The Tor anonymity network

Tor stands The Onion Router, a network consisting of relays and exit nodes that distribute traffic information anonymously to hide the user. This allows the user to evade traffic analysis so people can’t tell who the user is talking to. Traffic analysis is able to determine this information from packet headers which tell where the data in the packet is being sentand whom its being sent from.

Tor works around traffic analysis like this: the user sends information to the first tor relay node. That tor relay node then sends it to another one. While its being sent from one tor relay node to another the packet header will only have the information from the one tor relay node to the next, thus obfuscating the sender of the information and the receiver. It then travels through several more relay nodes before finally reaching an exit node where the information is then sent to where it needs to go. The path through the relay network is established by the client user every time they transmit data and changes which relays are used about every 10 minutes.

The Tor network is maintained by anyone who wishes to set up a relay or exit node. For relay nodes there is no danger with running one since the information from one node to another can’t be tracked. There has though arisen issues dealing with the legality of running exit nodes, mainly if the person running the exit node can be culpable for other users illegal uses of the network. This issue is still up in the air.

Tor is used by people for a variety of reasons. It’s used by law enforcement to visit pages they’re investigating so they can monitor with out leaving behind traces of government IP addresses. Or its also been in the news recently with regards to people in countries with strict censorship laws, allowing them to anonymously say things that could get them arrested. But people also use it for doing illegal things such as downloading warez or trading child porn.

Tor does have its weaknesses. People running the relay nodes and exit nodes might not be able to find out who sent data or where its going but they can view any unencrypted data themselves. So some websites use sign in pages that aren’t SSL secured and are transmitting their logins in such a way that could be accessed by malicious node servers.

Overall Tor is a good beginning for making internet traffic anonymous in a world where people try to exploit any personal information with any given chance, whether it be people, corporations or governments. Hopefully the flaws in it can be worked out to make it even more secure then it is already.

 

Further reading:

http://www.eff.org/torchallenge

https://www.torproject.org/index.html.en

Advertisements