How Private and Secure Is the Tor Network?
Is it truly impossible for someone to figure out your identity or monitor your activity when you use the Tor Browser?
Tor is often hailed as the most secure browser in the game, and many people use it under this assumption. But is Tor really that secure, or are there other browsers that can protect you more effectively?
What Is Tor?
Tor (short for The Onion Routing project) is an internet browser with millions of users, currently available for Linux, macOS, and Windows. You can also access Tor via smartphone.
Tor was developed by The Tor Project and released in 2002. In 2006, The Tor Project officially became a non-profit organization.
In the US alone, over half a million people use Tor daily on average (according to Tor’s own metrics). It is most commonly used in Germany, but also holds prevalence in India, Russia, France, Finland, and the UK.
The Tor browser relies on user donations and a global network of volunteers to function, as The Tor Project itself is non-profit. Tor’s volunteers provide users with browsing security by running a relay. Relays are essentially routers that receive and pass on traffic to its necessary destination. These are also known as nodes, which come together to form the Tor network.
Tor’s Security Features
Tor is known as a secure and trusty browser, but what features does it have to make this possible?
1. Onion Routing
Onion routing is native to Tor and was created in the mid-90s.
Onion routing is a technique used for anonymous internet communication. Like the vegetable, onion routing uses layers in order to keep data private. Each layer represents one round of encryption.
Within the Tor browser, onion routing is facilitated by the thousands of relays run by volunteers. However, none of these volunteers know where traffic comes from and where it is going. This is because each volunteer only forms part of a message’s journey to its destination.
Each packet of data is sent through various stages when it leaves a user’s computer. It first enters the network via the entry (or guard) relay and then passes through a middle (or bridge) relay. Finally, the data passes through the exit relay.
Upon passing through the first two relays, the data is encrypted, each time with a different key. These multiple encryption layers make it incredibly difficult for a malicious actor to view your data or IP address in plain text. In other words, who you are, where you are, and what you do remains anonymous.
The exit node does not encrypt traffic, but more on that later.
Through this segmented relay structure, no one network contributor ever knows the nature or destination of a data packet. When transporting your data via onion routing, Tor uses AES, or Advanced Encryption Standard. At the time of writing, all kinds of AES protocols are yet to be cracked by anyone, making them super secure.
2. Adjustable Levels of Safety
If you’re using Tor, you can adjust the level of privacy and security you require at any given moment. Tor offers three different versions: Standard, Safer, and Safest.
Standard uses onion routing and encryption, but all other web features are enabled.
Next up, there’s Safer, which cuts off a few features for security purposes. When you activate Safer mode, Tor disables:
- Certain fonts and symbols.
- Autoplay on videos, audio and WebGL.
It is generally recommended to use Safer mode, as Safest tends to be very restrictive. But if you’re conducting highly sensitive research or want to access insecure websites, it may be wise to activate this mode temporarily.
NoScript is a nifty add-on feature that protects users from unsupported or potentially malicious web scripts. When an unsupported script is identified, NoScript block the script and defines an alternate script to display.
NoScript isn’t unique to Tor and was not a creation of The Tor Project.
The Tor network is decentralized, meaning no one entity ever has access to all the data or power available. Rather, thousands of nodes all work together to run the network and pass data from its origin to its destination.
The structure of the relay network is important to note here. As previously mentioned, data is passed through multiple relays before it exits the network. No one relay has all the information on a data packet, which prevents a rogue relay from stealing sensitive information.
This structure also prevents single points-of-failure, which can result in huge technical issues and crashes.
While Tor certainly has some security and privacy perks, there are also some drawbacks to consider.
1. Slow Performance
Because Tor sends your data through relays for numerous rounds of encryption, it takes longer for your traffic to go from A to B. In other words, it takes longer for webpages to load. This can also cause streaming buffers and gaming lag.
This is also the case with VPNs, as your internet traffic goes through a similar encryption process. Unfortunately, this is sometimes the price you pay for added security.
2. Association with the Dark Web
Tor is very popular among dark web users, as it can provide them with anonymity. This has created a misconception that Tor is illegal or only used by cyber-criminals, but this is not the case. Many people simply use Tor for added privacy and security, and the browser is legal in most countries.
However, Tor’s access to the dark web does mean you can use the browser to access illegal content and platforms. Tor has no control over this, just like Google and Mozilla have little say is what you do with Chrome and Firefox. There are also many deep or dark web sites that are useful and have no malicious intent.
But if you want to use Tor to delve deeper, note that you may come across something illegal or distressing.
3. No Exit Relay Encryption
Though Tor’s onion routing technique does encrypt your traffic, there is a vulnerability here to note, and that’s the exit relay. The Tor network’s exit relay does not encrypt traffic, meaning that your traffic is unencrypted as soon as it leaves the network.
If a malicious actor was to compromise a vulnerable Tor exit node, they stand the chance of viewing or monitoring your activity.
However, the exit relay itself cannot decipher your data, as it as already been encrypted via the previous relays.
Tor is certainly a great option if you’re looking for heightened anonymity and security online. But if you’re not too keen on this specific browser, there are some alternatives out there that also prioritize user privacy.
The top Tor alternatives include:
- Epic Browser
- Yandex Browser
You can use any of the most popular browsers, like Chrome and Safari, but these aren’t specifically designed for safety.
You could also consider using a VPN along with the Tor browser. This will give you heightened security and ensure that your data is encrypted at the exit node (so long as you’re using a reputable VPN).
Tor Is Highly Secure but Has Its Flaws
It’s clear that The Tor Project is focused on prioritizing security and privacy, with various features that work together to keep users safe. But there are some downsides that come with this browser which are important to note, and there are viable alternatives that you can also try.