Understanding and using the Tor network

Surfing the web without protection inevitably leaves behind more traces than you ever bargained for. This information trail includes IP addresses that make you easily trackable. Not only do investigators use them for hunting down criminals and "potential attackers," but various web projects and trackers use them to monitor users' surfing behavior for resale. A whole industry depends on it.

To make things harder for data collectors, you need to conceal your personal data as much as possible. This is where the Tor network [1] comes into play. It consists of a network of worldwide computers linked together by encrypted data traffic.

How Tor Works

Tor stands for "The Onion Router," a project originally initiated by the United States Navy [2] and implemented to protect communication between government agencies.

At its core, Tor works as follows: At the starting point, the client obtains a list of so-called Tor nodes from a directory server and registers with one of them. Once the client opens a web page, it connects via SOCKS to an Entry Guard, which forwards the request to a second node that passes it, in turn, to a third, the Exit Node. For efficiency purposes, Tor developers decided on three connection nodes only (Figure 1).

Figure 1: The Tor network basically works as follows: A client sends a request to an Entry Guard that forwards it encrypted to a Relay Node (without knowing the destination of the request). The Relay Node knows neither the source nor destination of the request and forwards it to an Exit Node only. The Exit Node knows only the destination of the request, but not its owner. Because none of the nodes handle all the data, attackers have a hard time uncovering the complete connection path.

What makes connection with Tor so secure is the fact that each server, by using different levels of encryption, sees only part of the data connection. Thus, the Entry Guard doesn't know which host the client wants to reach. Only the Exit Node knows that, but without knowing the client's identity. To discover the connection, an attacker must crack the whole framework. However, Tor automatically and randomly alters the node routes every ten minutes, so the attacker likely will discover only part of the route. This architecture makes it nearly impossible even for intelligence agencies to monitor the communication data of a certain computers over longer periods.

And, this is where Tor is different from other anonymizing proxies. As a rule, the latter use static server cascades and typically belong to companies that, depending on the server location, are obliged to monitor connections. Thus, it's easier for agencies to trace those connections back to their origins.

The communication between the Tor nodes and the client is totally encrypted. Only the connection from the Exit Node to the destination remains unencrypted, unless the contacted server does not itself deliver encrypted content (e.g., via SSL). Apart from web browsing, Tor supports services such as IRC, Instant Messaging, email, and SSH. To use these services, each client must support SOCKS connections.

Using Tor

Both Ubuntu and openSUSE provide Tor in their repositories for installation over the package manager. If the current version 1.2.3.25 isn't present, the Tor project recommends installing it from its sources. This is important, because some Tor nodes reject connections attempts from older versions.

The service loads automatically after installation. You can start and stop it manually by using the commands sudo torctl [start|stop] and /etc/init.d/tor [start|stop], respectively. Tor gets its directives from the /etc/tor/torrc file. A configuration is usually unnecessary but can provide some extra useful functions.

To use the Tor network, you need to configure your web browser accordingly. In Firefox, for example, enter the 127.0.0.1 address for the SOCKS Host and use port 9050. Then, mark the SOCKS v5 check box. Whereas the Torbutton add-on helped in the past to set up a fast anonymous connection, you can now do without it. According to developer Mike Perry, Torbutton provided only "nightmare situations for anonymity and privacy" [3]. The project no longer provides it as a separate add-on; it is only bundled with the Tor Browser Bundle (see the "Tor Browser Bundle" box).