Site owners concerned about security and privacy frequently have questions about Tor, the anonymity network and the applications like the Tor web browser that use the Tor network. We have compiled a list of Tor Frequently Asked Questions to try to efficiently address some of the more common questions that site administrators have about Tor.
The Tor network consists of Tor relays that route traffic. Tor is not just used for browsing the Web. It can be used by many applications that want to anonymously route traffic.
If an application wants to use the Tor network to anonymously route traffic, it talks to the Tor network using the SOCKS protocol. Applications like instant messaging, Internet Relay Chat (IRC) and web browsers can all use Tor to anonymously route traffic across the Internet.
Once a path has been established through the network, your packets are routed from one server to the next. On the network, any given server only knows about the server that it received data from and the next server in the chain where it will send data to. No one server knows the entire path your traffic takes through the network. This prevents anyone from knowing where the traffic was sent from and where it is going to.
Tor encrypts traffic using a layering scheme which is where the Onion metaphor comes from. As traffic passes through nodes in the Tor network, a layer of encryption is stripped off at each node, much like the layers of an onion.
When using the Tor browser, traffic is encrypted between the browser and the Tor network. It is routed anonymously through the network and the very last node, the “exit node” uses an unencrypted link to communicate with a destination server outside the Tor network. It’s important to note this final hop is not encrypted.
Unfortunately Tor is also used for illegal activity. This includes child pornography, drug dealing, arms trading and other illegal commerce and activity.
An example Tor hidden service might be http://s34s4txr3vy22gpip.onion/
Most Tor hidden services are not human readable because they are generated using a cryptographic algorithm. It is possible using a lot of CPU power to create somewhat custom named hidden services. Facebook has their own Tor hidden service which you can access using a Tor browser at: https://facebookcorewwwi.onion/
Many websites that exist in the “Dark Web” (the hidden web that is not indexed by Google) exist as Tor hidden services.
It has been shown that it is possible to monitor traffic from a Tor exit node (the last hop in the Tor network) and the destination server because that traffic is not encrypted. If you were, for example, to send personally identifiable information through a Tor exit node and someone was monitoring that exit node, your identity would be revealed.
Hacking Team, a Milan based information security company who was hacked, developed a method to attack a Tor user’s anonymity via their local network. They attack the Tor user’s workstation. The attack then reconfigures their Tor browser to use the hacker’s own Tor network which lets them monitor traffic.
Other attacks that try to expose the identity of Tor users have targeted the Tor browser and vulnerabilities in the browser. If an attack is able to get the browser or user’s workstation to execute code, they can have that browser connect directly to a server on the Internet, bypassing the Tor network, which would expose that user’s identity.
It’s worth noting that Tor does not hide when you access a website or service. This is important because if you sign onto a website at the same time each day, someone may correlate your usage of the Tor browser with the exact time a website is visited each day and expose your identity.
The Tor project publishes the list of Tor exit node IP addresses. The list is updated in real-time. You can find the list of Tor exit nodes currently in use on this page.
Tor is useful for other things besides privacy. We occasionally use it to test IP blocking. We might configure a test server and want to verify that a certain IP blocking feature in Wordfence is working. Rather than blocking ourselves from the website we’re testing, we will use the Tor browser to break a security rule on our test website. Then we verify that the IP of our Tor browser (which is the IP of the exit node) has been blocked.
If we want to do the test again in Tor, we just restart the browser to get a different exit node which gives us a different IP address.