Staying secure when surfing online is getting more and more difficult to do as the years go by. For starters, government agencies are usually ahead of the curve when it comes to anonymity. The are already watching the best methods of secure surfing. Also, when surfing online you are linked to an IP address that can eventually be traced back to you. Internet service providers keep records of who had what IP address and when they had it. So how do you surf anonymously on the internet? How do you maintain some level of freedom when reading and posting on the internet? People who study government agree that without anonymity, freedom of speech does not exist. They also agree that for a democracy to succeed, freedom of speech must exist. While there are people out there that would certainly like to know what you are looking at and posting online, the truth of the matter is you can protect yourself. This is where the Onion Router comes in.
The Onion Router (TOR) is designed with anonymity in mind. Onion Routers route packets through nodes located all over the world. These routes, or proxies, link back to each other and a route is picked at random to ensure that no one gets all of your packets. By utilizing different proxies in this manner, you create latency in your internet requests causing a lag that can cause things to take longer than they normally would. This is all part of keeping you anonymous.
How does it work? When you install the Onion Router client on your PC and start it up, it will pick a route randomly among all the other TOR nodes it can find. Because it chooses a different route every so often, it is nearly impossible to track a users traffic by setting up your own Onion Routing server. That is a simple explanation of how this works. Looking at the following image (supplied by EFF.org) draws it out for you (click on image to view full size).
Another way that the Onion Router keeps you safe is that all traffic that flows across the network is encrypted using a public/private key pair for each node. Starting with the last router and working its way backwards, a public/private encryption is done on the wrapper for your packets and this happens for each point in the route creating encrypted layers all the way back to your computer. The layers are what give this kind of service its name in that the packets are wrapped up under layers, like the layers of an onion. Also, a single node only knows what node the data came from and what node it is going to. A single node does not know the final destination or the starting point. So if someone was to set up their own Onion Router server for the explicit purpose of capturing data they not only have to deal with the encryption, but once they get through all the encryption they only have a source node and destination node for information. Makes tracking things down a little harder.
Just so you are aware, using a system such as this creates latency. You are purposely making your requests go through more hops then it would normally go through. So you would not want to use this when playing games or accessing your work’s VPN because those things require real time packets to work correctly.
Overall, this is a great technology, and I hope that more people begin to see the benefit of using services like this. I am not saying that the government is watching your every move, but people do sniff networks and things like this help keep people secure online. Doing something like this along with encrypting email messages and such can be a big help in keeping your private information private.
- TOR at Electronic Frontier Foundation (includes a Onion Router Client)
- Security Now Episode on TOR
- Wikipedia article on Onion Routing