.gif)
Tor (anonymity network)
Encyclopedia
Tor is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity, including "visits to Web sites, online posts, instant messages and other communication forms", to the user. It is intended to protect users' personal freedom, privacy, and ability to conduct confidential business by keeping their internet activities from being monitored. "Onion routing
" refers to the layered nature of the encryption service: The original data are encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and ultimately the destination. This reduces the possibility of the original data being unscrambled or understood in transit. The software is a free-software
and the network is free of charge to use.
Security Symposium on 13 August 2004. Though the name Tor originated as an acronym of The Onion Routing project, the current project no longer considers the name to be an acronym, and therefore does not use capital letters.
Originally sponsored by the US Naval Research Laboratory
, Tor was financially supported by the Electronic Frontier Foundation
from 2004 to 2005. Tor software is now developed by the Tor Project, which has been a 501(c)(3) research/education nonprofit organization
based in the United States of America since December 2006 and receives a diverse base of financial support.
In March 2011 The Tor Project was awarded the Free Software Foundation's 2010 Award for Projects of Social Benefit on the following grounds: "Using free software, Tor has enabled roughly 36 million people around the world to experience freedom of access and expression on the Internet while keeping them in control of their privacy and anonymity. Its network has proved pivotal in dissident movements in both Iran and more recently Egypt."
, which encrypts and then randomly bounces communications through a network of relays run by volunteers throughout the globe. These onion routers employ encryption
in a multi-layered manner (hence the onion metaphor) to ensure perfect forward secrecy
between relays, thereby providing users with anonymity in network location. That anonymity extends to the hosting of censorship-resistant content via Tor's anonymous hidden service feature. By keeping some of the entry relays secret (bridge relays), users can evade Internet censorship
that relies upon blocking public Tor relays.
Because the internet address
of the sender and the recipient are not both in cleartext at any hop along the way (and at middle relays neither piece of information is in cleartext), someone eavesdropping at any point along the communication channel cannot directly identify both ends. Furthermore, to the recipient it appears that the last Tor node (exit relay) is the originator of the communication rather than the sender.
through the Tor network, using multi-layer encryption, ensuring perfect forward secrecy. At the same time, the onion proxy software presents a SOCKS
interface to its clients. SOCKS-aware applications may be pointed at Tor, which then multiplexes
the traffic through a Tor virtual circuit. The Polipo
proxy server can speak the SOCKS 4 & SOCKS 5 protocols
and therefore is recommended to be used together with the Tor anonymising network. Polipo is a web proxy that does HTTP 1.1 pipelining well, so it can enhance Tor's communication latency.
Once inside a Tor network, the traffic is sent from router to router, ultimately reaching an exit node at which point the cleartext packet is available and is forwarded on to its original destination. Viewed from the destination, the traffic appears to originate at the Tor exit node.
Tor's application independence sets it apart from most other anonymity networks: it works at the Transmission Control Protocol
(TCP) stream level. Applications whose traffic is commonly anonymised using Tor include Internet Relay Chat
(IRC), instant messaging
and World Wide Web
browsing. When browsing the Web, Tor is often coupled with Polipo
or Privoxy
proxy servers. Privoxy is a filtering proxy server
that aims to add privacy
at the application layer. Polipo can speak the SOCKS protocol
and does HTTP 1.1 pipelining for enhancing latencies, therefore is now recommended to be used together with the Tor anonymising network by the torproject.org.
On older versions of Tor (resolved May–July 2010), as with many anonymous web surfing systems, direct Domain Name System
(DNS) requests are usually still performed by many applications, without using a Tor proxy. This allows someone monitoring a user's connection to determine (for example) which WWW sites they are viewing using Tor, even though they cannot see the content being viewed. Using Privoxy
or the command "torify" included with a Tor distribution is a possible solution to this problem. Additionally, applications using SOCKS5 – which supports name-based proxy requests – can route DNS requests through Tor, having lookups performed at the exit node and thus receiving the same anonymity as other Tor traffic.
As of Tor release 0.2.0.1-alpha, Tor includes its own DNS resolver which will dispatch queries over the mix network. This should close the DNS leak and can interact with Tor's address mapping facilities to provide the Tor hidden service (
(TLD), or pseudomain. The Tor network understands this TLD
and routes data anonymously both to and from the hidden service. Due to this lack of reliance on a public address, hidden services may be hosted behind firewalls
or network address translators (NAT). A Tor client is necessary in order to access a hidden service.
Hidden services have been deployed on the Tor network beginning in 2004. Other than the database that stores the hidden-service descriptors, Tor is decentralized by design; there is no direct readable list of hidden services. There are a number of independent hidden services that serve this purpose.
Because location-hidden services do not use exit nodes, they are not subject to exit node eavesdropping. There are, however, a number of security issues involving Tor hidden services. For example, services that are reachable through Tor hidden services and the public Internet are susceptible to correlation attack
s and thus not perfectly hidden. Other pitfalls include misconfigured services (e.g. identifying information included by default in web server error responses), uptime
and downtime
statistics, intersection attacks and user error.
Like all current low latency
anonymity networks, Tor cannot and does not attempt to protect against monitoring of traffic at the boundaries of the Tor network, i.e., the traffic entering and exiting the network. While Tor does provide protection against traffic analysis
, it cannot prevent traffic confirmation (also called end-to-end correlation).
Steven J. Murdoch
and George Danezis from University of Cambridge
presented an article at the 2005 IEEE
Symposium
on security and privacy on traffic-analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams. These techniques greatly reduce the anonymity provided by Tor. Murdoch and Danezis have also shown that otherwise unrelated streams can be linked back to the same initiator. However, this attack fails to reveal the identity of the original user. Murdoch has been working with—and has been funded by—Tor since 2006.
In March 2011, researchers with the Rocquencourt, France based National Institute for Research in Computer Science and Control (Institut national de recherche en informatique et en automatique, INRIA) have documented an attack that is capable of revealing the IP addresses of BitTorrent users on the Tor network. The "bad apple attack" exploits Tor's design and takes advantage of insecure application use to associate the simultaneous usage of a secure application with the IP address of the Tor user in question. One method of attack depends on control of an exit node or hijacking tracker responses, while a secondary attack method is based in part on the statistical exploitation of distributed hash table
tracking. According to the study:
The results presented in the bad apple attack research paper are based on an actual attack in the wild launched against the Tor network by the authors of the study. The attack targeted six exit nodes, lasted for 23 days, and revealed a total of 10,000 IP addresses of active Tor users. This study is particularly significant because it is the first documented attack designed to target P2P
file sharing applications on Tor. BitTorrent may generate as much as 40% of all traffic on Tor, which means a significant number of Tor users are potentially at risk. Furthermore, the bad apple attack is effective against insecure use of any application over Tor, not just BitTorrent.
In September 2007, Dan Egerstad, a Swedish
security consultant, revealed that he had intercepted usernames and passwords for a large number of email accounts by operating and monitoring Tor exit nodes. As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption such as TLS
. While this may or may not inherently violate the anonymity of the source if users mistake Tor's anonymity for end-to-end encryption they may be subject to additional risk of data interception by self-selected third parties. (The operator of any network carrying unencrypted traffic, such as the operator of a wi-fi hotspot or corporate network, has the same ability to intercept traffic as a Tor exit operator. End-to-end encrypted connections should be used if such interception is a concern.) Even without end-to-end encryption, Tor provides confidentiality against these local observers which may be more likely to have interest in the traffic of users on their network than arbitrary Tor exit operators.
Nonetheless, Tor and the alternative network system JonDonym
(Java Anon Proxy, JAP) are considered more resilient than alternatives such as VPNs. Were a local observer on an ISP or WLAN to attempt to analyze the size and timing of the encrypted data stream going through the VPN, Tor or JonDo system, the latter two would be harder to analyze, as demonstrated by a 2009 study.
Researchers from INRIA showed that Tor dissimulation technique in Bittorrent can be bypassed.
In October 2011, a research team from the French engineering school
Esiea claimed to have discovered a way to compromise the Tor network by decrypting communication passing over it. The technique they describe requires creating a map of Tor network nodes, controlling one third of them and then acquiring their encryption keys
and algorithm seeds
. Then, using these known keys and seeds, they claim the ability to decrypt two encryption layers out of three. They claim to break the third key by a statistical-based attack. In order to redirect Tor traffic to the nodes they controlled, they used both Denial-of-service attack and packet spinning methods. No technical analysis has been made available yet for the public or the Tor developers to analyze. Eric Filiol and his team intend to release this information at the upcoming PacSec and Hackers to Hackers conferences.
, Tor's anonymity function is "endorsed by the Electronic Frontier Foundation
and other civil liberties
groups as a method for whistleblower
s and human rights
workers to communicate with journalists". Anonymizing systems such as Tor are at times used for matters that are, or may be, illegal in some countries. For instance, Tor may be used to gain access to censored
information; to organize political activities; or to circumvent laws against criticism of heads of state. At the same time, Tor also allows anonymous defamation, unauthorized leak
s of sensitive information, distributing copyrighted works, or illegal sexual content.
Onion routing
Onion routing is a technique for anonymous communication over a computer network. Messages are repeatedly encrypted and then sent through several network nodes called onion routers. Like someone unpeeling an onion, each onion router removes a layer of encryption to uncover routing instructions, and...
" refers to the layered nature of the encryption service: The original data are encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and ultimately the destination. This reduces the possibility of the original data being unscrambled or understood in transit. The software is a free-software
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
and the network is free of charge to use.
History
An alpha version of the software, with the onion routing network "functional and deployed", was announced on 20 September 2002. Roger Dingledine, Nick Mathewson and Paul Syverson presented "Tor: The Second-Generation Onion Router" at the 13th USENIXUSENIX
-External links:* *...
Security Symposium on 13 August 2004. Though the name Tor originated as an acronym of The Onion Routing project, the current project no longer considers the name to be an acronym, and therefore does not use capital letters.
Originally sponsored by the US Naval Research Laboratory
United States Naval Research Laboratory
The United States Naval Research Laboratory is the corporate research laboratory for the United States Navy and the United States Marine Corps and conducts a program of scientific research and development. NRL opened in 1923 at the instigation of Thomas Edison...
, Tor was financially supported by the Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
from 2004 to 2005. Tor software is now developed by the Tor Project, which has been a 501(c)(3) research/education nonprofit organization
Nonprofit organization
Nonprofit organization is neither a legal nor technical definition but generally refers to an organization that uses surplus revenues to achieve its goals, rather than distributing them as profit or dividends...
based in the United States of America since December 2006 and receives a diverse base of financial support.
In March 2011 The Tor Project was awarded the Free Software Foundation's 2010 Award for Projects of Social Benefit on the following grounds: "Using free software, Tor has enabled roughly 36 million people around the world to experience freedom of access and expression on the Internet while keeping them in control of their privacy and anonymity. Its network has proved pivotal in dissident movements in both Iran and more recently Egypt."
Operation
Tor aims to conceal its users' identities and their network activity from surveillance and traffic analysis by separating identification and routing. It is an implementation of onion routingOnion routing
Onion routing is a technique for anonymous communication over a computer network. Messages are repeatedly encrypted and then sent through several network nodes called onion routers. Like someone unpeeling an onion, each onion router removes a layer of encryption to uncover routing instructions, and...
, which encrypts and then randomly bounces communications through a network of relays run by volunteers throughout the globe. These onion routers employ encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
in a multi-layered manner (hence the onion metaphor) to ensure perfect forward secrecy
Perfect forward secrecy
In an authenticated key-agreement protocol that uses public key cryptography, perfect forward secrecy is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.Forward...
between relays, thereby providing users with anonymity in network location. That anonymity extends to the hosting of censorship-resistant content via Tor's anonymous hidden service feature. By keeping some of the entry relays secret (bridge relays), users can evade Internet censorship
Internet censorship
Internet censorship is the control or suppression of the publishing of, or access to information on the Internet. It may be carried out by governments or by private organizations either at the behest of government or on their own initiative...
that relies upon blocking public Tor relays.
Because the internet address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
of the sender and the recipient are not both in cleartext at any hop along the way (and at middle relays neither piece of information is in cleartext), someone eavesdropping at any point along the communication channel cannot directly identify both ends. Furthermore, to the recipient it appears that the last Tor node (exit relay) is the originator of the communication rather than the sender.
Originating traffic
Users of a Tor network run an onion proxy on their machine. The Tor software periodically negotiates a virtual circuitVirtual circuit
In telecommunications and computer networks, a virtual circuit , synonymous with virtual connection and virtual channel, is a connection oriented communication service that is delivered by means of packet mode communication...
through the Tor network, using multi-layer encryption, ensuring perfect forward secrecy. At the same time, the onion proxy software presents a SOCKS
SOCKS
SOCKS is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS5 additionally provides authentication so only authorized users may access a server...
interface to its clients. SOCKS-aware applications may be pointed at Tor, which then multiplexes
Multiplexing
The multiplexed signal is transmitted over a communication channel, which may be a physical transmission medium. The multiplexing divides the capacity of the low-level communication channel into several higher-level logical channels, one for each message signal or data stream to be transferred...
the traffic through a Tor virtual circuit. The Polipo
Polipo
Polipo is a fast and lightweight, forwarding and caching proxy server and computer software daemon.By virtue of being a compliant HTTP 1.1 proxy, Polipo has all the uses of traditional Web proxies. It features HTTP 1.1, IPv4 & IPv6, traffic filtering and privacy-enhancement. Polipo supports HTTP...
proxy server can speak the SOCKS 4 & SOCKS 5 protocols
SOCKS
SOCKS is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS5 additionally provides authentication so only authorized users may access a server...
and therefore is recommended to be used together with the Tor anonymising network. Polipo is a web proxy that does HTTP 1.1 pipelining well, so it can enhance Tor's communication latency.
Once inside a Tor network, the traffic is sent from router to router, ultimately reaching an exit node at which point the cleartext packet is available and is forwarded on to its original destination. Viewed from the destination, the traffic appears to originate at the Tor exit node.
Tor's application independence sets it apart from most other anonymity networks: it works at the Transmission Control Protocol
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
(TCP) stream level. Applications whose traffic is commonly anonymised using Tor include Internet Relay Chat
Internet Relay Chat
Internet Relay Chat is a protocol for real-time Internet text messaging or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file...
(IRC), instant messaging
Instant messaging
Instant Messaging is a form of real-time direct text-based chatting communication in push mode between two or more people using personal computers or other devices, along with shared clients. The user's text is conveyed over a network, such as the Internet...
and World Wide Web
World Wide Web
The World Wide Web is a system of interlinked hypertext documents accessed via the Internet...
browsing. When browsing the Web, Tor is often coupled with Polipo
Polipo
Polipo is a fast and lightweight, forwarding and caching proxy server and computer software daemon.By virtue of being a compliant HTTP 1.1 proxy, Polipo has all the uses of traditional Web proxies. It features HTTP 1.1, IPv4 & IPv6, traffic filtering and privacy-enhancement. Polipo supports HTTP...
or Privoxy
Privoxy
Privoxy is a non-caching web proxy with filtering capabilities for enhancing privacy, modifying web page data and HTTP headers before the page is rendered by the browser. Privoxy is a "privacy enhancing proxy", filtering Web pages and removing advertisements...
proxy servers. Privoxy is a filtering proxy server
Proxy server
In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
that aims to add privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
at the application layer. Polipo can speak the SOCKS protocol
SOCKS
SOCKS is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS5 additionally provides authentication so only authorized users may access a server...
and does HTTP 1.1 pipelining for enhancing latencies, therefore is now recommended to be used together with the Tor anonymising network by the torproject.org.
On older versions of Tor (resolved May–July 2010), as with many anonymous web surfing systems, direct Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
(DNS) requests are usually still performed by many applications, without using a Tor proxy. This allows someone monitoring a user's connection to determine (for example) which WWW sites they are viewing using Tor, even though they cannot see the content being viewed. Using Privoxy
Privoxy
Privoxy is a non-caching web proxy with filtering capabilities for enhancing privacy, modifying web page data and HTTP headers before the page is rendered by the browser. Privoxy is a "privacy enhancing proxy", filtering Web pages and removing advertisements...
or the command "torify" included with a Tor distribution is a possible solution to this problem. Additionally, applications using SOCKS5 – which supports name-based proxy requests – can route DNS requests through Tor, having lookups performed at the exit node and thus receiving the same anonymity as other Tor traffic.
As of Tor release 0.2.0.1-alpha, Tor includes its own DNS resolver which will dispatch queries over the mix network. This should close the DNS leak and can interact with Tor's address mapping facilities to provide the Tor hidden service (
.onion) access to non-SOCKS-aware applications.Hidden services
Tor can also provide anonymity to servers in the form of location-hidden services, which are Tor clients or relays running specially configured server software. Rather than revealing the server's IP address (and therefore its network location), hidden services are accessed through Tor-specific.onion.onion.onion is a pseudo-top-level domain host suffix designating an anonymous hidden service reachable via the Tor network...
pseudo top-level domainPseudo top-level domain
A number of pseudo-top-level domains to be used in naming computers have been defined at various times. These "pseudo-TLDs" or "pseudomains" include .bitnet, .csnet, .exit, .i2p, .local, .onion, .oz, .freenet and .uucp...
(TLD), or pseudomain. The Tor network understands this TLD
Top-level domain
A top-level domain is one of the domains at the highest level in the hierarchical Domain Name System of the Internet. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last label of a...
and routes data anonymously both to and from the hidden service. Due to this lack of reliance on a public address, hidden services may be hosted behind firewalls
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
or network address translators (NAT). A Tor client is necessary in order to access a hidden service.
Hidden services have been deployed on the Tor network beginning in 2004. Other than the database that stores the hidden-service descriptors, Tor is decentralized by design; there is no direct readable list of hidden services. There are a number of independent hidden services that serve this purpose.
Because location-hidden services do not use exit nodes, they are not subject to exit node eavesdropping. There are, however, a number of security issues involving Tor hidden services. For example, services that are reachable through Tor hidden services and the public Internet are susceptible to correlation attack
Correlation attack
In cryptography, correlation attacks are a class of known plaintext attacks for breaking stream ciphers whose keystream is generated by combining the output of several linear feedback shift registers using a Boolean function...
s and thus not perfectly hidden. Other pitfalls include misconfigured services (e.g. identifying information included by default in web server error responses), uptime
Uptime
Uptime is a measure of the time a machine has been up without any downtime.It is often used as a measure of computer operating system reliability or stability, in that this time represents the time a computer can be left unattended without crashing, or needing to be rebooted for administrative or...
and downtime
Downtime
The term downtime is used to refer to periods when a system is unavailable.Downtime or outage duration refers to a period of time that a system fails to provide or perform its primary function...
statistics, intersection attacks and user error.
Weaknesses
Like all current low latency
Low latency
Low latency allows human-unnoticeable delays between an input being processed and the corresponding output providing real time characteristics. This can be especially important for internet connections utilizing services such as online gaming and VOIP....
anonymity networks, Tor cannot and does not attempt to protect against monitoring of traffic at the boundaries of the Tor network, i.e., the traffic entering and exiting the network. While Tor does provide protection against traffic analysis
Traffic analysis
Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and...
, it cannot prevent traffic confirmation (also called end-to-end correlation).
Steven J. Murdoch
Steven Murdoch
Steven J. Murdoch is a security researcher at the University of Cambridge Computer Laboratory. His research covers privacy-enhancing technology, Internet censorship, and anonymous communication, in particular Tor. He is also known for discovering several vulnerabilities in the EMV bank chipcard...
and George Danezis from University of Cambridge
University of Cambridge
The University of Cambridge is a public research university located in Cambridge, United Kingdom. It is the second-oldest university in both the United Kingdom and the English-speaking world , and the seventh-oldest globally...
presented an article at the 2005 IEEE
Institute of Electrical and Electronics Engineers
The Institute of Electrical and Electronics Engineers is a non-profit professional association headquartered in New York City that is dedicated to advancing technological innovation and excellence...
Symposium
Symposium
In ancient Greece, the symposium was a drinking party. Literary works that describe or take place at a symposium include two Socratic dialogues, Plato's Symposium and Xenophon's Symposium, as well as a number of Greek poems such as the elegies of Theognis of Megara...
on security and privacy on traffic-analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams. These techniques greatly reduce the anonymity provided by Tor. Murdoch and Danezis have also shown that otherwise unrelated streams can be linked back to the same initiator. However, this attack fails to reveal the identity of the original user. Murdoch has been working with—and has been funded by—Tor since 2006.
In March 2011, researchers with the Rocquencourt, France based National Institute for Research in Computer Science and Control (Institut national de recherche en informatique et en automatique, INRIA) have documented an attack that is capable of revealing the IP addresses of BitTorrent users on the Tor network. The "bad apple attack" exploits Tor's design and takes advantage of insecure application use to associate the simultaneous usage of a secure application with the IP address of the Tor user in question. One method of attack depends on control of an exit node or hijacking tracker responses, while a secondary attack method is based in part on the statistical exploitation of distributed hash table
Distributed hash table
A distributed hash table is a class of a decentralized distributed system that provides a lookup service similar to a hash table; pairs are stored in a DHT, and any participating node can efficiently retrieve the value associated with a given key...
tracking. According to the study:
The results presented in the bad apple attack research paper are based on an actual attack in the wild launched against the Tor network by the authors of the study. The attack targeted six exit nodes, lasted for 23 days, and revealed a total of 10,000 IP addresses of active Tor users. This study is particularly significant because it is the first documented attack designed to target P2P
Peer-to-peer
Peer-to-peer computing or networking is a distributed application architecture that partitions tasks or workloads among peers. Peers are equally privileged, equipotent participants in the application...
file sharing applications on Tor. BitTorrent may generate as much as 40% of all traffic on Tor, which means a significant number of Tor users are potentially at risk. Furthermore, the bad apple attack is effective against insecure use of any application over Tor, not just BitTorrent.
In September 2007, Dan Egerstad, a Swedish
Sweden
Sweden , officially the Kingdom of Sweden , is a Nordic country on the Scandinavian Peninsula in Northern Europe. Sweden borders with Norway and Finland and is connected to Denmark by a bridge-tunnel across the Öresund....
security consultant, revealed that he had intercepted usernames and passwords for a large number of email accounts by operating and monitoring Tor exit nodes. As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption such as TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
. While this may or may not inherently violate the anonymity of the source if users mistake Tor's anonymity for end-to-end encryption they may be subject to additional risk of data interception by self-selected third parties. (The operator of any network carrying unencrypted traffic, such as the operator of a wi-fi hotspot or corporate network, has the same ability to intercept traffic as a Tor exit operator. End-to-end encrypted connections should be used if such interception is a concern.) Even without end-to-end encryption, Tor provides confidentiality against these local observers which may be more likely to have interest in the traffic of users on their network than arbitrary Tor exit operators.
Nonetheless, Tor and the alternative network system JonDonym
Java Anon Proxy
Java Anon Proxy, also known as JAP or JonDonym, is a proxy system designed to allow browsing the Web with revocable pseudonymity. It was originally developed as part of a project of the Technische Universität Dresden, the Universität Regensburg and Privacy Commissioner of Schleswig-Holstein...
(Java Anon Proxy, JAP) are considered more resilient than alternatives such as VPNs. Were a local observer on an ISP or WLAN to attempt to analyze the size and timing of the encrypted data stream going through the VPN, Tor or JonDo system, the latter two would be harder to analyze, as demonstrated by a 2009 study.
Researchers from INRIA showed that Tor dissimulation technique in Bittorrent can be bypassed.
In October 2011, a research team from the French engineering school
Grandes écoles
The grandes écoles of France are higher education establishments outside the main framework of the French university system. The grandes écoles select students for admission based chiefly on national ranking in competitive written and oral exams...
Esiea claimed to have discovered a way to compromise the Tor network by decrypting communication passing over it. The technique they describe requires creating a map of Tor network nodes, controlling one third of them and then acquiring their encryption keys
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
and algorithm seeds
Random seed
A random seed is a number used to initialize a pseudorandom number generator.The choice of a good random seed is crucial in the field of computer security...
. Then, using these known keys and seeds, they claim the ability to decrypt two encryption layers out of three. They claim to break the third key by a statistical-based attack. In order to redirect Tor traffic to the nodes they controlled, they used both Denial-of-service attack and packet spinning methods. No technical analysis has been made available yet for the public or the Tor developers to analyze. Eric Filiol and his team intend to release this information at the upcoming PacSec and Hackers to Hackers conferences.
Legal aspects
According to CNetCNET
CNET is a tech media website that publishes news articles, blogs, and podcasts on technology and consumer electronics. Originally founded in 1994 by Halsey Minor and Shelby Bonnie, it was the flagship brand of CNET Networks and became a brand of CBS Interactive through CNET Networks' acquisition...
, Tor's anonymity function is "endorsed by the Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
and other civil liberties
Civil liberties
Civil liberties are rights and freedoms that provide an individual specific rights such as the freedom from slavery and forced labour, freedom from torture and death, the right to liberty and security, right to a fair trial, the right to defend one's self, the right to own and bear arms, the right...
groups as a method for whistleblower
Whistleblower
A whistleblower is a person who tells the public or someone in authority about alleged dishonest or illegal activities occurring in a government department, a public or private organization, or a company...
s and human rights
Human rights
Human rights are "commonly understood as inalienable fundamental rights to which a person is inherently entitled simply because she or he is a human being." Human rights are thus conceived as universal and egalitarian . These rights may exist as natural rights or as legal rights, in both national...
workers to communicate with journalists". Anonymizing systems such as Tor are at times used for matters that are, or may be, illegal in some countries. For instance, Tor may be used to gain access to censored
Censorship
thumb|[[Book burning]] following the [[1973 Chilean coup d'état|1973 coup]] that installed the [[Military government of Chile |Pinochet regime]] in Chile...
information; to organize political activities; or to circumvent laws against criticism of heads of state. At the same time, Tor also allows anonymous defamation, unauthorized leak
News leak
A news leak is a disclosure of embargoed information in advance of its official release, or the unsanctioned release of confidential information.-Types of news leaks:...
s of sensitive information, distributing copyrighted works, or illegal sexual content.
Implementation
- The main implementation of Tor is written in the C programming language and consists of roughly 146,000 lines of source code.
- VuzeVuzeVuze is a BitTorrent client used to transfer files via the BitTorrent protocol. Vuze is written in Java, and uses the Azureus Engine. In addition to downloading data linked to by .torrent files, Azureus allows users to view, publish and share original DVD and HD quality video content...
(formerly Azureus), a BitTorrent client written in Java, includes built-in Tor support. - Routers with built-in hardware support for Tor are currently under development through the Torouter project. The code is currently in the alpha phase of development, and runs on top of the OpenWrtOpenWrtOpenWrt is a Linux distribution primarily targeted at routing on embedded devices. It comprises a set of about 2000 software packages, installed and uninstalled via the opkg package management system. OpenWrt can be configured using the command-line interface of BusyBox ash, or the web interface...
platform. - The Guardian Project is actively developing a free and open-source suite of application programs and firmware for the Android platform to help make mobile communications more secure. The applications include: Gibberbot — a secure, no-logging, instant messaging client that uses OTR encryptionOff-the-record messagingOff-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function...
; Orbot — a Tor implementation for Android; Orweb — a privacy-enhanced mobile browser; ProxyMob — a Firefox add-on that helps manage the HTTP, SOCKS, and SSL proxy settings for integration with Orbot; and Secure Smart Cam — a set of privacy enhancing tools that offers encryption of stored images, face detection and blurring, and secure remote sync of media over slow networks.
See also
- Anonymous P2PAnonymous P2PAn anonymous P2P communication system is a peer-to-peer distributed application in which the nodes or participants are anonymous or pseudonymous...
- Anonymous remailerAnonymous remailerAn anonymous remailer is a server computer which receives messages with embedded instructions on where to send them next, and which forwards them without revealing where they originally came from...
- Arm (software)Arm (software)The anonymizing relay monitor is a command-line status monitor for the Tor anonymity network. This functions much like top does for system usage, providing real time statistics for:* resource usage...
- Crypto-anarchismCrypto-anarchismCrypto-anarchism expounds the use of strong public-key cryptography to bring about privacy and freedom. It was described by Vernor Vinge as a cyberspatial realization of anarchism. Crypto-anarchists aim to create cryptographic software that can be used to evade prosecution and harassment while...
- Free Haven Project
- Freedom of informationFreedom of informationFreedom of information refers to the protection of the right to freedom of expression with regards to the Internet and information technology . Freedom of information may also concern censorship in an information technology context, i.e...
- FreenetFreenetFreenet is a decentralized, censorship-resistant distributed data store originally designed by Ian Clarke. According to Clarke, Freenet aims to provide freedom of speech through a peer-to-peer network with strong protection of anonymity; as part of supporting its users' freedom, Freenet is free and...
- HacktivismHacktivismHacktivism is the use of computers and computer networks as a means of protest to promote political ends. The term was first coined in 1994 by a member of the Cult of the Dead Cow hacker collective named Omega...
- I2PI2PI2P is a mixed-license, free and open source project building an anonymous network .The network is a simple layer that applications can use to anonymously and securely send...
- Incognito (operating system)
- Internet censorshipInternet censorshipInternet censorship is the control or suppression of the publishing of, or access to information on the Internet. It may be carried out by governments or by private organizations either at the behest of government or on their own initiative...
- Internet privacyInternet privacyInternet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, providing to third-parties, and displaying of information pertaining to oneself via the Internet. Privacy can entail both Personally Identifying Information or non-PII information such as a...
- NetsukukuNetsukukuNetsukuku is the name of an experimental peer-to-peer routing system, developed by the in 2006, created to build up a distributed network, anonymous and censorship-free, fully independent but not necessarily separated from the Internet, without the support of any server, ISP and no central...
- OpenNet InitiativeOpenNet InitiativeThe OpenNet Initiative is a joint project whose goal is to monitor and report on internet filtering and surveillance practices by nations. The project employs a number of technical means, as well as an international network of investigators, to determine the extent and nature of government-run...
- OperaTor (web browser)
- Phantom Anonymity ProtocolPhantom Anonymity ProtocolThe Phantom anonymity protocol was designed in 2008 by Swedish security researcher Magnus Bråding to provide anonymity optimized for the current conditions and needs of average internet users. The design goal was feasibility for mass adoption as a de facto internet anonymization standard...
- PolipoPolipoPolipo is a fast and lightweight, forwarding and caching proxy server and computer software daemon.By virtue of being a compliant HTTP 1.1 proxy, Polipo has all the uses of traditional Web proxies. It features HTTP 1.1, IPv4 & IPv6, traffic filtering and privacy-enhancement. Polipo supports HTTP...
- Portable TorPortable TorPortableTor is a free repackaged version of the bundled Tor Software by Roger Dingledine and Nick Mathewson. The program allows the end user to connect to the Tor anonymity network from a removable media without installing anything to the hard drive...
- PrivoxyPrivoxyPrivoxy is a non-caching web proxy with filtering capabilities for enhancing privacy, modifying web page data and HTTP headers before the page is rendered by the browser. Privoxy is a "privacy enhancing proxy", filtering Web pages and removing advertisements...
- Proxy serverProxy serverIn computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
- Tails (Linux distribution) The Amnesic Incognito Live SystemThe Amnesic Incognito Live System or Tailsis a Linux distribution aimed at preserving privacy and anonymity. It is the next iteration of development on the Incognito Linux distribution. It is based on Debian, with all outgoing connections forced to go through Tor...
- The Silk Road (anonymous marketplace)
- Tor-ramdiskTor-ramdiskTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet...
- TorChatTorChatTorChat is a decentral anonymous instant messenger that uses Tor hidden services as its underlying Network. It can be used for text messaging and to transfer files to other users...
- Vidalia projectVidalia projectVidalia is a cross-platform controller GUI for Tor, built using the Qt. It allows the user to start, stop, and view the status of Tor; monitor bandwidth usage; view, filter, and search log messages; and configure some aspects of Tor...
- xB MachineXB MachinexB Machine has been a virtual operating system that was small enough to fit on a USB drive. The last version seems to have been 0.9.1.5 in mid of 2008. It brought a secure computing environment that anonymized all internet activity, and had portable encrypted file storage. It had been developed and...
- XeroBank Browser
Further reading
- AnonWatch, Tor in Depth Security Analysis of the Tor Network
- Goodin, Dan "Tor at heart of embassy passwords leak", 10 September 2007 article on The RegisterThe RegisterThe Register is a British technology news and opinion website. It was founded by John Lettice, Mike Magee and Ross Alderson in 1994 as a newsletter called "Chip Connection", initially as an email service...
news website. (Accessed 20 September 2007). - Krebs, Brian, Attacks Prompt Update for 'Tor' Anonymity Network 8 August 2007 (Accessed 27 October 2007)
- Zhelatin.IR (= Storm Worm) 7 September 2007 (Accessed 27 October 2007)
- Make Tor go the whole hog Hacker Magazine article
External links
- Tor Project FAQ: LiveCD & Bundled Software
- Tor Support Programs — Commonly used programs that integrate with Tor
- Core Onion — Introductory point to Tor services (Tor is required to access this site)
- Tor Network Statistics
- Tor: The Onion Router - Introduction to Tor in How to Bypass Internet Censorship
- Tor Hidden Service (.onion) search