Tor (The Onion Router)

‘Tor is a low-latency anonymity-preserving network that enables its users to protect their privacy online’ by applying encryption through ‘onion routing technlogy’(AlSabah et al.

2012:1).Onion routing was first developed and designed in the 1990s by the US Naval research laboratory, which faciliated encrypted communication between parties in order to secure online intelligence activities. Tor is a relatively decentralised mesh of proxy servers (p2p network) where the data is bounced through relays, or nodes.¹¹⁸ A node is a computer running Tor software, which takes a request, with data sent through a proxy configuration adding a layer of encryption at every node and whilst still encrypted, sends it to the next random node.In a nutshell this means that the data which is sent over the network is first packed in multiple layers of encryption, which are peeled off one by one by each relay on the randomly selected route the package travels (Spitters et al. 2014:1).

Figure 47: Diagram originally contributed by Ludovic F. via Privacy Canada for the Electronic Frontier Foundations December edition 2011

118 There is a central structure that is monitored by The Tor Project.

More than 6000 relays facilitate the transferral of data, applying ‘onion routing’ as a tactic for anonymity (ibid). With ‘three hops is anonymity’ (Winter et al. 2014:6), Tor is structured by 3 relays (entry, middle, exit) that transmit the communication through a system of circuits, thereby not divulging the IP address of the user and ‘hiding’ their identity.¹¹⁹

By default, circuits are composed of three ORs [onion router], usually nicknamed the entry guard, middle and exit OR, depending on their position on the circuit. Of the three ORs, only the entry guard knows and communicates directly with the client, and only the exit knows the Internet destination that the client is communicating with, but no OR can link a client to a destination; this is how a client’s privacy is maintained in Tor (AlSabah et al. 2012:74-75).

Whilst decrypting the data at every ‘hop’ and forwarding it to the next onion router, the data packet exits the closed system and only then does the user’s IP address become ‘transparent’.

(Figure 47) When it finally reaches its destination, whatever website one is trying to reach, the response comes back, with everything happening in reverse until the content is displayed in the Tor browser. At the end of a browsing session user history is deleted along with the HTTP cookie. ‘This complex process means that if a message is intercepted at any point it is almost impossible to identify its origin, its content or the intended recipient, even if you have the resources of the NSA’ (Glenny 2015:2).

Figure 48: Tor Flow website from January 13, 2016. https://torflow.uncharted.software/

Released to the public in 2002, prior to becoming a not-for-profit in 2006, Tor is a browser that is downloadable for free by anyone with an internet connection. Unlike a search engine which builds its own index or aggregates, the Tor Browser Bundle has an encoded (default) search

119 ‘In general, the complete connection between client and onion service consists of 6 relays: 3 of them were picked by the client with the third being the rendezvous point and the other 3 were picked by the onion service’

(Tor Project). Available here: https://www.torproject.org/docs/onion-services.html.en

engine that incorporates Mozilla’s Firefox browser. Additionally, the Tor network primarily consists of volunteers from around the world who provide servers and act as relays, facilitating the Tor traffic to flow. (Figure 48) Since 2013, more and more people are using Tor and, as of writing, there are estimated to be between 2,000,000 and 3,000,000 users at any given time worldwide. ‘For privacy purposes, this is a positive development; more Tor users means more traffic and thus more obfuscation of user identities’ (Gehl 2014:5 citing Dingledine et al. 2014).

By increasing the amount of Tor users, the stronger the anonymity becomes because with more users, Tor is harder to crack.

Losing users has a significant impact on the anonymity provided to users, since reducing the user base results in decreasing the size of the network’s anonymity set (AlSabah et al. 2012:73).

However, there is contention surrounding the Tor network. On the one hand it provides

anonymity to users by protecting them from being surveilled by governmental entities, yet Tor is now an open source non-profit 501c3 that receives a considerable amount of support from the US government. ‘It has received funding over the years from governments, NGOs, foundations and companies, as well as thousands of personal donations’ (Tarasov 2018). Moreover,

controversy exists in the media mostly in regard to the so-called ‘Dark Web’ or Tor ‘hidden services’, ranging from the selling of illegal drugs, weapons and child pornography to sites of anarchism, hacktivism and politics (Spitters et al. 2014:1), which I will address shortly.

Figure 49: Spike in Tor users (Gehl 2014).¹²⁰

120 Although Tors users increased, the spike in September 2013 was due to a bot. Available here:

https://blog.torproject.org/how-handle-millions-new-tor-clients

In 2014 certain members of the UK government suggested banning Tor and other online anonymity systems and the Chinese government attempted to block and forbid it, whilst others apply it as a life-saving and anonymizing technology. As the US National Public Radio (NPR) reported,

Tor’s executive director is working with victims of domestic abuse who need to communicate without being tracked by their abusers. Tor is also used by Chinese dissidents who can’t access sites like Twitter. And it became a valuable tool during the Arab Spring’ (Gehl 2014:5 citing Rath 2014).

Therefore the risk involved in using Tor has become more pronounced, as Tor has often been accredited the past few years in protecting the anonymity of the user in areas of protest and freedom of speech, often with the addition of bridges.¹²¹

Tor today is an influential anticensorship technology that allows people in oppressive regimes to access information without the fear of being blocked, tracked or monitored.

The importance and success of Tor is evident from recent global uprisings where the usage of Tor spiked as people used it as a revolutionary force to help them fight their social and political realities (AlSabah et al. 2012:1).(Figure 49)

Political activists and citizens in dangerous areas of the world, such as war zones and

dictatorships, use Tor to protect their online communication, transfering ‘human rights activities into other identities through the Tor network’ (Forte et al. 2017:6). Dissidents also use Tor to post content and download sensitive material, yet the technologies need to be in place

beforehand because ‘Tor is one of those things where you want to have it before you need it, for obvious reasons, because if you’re being censored, it’s very hard to get’ (ibid:7).

Though much quicker than in the last decade, Tor is still slightly slower than other browsers,

‘but if you value privacy or if you would like to find a way to circumvent the online tracking or if you would like to become a more informed, more active Internet user’ (Emerson 2016), then Tor is an alternative. It is crucial to continuously improve the performance and usability of Tor to enhance the anonymity it provides (AlSabah et al. 2012:73).Moreover, Tor enables the user to access regions of the internet that are not indexed by ‘clear net’ search engines.