There are limits to the security of Tor Browser. While it’s certainly great as a free tool, Tor’s technical characteristics mean that it can never be completely secure. The safest way to use Tor is to use a good VPN service (check our list of Best VPNs for Tor). Tor protects the IP address of a person visiting a site with onion and browsing data by encrypting them and echoing the traffic through globally located nodes to make a file tracker.
- Is Tor Safe 2020
- Tor . safety
- The most secure Tor setup
- Tor Safety Reddit
- Safe Tor Search
Is Tor Browser Safe to Download?
Downloading Tor on your computer is safe and completely legal to do and use. However, keep in mind that you may get extra attention from your ISP if you do this, so it’s a good idea to hide your IP address with a VPN while you’re downloading Tor.
Is Tor Browser Safe? Not as much as you might think. Tor has certain security holes that a skilled hacker or a government agency can exploit. However, there are ways to reduce this risk.
Staying safe and anonymous online is definitely not an easy task as there are a lot of bad actors who want your sensitive data. Fortunately, using the Tor browser can make your online experience more secure and private.
But to what degree? Is Tor Browser 100% secure or are there ways for someone to see your browsing activities, IP address and even hack you?
Unfortunately, the answer is that Tor is not completely secure and anonymous and in this article we will show you why, as well as what you can do to make it even more secure.
What is Tor and how to use Tor Browser?
Before we dive into Tor security issues, it’s important to understand how Tor Browser is used and how it works in the first place.
First, you will need to download Tor from the Tor Project website. You can download it for Windows (32-bit and 64-bit), macOS (64-bit), GNU/Linux (32-bit and 64-bit and Android. Tor is also available in 32 different languages.
Tor is a free program that allows you to communicate online without revealing your identity. This is done by sending your Internet traffic through a “node”.
Nodes are run and maintained by Tor volunteers and anyone can run a node (not all nodes are secure, but more on that later).
Essentially, when you use Tor, your Internet traffic passes through at least three of these nodes, starting at the entry or protection node, then through the relay point or middle node, until finally passing through the exit point or final node before the browser opens Finally the web page or file you are looking for.
As your data passes through each of these nodes, Tor “peels” a layer of encryption, as if you were peeling an onion, which is why the service got the name “onion router”.
Now with that explanation out of the way, let’s see if Tor is as secure as it claims.
Tor risks and security issues
Unfortunately, like anything else in life (online or offline), Tor is not perfect either and it has its drawbacks.
We’ll review the largest here:
- It can leak your IP address
One of the biggest reasons why relying on Tor only if you want to stay anonymous on the Internet is not a good idea is that it can leak your IP address.
In November 2017, We Are Segment discovered a vulnerability in Tor that could leak a user’s real IP address.
Is Tor Safe 2020
They named this TorMoil.
TorMoil particularly affected macOS and Linux users because of the way Firefox handles fille:// URLs. This caused the operating system to bypass Tor Browser and connect directly to the host if the user clicked on a file-based local address.
Of course, the developers fixed Tor quickly, but that doesn’t mean there are no other ways that Tor can leak your IP address.
For example, Windows DRM files can be used to identify Tor users and reveal their IP addresses.
What happens here is that attackers will use DRM-protected files like Windows Media Player to lure Tor users to “verify their license”. Once the user clicks the Yes button, they are redirected to the License URL, which contains malware and can reveal their IP address.
- Your communication between the exit node and the destination server is not encrypted (on non-HTTPS sites)
As your data passes through Tor nodes, it will remain encrypted and Tor will remove a layer of encryption with each “bounce”.
However, once you reach the exit node, there will be no more encryption between it and the destination server.
Even worse, according to Tor’s own documentation, whoever runs the exit node will be able to see your data and eavesdrop on your online communications.
Tor is a decentralized network, which means that anyone can run a node.
Of course, this has its good sides, but it also has its bad sides.
The downside is that not everyone who runs a Tor node does so for altruistic reasons.
Government agencies and hackers can (and do) run nodes and that means they can see what you’re doing online.
For example, in 2007, Swedish hacker Dan Egerstad was able to collect huge amounts of data, including from embassies, corporate email accounts, and NGOs in just a matter of months by creating and monitoring nodes on five computers in data centers around the world. Simply.
This was just one pirate, imagine what a more organized group, such as a government agency, could do.
For example, in 2014, during “Operation Onymous”, Europol seized several Tor nodes. This led to the seizure of 400 hidden devices and the arrest of 17 people.
You can read more about the case on the Tor blog.
- There are a lot of malicious nodes out there
In an ideal world (and how we suppose the Tor developers wanted it), passing through Tor nodes would be completely secure.
However, this is not the case and there are a lot of malicious nodes out there.
In 2016 Professor Guevara Nubert earned a Ph.D. in Computer Science. Student Amirali Sanatina from the College of Computer and Information Sciences at Northeastern University discovered 110 malicious knots in just 72 hours.
They have published their findings in a research paper titled “Honions: Towards Detecting and Identifying Tor HSDirs”.
Moreover, in 2014, a Russian hacker was using the Tor network to spread a powerful virus. He did this by modifying the exit nodes he was managing to put his own executable file in whatever program the user downloaded through Tor.
- Tor gets money from the US government
While the amount Tor receives in funding from the US government is declining year after year (it was 85% in 2015 then 51% in 2017), Tor still gets a significant portion of its funding from government agencies.
This is no secret because Tor publishes a Financial Transparency Report annually.
Specifically, Tor has received over the years:
- $6.1 million from USAGM, formerly the Broadcasting Board of Governors (BBG).
- $3.3 million from the US State Department.
- $2.2 million from the Pentagon.
Aside from government funding, there are three other ways that Tor gets paid. here they are:
- individual donations and support for core organizations; They are mainly used in the daily operations of Tor.
- research and development funding from DARPA, Radio Free Asia, and similar groups; Used to build safer tools.
- Research funding from the National Science Foundation and groups like it; Used to improve the privacy and security of Tor.
- Tor Devs sometimes work with government agencies
If you think that all Tor developers are 100% against working closely with government agencies, you are wrong.
In fact, some of them do not shy away from this.
For example, Roger Dingeden, co-founder and current director and director of research at the Tor Project, had an interesting email correspondence with the FBI and the Department of Justice, which you can read in full here.
At one point, Dingledin said he met with about 50 DOJ and FBI agents in San Diego on October 22-23.
To make matters worse, according to the FOIA (Freedom of Information Act), Tor documents providing special advice to the government about security vulnerabilities before alerting the public about them.
For example, in an email to Dingledine, Tor developer Steven Murdoch wrote this about a vulnerability they discovered:
“This document is currently private, but in the end some or all of it should be public. I will leave this discussion to you For a later date, but my idea mainly is that while we shouldn’t rely on secrecy, it might be a good idea to delay releasing something like “This attack is bad; I hope no one realizes that before we fix it”.
- It’s not safe to run an exit node either
Of course, we still believe that the vast majority of people who manage exit nodes do so with good motives.
However, before you decide to do it yourself, you should be aware that there are some risks involved in running a Tor exit node.
For example, suppose criminals use Tor for illegal activities, such as distributing child pornography, selling girls into prostitution, or selling drugs. In this case, if the traffic passes through your exit node, the police will be able to track it to your IP address and knock on your door.
This happened in 2012 to Tor node operator from Graz, Austria, William Weber, when he was accused of distributing child pornography simply for operating Tor exit nodes that were being used by criminals.
In another case, it happened a year ago, Tor user Clemens Eisserer said his devices were confiscated by the police because someone misused the exit node he was running.
And those are just two cases where people were legally working on an exit contract, but ended up being charged with a crime because actual criminals were using their contract.
- The FBI does not need a warrant to spy on Tor users
Tor . safety
The FBI and other agencies like it don’t even need a warrant to spy on what you’re doing on Tor.
Government agencies usually do this when they need to catch criminals as they did in Operation Lollipop when they caught at least 1,500 pedophiles visiting the PlayPen dark web that exploits child pornography.
U.S. District Judge Henry Cook Morgan, Jr., in connection with the case, ruled that The FBI does not need a court order to hack a US citizen’s computer system.”
Of course, you could argue that these were criminals and the FBI was justified, but a ruling like this opens the door for government agencies to spy on any Tor user without a warrant, regardless of whether they’re a criminal or not.
How do you keep yourself secure on Tor?
Well, with all (or at least the biggest) Tor issues before us, how do you keep yourself safe on Tor?
There are a few things you can do:
- Set the security level to ‘high’ in settings
Note that some Tor websites won’t work well, or may stop working altogether if you turn the security slider all the way to “high” in the Tor browser settings, but that’s a small price to pay to protect against JS hacking and online tracking.
- Boot into a portable operating system like Tails
This should give you some extra protection against monitoring and ads. The main thing here is that Tails makes it difficult to distinguish a Tail user from other Tor users (especially those who don’t use Tails).
However, since you can be identified as a Tor user inside or outside of Tails, this provides more information about you. The more information you reveal about yourself, the less your identity will be.
- Forget about extensions on Tor
Keep Tor Browser clean of add-ons and add-ons, unless it is absolutely necessary to add them. This is not Google Chrome that you fill with extensions. A bad extension may add an additional security vulnerability that hackers can exploit.
Even the Tor Project itself warns against installing add-ons or plugins, saying:
We do not recommend installing add-ons or plug-ins in the Tor Browser.
Plug-ins or add-ons may bypass Tor or put your privacy at risk. Tor Browser already comes with HTTPS Everywhere, NoScript, and other patches to protect your privacy and security. “
Additionally, extensions can make your fingerprint more unique and lead to tracking across websites.
4. Do not access your clearnet accounts on Tor
Accessing your clearnet accounts via Tor, entering any PII information, or using…