Tor is an internet browser comprised of several networks of servers that can conceal online activities from anyone who may be watching. Tor (The Onion Router), is operated solely by volunteers dedicated to protecting the privacy of internet users all over the world. Tor uses a series of virtual tunnels making it nearly impossible for anyone to see what websites or products one may be searching online. There is no direct connection to any IP address or webpage keeping your virtual identity a complete secret. Any information one might share online via social media, blogs, or anything of the like will not need to worry about invasion of privacy. Users of Tor will have access to websites they may not otherwise have access to. This is especially useful for those traveling abroad or living in countries that limit access to certain websites.
Tor helps to protect against online surveillance, which is also referred to as traffic analysis. Traffic analysis works by keeping track of the websites you visit and then advertises to you specifically. Have you ever noticed that ads to a website you visited previously will appear on the right-hand side of your email inbox or other websites you might be visiting? That is because of traffic analysis. Companies pay for traffic analysis so they can figure out who to target in the way of advertisement. Anything searched over a public network is subject to traffic analysis. The use of Tor eliminates this kind of analysis and allows users to roam freely without those pesky advertisements popping up at every turn.
There are several different destinations and sources of traffic occurring on the internet that allows others to track interests and behaviors. Not only does this make it easy for marketing companies to send ads to you based on your searches, but it also makes it easier for hackers to access your searches. This is a criminal activity in which they look into your social media accounts to see if you are on vacation so they can rob the home. Hackers can also literally wreak havoc by destroying credit scores and discovering an exact location. While the Dark Net sounds daunting, it is really a great place for people to browse the internet and post freely without having to fear being monitored.
The use of a public internet like Internet Explorer, Firefox, or Google Chrome makes it easy for data to be collected in what is known as packets. Internet analysis occurs when the packets are broken down. From there comes the payload, which is the data that was collected as well as the header that directs traffic online. Payload information is what is embedded in emails, audio files, or standard webpages. The payload is usually encrypted, but the traffic analysis tends to expose the majority of the information on what is being explored on the internet. The header is what traffic analysis focuses on because it will show the source, time, ultimate destination (the webpage you ended up on), and the size of files discovered on the internet.
Downloading Tor is a very simple process. There is no program to purchase nor are there any lengthy instructions to follow. If one wishes to use the Dark Net, all they need to do is download the Tor browser. This can be done easily by visiting www.torproject.org/download. Once you’ve arrived at the webpage, it will provide all sorts of useful information on how to properly use the Dark Net and any system requirements necessary for proper use of the browser. Once the Tor browser has been downloaded, simply do what you have always done on the internet except now you can do so worry free!
Tor can be used the minute the download is complete. Tor is one of the most secure browsers in the world, and it is good to know that there are government agencies all over the world who keep an eye on Tor. The Federal Bureau of Investigation is included. As a matter of fact, the FBI admittedly attempted a malware attack on Tor, which was unsuccessful.
Naturally, as with anything, there are also weaknesses with the Tor browser. However, to this day, it has not been penetrated or taken down by any malicious attack. When used properly, any activity online will be hidden by the hidden networks utilized with the Tor browser.
Computers using Tor are less likely to be attacked or compromised. There are other steps one can take to keep your online activities completely hidden.
First, Tor recommends not using Windows, which includes the use of Tor bundles. Specifically, the Tor bundles have weaknesses that were targeted by the FBI a few years ago, in their attempted attack on the Tor networks. Workstations should not be created while using Linux in conjunction with Tor. There needs to be a proxy (the best is Privoxy) used in addition to browsers with a firewall for any data that might be visible outside of the browser’s protection. One can use Clearnet, but if that fails, Whonix or Tails are great to keep all data from being leaked. You will always want to have a firewall to ensure third parties are unable to access data to perform the traffic analysis.
If you are using external (or even internal) storage, you will want to ensure encryption. Currently, the LUKS program is great for this and is one of the options that will pop up while you are installing the Tor browser.
When using Tor, always make sure that your computer is up to date. Any time you are prompted to run updates, do so to keep Tor working properly and to make sure your version of Tor is always up to date. This allows the user to avoid new security breaches as well as using their workstations. If it seems like it has been a while since the last update, you can always double check the Tor site to see if there have been any new software updates that need to be downloaded. You will not want to miss any of those so the computer and internet browsers will always be properly protected.
While a lot of programs you might use require Java or Flash, you are going to want to disable those. While using Tor, you might come across a website that says those programs are required. The use of either of those allows for traffic analysis. Most of the things you see with Java or Flash are not anything important. It tends to be a Gif or something along those lines that can easily be ignored and is not required for you to access a website fully. If, for some reason, you absolutely do need to enable scripting, do so temporarily and make sure you disable it again before leaving the site.
Rid your computer of cookies or data that a website may send to the advertisers. This is a manual step required as there is no way for the Dark Net to complete it for you. You will see an add-on called self-destructing cookies that will automatically destroy all cookies on your computer.
It is also a good idea to use a laptop as your main workstation because it is mobile. Additionally, laptops are a little easier to discard in the instance that becomes a necessity. Finally, avoid using Google when possible. It is one of the most commonly used search engines all over the world meaning it is the most heavily watched in the way of traffic analysis.
While using Tor, the environment used along with it is also important. A little later, we are going to talk about some of the weaknesses of Tor, which is why the environment is important. There are some things you can do to make sure that hackers or traffic analysis don’t occur:
- As mentioned, a laptop is the best type of computer to use because it is mobile. It is best to use Tor anywhere except home. Specifically, this is when you are searching for information that could be considered sensitive. Public networks are easier to monitor, but by using Tor and the fact that there are several thousand people using public networks in your area, you will be much safer online. Hackers are usually able to connect to your computer without your knowledge, which is another reason the Tor network is so great. If you do not use Tor at home, you will not be tied to a location, making it more difficult for hackers to find any personal information about you. If advanced threats are fear of yours, take your laptop to a coffee shop for any internet browsing you may wish to do. However, Tor networks are near impenetrable so using them at home is safe so long as you are not worried about what kind of information you are searching online or what kind of things you are posting on any social media accounts you may have.
- Online activities in which you do not wish to be tracked and you have chosen to leave the house, remember to leave your cell phone at home. If for some reason, you believe your online activities are being tracked, your cell phone (turned on) at home will lead others to believe you are at home and they will attempt to look into the IP address associated with your house. If you leave your phone at home, it is a good idea to make sure people know what time you are expected to return so there are no concerns if they attempt to call several times and are unable to reach you. Likewise, there are messaging applications you can use over Tor that are not traceable and you should be able to communicate with people through those messaging apps.
- It is always wise to monitor how much time you are spending in one location while using Tor. There are some hackers (or government agencies) who look for people that are using public networks. It is recommended to avoid using the same public location on a regular basis. Try to set up several places like Starbucks, McDonald’s, and any other place that offers free Wi-Fi so there is no way to tie you to any one location. The best protocol is to use a location once and then never go back. That is incredibly difficult for people who have no car or live in a small town with fewer choices as far as free Wi-Fi is concerned. Continuing to use the same location makes it easier for the people who work there and those who frequent the location to remember what you look like, the kind of car you drive, and so on. Always keep in mind that people who work in those places tend to start to recognize regulars and it is best if you can mix up locations and not go back at all, or at the very most every few weeks.
With those recommendations, out of the way, we are going to talk a little about the fear of using the Dark Net. The name itself sounds daunting, almost illegal, right? There is not anything to worry about. It is actually very safe and legal. Making sure you have a positive outlook when it comes to Tor is going to be crucial. It will also make you feel more at ease while using Tor. Below are some more steps on how to use Tor and feel safe while doing so:
- It is a good idea to create an online persona or virtual identity while using Tor. Use something that will not be tied to you in any way. For instance, do not use any moniker you have used anywhere in the past and avoid using any variation of your name or personal email address. Likewise, you are going to want to create a new email address that you use specifically for Tor. Again, make sure you do not use your name or any part of it while creating an email address you use on Tor. Ultimately, you are separating your personal life from your Tor life. It is kind of cool when you think about it that way.
- Make all new accounts with your new virtual identity and be very careful not to get your virtual accounts and personal accounts mixed up.
- Try not to use your virtual accounts on Clearnet unless there is no other option.
- Earlier we talked about leaving your personal cell phone at home if you are going to use a public network to access Tor. Along those lines, it is wise to have a disposable phone for any phone calls or text messages you may want to send while using the Tor network. Believe it or not, your cell phone can be tracked easily. If you choose to use a disposable phone, make sure your personal phone is turned off while using Tor for an added safeguard. When purchasing a disposable phone, use cash and not a debit or credit card. Also, remember to never use a SIM card on the phone nor should you activate it near your home address. This should be used in conjunction with your virtual identity and kept separate from anything to do with your personal life. That point cannot be driven home enough. The phone and Dark Net identity should absolutely be kept separate.
Tor is great for keeping online activities secret because of the increased privacy and security associated with using the Dark Net. This is great for keeping hackers or government agencies from looking into your online activities. Sometimes, you’re using a virtual identity that may raise some red flags, which is another reason you want to keep personal life matters separate. This includes family members.
This is not what we want to think of when accessing a web that is supposed to be secure, but everything has a weakness, and we are going to cover the weaknesses of Tor so you can avoid them and feel safe using the darknet.
Like anything else in life, Tor has boundaries. It can provide protection against traffic analysis but cannot prevent the traffic from being confirmed. Some of the most common weaknesses are that of eavesdropping and below we are going to talk about the different kinds of eavesdropping.
The autonomous system, also known as AS, are segments used for exit or entry and relaying information for the destination site. Autonomous systems make it so traffic on those segments will interfere with communications between the end destination and the user.
Next, there is Exit Node Eavesdropping. Without being careful, the usernames, passwords, and Bitcoin information of the user can be intercepted if the person on the other end simply watches the exit nodes, which is where the data exits. Tor is unable to encrypt everything going out the exit node because the end to end encryption was never put in place. This type of eavesdropping does not breach the anonymity of Tor, but it does make it easier for people who may be watching to catch information on the exit nodes and use that information to decipher the location of the user. It can also be used for less nefarious reasons like traffic analysis, which simply aims to advertise to the user’s likes and avoid their dislikes.
Another kind of attack is one we have mentioned a few times, and that is the traffic analysis. Advertisers get a peek at the traffic on the Tor network by looking at those exit nodes. They decide which ones to keep an eye on and use the information to advertise accordingly. It is not a malicious attack and is only meant to prompt the user to spend a little money online through their website. The traffic analysis also reveals the location of the user, and it can provide basic information like name and email or even phone numbers.
There is also the exit node push. This is where a person operating a site can choose to refuse data to enter the nodes. They can also reduce the number of users allowed on the network. An example of this is being unable to edit websites like Wikipedia through the Tor network.
Next, we have what is known as the bad apple attack. This is done by using BitTorrent while using the Tor network. A user’s IP address can be revealed through BitTorrent by taking advantage of Tor. The severity of the attack depends on the exit node control. On occasion, there could be a secondary attack so the user and their IP address or location can be fully exploited.
Another common attack is the exposure of the IP address. Through this method, there is a dissimulation technique that allows people to control the exit node. This was part of a research study that showed in twenty-three days there were three attacks that successfully exploited the system and revealed IP addresses.
Unfortunately, there are ways that Tor can be hacked, but the risk is minimal so long as you follow proper protocols.