What Is Tor? A Manual for Dummies

Tor (The Onion Router) is a router system that serves to create an anonymous encrypted connection through a chain of proxies. It is implemented as an independent network of virtual channels, allowing you to transfer encrypted data within the network.

The Tor software code is openly distributed. Today, the Tor network has more than 10 control nodes, more than 7,000 proxy servers, as well as approximately 1,000 output nodes.


How does Tor work?

Tor technology is implemented according to the principle of multi-layer routing (onion structure) using multi-level encryption within a specific network.

In the Tor network, data packets are transmitted via the SOCKS protocol through a chain of proxy servers, consisting of at least three nodes that are randomly selected among the participants of the system. Before sending, the data is pre-encrypted with separate keys for each of the three servers in the chain.

Traffic transmission over UDP protocols in the Tor network is not supported. Therefore, for the safe use of VoIP and BitTorrent, tunneling methods in third-party operating systems are used.

The Tor network has hidden services, access to which is possible only through the installed Tor client. Hidden services have domains in the .onion zone, which are not in the official domain name system.

Kinds of Tor nodes

  • Entry nodes. They serve to start the process of authorization and encryption of Tor network clients. At the same time, blocks of transmitted data from the client to the entry node are protected by hybrid encryption with TLS keys and provided with a message authentication code, which does not allow to know the type and content of data.
  • Middle nodes. They are used to transfer encrypted traffic only within the network between selected participants of the Tor system and allow direct connection only in the .onion zone. In this case, the IP addresses of those nodes are not stored in the history.
  • Exit nodes. Such nodes are used to connect the client to the Internet network. The exit node decrypts the data and finds out the address of the recipient of the request. The operation of such nodes is strictly regulated by the rules of the Tor network.
  • Guard nodes. They are included in the data transmission chains and serve to protect users from cases of control of the attacking, entry, and exit outputs of the Tor network.
  • Bridge relays. They are used as protection against Tor network blocking. They are used as entry or middle nodes. They are not published in open lists, but are provided to users by encrypted TLS requests.
  • Exit relays. They allow you to contact services that are located on the same IP address with the exit enclave. They are used for protection against traffic interception.

Various Tor implementations

Tor network can be used in various ways:

  • Software solutions. Tor clients for different operating systems, special graphical interfaces, web browsers, and plugins.
  • Hardware solutions. Routers and individual devices adapted to work in the Tor network.
  • Special operating systems. Special assembly of operating systems that direct all traffic through Tor by default.

Security in Tor

Any node that is used in the Tor circuit can be compromised.

All responsibility for the actions of the Tor network participants lies with the exit nodes, which send traffic to the destination on their behalf. At this stage, there is a danger of intercepting data from open communication protocols (SMTP, FTP, HTTP). Logins, passwords, transmitted files, and cookies can be compromised. If necessary, it is recommended to use the Tor network with a VPN to provide encryption of important data.

A Tor user may be partially or fully exposed due to improperly configured services. Many services can add their technical information to a message sent on the Tor network. To combat traffic modification from the entry node to the recipient, which is transmitted without encryption, checksums are used.