Given heightened concerns over privacy online in the wake of disclosures this summer that the NSA has been operating a surveillance program that includes snooping on civilians, Internet users have flocked to solutions that promise increased security and privacy. One of the most popular alternatives is Tor. Tor, which is short for The Onion Router, is an example of an anonymizer, a web tool that hides the identity of people as they surf the web. In August, Tor usage more than doubled, and it is reasonable to think that concerns over the NSA’s efforts are to thank (or blame) for that.
It is easy to use Tor. All you have to do is download the Tor browser. If you know how to use a web browser (and surely you must, unless some odd but kind person printed this post and handed it to you on parchment or finely etched granite tablets), then you can use the Tor browser. The tool is not for the impatient, however. Surfing the web with Tor is reminiscent of surfing the web in 2001, or trying to visit sites in Internet Explorer instead of a good browser today. It’s really slow.
Why is it slow? It turns out that the tool is doing a lot of things behind the scenes. Tor is called “the onion router” because it routes a data packet through the Internet after first bundling it in layers of encryption. These layers of encryption are peeled off the packet of data one by one as it traverses the Tor network. Once the layers are completely peeled away, the packet leaves the Tor network. The point at which it leaves the network is called the Tor exit node. The original sender of the data packet is completely hidden, having been stored in a layer that has since been peeled off and thrown away. All somebody snooping the traffic will see is the identity of the exit node. Once the data leaves the exit node, it will then journey the rest of the way toward its destination as if it had been sent from the exit node in the first place. Of course, the exit node is not the ultimate sender of the information, and so someone trying to snoop the traffic will mistakenly think the exit node is the originator and be foiled in his attempts to discover who actually did initiate the traffic.
How are the layers of the onion actually built and then peeled away? Suppose the user requests a particular URL by typing it into his Tor browser. The browser has a pool of predefined Tor network nodes. Each of these nodes has registered with the Tor service as a Tor server. In agreeing to act as a Tor server, the node creates a public key – private key pair to be used for encrypting and decrypting traffic that passes through it. Each Tor node shares with the Tor browser its public key and keeps its private key to itself.
When the user asks the browser to surf to a particular location, the browser will grab three Tor nodes from its pool. The first one will be the exit node for this request. The Tor browser will encrypt the user’s request with the public key of the exit node and add to that encrypted packet the address of the exit node. It will then encrypt that bundle – the once-encrypted user request and the address of the exit node, with the public key of the second Tor node it picked from its pool. It will take that blob it just encrypted with the second node’s public key and package it with the address of the second node. Finally, it will perform one more encryption: it will encrypt that package it just made and encrypt it with the public key of the third Tor node it picked from the pool. By the time this last step is completed, the user’s original request – the URL he or she wanted to visit – has been encrypted once with the exit node’s public key, again with the second node’s public key, and a final time with the first node’s public key.
Furthermore, note that the exit node has no idea what the address of the second node is, and the second node has no idea what the address of the first node is. So, it isn’t possible to trace back from the exit node through the Tor network to the entry node. That’s the key to how Tor anonymizes web requests, for it makes it impossible to trace back from the exit node to the entry node, thereby protecting the identity of the Tor user.
Let’s follow the data as it moves from the user to the Tor exit node. The user requests to go to www.iknowishouldnotgoherebutiamgoingtoanyway.info. The Tor browser does the dance we just described in the preceding paragraph to build the onion. It then routes the onion to the third node it had picked, which is the entry point to the Tor network. The entry point peels away a layer of the onion by decrypting the bundle with its private key. The private key is mathematically designed to decrypt what the user encrypted with the entry node’s public key, and so it is able to make sense of the outer layer. In that layer is the address of the second node and the layer of the onion that only the second node will be able to decrypt. Noticing the address of the second node and being unable to make sense of the layer that was encrypted with the second node’s public key, it forwards that remaining encrypted bundle to the second node. The second node receives it and peels away its layer by decrypting the bundle with its private key. When it does this, it discovers the address of the next node, the exit node, and a layer that only the exit node will be able to understand because it was encrypted with the exit node’s public key. It forwards that remaining bundle of encrypted joy to the exit node. The exit node decrypts it with its private key, thus peeling away the final layer of mystery. The user’s original request is now visible in all its plaintext glory, and the traditional, non-Tor Internet can pick up from there and usher the request to its originally intended destination. The Internet sees only the exit node; it doesn’t see the originator of the request, and so the originator’s identity is protected.
Although it took me a lot of words to describe this, Tor’s operation is quite simple: it uses public-private-key encryption to encase Internet requests in layers of encryption that hide the originator of the request. The layers are peeled away one by one as the data makes its way through the Tor network. The encrypting and decrypting of all these layers is what slows down the Tor browser so much. However, it’s easy to forgive this tool for its lack of nimbleness. After all, your privacy may be worth a few extra thumb twiddles.
It is unclear whether Tor’s resurgence in popularity is short-lived or will last well after the current concerns over privacy subside. Regardless, it is gratifying to know that solutions which protect users from unwanted snooping exist and provide credible options for those who don’t want their web whereabouts disclosed, whether for cause or simply as a matter of principle.