab)usage. And, as always, when there's an information vacuum it quickly fills up with freshly produced woo.^[5] Does Tor occasionally get used for abuse and committing crimes? Yes. Is it significant in the grand scheme of things? Not really. Tor's legitimate uses (like circumventing censorship in countries like China, or allowing normies to get some damn privacy online) simply outweigh its potential for abuse. And even if they didn't, all cover traffic (even if illegal in nature) is welcome — an anonymizing network isn't very anonymous if it only gets used for a single purpose. Having diverse traffic is essential for the network's anonymity properties.

How does Tor work?[edit]

The basic idea is centered around a special type of machine called a relay. These relays only really have one job: receive a packet, and bounce it to another relay. Tor packets are encrypted in layers, like an onion (hence the onion metaphors) and within each layer is contained the address of the next relay in the circuit. This means that each relay only knows who the next hop in the circuit is. It has no information on who originated the packet (since it's been bounced to them by another relay) or who the final destination of the packet is (since it's encrypted, potentially a few layers down). Even if a few of these relays are malicious, there's not much they can do other than keep cluelessly bouncing packets around. Since circuits are built by choosing relays at random from the pool of available relays, it's unlikely for a circuit to end up being composed entirely from relays controlled by one singloe attacker. Hence, an attacker must control a significant portion of the network in order to be able to reliably compromise the anonymity of connections (that is, correlate who originated a packet with whom said packet was directed towards).

Yes, many different types of attacks are known, and yes the Tor developers are hard at work to find mitigations and improve the software, and yes, this is a massive simplification. It is only meant to be a very high-level overview, not an accurate description of Tor's design, but it should at least provide the reader with a good intuition on how and why Tor works the way it does. If you'd like to learn more, the Wikipedia article on Onion routing is a good place to start.

Should I use Tor?[edit]

Even if your country or school doesn't censor the internet, there are many good reasons why one would want to use Tor. For example, some people just don't like being spied on all the time.^{[note 2]} You'll also be providing cover traffic for those who actually need it!^[6] (that is journalists, whistleblowers, people living in certain countries, etc.)

If you want to connect to the web through Tor, don't use a regular browser and proxy it manually, there are very easy ways to fingerprint those. Use the Tor browser instead, which comes with built-in mitigations to many web-specific anonymity-breaking attacks and fingerprinting methods.

If you want, you can help Tor by hosting a relay yourself, but that is beyond the scope of this article.

Onion services[edit]

Traffic through the Tor network exits into the internet through a special type of relay called an exit node. These allow users to connect to clearnet services anonymously, but they don't protect the anonymity of said services. Also, while the user may be anonymous, the data they are sending could possibly be snooped on by a malicious exit node. This vulnerability was once used to steal passwords from government embassies.^[7] Furthermore, exit nodes are a major bottleneck since they're troublesome to operate^[8] and as of September 2022 make up a little under 30% of all relays.^[9]

Tor offers onion services, a scheme that enables traditional client-server connections while the server remains anonymous. Moreover, the traffic never leaves the Tor network, so the exit bottleneck is avoided entirely. These services are identified by their self-generated public key (base32 encoded into RFC 7686 compliant domain names), eliminating the need for centralized naming schemes like DNS.^[10] Using an onion service for a website eliminates the risk of malicious exit node snooping; the traffic remains encrypted.

Onion services are pretty infamous for having been used for illegal purposes. When the media talks about all the horrible stuff that's out there, below your kid's bed in your kid's browser, this is usually what they're talking about. So, is it true that most onion addresses get used for distributing meth, fake IDs and child porn? Well it's by design impossible to know for sure, but probably not. It is true that most publicly listed onion services are illicit, but that's because those are the only ones with incentive to publicize themselves. Yes, there are a few popular sites who have set up onion mirrors, and activist organizations whose homepage is an onion site, and the occasional tinhat-wearing paranoid crank whose personal blog is an onion site; but apart from those and illicit marketplaces, there's not much reason for you to publish your onion address. In fact, for all we know, 90% of onions could very well be people's Raspberry Pi SSH servers.^{[note 3]} When it comes to media coverage drug marketplaces are usually the go-to, but fake IDs, child pornography, hitman services and crypto scams are pretty popular as well.

Similar networks[edit]

• Freenet, an anonymity network released in 2000. Unlike its alternatives, it forces its users to download and store information for other parts of the network, albeit encrypting it. What this means in practicality is you may or may not be downloading and storing illegal content by using Freenet. The upside to this is that certain information cannot be easily censored. The downside is you might theoretically have (snippets of) encrypted child porn (or whatever it may be) on your computer, with no way of knowing the difference.
• I2P, another anonymity network which was forked from Freenet/Hyphanet in 2003. Unlike Hyphanet, it doesn't force you to participate in decentralized storage, although each user may still act as a "router" for the rest of the network (in comparison, Tor foists neither of these tasks upon the default user). However, this difference means that I2P is less "centralized" than Tor, lacking the same reliance on servers that volunteered for this task. I2P is perhaps the largest anonymity network that exists outside of the Tor network. The setup process for I2P creates a higher barrier to entry than the relatively simplistic Tor Browser, however.
• Lokinet, a very small, newer network fueled by the "Oxen" cryptocurrency. The cryptocurrency offers a monetary incentive to the network's hosts, unlike Tor. It is otherwise quite similar to Tor, although it doesn't have its own browser, rather integrating with existing browsers. This also makes its users more vulnerable to browser fingerprinting.

External links[edit]

• See the Wikipedia article on Tor (anonymity network).

Safe onion sites[edit]

You shouldn't find drug dealers or child pornographers on these. Unless if you were really trying to. It's not any more likely than if you were on the regular Internet, anyway.

Social media

• https://www.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion/ — Reddit. Yes, Reddit. They established an onionsite after the 2022 Russian invasion of Ukraine to facilitate access by Russian civilian dissidents, whose access to many sites was blocked by their government.
• https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion/ — Twitter. The onionsite (likewise established to facilitate Russian dissident access) barely functions anymore, although it once did. Presumably that change came due to somebody's cost-cutting.
• https://www.facebookwkhpilnemxj7asaniu7vnjjbiltxjqhye3mhbshg7kx5tfyd.onion — Facebook is evil, even super-secret deep web Facebook.

News

• https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion — It's The New York Times on the darknet!
• https://gm64cjz7un7ucso4yegkssuqfzmg7ctn7mkb66c7l6sj7gzyo6syphid.onion/ — The Intercept.
• https://www.guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid.onion — The Guardian. Like the Twitter and Reddit onionsites, this was established shortly after Russia's 2022 invasion of Ukraine.^[11]
• https://www.bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion — BBC News. They created this onionsite after censorship attempts in China, Iran and Vietnam.^[12]
• https://www.dwnewsgngmhlplxy6o2twtfgjnrnjxbegbwqx6wnotdhkzt562tszfid.onion — Deutsche Welle, a major German state media outlet.
• http://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion — ProPublica on the onionz.

Privacy-oriented

• http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/index.html — The Tor Project's own website, also found at TorProject.org
• http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion/ — Riseup.net for Tor. They host about a dozen different onionsites for some reason, which you can find listed on this page.
• https://y7yea4pmqqtznb33qiugvysyn2bob5v62e4pvoadoibrwkq3tsddjeyd.onion/ — The site for the Electronic Frontier Foundation's privacy guides.

Miscellaneous

• http://c2pesewpalbi6lbfc5hf53q4g3ovnxe4s7tfa6k2aqkf7jd7a7dlz5ad.onion/ — A Wikiless instance, allowing you to read Wikipedia without JavaScript.
• https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ — Everyone's favorite search engine. What, you thought that was Google? It's DuckDuckGo!
• http://archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion/ — archive.today on the darknet. Interestingly, this domain is sometimes more stable than its clearnet domains.

Notes[edit]

References[edit]