Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Out of the dark
SECURITY SHELF

Out of the dark 

 Tor has been historically associated with criminal activity. While it has always had a wide range of users, the underground online marketplace Silk Road ran on Tor, and stolen credit card numbers are fenced there on carder forums. However, just because criminals use Tor doesn’t mean that all Tor users are criminals. Lawabiding citizens embrace privacy as well.

Tor provides a high level of anonymity by passing Internet traffic through at least three different servers before sending it to the destination. Each step employs a separate layer of encryption, thereby preventing any single relay from observing the origin and destination of the traffic. At an exit point from the Tor network, called an exit relay, traffic is delivered to the final destination.

According to Tor project metrics, there are currently over 6,600 operational Tor relays in 79 countries, with more than 1,000 of those acting as exit relays. The network services more than 2 million users per day. The United States leads with approximately 374,000 mean daily users of Tor, followed by German with 211,000 and France with just under 150,000. Canada is 10th with approximately 54,000 Tor users per day.

While running non-exit relays (known as middle relays) is generally fairly straightforward, those who choose to run exit relays expose themselves to a variety of potential risks. From the web site operator’s point of view, traffic from Tor users appears to originate from the exit relay. Therefore, exit relays tend to receive complaints, especially if they allow services such as BitTorrent. In extreme cases law enforcement agencies who don’t understand Tor may falsely believe that the exit node relay operator is responsible for traffic that is simply passing through their system.

Tor isn’t perfect. Governments and security researchers, to name but a few, operate Tor nodes in an attempt to monitor activity. However, it is very difficult to de-anonymize users. Tor clients choose different relays for each connection and the cryptography appears sound.

The first Tor relay knows the user’s public IP address. But it doesn’t know the destination. A Tor exit relay can tell where traffic is going on the Internet, and if a plain-text protocol such as HTTP is used, it can monitor the traffic. An exit relay could also potentially manipulate the traffic as it leaves the Tor network. However, the exit relay doesn’t know the user’s IP address.

While the encryption component of the Tor architecture provides some confidentiality, a gap exists between the Tor exit relay and the destination server. Combining Tor with strong session encryption, such as TLS, significantly strengthens the system. An even better architecture eliminates the need for traffic to leave the Tor network in the first place.

In addition to passing traffic onward to an Internet destination, Tor allows clients and relays to offer hidden services. This mechanism was originally intended to offer services in a way that did not disclose their physical location, but it is also the best way for a web server owner to connect directly to the Tor network. As Facebook’s Alec Muffett explained in his blog post, “the Facebook onion address connects you to Facebook’s Core WWW Infrastructure…We decided to use SSL atop this service due in part to architectural considerations – for example, we use the Tor daemon as a reverse proxy into a load balancer and Facebook traffic requires the protection of SSL over that link.”

Facebook’s decision to embrace Tor could signify the world’s largest social networking site’s rebellion against global surveillance and may encourage others to follow suit and bring Tor out of the dark.

Related posts