I have previously pointed out in the Privacy Cookbook that by using a VPN it will be possible (and enjoyable) to watch the Bundesliga (post C-19) or Netflix USA when you are somewhere else in the world, but it is still a single point of failure when it comes to privacy. Sure it encrypts your browsing, but then so does the right DNS setup.
So is there a better solution when it comes to browsing the internet with true privacy in mind? Sure....it's TOR!
The name stands for The Onion Router, which is basically how this open-source browser anonymizes your browsing habits. Tor is free to use and is totally decentralized! The Tor Website explains that it does this by encrypting your browsing information, IPs etc. by relaying it through Tor's system of circuits. This way your ISP wont see what you browsing or be able to track you with different tabs originating from the same website all being loaded through the same circuit.
Firstly, how does Tor really work?
Tor sends your traffic over a network of voluntarily run nodes, each helping to reinforce your privacy and anonymity.
Tor operates over a network of thousands of voluntarily run nodes (often referred to as a 'relay').
On every occasion you connect over Tor, it'll 'select' three nodes to construct a pathway through the internet. Each of these is known as a 'circuit' and each nodes within it has its own function:
- Entry Node: sometimes known as the 'guard' node, this is the first in the circuit. This node sees your IP address, but not what you're connecting to. Unlike the other two nodes, this one is randomly selected by the Tor client and will remain in use for 2 to 3 months.
- Middle Node: this node sees from which node the traffic came and where it's going to next. It does not see your IP address nor the domain from which you are connecting. This node is selected at random from all the Tor nodes in each circuit.
- Exit Node: is where your traffic leaves the Tor network and is forwarded on to the destination domain. This final node doesn't know your IP but it does know what you are connecting to. This node is also chosen at random from the Tor nodes as long as it shows an exit flag.
In simple terms, each node removes its own layer of encryption, and when the destination website returns data, the same process happens in reverse. So the analogy of the layers of an onion applies, very fittingly.
in summary, Tor allows you to connect to a website without any one party knowing the route.
The entry node knows who you are, but not where you are going; the middle node doesn’t know who you are OR where you are going; and the exit node knows where you are going, but not who you are; and because the exit node makes the connection, the destination website will never know who you are! (the IP address of the originating device).
The best method of usage is via the Tor browser. It is the solution that opens up almost any website - yes, there are setbacks, such as when Cloudflare plays dirty meaning when a site is "protected" by crimeflare you might have trouble getting in!
Before any of you jump up and claim 'but Tor is for dark web drug dealers!', calm down! By the same logic, so is bitcoin !?!;) or is it? Tor is basically the same as using a Firefox wrapped browser. You can still open decentralize.today, the bbc.com, cnn.com or Twitter with it. You are not going to end up on a dark market site!
YET, lo and behold, you can visit most of these sites also with an .onion address!
Tor also has build in fingerprint protection! Meaning it resists identifying you based on your browser and device information.
“Tor Browser is specifically engineered to have a nearly identical (we’re not perfect!) fingerprint across its users”
“This means each Tor Browser user looks like every other Tor Browser user, making it difficult to track any individual user.”
The Tor browser has no ad blocker on it, and does not recommend installing ublock origin or any other add-on to protect your privacy and functionality.
So now you know you can hide your identity using Tor! Just like a VPN, but without having to trust a middle man, company or endure a singe point of failure.
There is more good news! You can install Tor on MacOS, Windows and Linux as well as on Android via an APK or f-droid! So you can also use it whilst on the go!
Ok, so we're assuring you that you won't end up on a 'watchlist' or be branded a drug dealer or user by using a Firefox wrapped browser which allows you to not have to expose your ISP to any watching eye! The claim that you'll end up on a 'watchlist' is flawed since any data captured would be useless! And Tor has over 2 million users a day.
That number is also big enough that targeted surveillance wouldn't work. Plus, remember that mass surveillance was on your phone and via DNS and your ISP long before you even heard of Tor. So, please, forget about being watched.
The place you need to be careful when using Tor would be with a truly oppressive government, but then so would it be with a VPN and most VPN providers are known. On Tor, however, you have an option called bridged network which are entry points which are not publicly listed nor known to be a Tor network. And exit nodes can also do some scary stuff with your traffic!
This one is partially true because although your traffic is encrypted upon entry and whilst in transit through the Tor network, the connection between the website and your exit node is not. Let's say, I log on a website using HTTP then an exit node could intercept your password. However, the mass adoption of HTTPS has made most exit node manipulation impossible because the node only sees an encrypted HTTPS packet that it has to forward, not what the packet contains.
Of course the government could target you and set up lots of nodes to get you? Sure, it could be done, but it would cost a hell of a lot of money and not make much sense. The Tor Stinks document will explain more on this:
Ok, glad we have all that out of the way!
What is it with .onion?
So you can visit every website with the Tor browser, what about those addresses ending with .onion! Well, you can only access them through the Tor network. You won't be able to access these sites with a regular web browser.
How is it different to an ordinary domain?
Whilst .com, .net and most other endings are issued by the Internet Corporation for Assigned Names and Numbers (ICANN), .onion hasn't been!
But why would anyone want an .onion domain?
A .onion domain has several advantages over an ordinary domain as well as a few downsides. Its key feature that it can only be accessed using a Tor browser which provides numerous layers of anonymity that are not available on more popular browsers.
Upon requesting a .onion site, the domain name will be generated automatically. It will be a string of 16 random lowercase letters and numbers (from 2 to 7) that the Tor browser can use to navigate to your server. Unfortunately, these strings have to be 16 characters in length making them difficult to remember and easy for others to produce similar, but slightly different, domains for potentially nefarious purposes.
This also means that there is no requirement to register with ICANN to create domains. So, you be free from 'who is' searches and won't need an ICANN account which could be vulnerable to attack or takeover. You'll be completely in control of your domain and thereby your privacy.
A lot of privacy orientated people prefer using .onion addresses and sites! Now again, I hear some of you saying "yes! the darknets!". And again, I hear you, but then so do some of the biggest names on the internet, just to mention a few...
Protonmail - protonirockerxow.onion
Swiss based e-mail service, encrypts e-mails locally on your browser. Free and paid accounts.
Facebook - facebookcorewwwi.onion (don't use your real account!)
The real Facebook's Onion domain. Claims not to keep logs ;)
SecureDrop - secrdrop5wyphb5x.onion
An open-source whistleblower submission system that media organizations use to securely accept documents from and communicate with anonymous sources.
WikiLeaks - wlupld3ptjvsgwqw.onion
BBC - bbcnewsv2vjtpsuy.onion
Deutsche Well (DW TV) - dwnewsvdyyiamwnp.onion
Mullvad - xcln5hkbriyklr6n.onion
DuckDuckGo - 3g2upl4pq6kufc4m.onion
National Police of the Netherlands - politiepcvh42eav.onion
The CIA - ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r2o3lt5wz5ypk4sxyjstad.onion
The NY Times - nytimes3xbfgragh.onion
decentralize.today - 4relgfjrpcir5jg6bj3jzhrujc5d5zvbbwx27sg2jtgzuhnhv56antad.onion
Plus the FBI and CNN and many, many others have .onion sites!
As you see the Tor network is not about buying drugs or guns online, but more about privacy on the internet. We wouldn't need things like Tor if we lived in a world without surveillance but, sadly, we don't. If you want to be secure and private on the internet Tor is as good an option as any VPN out there, in fact, probably better! Plus its free!
You should give it a try!
Before I finish this Onion article I want to add one further layer of information.
The setup of our own .onion address was way more difficult than it was supposed to be. Our platform, Ghost, had some strange setups in the server and even wanted to redirect our .onion address to https. We wouldn't have been able to get this done without the excellent 'tech support' of our dear friend Ido Kaiser (Developer & Software Architect of the Particl Project) who dedicated 2 days to go over our setup and make adjustments to the server and the actual Ghost software. We have now a way safer, better and more unique ghost setup that works with 3 domains! Thank you, Ido, you are a great friend and a superb programmer. We always knew that and we'll keep following and hodling and investing in Particl!
If you are interested in learning more on Tor and perhaps even thinking about running your entire computer setup on it, take a look at a couple of previous sections of the Privacy Cookbook that cover Tails and QubesOS:
I hope everyone enjoyed this multi-layered article of onion info, see you next week for another installment in the Privacy Cookbook.