Is Tor safe to browse online? (Not really – here’s why)
With nearly two million people using it, Tor is one of the most popular ways to anonymize your online browsing right now.
But you have to wonder – is Tor secure, actually?
It makes a lot of promises, after all – online anonymity, complete privacy, secure encryption, unrestricted access, etc.
To cut short a long story, no, Tor is not very secure to use on the web if you want great privacy and security.
Of course, things are not as simple as the basic “no”. So, let’s take a look at Tor – how it works, why it’s not as secure as it claims, what other inconveniences you need to deal with, and what you can do to make it more secure overall.
First things first – what is Tor and how does it work?
Tor refers to The Onion Router. It’s an anonymity network (at least that’s how it calls itself) run by volunteers.
To access the network, you need to use the Tor browser, which is free and open source.
As for how it works, it’s pretty simple – when you connect to the network, it routes your traffic through different servers (called relays). Normally, your traffic will pass through at least three servers: the entry node, the middle node, and the exit node.
The network encrypts your traffic multiple times. Every time it hits a node, it loses a layer of encryption. Once it reaches the exit node, it is completely decrypted and redirected to the web.
Besides encrypting your traffic, Tor will also mask your IP address, replacing it with the address of its servers. The website you are entering will only see the IP address of the exit node.
Is Tor illegal?
Simply, no. The developers of Tor explain that “Tor is not illegal anywhere in the world.”
While we haven’t found any specific laws regarding Tor, you should keep in mind that laws are usually vague when it comes to things like this. Therefore, it may be possible to assume that countries that ban or make VPNs illegal have the same stance on Tor.
Of course, if you use Tor to access illegal content (child pornography, drug dealing, contract killer websites), you could have a serious problem with the law.
But not all content on the deep web is like that. In fact, according to the data, about 55% of it is legal.
In general, you don’t have to worry about legal repercussions if you only use Tor to access legal content on the deep web, mask your IP address, and encrypt your traffic – unless your country has laws that prevent this type of activity.
Is Tor safe? Here are eight reasons why the answer is “no” is obvious
Here’s exactly why you shouldn’t use Tor if you want a safe and private browsing experience on the Internet:
1. Tor has problems with malicious nodes
Security researchers actually found at least 110 Tor nodes snooping on user traffic and exposing devices to malware. In fact, a single exit node is configured to change any files that users have downloaded with malicious executable code around the said files into rootkits, essentially giving the hackers remote control of the victim’s machine.
The 110 knots were discovered in just 72 days. Who knows how many are already there.
That’s the thing about Tor nodes – just about anyone can set it up and get it running. It is part of Tor being a decentralized network.
This obviously has its advantages – it’s what gives Tor a sense of anonymity in the first place.
However, the main problem with decentralization is that any cybercriminal can set up a Tor node if they want to. This is just one example among many – in 2007, a Swedish hacker created several Tor nodes. Over the course of a few months, he collected sensitive data — particularly the login credentials of about 1,000 accounts.
Actually, you know what – here’s another better example of that: WikiLeaks. This is exactly how it started – using Tor nodes to log a lot of private documents.
We’re not saying WikiLeaks is a bad thing, but it does show that anyone can get hold of sensitive information using Tor nodes like they did.
Obviously, this includes government agencies as well. The Tor developers themselves have announced that government officials have taken control of the Tor servers through Operation Onymous.
2. Tor traffic really makes you stand out
Even though Tor traffic is designed to mimic HTTPS, network administrators can still tell if you’re using the network.
It’s not entirely clear how someone could tell you that you’re using Tor, but here’s an example – a student using Tor to send bomb threats via email.
We won’t discuss what he did (it was clearly a mistake). Instead, we’ll focus on the criminal complaint. Accordingly, the university was already able to see that the student in question had accessed Tor through his WiFi a few hours before receiving the threats.
This could be because Tor has serious vulnerabilities or links with the government (we’ll get to that in a bit). However, this may also be due to the fact that there are services (such as Plixer and CapLoader) that make it possible to separate Tor traffic from normal HTTPS traffic.
In addition, there is another problem with Tor – most people say that it is very useful for people who live under oppressive regimes because it hides their online activities. Well, the main problem with that is that those systems will specifically target Tor traffic.
So, you won’t be too stealthy. In fact, it will stand out as a sore thumb.
3. The government has many ways to beat the net
Despite the strength of Tor’s encryption, it cannot stand against government interference. Security researchers actually worked for the federal government to find a way to crack Tor.
Not only that, but the NSA also appears to have come up with ways to de-anonymize Tor users on a “wide scale”.
Back in 2015, security researchers found a way to detect Tor users using hardware that only cost $3,000. It is true that they did it for a noble cause (eliminating pedophiles and drug dealers), but that does not change the fact that government agencies can use similar techniques to target innocent users as well.
Oh, back in 2014, there were even attacks against the Tor network that allowed the NSA (and any other agency, really) to de-anonymize about 81% of Tor users.
Recently, the FBI apparently managed to de-anonymize Tor users to the point of finding their real IP addresses. The strange thing is that they decided to drop the case against the child layout designers (leaving them free) in order not to reveal the Tor vulnerability they abused.
4. Checkout nodes don’t actually encrypt your traffic
Tor bounces your traffic between multiple servers, decrypting a small layer of encryption with each bounce (hence the word “Onion” in the name of the Onion Router).
Well, when your traffic goes through the last server, there will be no more encryption.
Now, this would make sense because VPNs work the same way – the server decrypts the traffic to redirect it to the web.
But unlike a VPN, anyone can set up a Tor node as we have already mentioned. And according to the Tor documentation, the exit node can see the contents of your message.
If there’s a hacker or a government agency running that exit node, that pretty much means they’ll see what you’re doing on the web.
With VPNs, this is usually not an issue since they control their own servers, generally renting them from trusted data centers. In addition, good VPNs do not log any of the data that goes through the server.
Moreover, according to an experiment conducted by a security researcher, a large number of exit nodes sniff the data that they are decrypting.
5. Tor Devs actually cooperate with the US government
Although the Tor Project portrays itself as anti-big brother and caring about the little guy, one journalist used Freedom of Information Act (FOIA) requests to tell a different story.
Basically, it seems that one of the founders of Tor (Roger Dingledin) had no problem discussing cooperation with the Department of Justice and the FBI. Oh, and he also referred to installing the “rear doors”.
Another exchange showed that a developer had found a vulnerability that would essentially remove the identity of Tor users. The developer suggested keeping the vulnerability an internal matter, but Roger Dendgliden went ahead and told government agents about the vulnerability only two days later.
If you want to read more about the exchanges (we highly recommend it), check out this link.
6. Tor receives funding from the US government
If the links are not enough, the fact that the US government is investing money in Tor should convince you that there is no way the network can 100% protect your privacy.
This is how much money Tor got from the US government:
And get this – the Tor developers themselves said that in fact investors can influence the direction of the project’s research and development.
Oh yeah, that doesn’t look shady at all.
Let’s be realistic for a moment – do you really think the US government is going to pull a lot of money into a network that is allegedly destroying their surveillance plans?
Yes, I didn’t think so either.
In fact, it is safe to say that Tor was created by the US government. If you listen to this speech from Roger Dingledin, you will hear him say clearly:
“I contracted with the United States government to build and publish anonymization technology for them.”
“They need these technologies so they can research the people you care about, so they can get anonymous guides, so they can buy things from people without other countries knowing what they’re buying, how much they’re buying and where they’re going, that kind of The things “.
In fact, just google “tor history”, and you’ll see that it started at the US Naval Research Laboratory – a branch of the US Navy.
And in the same speech you can hear Roger Dingledin say the following:
“The US government can’t simply turn on the anonymity system for everyone and then just use it themselves. Because every time a call comes in, people will say, ‘Oh, it’s another CIA agent looking at my website,’ if those are the people The only ones using the network. So you have to have other people using the network for them to blend together.”
If it wasn’t obvious enough, when you use the Tor network, you’re helping the CIA agents who use it disguise themselves.
Given all of that, is it really surprising that the answer to the question “Is Tor secure?” Will it always be a resounding “no”?
Don’t worry, though – if you’re not 100% convinced yet, we still have a couple more reasons why it’s not safe to use Tor.
7. Tor can leak IP addresses
In 2017, the Tor network had a serious flaw called TorMoil that leaked users’ IP addresses. Although the developers eventually fixed this issue, there is no telling when it will happen again.
Furthermore, Tor can actually leak your IP address in other cases if you don’t exclusively use Tor Browser:
- When you try to open Windows DRM files. Apparently, this can break up your Tor traffic, exposing your IP address.
- When you download torrents because many clients will leak your IP address.
- If you try to access certain types of files (such as PDFs), it will bypass the proxy settings, causing the IP address to be leaked.
However, these issues are not always caused by Tor. This is often due to Tor users misconfiguring the settings.
Of course, that doesn’t make things any better. It just means that you have extra hassles to deal with when using Tor.
Also, when you consider the number of links connecting the Tor Project to the US government, it’s hard not to wonder just how “accidental” these IP leaks really are.
8. Government Agencies Don’t Even Need Guarantees to Spy on Tor Users
The FBI and the US District Court have made it clear – it doesn’t matter what you do on the Tor network. If the FBI wanted to, they could spy on you without the need for any court orders.
It is true that this ruling came into effect after the FBI …