The Onion Router or Tor is a server that keeps users anonymous on the Internet. Tor client software directs internet traffic through a worldwide volunteer network of servers (making several ‘hops’) to conceal a user’s location or usage from anyone conducting network surveillance or traffic analysis.
Using Tor makes it more difficult to trace Internet activity, including visits to Web sites, online posts, and instant messages, IRC, and bittorrent and is intended to protect users’ personal freedom, privacy, and ability to conduct confidential business by keeping their internet activities from being monitored. The Tor client is free software and use of the Tor network is free of charge.
Tor’s anonymity function is endorsed by the Electronic Frontier Foundation (EEF) and other civil liberties groups as a method for whistle blowers and human rights workers to communicate with journalists. Tor may be used to gain access to censored information, organize political activities, or circumvent laws against criticism of heads of state.
Tor can also be used for anonymous defamation, unauthorized leaks of sensitive information, and copyright infringement, the distribution of illegal sexual content, the selling of controlled substances, money laundering, credit card fraud, and identity theft. The black market which exploits the Tor infrastructure operates, at least in part, in conjunction with BitCoin (an encrypted digital currency), and Tor itself has been used by criminal enterprises, hacktivism groups (such as Anonymous), and law enforcement agencies at cross purposes, sometimes simultaneously.
‘Onion Routing’ refers to the layered nature of the encryption service: The original data are encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a ‘layer’ of encryption before passing the data on to the next relay and, ultimately, its destination. This reduces the possibility of the original data being unscrambled or understood in transit. Like all current low latency anonymity networks, Tor cannot and does not attempt to protect against monitoring of traffic at the boundaries of the Tor network, i.e., the traffic entering and exiting the network. Which makes some people reluctant to run exit nodes (the last hop in the Tor chain). While Tor does provide protection against traffic analysis, it cannot prevent traffic confirmation (also called end-to-end correlation).
Services can also be hosted from ‘secret’ locations using the Tor ‘Hidden services’ feature. Rather than revealing the server’s IP address (and therefore its network location), hidden services are accessed through a pseudo top-level domain (TLD), or pseudomain (computer networks that are not participating in the world-wide official Domain Name System, but that may use a similar domain name hierarchy).
These networks are used only for special purposes, such as E-mail and Usenet (although they have no official status, they are generally regarded as having been unofficially grandfathered, and are unlikely ever to be allocated as top-level domains.) The Tor network understands this pseudo TLD (.onion) and routes data anonymously both to and from the hidden service. Due to this lack of reliance on a public address, hidden services may be hosted behind firewalls or network address translators (also called network masquerading).
Tor is decentralized by design; there is no direct readable list of hidden services. There are a number of independent hidden services that serve this purpose. Because location-hidden services do not use exit nodes, they are not subject to exit node eavesdropping. There are, however, a number of security issues involving Tor hidden services. For example, services that are reachable through Tor hidden services and the public Internet are susceptible to correlation attacks and thus not perfectly hidden. Other pitfalls include misconfigured services (e.g. identifying information included by default in web server error responses), uptime and downtime statistics, intersection attacks, and user error.
An alpha version of the software was announced in 2002. Originally sponsored by the US Naval Research Laboratory, Tor was financially supported by the Electronic Frontier Foundation from 2004 to 2005. Tor software is now developed by the Tor Project, a research/education nonprofit organization which receives a diverse base of financial support, including the U.S. State Department and the National Science Foundation. In 2011, the Tor Project was awarded the Free Software Foundation’s 2010 Award for Projects of Social Benefit on the following grounds: ‘Using free software, Tor has enabled roughly 36 million people around the world to experience freedom of access and expression on the Internet while keeping them in control of their privacy and anonymity. Its network has proved pivotal in dissident movements in both Iran and more recently Egypt.’
Steven J. Murdoch and George Danezis from University of Cambridge presented an article at the 2005 IEEE Symposium on security and privacy on traffic-analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams. These techniques greatly reduce the anonymity provided by Tor. Murdoch and Danezis have also shown that otherwise unrelated streams can be linked back to the same initiator. However, this attack fails to reveal the identity of the original user. Murdoch has been working with—and has been funded by—Tor since 2006.
In 2011, researchers with the Rocquencourt, France based National Institute for Research in Computer Science and Control (Institut national de recherche en informatique et en automatique, INRIA) documented an attack that is capable of revealing the IP addresses of BitTorrent users on the Tor network. The results presented in the bad apple attack research paper are based on an actual attack in the wild launched against the Tor network by the authors of the study. The attack targeted six exit nodes, lasted for 23 days, and revealed a total of 10,000 IP addresses of active Tor users.
Nonetheless, Tor and the alternative network system JonDonym (Java Anon Proxy, JAP) are considered more resilient than alternatives such as virtual private networks (VPN). Were a local observer on an ISP or WLAN to attempt to analyze the size and timing of the encrypted data stream going through the VPN, Tor, or JonDo system, the latter two would be harder to analyze, as demonstrated by a 2009 study.
Routers with built-in hardware support for Tor are currently under development through the Torouter project. The Guardian Project is actively developing a free and open-source suite of application programs and firmware for the Android platform to help make mobile communications more secure. The applications include: Gibberbot — a secure, no-logging, instant messaging client; Orbot — a Tor implementation for Android; Orweb — a privacy-enhanced mobile browser; and Secure Smart Cam — a set of privacy enhancing tools that offers encryption of stored images, face detection and blurring, and secure remote sync of media over slow networks.