TOR is a web browser that allows anonymous browsing of the web, thanks to a network made up of users from all over the world. Find out all you need to know about it.
Your personal data are precious resources…coveted on all sides. On the one hand, web giants such as Facebook and Google are trying to grab them and sell them to third parties for targeted advertising. On the other hand, cybercriminals are trying to steal it to sell it on the Dark Web, where many buyers will try to steal your identity with this information.
In this hostile context, more and more Internet users are looking for solutions to surf the web safely and anonymously. The Tor software is one of those solutions.
What is TOR?
TOR is the acronym for “The Onion Router.” . Originally, this software was developed for use by the US Army and more specifically the Navy. The military used it to mask their IP addresses, to avoid any risk of theft of sensitive data collected during missions. However, when the military started using its own VPN system, TOR was released as free open-source software.
Concretely, TOR is a multi-proxy network which does not rely on specific proxy servers to process the data. Instead, it uses the connections of a multitude of other users to hide the IP of the original user. With more than 3 million users sharing their IPs worldwide, the risk of tracing the origin of an Internet request is virtually impossible.
The TOR Browser is the web browser allowing access to the internet via the TOR network. This software coded in C, Python and Rust can be downloaded free and legally. It is compatible with all major operating systems such as Windows, Linux, MacOS and Android.
What’s TOR for?
As mentioned above, TOR’s main interest is to hide users’ IP addresses. Like a proxy connection, this feature allows you to hide your browsing activity from malicious software, people or governments that threaten your privacy.
In addition, TOR can be used to circumvent geographical restrictions of certain websites such as streaming sites. It therefore also acts as a VPN or virtual private network. Since 2015, TOR messaging allows users to communicate in an encrypted way. This messaging is based on the Instantbird platform.
In countries where web censorship and surveillance are ragingAs in China, TOR is also used to use the internet freely. This allows Internet users in these countries to access services such as YouTube, Wikipedia, Facebook or pornographic sites that are strictly prohibited by local laws.
Generally speaking, one of the main reasons why TOR is used is prevent governments, companies or even cybercriminals from collecting data and metadata on the browsing habits and websites visited by Internet users.
TOR: How does it work?
The operation of TOR is based on three main components. These three elements are the ones that separate the user from the data he is trying to access by keeping his IP masked. The first element is the user, the second is the user network, and the last is the query compiler. The latter element is the website, server or user from which the user receives information.
The TOR Browser, formerly called TBB or TOR Browser Bundle, includes a modified Mozilla Firefox ESR browsera TOR launcher, a TOR button, NoScript, HTTPS EFE and the TOR proxy. When a request is sent, the TOR browser automatically encrypts it.
Since TOR does not interact with the file system of the computer on which it is installed, it can be installed and run from a removable drive. Thus, it is impossible for a cybercriminal to infect your copy of the TOR browser to get hold of your data.
Once the browser is closed, all data, cookies and history are deleted of your device and the network. Therefore, it is impossible to determine which IP address accessed which information.
Also, while you’re sailing with TOR, you also play the role of a proxy for other users who use your IP as a network node to hide their own address. In fact, all users contribute to the anonymity and security of the network. Because information is encrypted and fragmented, users’ IP addresses are masked.
The network of users is used by the TOR project to drive the traffic. Once the request to a web page is issued, it first bounces off various random connections around the world before reaching its destination. Thus, even if the destination in question is equipped with proxy scanning software, it will only find one of the computers on the network.
Finally, the query compiler is the computer that holds the information that you wish to access. Once the request has been received, it is sent back to the last user online. The request then bounces back between the TOR users and finally returns to you.
Is TOR illegal? What are the risks associated with its use?
It is not illegal to use TOR. However, many governments have put in place measures to prevent citizens from doing so. Similarly, some Internet service providers prevent TOR users from accessing their data. Many companies also block access to their services via TOR.
Of course, using TOR to access the Dark Web and illegal product sales platforms such as the Dream Market is completely illegal. All over the world, many people have been arrested for using TOR for drug trafficking purposes or other illegal activities.
In addition, using TOR presents a risk related to the open source nature of the software. The source code is available to everyone, and hackers have been able to discover several vulnerabilities to exploit. Some of these flaws have never been fixed.
They can for example allow attacking a network node (a user who is neither the sender nor the recipient of the data) or to a group of nodes to prevent them from processing requests other than those they send themselves. Once blocked in this way, users become vulnerable.
Some hackers also hide malware in multimedia content. on the network to retrieve all the IP addresses they pass through. The information is then retrieved and can be traced back to the end users.
It can therefore be easily exploited in order to to run malicious script in your browser. This can help discover your identity and even usurp it .
What are the alternatives to TOR?
There are several other networks similar to TOR. Among the best alternatives, we can mention Freenet and I2P.
These services will also allow you to remain anonymous while browsing the web. However, keep in mind that they also differ.
What are the best VPNs for TOR?
Tor is very useful for staying anonymous on the web by avoiding exposure of your browsing activity. However, it is it is preferable to use a VPN in addition to keep your other activities private, such as downloading torrent files or streaming videos.
However, not all VPNs are suitable for TOR. Many of them may slow down the connection considerably.
Some of the best VPNs for TOR include ExpressVPN, NordVPN, CyberGhost, IPVanish, and PrivateVPN. These five services are the most suitable for TOR in terms of compatibility, dedicated features, connection speed and encryption robustness.
BBC News launches TOR mirror: Dark Web against censorship
In several countries around the world, Access to information is controlled and restricted by governments.. This is the case in China, Iran and Vietnam.
To fight against this censorship, BBC News has chosen to rely on TOR. In October 2019, the British news network launched a new version of its website accessible via TOR.
This allows people in countries subject to censorship to access them anonymously and securely. By adding “.onion” to the URL of the website, the user is able to access the website anonymously and securely. protected against espionage and end-to-end encryption. In 2014, Facebook launched a similar mirror for its social network. As an alternative, note that it is possible to use the “TOR Browsing” mode proposed by Brave Browser and similar to the private browsing mode proposed by different browsers .
How to use TOR?
To start using TOR, nothing could be simpler. Download the browser at this address and install it for Windows, MacOS or Linux. If you want to use it on your mobile, you can download the Orbot application for Android at this address.
However, be aware of the cyber security risks associated with the use of this software. In addition, we do not encourage the use of illegal platforms under any circumstances. on the Dark Web or the Deep Web.
Researcher unveils multiple Tor vulnerabilities in July 2020
For many years, cyber security researcher Neal Krawetz has been trying to quietly report Tor bugs and vulnerabilities. Unfortunately, the Tor Project organization never responded to him..
Already in July 2017, the researcher had publicly pointed out the browser’s shortcomings. In response, The Tor Project had modified the design of its website to make it easier to report vulnerabilities. The organization had also opened a “Bug Bounty” program.
Nevertheless, according to Neal Krawetz, although it is easier to report vulnerabilities, The Tor Project doesn’t seem to be making any effort to fix them.. For some of his reports, the expert was told that the flaws were “already known”. In fact, he criticized the organization for not taking the problems seriously when it presents Tor as a dedicated security solution .
As a result, in July 2020, the researcher chose to publicly disclose two security holes on his blog. In total, the researcher claims to have discovered five zero-day vulnerabilities in the Tor network and browser.
The first vulnerability revealed could be exploited by ISPs to prevent users from connecting to the Tor network. All they’d have to do is scan network connections to detect a “distinct packet signature” for Tor traffic. This packet could even be used to block the initiation of Tor connections and thus prevent users from connecting to the service altogether.
The second loophole can be used to detect indirect connections. These connections are used to create Tor bridges as an entry point to the network. These gateways serve as an alternative when direct access to the Tor network is blocked by the ISP or a company. Again, the researcher states that connections to these gateways can be easily detected by tracking specific TCP packets…
In the near future, Neal Krawetz announces that he will reveal three other vulnerabilities, including one that reveals the true IP address of the Tor servers.. These multiple vulnerabilities are now exposed. They are therefore in danger of being exploited by totalitarian countries such as North Korea and Syria.
In these countries, citizens are using Tor on a massive scale to defeat the censorship that has been put in place. Governments may therefore use these vulnerabilities to block access to the network. Let’s hope that that The Tor Project realizes the importance of these flaws and fixes them… before it’s too late…