Is TOR Really Secure?

June 16, 2016 | Views: 16808

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello my great geeks on Cybrary. Before anything else, I’d like to thank all of you for the feedback you guys have given. This keeps me motivated and helps me write better content every day.

This article about TOR is the last article in my series on different security technologies like Proxies and VPN’s. If you want to check my previous articles follow these links.

Proxies:  http://www.cybrary.it/0p3n/what-they-never-told-you-about-proxies/

VPN:       http://www.cybrary.it/0p3n/q-dont-know-vpns/

I’ll try to write this article in non-geeky vocabulary (again), so that everyone can understand it. Now, let’s get started…..

 

TOR

TOR stands for “The Onion Router.” It’s basically a network that uses Onion routing to allow its users to send data anonymously. It’s the number one anonymity project available today. TOR not only protects your privacy, it uses heavy duty encryption to make sure that no one can get what data is sent between the nodes in the network. In simple words its just awesome.

 

Background of TOR

TOR started as a project for the US Navy in mid-1990s to create a network that’s highly secure and capable of providing high level of security to its users so that it can protect US intelligence communications online. In 2004, Naval Research Laboratory released the source code of TOR under free license. Later, EFF (Electronic Frontier Foundation) funded different people to start the TOR project as a non profit research organization who introduced the-second generation Onion router, which is the TOR we use today.

 

How it Works?

Now, let me make this one simple to understand. Let’s say that a user Bob wants to communicate with www.example.com using the TOR network. What will happen is that when Bob starts his communication session with example.com, instead of directly communicating with the website, he connects with the website using a virtual circuit on which his packets get encrypted by three layers of heavy duty encryption. Then, these encrypted packets pass through multiple nodes which will peel off one layer of encryption from the packets each time they pass through one node. In this way, after three nodes, the packets get decrypted and are then sent to the website for which they were intended to be. You can read more about this process on the Tor’s website: http://www.torproject.org/about/overview.html.en

 

Advantages

Some advantages of the TOR network are…

  • No one can tell the sender and receiver of the packet – except the first (knows your IP and data being sent) and the last node (knows about the destination of the packet).
  • It helps you stay anonymous while communicating online.
  • It’s free and easy to use.

 

Problems and Flaws

Some of the problems with TOR are….

  • It’s slow because of the encryption process and complexity.
  • It might make you anonymous, but you still exist on the web. This means that you’ll always leave a fingerprint behind you, which can reveal who you really are.
  • Fingerprinting techniques allow websites to trace you even if you’re using Tor (such as mouse fingerprinting)
  • The last node ,which sends your packets to its original destination, is also known as an exit node. It can still get sensitive information because all data is decrypted on the end node.
  • Timing attacks can be done to reveal who you are.

 

Countermeasures

Countermeasures against these attacks are:

  • Use up to date version of TOR.
  • Use TOR browser. (Because it’s properly configured.)
  • Be careful.
  • Don’t use torrent over TOR.
  • Don’t open documents downloaded through TOR while online.
  • Change your browsing habits. Checkout the habits you should change.
  • Disable javascripts. (Use noscript browser extension.)

 

How to get TOR

You can get TOR by:

 

Final Words

This article covered the pros and cons of TOR Hopefully, this series will help you out to find out the right solution for you.

If you want to support me, you can do the following things:

  1. Tip me some Cybytes (I would love that).
  2. Drop a mail at usmanaura47@gmail.com (I am always waiting).
  3. Provide your views in the comments section (I will be glad to read them).
  4. Share this knowledge as much as you can (You are a great person).

 

You can always mail me at usmanaura47@gmail.com for support, to share comments or just to say hello. Good luck and have a happy day.

Written by Malik Usman Aura

Save

Save

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
29 Comments
  1. Thanks for the article!!!
    Great.

  2. I love this article it has enlighten me so much.

  3. This article has more information on some points than Wikipedia itself. Good job.

  4. Why is this article timestamped for July 16th but it is only July 13th where I am.

  5. This Post is Nice.

Page 5 of 5«12345
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel