Tor: Difference between revisions

From charlesreid1

No edit summary
Line 5: Line 5:
Tor uses three steps to anonymize the origin of traffic: first, the traffic is passed into a Tor entry node, which is randomly selected. It is then passed to a Tor bridge node, also randomly chosen. Finally, Tor passes the traffic to an exit node, which is where your traffic enters the "normal" web again.  
Tor uses three steps to anonymize the origin of traffic: first, the traffic is passed into a Tor entry node, which is randomly selected. It is then passed to a Tor bridge node, also randomly chosen. Finally, Tor passes the traffic to an exit node, which is where your traffic enters the "normal" web again.  


This last step is where Tor ends - which is what some people don't realize, leading to their traffic being identified! One researcher was even able to sniff plain text email/password combinations from unencrypted traffic leaving a Tor node. Imagine that - using Tor to anonymize your browsing ends up exposing you to hackers on exit nodes! And that was just a ''single private'' researcher, governments have many more resources and are likely sniffing everything coming out.
This last step is where Tor ends. Tor does nothing to protect your traffic once it leaves the Tor exit node. The traffic is in the clear. At that point, Tor has served its purpose: the traffic's original source cannot be identified. But if you're sending your personal details inside of unencrypted traffic (like your email, or communications), your traffic will be sniffable from the Tor exit node. And the primary people with resources to run Tor exit nodes are state entities.
 
One hacker demonstrated this by sniffing emails and passwords from a Tor exit node.


==What Tor Is Not==
==What Tor Is Not==

Revision as of 01:39, 28 August 2015

What Tor Is

Tor is a tool for anonymization. It anonymizes the origin of your traffic by passing it through multiple relays.

Tor uses three steps to anonymize the origin of traffic: first, the traffic is passed into a Tor entry node, which is randomly selected. It is then passed to a Tor bridge node, also randomly chosen. Finally, Tor passes the traffic to an exit node, which is where your traffic enters the "normal" web again.

This last step is where Tor ends. Tor does nothing to protect your traffic once it leaves the Tor exit node. The traffic is in the clear. At that point, Tor has served its purpose: the traffic's original source cannot be identified. But if you're sending your personal details inside of unencrypted traffic (like your email, or communications), your traffic will be sniffable from the Tor exit node. And the primary people with resources to run Tor exit nodes are state entities.

One hacker demonstrated this by sniffing emails and passwords from a Tor exit node.

What Tor Is Not

Tor is NOT an encryption tool - your traffic is not encrypted by Tor.

This is why sniffing traffic on Tor exit nodes reveals plain text emails and passwords - the traffic is in the clear.

Tor is NOT a content filter - it does not block cookies, Javascript, Flash, or any other nefarious elements in web pages that may be used to identify and track you.

TOR ALONE IS NOT ENOUGH FOR TOTAL ANONYMITY.

Very good article explaining some of the things Tor does NOT hide: http://www.howtogeek.com/142380/htg-explains-is-tor-really-anonymous-and-secure/


When using Tor, be sure to use encrypted (HTTPS) websites for anything sensitive. Bear in mind that your traffic could be monitored – not just by governments, but by malicious people looking for private data.

Retrieved from "https://charlesreid1.com/w/index.php?title=Tor&oldid=8416"