Let’s pretend that computers and the Internet don’t exist and people still communicate with what we now call “traditional mail”.
In this horrifying alternate world, people actually still read books. But how could you buy one when you can’t be bothered to leave the house? You could use the yellow pages to look up the address of a publishing house, then send them a postcard.
On that card, you could express a desire to obtain a book you like, and you could include your own address so that the publisher knows where to send it to.
The problem is that everyone along the delivery route can see what everyone wants to read. They can make copies of everything or simply keep lists of who requested what.
Envelopes Protect the Content
A simple level of protection would be to put requests into sealed envelopes. Seals are impossible to open without breaking them, so all the post office could do is maintain lists of what gets delivered where, without knowing the contents of the envelopes.
This information—pertaining to, for example, the size and weight of the envelope, and the identities of the sender and recipient—is called the metadata.
Metadata reveals a lot. For example, you can tell if you’ve received a speeding ticket just from looking at the envelope. And so can the mailman.
This is very close to how the Internet works today. Cryptographic seals go one step further by being impossible to open. Unfortunately basic encryption, like Transport Layer Security (TLS), is not yet standard across the web. (You can tell when this is active, as a green lock will appear in your address bar).
Tor Circuits Rely On a System of Nodes
To send requests anonymously in the Tor network, you start by establishing a Tor circuit. To do this, you send your “sealed postcard” to a random Tor node. This could be a residential or commercial address. It could be your neighbor’s house, or it could be a big building in a faraway country. This is your entry node, and all your sealed mail will be sent to this address. All the mail that you receive will also come from this address.
Your entry node will forward your mail to yet another node, which will again forward it on to another node—the exit node. Only the exit node knows the address of your intended recipient.
The following is an explanation of how the system of nodes works:
- The entry node can see who you are, but not what you request or who you request it from.
- The middle node cannot see anything. It is important to separate the exit and entry nodes from each other.
- The exit node can only see what you request, but not who you are. Ideally you will be using TLS to make your request, so that the exit node can see who you are requesting something from, but not the content of your request.
Tor Is Run By Volunteers
A system like Tor could at least hypothetically work with physical mail, but the effort needed to reroute mail and seal envelopes would be gigantic. The Tor system is far easier to accomplish electronically, but the network still relies on volunteers who run Tor nodes on their servers or at home.
The exit node is the most fragile spot in this chain. If the connection to the website you are visiting is not using TLS encryption, there is no guarantee that the exit node is not logging the contents of your requests, altering them, or injecting malware into them. If your system is not correctly configured, things like cookies, or the contents of your communications, could still identify you.
Use .Onion Addresses to Avoid Exit Nodes
There is a way to entirely avoid using exit nodes. But for that to work, the website you are visiting needs to be set up with a .onion address. This address is not like a regular domain name, because there is no way to formally register it. The domains are usually alphanumeric strings generated from a public cryptographic key. Using such a domain not only removes the exit node from the equation, it also makes it impossible for both the user and the site to know where the other party is.
Facebook and Blockchain.info are also among the small number of sites that have TLS certificates issued for their .onion sites. This does not make the content significantly more private or secure, but can help to identify whether the site you are connected to really is the site you wanted to reach. Many sites are exclusively reachable through their .onion address, in an attempt to remain uncensorable and to keep their location a secret. This part of the Internet is usually called the dark web.
Find out more about Tor with these articles:
- A Beginner’s Guide to Tor
- The Unlikely History of Tor
- How to Use Tor to Protect Your Privacy
- Quick Start to Tor