Why more apps should integrate Tor

A tin can telefone with ciphertext as a wire

Tor is most known for its anonymous browser. The Tor browser is built on Firefox and customized to defend against the most common forms of tracking as well as malicious code on the sites you visit. All data is routed through the Tor network, which encrypts your data and bounces it around at minimum three Tor nodes around the world before passing it onto its final destination.

This technique makes it near impossible for a site to know who you are. The first (entry) node might know who you are (or see your IP address) but does not know who you are trying to connect to or what data you are passing on. The last (exit) node can see who you are connecting to and might be able to make some guesses about the transmitted data (especially when other forms of encryption like TLS are not used). The exit node however cannot see who or where you are. Any nodes in between the two are meant to separate the entry and exit nodes from each other, making sure that even if an entity were in control of many entry and exit nodes at the same time, they would have a hard time correlating all the traffic.

In the same way that users can hide in their tracks in this network, service operators can, too. So-called hidden services are sites only available through the Tor network through a url ending in .onion. Creating such a hidden service is easy; there is no registration necessary, there are no fees associated with creating such onion addresses, and end-to-end encryption is included by default, removing the need for difficult certificate authority schemes. On top of that, as there is no central registry, such domains are anonymous and cannot be taken away from users.

The internet is increasingly becoming more centralized, concentrating power in the hand of a few content delivery networks, advertisement platforms, and data centers. The Tor network presents a convenient way out, as it already exists, has proven to be secure, and allows for a wide range of functionalities when bundled with other software or embedded directly into the operating system.

1. Peer-to-peer inbound connectivity

The main novelty of apps that have Tor embedded is the ability to make true peer-to-peer connections, regardless of whether devices are on IPv4, iPVv6, cellular networks, using VPNs or behind corporate firewalls or NATs. This allows apps to retain their functionality without a central server infrastructure, allowing for decentralized applications that are far harder to take down and censor.

2. End-to-end encryption

Using Tor circuits these peer-to-peer connections could be done with end-to-end encryption by default, requiring only a secure side channel to share onion urls or encryption keys. This makes these applications far more secure, especially in the context of decentralization.

3. Privacy

Routing all connections by default through the Tor network protects user privacy, as it efficiently hides the users’ location and IP address, making all users appear uniform throughout the network.

4. DDoS protection

Once an app invites incoming connections through the onion network, it can assign a new Tor circuit with new hidden service urls to each user, maintaining the functionality of the app during DDoS attacks. Once an attack is detected, this circuit can be easily closed, while other circuits remain functional.

Making chats, Bitcoin, file sharing more secure

Some of the prime candidates for integrating Tor are the kind of applications that we already use heavily today. Chat applications can use Tor to allow for a more private and secure user experience, in which users create hidden fully encrypted rooms directly from their device, leaving no trail of the existence of the chat or its participants on the server. Secure phone calls and video conferences can also be made in this fashion.

The Lightning network, too, can profit from better Tor integration. While applications like Electrum make it easy to route all traffic through the built-in Socks5 proxy, they cannot yet create hidden services themselves or take control of the circuits in detail. This means your Lightning node cannot be made available for incoming connections over the Tor network.

One application which already implements Tor to its advantage is OnionShare. Using OnionShare, anybody can quickly and conveniently share files from their computer directly with another party without relying on a centralized service, paying a fee or surrendering their personal data.

Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.