Home 0P3N Blog Is TOR Really Secure?
Ready to Start Your Career?
Create Free Account
usman47 s profile image
By: usman47
June 16, 2016

Is TOR Really Secure?

By: usman47
June 16, 2016
usman47 s profile image
By: usman47
June 16, 2016
Is TOR Really Secure? - CybraryHello my great geeks on Cybrary. Before anything else, I'd like to thank all of you for the feedback you guys have given. This keeps me motivated and helps me write better content every day.This article about TOR is the last article in my series on different security technologies like Proxies and VPN's. If you want to check my previous articles follow these links.Proxies:  http://www.cybrary.it/0p3n/what-they-never-told-you-about-proxies/VPN:       http://www.cybrary.it/0p3n/q-dont-know-vpns/I’ll try to write this article in non-geeky vocabulary (again), so that everyone can understand it. Now, let's get started..... TORTOR stands for "The Onion Router." It's basically a network that uses Onion routing to allow its users to send data anonymously. It's the number one anonymity project available today. TOR not only protects your privacy, it uses heavy duty encryption to make sure that no one can get what data is sent between the nodes in the network. In simple words its just awesome. Background of TORTOR started as a project for the US Navy in mid-1990s to create a network that's highly secure and capable of providing high level of security to its users so that it can protect US intelligence communications online. In 2004, Naval Research Laboratory released the source code of TOR under free license. Later, EFF (Electronic Frontier Foundation) funded different people to start the TOR project as a non profit research organization who introduced the-second generation Onion router, which is the TOR we use today. How it Works?Now, let me make this one simple to understand. Let's say that a user Bob wants to communicate with www.example.com using the TOR network. What will happen is that when Bob starts his communication session with example.com, instead of directly communicating with the website, he connects with the website using a virtual circuit on which his packets get encrypted by three layers of heavy duty encryption. Then, these encrypted packets pass through multiple nodes which will peel off one layer of encryption from the packets each time they pass through one node. In this way, after three nodes, the packets get decrypted and are then sent to the website for which they were intended to be. You can read more about this process on the Tor's website: http://www.torproject.org/about/overview.html.en AdvantagesSome advantages of the TOR network are...
  • No one can tell the sender and receiver of the packet - except the first (knows your IP and data being sent) and the last node (knows about the destination of the packet).
  • It helps you stay anonymous while communicating online.
  • It's free and easy to use.
 Problems and FlawsSome of the problems with TOR are....
  • It's slow because of the encryption process and complexity.
  • It might make you anonymous, but you still exist on the web. This means that you'll always leave a fingerprint behind you, which can reveal who you really are.
  • Fingerprinting techniques allow websites to trace you even if you're using Tor (such as mouse fingerprinting)
  • The last node ,which sends your packets to its original destination, is also known as an exit node. It can still get sensitive information because all data is decrypted on the end node.
  • Timing attacks can be done to reveal who you are.
 CountermeasuresCountermeasures against these attacks are:
  • Use up to date version of TOR.
  • Use TOR browser. (Because it's properly configured.)
  • Be careful.
  • Don't use torrent over TOR.
  • Don't open documents downloaded through TOR while online.
  • Change your browsing habits. Checkout the habits you should change.
  • Disable javascripts. (Use noscript browser extension.)
 How to get TORYou can get TOR by: Final WordsThis article covered the pros and cons of TOR Hopefully, this series will help you out to find out the right solution for you.If you want to support me, you can do the following things:
  1. Tip me some Cybytes (I would love that).
  2. Drop a mail at usmanaura47@gmail.com (I am always waiting).
  3. Provide your views in the comments section (I will be glad to read them).
  4. Share this knowledge as much as you can (You are a great person).
 You can always mail me at usmanaura47@gmail.com for support, to share comments or just to say hello. Good luck and have a happy day.Written by Malik Usman AuraSaveSave
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry