In a previous article, we spoke briefly about TOR and I mentioned briefly that there were some risks. This got me thinking, and I thought I’d just talk a little bit about TOR. This is not a cover-all guide, or tutorial, but it should explain things in an easy to digest form to help you understand it without getting too technical.
TOR is a network system, and there are programs like Vidalia or bundles like TORbrowser that allow you to use it easily on your computer. This, when set up properly, creates a network of computers passing encrypted traffic amongst themselves in a way similar to the layers of an onion, hence the name, The Onion Router.
This web of computers makes it very difficult, mathematically, to discern the true origin of a stream of web activity. The one main caveat is that the traffic ultimately comes out of what is called an exit-node, and it can be sniffed easily for all kinds of data that could give someone’s identity away. Any user running the TOR program, or its more popular variant TORbrowser, can function as an exit node, and run programs such as TCPDump, or Wireshark to sniff strings of data matching patterns such as credit cards with certain digit prefixes, usually denoting a certain credit limit, calls for username/password authentication and other kinds of private data. At this point, HTTPS is hardly private, as Moxie Marlinspike has proven, SSL has it’s flaws.
It is my opinion that governing bodies and law enforcement have shown an interest in deep web activity, with statistics indicating an increase in law-enforcement-operated-exit-nodes. Exit snooping in this sense, is unfortunate, as it derides the reputation of the network, but it does have positive side effects, as indicated by the members of the hacker collective Anonymous who previously aided in the disruption of child pornography activities on the TOR network.
I have only broadly discussed this topic, but for the scope of this blog, I believe this is enough, and if you wish to know more, you probably already know where to find that info. Good luck on your search.