TOR: Privacy, Anonymity & Security

Tor makes it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server.

Introduction

We live in the era of information where anyone who has access to the Internet has all the information in the world at their fingertips. While the internet has extended the possibility to share information, it has also caused many users and Government Agencies to worry about their own private information, including their browsing activities and sensitive data, which can be viewed without their permission and knowledge. With increasing concerns about privacy and security, internet users are looking for ways to access the internet anonymously. To provide extensive anonymous communication services for US Navy, the researchers at Naval Research Laboratory developed the onion-based routing system. The purpose of this system was to protect U.S. intelligence communications online. It was first developed for the private use of the Navy but as of today, it is open source with 100s of active contributors. The Onion Router(TOR) is the world’s largest anonymous communication network that exists today, with more than 7000 different server nodes around the world. TOR serves millions of online users with anonymous communication services daily.

The Tor network is based on a low-latency onion-routing design, where traffic is forwarded through randomly selected , wrapping data in multiple layers of encryption (onion skins) to maintain unlinkability . An is also called a relay.

How Tor Works?

The way how TOR protects your identity is that the source IP addresses are not stored in the data transferred. TOR only stores the destination address and the IP address of the node that last processed the data. So there is no way hackers can find your original IP address.

TOR works by encrypting the destination IP address. The source IP is not stored, only the IP address of the previous node used in the Tor network is stored. So, it is nearly impossible to tell where the data is originated from.

There are thousands of TOR relays on the Tor network. When Tor sends data, it randomly selects one relay to communicate. The next relay then picks the next relay, and so on. In order for private communication between the two relays, they exchange encryption keys.

TOR Browser is just a modified version of Firefox Browser.

Should you use TOR?

To be completely honest, most people shouldn’t actually need to use TOR. If you’re not concerned about your anonymity but just want to protect sensitive information from eavesdroppers, secured HTTPS connections and/or VPN is enough. Difference between Privacy and Anonymity. TOR should be used where anonymity is a must.

With great power comes great responsibility

There is no doubt that TOR is a powerful tool, which can be used for good or evil, but it’s not for everyone(I am referring to Script Kiddies) and shouldn’t be wrongly used. Do not use TOR unless you absolutely need it, and always make sure that you understand what you are doing, so you don’t make things go wrong. Else:

Advantages and Disadvantages of Tor

I’ve listed some of the advantages and disadvantages of using the Tor Network below. Choose wisely, whether you want to use it or not.

Advantages

• You can hide your IP address.
• You can access dark web websites.
• Free to use.
• Helps you to stay anonymous.
• Leak sensitive data safely. (VmlhbmV0IENvbW11bmljYXRpb24K)

Disadvantages

• Very Slow Connection.
• Tor is also used for lots of illegal activities.
• Malware everywhere.
• Exit Node MITM
• One mistake, Life Prison.

Installing Tor

If you want to install TOR in your Kali System (WUVTIFdpbmRvd3Mgc3Vja3MK), you can easily install it using the following commands:

$ sudo apt-get update

$ sudo apt-get install tor torbrowser-launcher -y

installing tor and browser

Tor for Android

You can download Tor Browser directly from the Google Play store to browse the Tor websites.

Is TOR really safe to use?

Everything can be hacked into, it’s just a matter of time. Accept this fact, TOR is not 100% secure. Most attacks on Tor focus on identifying a relationship between a client and a server that is being served on the Tor network. This process is known as de-anonymization. The 3 letter government agencies are actively trying to track down Tor users.

“They are actively trying to break the encryption used by Tor" -Edward Snowden.

TOR has various flaws that an attacker or three-letter agencies can take advantage of and target particular people or certain services. Let’s talk about some flaws of TOR:

Flaws Of Tor

1. Exit Node MITM

There are 1111 exit nodes (April 2021). It is assumed that multiple exit nodes are owned by three-letter government agencies and are actively performing MITM attacks. The tor decryption process actually happens in the exit node which makes MITM attack possible. But this attack is not effective anymore because most of the website uses an SSL certificate to encrypt data sent. Here is one of my favorite clip from the series Mr. Robot which perfectly explain this attack.

Mr. Robot MITM in Exit Node

2. Distributed Denial Of Service

In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.

TOR nodes especially exit nodes have been targeted many times with this attack. Attacker groups or large Government entities can attack sites or nodes to make all nodes unavailable. So far this scenario has not happened. This attack is more dangerous when the attack is performed using the 0-day vulnerability.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network

https://lists.torproject.org/pipermail/tor-relays/2014-August/005059.html

3. Device Fingerprinting

Device fingerprinting and browser fingerprinting are techniques for identifying individual devices or browsers, based on their unique configurations. A browser fingerprint may consist of information like the browser’s type and version, active plugins, the time zone, language, screen resolution, and various other settings. But TOR tries its best to save you from this attack. According to Laperdrix, “The approach chosen by Tor developers is simple: all Tor users have the exact same fingerprint. No matter what device or operating system you are using, your browser fingerprint should be the same as any device running Tor Browser.” There are still many ways that can be used for fingerprinting.

Fingerprinting Attack on the Tor Anonymity System

Browser Fingerprinting: An Introduction and the Challenges Ahead

I just got lucky. He answered my question lol

4. DNS Leak

When using anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymous network. If any traffic leaks outside of the secure connection to the network, your ISP will be able to log your activity. Whenever your computer needs to contact a server on the Internet, such as when you enter a URL into your browser, your computer contacts a DNS server and requests the IP address. Most Internet service providers assign their customers a DNS server which they control. Under certain conditions, even when connected to the anonymous network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymous network. DNS leaks are a major privacy threat since the anonymous network may be providing a false sense of security while private data is leaking. This is not actually a flaw of TOR.

DNS Leak Test

5. Correlation Attacks

Correlation attacks are well-known de-anonymization attacks. In this category of attacks, it is assumed that the attacker controls both the entry node and the exit node of the circuit between the client and the server. The attacker is looking for a correlation in traffic between the entry node and the exit node because then he can conclude that the entry node and the exit node participate in the circuit. The entry node knows the client, the exit node knows the server, so the attacker can confirm that the client and the server are communicating.

Correlation Attacks on TOR

Conclusion

TOR is one of the most powerful tool and important tool for people like us who really care about privacy and anonymity.

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

TOR is powerful as well as risky. Always make sure that you understand what you are doing.

I am in no way an expert user of TOR and this article is completely based on my personal research and may not be 100% correct. That’s it for today’s post. More about the Dark Web, TOR, and much more will be covered in the next article. Use TOR responsibly. Don’t be a jerk.