How does tor browser work? What is TOR browser? How to set it up and use it

You need to change some of your habits, as some things won't work exactly as you are used to. Please read the for details.

Tor Browser for Windows (64 bit)

Learn more »

Tor Browser for Windows (32 bit)

Everything you need to safely browse the Internet.
Learn more »

Tor Browser for Linux (64-Bit)

Learn more »

Tor Browser for Linux (32-Bit)

Everything you need to safely browse the Internet. This package requires no installation. Just extract it and run.
Learn more »

Running Tor on OpenBSD

These are installation instructions for running Tor Browser in a OpenBSD environment.

To install from OpenBSD's packages, run:

Pkg_add tor-browser

Sometimes the most recent version of Tor Browser on OpenBSD is behind the current release. The available version of TB on OpenBSD should be checked with:

Pkg_info -Q tor-browser

If provided version is not the current Tor Browser version, it is not recommended.

To install the Tor Browser port from an updated ports tree, run:

Cd /usr/ports/meta/tor-browser && make install

Be smart and learn more. Understand what Tor does and does not offer. This list of pitfalls isn't complete, and we need your help identifying and documenting all the issues.

In some countries the Tor Project website is blocked or censored and it is not possible to download Tor directly. The Tor Project hosts a Tor Browser mirror on Github.

Using the service is another way to download Tor Browser when the Project website and mirrors are blocked.

• Translation

Tor is an anonymity tool used by people seeking privacy and fighting internet censorship. Over time, Tor began to cope with its task very, very well. Therefore, the security, stability and speed of this network are critical to the people who rely on it.

But how does Tor work under the hood? In this article, we will dive into the structure and protocols used on the network to get an up-close look at how Tor works.

A Brief History of Tor

The modern version of Tor software was open sourced in October 2003, and was already the 3rd generation of onion routing software. The idea is that we wrap traffic in encrypted layers (like an onion) to protect the data and anonymity of the sender and recipient.

Tor Basics

Currently (February 2015) there are about 6,000 routers transmitting traffic on the Tor network. They are located all over the world and are powered by volunteers who agree to donate some traffic to a good cause. It is important that most nodes do not have any special hardware or additional software - they all run using Tor software configured to work as a node.

The speed and anonymity of the Tor network depends on the number of nodes - the more, the better! And this is understandable, since the traffic of one node is limited. The more nodes you have to choose from, the harder it is to track a user.

Node types

Client, security node, intermediate node, exit node, destination

Entrance or guard node is the entry point into the network. The input nodes are selected from those that operate for a long time and have proven to be stable and high-speed.
Intermediate node – transmits traffic from security to exit nodes. As a result, the former know nothing about the latter.
The exit node is the exit point from the network and sends traffic to the destination that the client needs.

Usually safe method launching a sentinel or intermediate node - virtual server(DigitalOcean, EC2) – in this case, server operators will only see encrypted traffic.

But exit node operators have a special responsibility. Since they send traffic to the destination, all illegal activities done through Tor will be associated with the exit node. And this can lead to police raids, notices of illegal activities and other things.

Meet the exit node operator - thank him. He deserves it.

What does onion have to do with it?

The Tor network is designed so that nodes can be treated with minimal trust. This is achieved through encryption.

So what about bulbs? Let's look at how encryption works during the process of establishing a client connection via Tor network.

The client encrypts the data so that only the exit node can decrypt it.
This data is then encrypted again so that only the intermediate node can decrypt it.
And then this data is again encrypted so that only the sentinel node can decrypt it

It turns out that we wrapped the original data in layers of encryption - like an onion. As a result, each node has only the information it needs - where the encrypted data came from and where it should be sent. This encryption is useful for everyone - the client’s traffic is not open, and the nodes are not responsible for the content of the transmitted data.

Note: output nodes can see the source data because they need to send it to the destination. Therefore, they can extract valuable information from traffic sent in clear text over HTTP and FTP!

Nodes and Bridges: The Problem with Nodes

To understand it, let's pretend to be an attacker and ask ourselves: what would an Authoritarian Government (AP) do? By thinking this way, we can understand why Tor is designed the way it is.

So what would AP do? Censorship is a serious matter, and Tor allows you to bypass it, so the AP would want to block users from accessing Tor. There are two ways to do this:

• block users leaving Tor;
• block users logging into Tor.

The first is possible, and this is the free choice of the owner of the router or website. He just needs to download the list of days off Tor nodes, and block all traffic from them. This will be bad, but Tor can't do anything about it.

The second option is seriously worse. Blocking users leaving Tor can prevent them from visiting a particular service, and blocking all incoming users will prevent them from going to any sites - Tor will become useless for those users who already suffer from censorship, as a result of which they turned to this service. And if Tor only had nodes, this would be possible, since the AP can download a list of sentinel nodes and block traffic to them.

It's good that the Tor developers thought about this and came up with a clever solution to the problem. Get to know the bridges.

Bridges

It's just not public. Instead, users can receive a small list of bridges to connect to the rest of the network. This list, BridgeDB, only gives users a few bridges at a time. This is reasonable, since they don’t need many bridges at once.

By issuing several bridges, you can prevent the network from being blocked by an Authoritarian Government. Of course, by receiving information about new nodes, you can block them, but can anyone discover all the bridges?

Can someone discover all the bridges

I will describe in detail two items from this list, 2nd and 6th, since these were the methods used to gain access to the bridges. In point 6, the researchers scanned the entire IPv4 space using the ZMap port scanner in search of Tor bridges, and found between 79% and 86% of all bridges.

The 2nd point involves launching an intermediate Tor node that can monitor requests coming to it. Only guard nodes and bridges access the intermediate node - and if the accessed node is not in public list nodes, then it is obvious that this node is a bridge. This is a serious challenge to Tor, or any other network. Since users cannot be trusted, it is necessary to make the network as anonymous and closed as possible, which is why the network is designed that way.

Consensus

Each Tor client contains fixed information about 10 powerful nodes maintained by trusted volunteers. They have a special task - to monitor the state of the entire network. They are called directory authorities (DA, list managers).

They are distributed around the world and are responsible for distributing a constantly updated list of all known Tor nodes. They choose which nodes to work with and when.

Why 10? It is usually not a good idea to make a committee of an even number of members so that there is no tie in the voting. The bottom line is that 9 DAs deal with lists of nodes, and one DA (Tonga) deals with lists of bridges

DA List

Reaching Consensus

The status of all nodes is contained in an updated document called "consensus". DAs support it and update it hourly by voting. Here's how it happens:

• each DA creates a list of known nodes;
• then calculates all other data - node flags, traffic weights, etc.;
• sends the data as a “status vote” to everyone else;
• gets everyone else's votes;
• combines and signs all parameters of all voices;
• sends signed data to others;
• the majority of DAs must agree on the data and confirm that there is consensus;
• the consensus is published by each DA.

The consensus is published over HTTP so that everyone can download the latest version. You can check it yourself by downloading the consensus via Tor or through the tor26 gate.

And what does it mean?

Anatomy of Consensus

What happens if the node goes wild

This transparency implies a great deal of trust in the exit nodes, and they usually behave responsibly. But not always. So what happens when an exit node operator decides to turn on Tor users?

The case of the sniffers

Tor exit nodes are almost the standard example of a man-in-the-middle (MitM). This means that any unencrypted communication protocols (FTP, HTTP, SMTP) can be monitored by it. And these are logins and passwords, cookies, uploaded and downloaded files.

Egress nodes can see traffic as if it had just left the device.

The catch is that there is nothing we can do about it (except using encrypted protocols). Sniffing, passively listening to the network, does not require active participation, so the only defense is to understand the problem and avoid transmitting sensitive data without encryption.

But let’s say the exit node operator decides to do major damage to the network. Listening is a fool's business. Let's modify the traffic!

Making the most of it

Let's see in what ways it can be changed.

SSL MiTM & sslstrip

A convenient tool for exploiting vulnerabilities is sslstrip. We only need to pass all outgoing traffic through it, and in many cases we will be able to harm the user. Of course, we can simply use a self-signed certificate and look into the SSL traffic passing through the node. Easily!

Let's hook browsers to BeEF

Back door binaries

How to catch Walter White

In part, the developers thought about this and developed a precaution against clients using bad output nodes. It works as a flag in a consensus called BadExit.

To solve the problem of catching bad exit nodes, a clever exitmap system has been developed. It works like this: for each output node, a Python module is launched, which handles logins, downloading files, and so on. The results of his work are then recorded.

Exitmap works using the Stem library (designed to work with Tor from Python) to help build diagrams for each exit node. Simple but effective.

Exitmap was created in 2013 as part of the "spoiled onions" program. The authors found 65 traffic-changing exit nodes. It turns out that although this is not a disaster (at the time of operation there were about 1000 output nodes), the problem is serious enough to monitor violations. Therefore, exitmap still works and is supported to this day.

In another example, the researcher simply made a fake login page and logged in through each exit node. Then the server's HTTP logs were viewed for examples of login attempts. Many nodes tried to penetrate the site using the login and password used by the author.

This problem is not unique to Tor.

And remember that this is just an example of bad operator behavior, not the norm. The vast majority of exit nodes take their role very seriously and deserve great gratitude for all the risks they take in the name of the free flow of information.

Hello everyone, guys Today I will show you how to install the Tor browser and show you how to use it, although what you need to know, everything is simple. So, a little introductory information, so to speak. What is Tor? This is an anonymous network so that you can watch websites, communicate, but at the same time so that no one can understand where you are from. Well, that is, you will be anonymous.

Tor in general is a network that is really serious in its structure, the data inside it is all encrypted and transmitted through several servers (they are called nodes). Everywhere on the Internet they write that Tor is slow, but I can’t say anything here, for some reason it’s normal for me, not super-fast, but not a turtle either

By the way, at the beginning I have a picture showing an onion, do you know why? Because the Tor network works like an onion, there is even such a thing as onion routing. Three servers are used to transfer data, which ones can be found in the Tor browser (this is called a server chain type). Well, the traffic from you is encrypted three times, and each server can remove only one protection. That is, the third server removes the last protection.

I’ll also write this: there are such people, well, not entirely normal, in short, do you know what they do? I wrote that the traffic is encrypted and transmitted over three servers. And already on the third server it is decrypted and becomes available to the recipient, well, figuratively speaking. Well, not quite normal people set up such a server, so to speak, they raise a node and comb the traffic that goes through it. Because this node will definitely be the last for someone. Well, you understand, yes, what happens? The node is the last one, the traffic on it is already completely decrypted and can be scanned, well, combed for your own purposes, so to speak. Therefore, I do not recommend entering your username and password somewhere in the Tor browser, for example on VKontakte or other social networks, because in theory you could simply be hacked stupidly

Well, that's enough talking, let's get down to business. How to install Tor browser on your computer? Cool, everything is simple here. So you first need to go to this site:

There you need to click on the purple Download button, this button is here:

Just keep in mind that it’s better to download only stable version(Stable Tor Browser), they basically come first. It’s just that later there are experimental versions (Experimental Tor Browser), which may have errors, I don’t recommend downloading this version

That's it, then the Tor browser installer will start downloading. By the way, the browser itself is based on Mozilla, which is good, because Mozilla doesn’t eat up a lot of RAM, it works quickly and all that. The Tor browser installer has downloaded, run it:

I downloaded it in Chrome, in another browser there will be something similar. Then you will see a security window, well, there is some kind of warning, in short, click here Run:

By the way, you may not have this window. So, then you will have a choice of language and Russian should already be selected there:

Then there will be a window where it will be written where exactly the browser will be installed, so I want it to be installed on the desktop, well, so be it. If you are happy with everything here, then click Install (or click the Browse button to select another folder for installation):

That's it, then the installation will begin, it will go quickly:

Once the installation is complete, you will have two checkboxes:

The first is, I think, clear, and the second is to add Tor browser shortcuts to the start menu and to the desktop. If you need shortcuts, do not uncheck the box. In general, click ready and if you did not uncheck the first box, the Tor network settings window will open immediately, here’s the window:

Well, from this point on, so to speak, let’s talk in detail. So what do we see in this window? There is a Connect button and a Configure button. Connect button, this will use the usual settings, that is, you don’t have to worry about it, just click the Connect button and wait a little. The second button is to configure Tor and now I will click this one to show you what settings there are. So I clicked it and this window appeared:

What do we see here? What we see here is that they ask us if ours is blocking Tor provider? There are such unusual providers that have nothing to do and block Tor, there are those that even cut down the speed of torrents, these are the pies. I'll select Yes here to show you again additional settings, this is the window that then opened:

What do we see here? And we see some bridges here, and what are these bridges? These bridges are, so to speak, servers through which Tor will work, that is, it is from these servers that Tor will access its network. But there can only be one such server, that is, a bridge; you can only choose its type. This works very well, but the speed may or may not be lower, depending on what type of bridge you choose. In general, these bridges, that is, servers, are called repeaters. You can also enter them manually, having first received them on the Tor website, I don’t remember exactly what the site is called, but I don’t see much point in it if the Tor browser setting itself can do it. In general, I didn’t touch anything here, I didn’t change the transport, click Next . Then there will be a window like this:

Here we are asked, how do we access the Internet, through a proxy or not? Well, what can I say here, here you need to specify a proxy if Internet access goes through it. But damn, you can simply specify a left proxy (the main thing is that it is working) in order to increase your anonymity, so to speak! In general, I’ll select Yes here to show you the window where the proxy is entered, here it is:

But I won’t enter a proxy, I stupidly don’t have one, and it’s working and free, then I’m too lazy to look for it, because it’s not so easy to find such a proxy. So I clicked the Back button, and then selected No there and clicked the Connect button. The process of connecting to the anonymous Tor network has begun:

If everything turned out fine, there are no jokes or jambs, then the Tor browser itself will open, this is what it looks like:

Well, all the guys, I congratulate you, the main thing is that you have done it, that is, you have installed the Tor browser and I hope that it will work for you just as easily as it did for me! Or didn't it work? Well guys, something went wrong, I don’t know what exactly, but I personally didn’t find any bugs in the Tor browser. No, I’m not saying that you have crooked hands, it’s just probably an issue with the antivirus or firewall, so check this moment.

So, the Tor browser has opened and will load home page. First, you can click on the Open security settings button (although I don’t know if you will have such a button, it appeared for me immediately after launching the browser):

You will see the Privacy and Security Settings window:

Well, I don’t recommend changing anything here, except that you can turn the slider up for better anonymity, but to be honest, I didn’t touch it. This window can also be opened by clicking on this triangle:

As you can see, there are still useful items in this menu. So there is such a thing as a New Personality, what is that? Do you know what this is? This is to simply restart the Tor browser, that is, it will close and then automatically open. In this case, the IP address in the Tor browser will change. The second point is a New Tor chain for this site, this is to change the IP address in the browser itself without closing it (if I understand correctly). At first I thought it was to change the IP address for the current open tab, that is, the site, after all, it is written there for this site, but I checked and realized that no, this is changing the Tor chain for the entire browser along with all the tabs. The third point is that you already know what it is. The fourth point, that is, Tor network settings, there you can change the relay, set a proxy and specify the allowed ports. I opened the network settings and checked two boxes there (a little lower) so that you could see all the options, so to speak, here, look:

Well, the fifth point is just checking for updates, by the way, I advise you not to ignore them

Another thing I advise you to do, not often, but you know, is to check the Tor browser. So you launched it, right? Well, the start page will open, on it click Check Tor network settings:

After which you should see a page like this with the following congratulations:

If you saw her, then everything is just super, you guys are all in good shape

By the way, after such a check, if you press that triangle again, well, opposite the button with the onion icon, then you will see through which countries the current Tor chain works:

All these countries (that is, servers) seem to change regularly, but if you need to change right now, you can click New Identity, well, in principle, I already wrote about this above

True, the only thing I didn’t understand was whether the repeater belongs to servers? Well, that is, I mean that the Tor network has three servers, so does the relay belong to them? That is, I created a connection through a repeater and I see that it goes like this: repeater > server 1 > server 2, but I don’t see the third one. So the repeater is included in the total number of servers, so to speak, in the top three? So, I turned off the relay, clicked New Identity, the browser restarted, then I clicked Check Tor network settings and this is what I saw:

That is, as I thought, if you turn on the repeater, then it will play the role of the first server, so to speak

So, what else do I want to tell you? So when you clicked on Check Tor network settings, well, it will say that everything is okay, everything is in a bunch, and so there will also be something below that says you can see information about the exit node (server) and for this you need to click on Atlas:

What is this anyway? Well, here you can find out the country of the node, it seems that you can also find out the server speed... In general, this is some information, so to speak, not particularly interesting, but still... In general, this is the page that will open for you if you click on Atlas:

Well, have you more or less figured out how to use the Tor browser? That is, it is a regular browser, but which accesses the Internet only through the Tor network. The settings of the Tor network itself are conveniently made, everything is quite clear, I personally did not have any errors, the network works as if it were not the slowest mobile internet, well, that's me in terms of speed

By the way, I went to the 2ip website, and this is what information it gave me about my IP address:

Well, that is, as you can see, there are no problems with substituting an IP address, and where it says Proxy, it also says that a proxy is not used. But don’t rush to rejoice! Even 2ip in most cases determines that the IP address belongs to the Tor network. You just need to click on clarify next to Proxy..

So, that means I still want to say. This means that the Tor browser works under such processes as tor.exe (the main module for accessing the Tor network, so to speak), obfs4proxy.exe (if I’m not mistaken, it is responsible for the operation of the relay) and firefox.exe (a modified Mozilla for working with the network Tor). All components are located in the Browser folder along with Mozilla itself. By the way, the Tor browser does not conflict with regular Mozilla in any way, just in case you have it installed.

In general, I think that I should tell you what the Tor browser actually is, that is, how it works. So look, in reality everything is a little simpler. The Tor browser itself, then you already understood that this is Mozilla, well, this is a converted Mozilla, in which any leaks of your real IP address are excluded. Well, that is, the security is highly configured, and there are also special extensions (by the way, I don’t recommend touching them at all). But it still remains ordinary Mozilla. The most important thing is tor.exe, it is this file that goes to the Tor network. When Mozilla starts it, it raises a proxy server, so to speak, to which Mozilla connects and can then go to the Internet. This proxy server can be used by other programs, but for it to work, the Tor browser must be running, this is important. This proxy, by the way, is a SOCKS proxy type. In general, this is the proxy:

That is, it can even be set in Internet browser Explorer and it will also access the Internet via Tor. How to ask? Well, it’s very simple, you go to the Control Panel, find the Internet Options icon there, launch it, then go to the Connections tab and click the Network Settings button there. Then check the Use proxy server checkbox, then click the Advanced button and specify the proxy in the Socks field:

But it may happen that in the Properties: Internet window (well, when you clicked on the Internet Options icon in the Control Panel), click not on the Network Settings button, but simply click on Settings (located above), you will have it active if you have you have a connection in the Configure dial-up connection and virtual private networks field! To be honest, I don’t remember what type of Internet this is, it hasn’t happened for a long time, but I only know that this type of Internet exists. Well, in short guys, I think you'll figure it out.

That’s it, after such actions, well, as I wrote above, then after this your Internet Explorer will already work through the anonymous Tor network. Do you think everything is so simple? No guys! I do not recommend doing this, because Internet Explorer is a regular browser that is not designed for anonymous work in the same way that the Tor browser is designed. Do you understand? I told you all this just as an example. This SOCKS proxy is suitable for many programs, not just Internet Explorer. Well, this is all just a note to you

If you are interested, you can see what extensions cost in the Tor browser, to do this you need to go to this address:

Well, here are all the installed extensions:

You can click the Settings buttons to see the settings themselves, but I advise you to change anything only if you are sure of it! In general, as you can see, the Tor browser, well, that is, this Mozilla, is well modified and contains just a bunch of mechanisms to ensure maximum level anonymity. Guys, this is good

So, what else do I want to say? You can download in the Tor browser, the speed can be low or quite high, as for the Tor network, but here you need to play with servers, some may be faster, some slow, the same applies. It’s just that when you start the browser there is always a new server. Honestly, I don’t know whether the repeater affects the speed, but if logically, it seems to have an effect, well, I don’t know, but it seems that my speed was lower on one repeater, and higher on the other... Well, it seems so... Or is it just a coincidence ... I don’t know exactly..

I’ll say again that if anonymity is important to you, then don’t just change anything in the Tor network settings or in the browser itself!

When you launch the Tor browser, you will see this small window:

There you can click the Open settings button and configure a connection to the Tor network, well, this means relay and proxy settings. By the way, if you choose a repeater, then I advise you to choose obfs4, in principle, as is recommended by default. Although, all these settings can be accessed when the Tor browser is running, you just need to click on the triangle next to the onion icon:

Well guys, everything seems to be done? I just don’t know if I wrote everything, but it seems like everything. There is nothing difficult in mastering the Tor browser, I don’t think there will be any problems with the settings, it’s easy to use, it works stably without glitches or problems. Well, personally, I haven’t had anything like this where it wouldn’t work. And by the way, I don’t know why they say about it that it’s terribly slow, of course it’s not reactive for me, but you can still use it

I don’t know whether you need this or not, whether it’s interesting or not, but I’ll write it. Do you know how to change the country in Tor? Well, maybe you know, maybe not, but it’s not so easy to do this in the Tor browser, because there is no built-in feature (in old version I think it was). You need to manually edit the torrc configuration file. In general, I will write how to do this, I think that everything will work out for you, I personally checked it myself, yes, you CAN change the country, but with a joke..

I almost forgot to write you the most important thing: before editing the torrc file, you need the Tor browser to be closed! The funny thing is that new setting, well, which we introduce, then he can shoot it down. And then, when you already launch the browser with the selected country, you don’t need to configure anything in terms of the Tor network, otherwise the setting that you manually set may go wrong!

So what do you need to do to change the country in the Tor browser? So, first you need to open the torrc file, I don’t know where you will have the Tor browser installed, but I installed it on my desktop, so the path to the torrc file is here:

C:\Users\VirtMachine\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor

In the path there is the word VirtMachine, it’s just the name of the computer, that is account. Yours may be in a different place, but in any case, the main thing is the internal path, so to speak, I’ll write it again, here it is:

\Tor Browser\Browser\TorBrowser\Data\Tor

The Torrc file is located in that Tor folder. So, okay, we figured it out. Now you need to open it, double-click on it, there will be a program selection dialog, here you need to select Notepad and click OK:

The following file will open:

This file already contains the settings that I specified. Well, that is, here are the settings that are set in the Tor network settings window where the relay and proxy are selected. Do you see the lines that start with Bridge obfs4? Well, these are the repeater teams, so to speak. After all, the torrc file is a settings file for the Tor network itself, and this file is needed for the tor.exe module, do you understand? Well, down there, if you move your mouse, it will look something like this:

This also applies to repeaters, 1 means use them, and 0 means don’t use them, everything is logical. These are commands, I hope this is sorted out. So what should you do now? Now you need to add a command that will set the country of the destination server (or destination node). Roughly speaking, to change the country, you need to add this command to the end of the file:

ExitNodes (country code)

Where the country code is, then you need to indicate the country, for example RU, BY, UA, and so on. Honestly, I don’t know all these codes, but if you really need it, you can look for this information on the Internet, I don’t think this is a problem. In general, as an example, I will set RU, that is, Russia, here is the command that needs to be entered in this case:

We write it at the end of the file:

Then close the file and save the changes. Well, is it a little clear? Then you launch the Tor browser and you will always be in the country whose code you specified in the command. But the problem is that when you launch the Tor browser, it will pick up the command with the country code and everything will work fine, but in the torrc file itself there WILL NOT BE a command, it WILL DISAPPEAR. Therefore, next time you will have to manually set the command again, such a gamble! I forgot something and didn’t write that you can specify not one country, but several, for example:

ExitNodes (RU), (UA), (BY)

In this case, the IP addresses of the specified countries will be the outgoing servers. But there is another command, it is the opposite of this one, on the contrary, it prohibits IP addresses of the specified countries. Here's the command:

ExcludeExitNodes (RU)

As you can see, I here prohibited the outgoing servers from having Russian IPs. Here, too, you can specify several countries separated by commas. And also add it to the file.

In general, this is how things are guys, it’s a pity that the commands from the torrc file disappear after they were picked up by the Tor browser. This is all because such commands are not included in the functionality of the Tor browser! But I think that this is not such a terrible problem. Although it’s a jamb, it’s a jamb

But in general, you can somehow play around with this Tor browser and the torrc file, maybe you’ll find some more workable way so that the commands are not deleted. You can make a copy of a file like...

In general, there are quite a lot of commands for the torrc configuration file, but understanding them is not always easy. In general, guys, here is a link with the commands (this is the official website):

There’s a lot of useful information there, interesting commands, in general, if you’re interested, be sure to take a look

Personally, I advise you to use the Tor browser only with relays, because there is not much difference, what with them, what without, well, in terms of speed, but relays, so to speak, increase anonymity. Here's a moment.

And I also want to write something, but not everyone knows about it. Tor servers are not only those who specifically do this, that is, specially created servers to support the Tor network, but also ordinary users. I don’t know exactly how they do it, so I won’t say anything. But why do they do this, what do you think? They do this in order to scan traffic! If the server is the last one, then the traffic after it is not encrypted, which means you can view it! In this way, they try to find out logins and passwords for everything they can. But this is true, well, there don’t seem to be many such servers, but it’s better not to take risks and not log into the Tor browser anywhere, that is, not enter your username and password. This is just my advice guys

In general, what can I say, well, what conclusion can be drawn? I'll try to be brief. The Tor browser is cool, at one time I was obsessed with the idea of ​​using the Internet only through Tor, I even managed to download movies through it, but damn, it’s still slow when compared to the regular Internet. Yes, and it’s not safe to use your personal mail through it, or access some sites there, well, in principle, I already wrote about this. So, in short, this is how things are, guys.

Well, guys, that’s all, it seems like I wrote everything, or not everything, but I tried to write as much information as possible, I’m just tired of the little guy. If something is wrong, then I’m sorry, but I hope that everything is so and that everything here is clear to you. Good luck to you in life and may everything go well for you.

• Translation

Tor is an anonymity tool used by people seeking privacy and fighting internet censorship. Over time, Tor began to cope with its task very, very well. Therefore, the security, stability and speed of this network are critical to the people who rely on it.

But how does Tor work under the hood? In this article, we will dive into the structure and protocols used on the network to get an up-close look at how Tor works.

A Brief History of Tor

The modern version of Tor software was open sourced in October 2003, and was already the 3rd generation of onion routing software. The idea is that we wrap traffic in encrypted layers (like an onion) to protect the data and anonymity of the sender and recipient.

Tor Basics

Currently (February 2015) there are about 6,000 routers transmitting traffic on the Tor network. They are located all over the world and are powered by volunteers who agree to donate some traffic to a good cause. It is important that most nodes do not have any special hardware or additional software - they all run using Tor software configured to work as a node.

The speed and anonymity of the Tor network depends on the number of nodes - the more, the better! And this is understandable, since the traffic of one node is limited. The more nodes you have to choose from, the harder it is to track a user.

Node types

Client, security node, intermediate node, exit node, destination

Entrance or guard node is the entry point into the network. The input nodes are selected from those that operate for a long time and have proven to be stable and high-speed.
Intermediate node – transmits traffic from security to exit nodes. As a result, the former know nothing about the latter.
The exit node is the exit point from the network and sends traffic to the destination that the client needs.

A generally secure method for running a sentinel or intermediate node is a virtual server (DigitalOcean, EC2) - in this case, server operators will only see encrypted traffic.

But exit node operators have a special responsibility. Since they send traffic to the destination, all illegal activities done through Tor will be associated with the exit node. And this can lead to police raids, notices of illegal activities and other things.

Meet the exit node operator - thank him. He deserves it.

What does onion have to do with it?

The Tor network is designed so that nodes can be treated with minimal trust. This is achieved through encryption.

So what about bulbs? Let's look at how encryption works during the process of establishing a client connection through the Tor network.

The client encrypts the data so that only the exit node can decrypt it.
This data is then encrypted again so that only the intermediate node can decrypt it.
And then this data is again encrypted so that only the sentinel node can decrypt it

It turns out that we wrapped the original data in layers of encryption - like an onion. As a result, each node has only the information it needs - where the encrypted data came from and where it should be sent. This encryption is useful for everyone - the client’s traffic is not open, and the nodes are not responsible for the content of the transmitted data.

Note: output nodes can see the source data because they need to send it to the destination. Therefore, they can extract valuable information from traffic sent in clear text over HTTP and FTP!

Nodes and Bridges: The Problem with Nodes

To understand it, let's pretend to be an attacker and ask ourselves: what would an Authoritarian Government (AP) do? By thinking this way, we can understand why Tor is designed the way it is.

So what would AP do? Censorship is a serious matter, and Tor allows you to bypass it, so the AP would want to block users from accessing Tor. There are two ways to do this:

• block users leaving Tor;
• block users logging into Tor.

The first is possible, and this is the free choice of the owner of the router or website. He just needs to download a list of Tor exit nodes and block all traffic from them. This will be bad, but Tor can't do anything about it.

The second option is seriously worse. Blocking users leaving Tor can prevent them from visiting a particular service, and blocking all incoming users will prevent them from going to any sites - Tor will become useless for those users who already suffer from censorship, as a result of which they turned to this service. And if Tor only had nodes, this would be possible, since the AP can download a list of sentinel nodes and block traffic to them.

It's good that the Tor developers thought about this and came up with a clever solution to the problem. Get to know the bridges.

Bridges

It's just not public. Instead, users can receive a small list of bridges to connect to the rest of the network. This list, BridgeDB, only gives users a few bridges at a time. This is reasonable, since they don’t need many bridges at once.

By issuing several bridges, you can prevent the network from being blocked by an Authoritarian Government. Of course, by receiving information about new nodes, you can block them, but can anyone discover all the bridges?

Can someone discover all the bridges

I will describe in detail two items from this list, 2nd and 6th, since these were the methods used to gain access to the bridges. In point 6, the researchers scanned the entire IPv4 space using the ZMap port scanner in search of Tor bridges, and found between 79% and 86% of all bridges.

The 2nd point involves launching an intermediate Tor node that can monitor requests coming to it. Only sentinel nodes and bridges access an intermediate node - and if the accessed node is not in the public list of nodes, then it is obvious that this node is a bridge. This is a serious challenge to Tor, or any other network. Since users cannot be trusted, it is necessary to make the network as anonymous and closed as possible, which is why the network is designed that way.

Consensus

Each Tor client contains fixed information about 10 powerful nodes maintained by trusted volunteers. They have a special task - to monitor the state of the entire network. They are called directory authorities (DA, list managers).

They are distributed around the world and are responsible for distributing a constantly updated list of all known Tor nodes. They choose which nodes to work with and when.

Why 10? It is usually not a good idea to make a committee of an even number of members so that there is no tie in the voting. The bottom line is that 9 DAs deal with lists of nodes, and one DA (Tonga) deals with lists of bridges

DA List

Reaching Consensus

The status of all nodes is contained in an updated document called "consensus". DAs support it and update it hourly by voting. Here's how it happens:

• each DA creates a list of known nodes;
• then calculates all other data - node flags, traffic weights, etc.;
• sends the data as a “status vote” to everyone else;
• gets everyone else's votes;
• combines and signs all parameters of all voices;
• sends signed data to others;
• the majority of DAs must agree on the data and confirm that there is consensus;
• the consensus is published by each DA.

The consensus is published over HTTP so that everyone can download the latest version. You can check it yourself by downloading the consensus via Tor or through the tor26 gate.

And what does it mean?

Anatomy of Consensus

What happens if the node goes wild

This transparency implies a great deal of trust in the exit nodes, and they usually behave responsibly. But not always. So what happens when an exit node operator decides to turn on Tor users?

The case of the sniffers

Tor exit nodes are almost the standard example of a man-in-the-middle (MitM). This means that any unencrypted communication protocols (FTP, HTTP, SMTP) can be monitored by it. And these are logins and passwords, cookies, uploaded and downloaded files.

Egress nodes can see traffic as if it had just left the device.

The catch is that there is nothing we can do about it (except using encrypted protocols). Sniffing, passively listening to the network, does not require active participation, so the only defense is to understand the problem and avoid transmitting sensitive data without encryption.

But let’s say the exit node operator decides to do major damage to the network. Listening is a fool's business. Let's modify the traffic!

Making the most of it

Let's see in what ways it can be changed.

SSL MiTM & sslstrip

A convenient tool for exploiting vulnerabilities is sslstrip. We only need to pass all outgoing traffic through it, and in many cases we will be able to harm the user. Of course, we can simply use a self-signed certificate and look into the SSL traffic passing through the node. Easily!

Let's hook browsers to BeEF

Back door binaries

How to catch Walter White

In part, the developers thought about this and developed a precaution against clients using bad output nodes. It works as a flag in a consensus called BadExit.

To solve the problem of catching bad exit nodes, a clever exitmap system has been developed. It works like this: for each output node, a Python module is launched, which handles logins, downloading files, and so on. The results of his work are then recorded.

Exitmap works using the Stem library (designed to work with Tor from Python) to help build diagrams for each exit node. Simple but effective.

Exitmap was created in 2013 as part of the "spoiled onions" program. The authors found 65 traffic-changing exit nodes. It turns out that although this is not a disaster (at the time of operation there were about 1000 output nodes), the problem is serious enough to monitor violations. Therefore, exitmap still works and is supported to this day.

In another example, the researcher simply made a fake login page and logged in through each exit node. Then the server's HTTP logs were viewed for examples of login attempts. Many nodes tried to penetrate the site using the login and password used by the author.

This problem is not unique to Tor.

And remember that this is just an example of bad operator behavior, not the norm. The vast majority of exit nodes take their role very seriously and deserve great gratitude for all the risks they take in the name of the free flow of information.

If you are tired of the feeling of prying eyes watching you in order to sell something, then it’s time for you to find out what the Tor browser is.

Personal information left by the user on social networks, online stores, websites government organizations and just in search engines, is very interested primarily in the same search companies. They process user preferences to improve their algorithms and improve the quality of search results.

In addition, hungry attackers are prowling the depths of the Internet, wanting to gain access to your data. bank cards and electronic wallets.

Marketers also contribute to monitoring your movements on the Internet: it is very important for them to find out what can be sold to you based on the queries that you continue to type into search engines. You just have to log in mailbox, and there are already very important offers to go there and buy something, having previously studied in such and such courses, not free, of course.

One can only guess, but, most likely, the intelligence services are also interested in your information, at least from the position of total control over the population, of course, for the sake of national security. After summarizing all of the above, a natural desire arises to avoid such dense attention surrounding the ordinary Internet user. And this is precisely the opportunity that the Tor browser can provide you with.

The Onion Router

So what is tor? TOR browser is free and open software, whose name is an acronym for The Onion Router, and in Russian: onion router, or onion router. The name of the browser reflects the basic principles on which its encryption system, written in languages Python programming, C and C++. In general, the system is a network of proxy servers that establish an anonymous connection in the form of a virtual tunnel, in which it is impossible to calculate the user’s location, since data transmission is encrypted.

Through the use of an extensive system of servers, or information nodes, this browser allows the user to remain anonymous, invisible to all potential scammers, robbers, spies and other users with reduced social responsibility. With its help, you can create your own websites without advertising their location, and you can also contact those sites that are blocked by official censorship.

Mike Perry, one of Tor developers, believes that the browser can provide high level protection even from such spyware, like PRISM.

History of appearance

Tor Browser was largely created at the US Navy Research Laboratory while US intelligence agencies were working on the Free Heaven project. By unknown reason the project was closed, and that's it source codes got into the public network, where they were caught by talented programmers and organized the Torproject.org community. Here the browser has already been finalized by volunteer developers, although it continues to be improved, developed and updated to this day.

Just a year ago, Tor already had more than 7,000 system nodes installed on all continents of the Earth, excluding Antarctica, and the number of network users exceeded 2 million. According to Tor Metrics statistics, in 2014, Russia joined the top three countries using the Tor browser most actively. Since the browser is an open-source system that various programmers have worked on for more than 15 years, you don’t have to worry that it may turn out to be a tricky one, and instead of protecting information, it will steal it.

It is the open source code of the browser that gives us a guarantee of the safety of its use.

Video review of the browser, a little history and main purpose

How the system works

The existing TOR technology allows any user to access any website without leaving any traces behind. That is, on the site you visited, they will not be able to track the IP address of your computer, which means they will not be able to identify you. This will not be available even to your Internet provider. And the browser itself will not store information about your movements on the Internet.

The operating principle of the bulbous system can be represented as follows:

1. Communication nodes are formed and installed in different countries apologists for this technology. 3 random nodes are used to transmit data, but no one knows which ones. The data that users transmit is encrypted multiple times, with each level of encryption being another layer of the onion router package. It should be taken into account that only the path, or routing, is encrypted, and not the contents of the information packets themselves. Therefore, if you want secret information to reach the recipient completely safe, additional encryption will be required.

2. At each subsequent node through which a packet of information is transmitted, one layer of the cipher is decrypted, containing information about the next intermediate point. After reading this information, the used layer of the onion is removed.

That is, the browser transmits a packet to the first node that contains the encrypted address of the second node. Node No. 1 knows the key for the encryption and, having received the address of Node No. 2, sends a packet there, which is similar to the peeling of the first layer of onion. Node No. 2, having received the packet, owns the key to decrypt the address of Node No. 3 - another layer of peel has been removed from the onion. And this is repeated several times. Thus, from the outside it will be impossible to understand which site you ultimately opened in your Tor browser window.

Video instructions for installation and configuration

Disadvantages of the system

Search engines, an Internet service provider, or someone else who is already used to monitoring your web surfing may guess that you are using Tor. They won't know what exactly you are watching or doing online, but the fact that you want to hide something will become known to them. Therefore you will have to study existing methods increasing anonymity, if you choose this path.

The Tor system uses simple computers, not high speed. This leads to another drawback: the speed of information transfer in this anonymous network may not be enough to watch, for example, videos or other entertainment content.

Currently, the Tor browser is working and actively developing, using more than 15 languages, including Russian. The latest version of Tor was released on January 23, 2017. In some countries, the Tor Project website is blocked or censored, making it impossible to download the Tor Browser directly. In this case, you can use a mirror: Tor Browser Bundle on Github, but if mirrors are not available, you can try downloading it through the Gettor service.

Don't forget to leave your feedback about the browser