You surely have already heard about it. It would allow you to stay anonymous on the Internet. It is called TOR. But how does it work ? Is it useful ?
What is TOR ?
TOR is an acronym for «The Onion Routing project », original name of the software. TOR is based on « onion routing », developed in the 1990s by 2 American researchers to anonymize communications of US intelligence. The project became public in the 2000s.
TOR is presented as a free and open-source web browser that you can download at torproject.org. Unlike other web browsers such as Chrome, Firefox, Brave or Safari, TOR implements an additional module which allows it to exploit the principle of onion routing in order to make our communications anonymous.
What’s the anonymity problem in the internet ?
First, to understand why TOR can be useful, let’s see why we are not anonymous when browsing the internet.
In the current Internet, each host is identified by an IP Address which is unique — in reality it is a bit more complicated today. This address works exactly like a postal address. It enables the postal services and the postman (In internet, it is the routers) to deliver your parcels 📦 (route the data packets) from the sender (the host) to the recipient (the destination). The problem is that like your postal address, your IP address is not encrypted, and it cannot. Otherwise, how would the routers know where to send the data packets ? We can compare this with our postal address : assume you lived in a secret location, in a secret town whose name and ZIP code is only known to you. How can the postal services deliver your mail ? They can’t. It works exactly the same on the Internet. We understand why our IP address cannot remain private. So, are we doomed to stay public on the internet ? At least in real life, we can always go to the middle of the Saharan desert 🐪 if we want to hide. The good news is that because the Internet is marvelous, it is possible and (way) easier online 🌍. The answer is called 🧅 routing.
Onion routing, the easy way.
« There’s a genius in all of us » — Albert Einstein
Thankfully, we live in a world where there is always a solution. And once again, it is true in that case.
Let’s think again of our postal service. How can I send an anonymous parcel to someone without revealing my identity and my address ? I don’t want the post office knowing that I’m the one who sent the parcel. One way to do it is to give the parcel to a friend and ask him to send the package on my behalf. But what if my correspondent discovered that I was not the true sender and corrupted my friend, asking him to denounce me ? Is there a workaround ? Happily, yes ! Think about the following solution :
- Ask a friend to send the package to a third party.
- In the package, put a notice that asks the third party to send the content of the parcel again to the final recipient.
Thus, the final recipient would have to corrupt 2 people to discover my identity. If I want to increase the security even more, I can even add a third friend to transfer the package between my 2 friends, and a fourth etc.. This is exactly the principle of onion routing. Instead of parcels, it is data packets, and instead of friends, it is what we call TOR “relays”.
Also, in case I want the recipient of the package to be able to confirm he received it, I need to provide him a way to reply to me without providing him my true identity. One way to do it is to add another notice in the package that asks each node to keep track of the address from whom they received the original package, and to forward an eventual reply to this same address. That way, I will be able to receive the confirmation.
To connect to a website through TOR, you connect to at least and usually 3 and up to 8 relays. A relay acts exactly like one of my friend : it receives a packet, look where it needs to forward it, and forward it to the intended relay. The first relay is called the entry guard, the second one the middle relay and the last one the exit relay. This set of relays is called a TOR circuit.
Onion routing, a bit more involved.
Assume I want to visit www.supersecretwebsite.com anonymously through TOR. I fire up my TOR browser and type www.supersecretwebsite.com. At startup, TOR browser establishes a circuit that is used to forward all the packets for this browsing session. Let’s see how this circuit is created.
First, TOR browser connects to an entry guard. It uses the public list of all TOR nodes IP addresses to find one. Then, it asks this entry guard to « extend the circuit » towards a middle relay. This means the middle relay only sees the address of the entry guard but not our address. One more time, our TOR browser asks (through the partially established circuit) the middle node to extend the circuit to the exit node. This completes the circuit. Each node can only see the address of its predecessor and its successor without knowing nothing more. The entry guard can see the address of the host but doesn’t know the address of the destination. The exit node can see the address of the destination but can’t see the address of the host. Thus, privacy is ensured.
All of this can be done thanks to the power of cryptography. In particular what we call hybrid cryptography. Without going into details, the main idea is to create a secret key for each node and to distribute it securely to them using their long time key. Why not using their long time key directly ? Mainly for performance reasons. When the circuit is completed, we share a unique secret key with each node of the circuit, and each node only knows its predecessor and its sucessor. Then, we can successively encrypt our packets with all the secret keys we negotiated during the circuit setup phase. This is where the “onion” routing name comes from. The succession of all these layers of encryption looks like an onion.
To understand a bit better how it works let’s look at a small drawing :
The data packet we send from our computer is symbolized by the black dot. Each relay shares with us its own secret key 🔑 symbolized by the color of its circle. A relay can only decrypt the data for which he has the key.
We can see that our TOR browser (our computer) encrypts the data packet successively with each secret keys we negotiated with each relay, starting with the exit relay key and finishing with the entry guard key. What’s the point ? The point is to make sure that each relay can only see the data it is intended to see : the address of the next relay where it should forward the packet and nothing more.
When the packet arrives at relay1, it decrypts the yellow layer with its own key from which he learns that it needs to forward the packet to relay2. It forwards the packet to relay2. When relay2 receives the packets, it proceeds exactly the same way. And finally, relay3 decrypts the last TOR encryption layer of the packet and forwards it to the website server.
When the website server replies to us, everything happens exactly the same way, but in reverse. Instead of «peeling the onion», the onion is «rebuilt» 😉. Thanks to the table they build during circuit setup, each relay knows which key to use to encrypt the packet back, and to which relay to forward the reply. When the reply reaches our computer, we can successively use all the keys to decrypt the reply. We peel the onion again.
Amazing ! So, I can be anonymous at an time ?
TOR fascinates me. To my eyes, it is an incredible beautifully designed protocol. In theory, it enables anyone to be anonymous on the internet. However, the world is not perfect and neither is TOR. There are several known attacks against TOR, some of them being easier than others. To keep things short, we’ll not detail them here. However, all of these attacks are already very involved, and I can’t see any situation for someone like you or me where the level of anonymity provided by TOR wouldn’t suffice.