Protect your privacy online with ’TOR’

March 7, 2012, by | Start Discussion

What is Tor?
Let’s begin with what Tor means: The Onion Router. A router is a device that handles your request to go from your home, office, mobile connection to a website or a web service. If you write in your browser URL bar http://chmag.in and hit return, you’ll send your request to your ISP router, which will send the request to another router and so on, until you reach the CHmag ISP router, and finally get your page back. Every one of these steps is called a “hop”.

TOR works exactly like this router system, but then there’s the onion. Well an onion is… an onion! But the reason TOR developers used the onion metaphor is because when you pass inside the TOR router system to get to you requested website, you send your data inside multiple levels of encryption, exactly like sending them inside the layers of an onion!

So you “launch” this onion inside the Tor network and it’s decrypted at every hop it makes, until it reaches the final destination you’ve requested.

The Tor Wikipedia page has a great image showing how Tor works:

Electronic Frontier Foundation “How Tor Works” – licensed CC Attribution 3.0

But there are a lot of people inside there! Shouldn’t it be defending my privacy?

It may sound strange, but it does defend your privacy.
First of all, when using the traditional router network, you still pass on a lot of routers, but every request you make can be intercepted, read, and modified. That’s because everyone who controls that “hop” can see what you’ve requested, where you’re going and what you’re doing.
Inside the Tor network this can’t happen. Because the path is chosen randomly, every “hop” can just decrypt the small onion layer that he can read and then it passes the onion to the next hop.

As you can see in the “How Tor Works” image only the last step, from the so called exit node to the webserver is actually sent in clear text. This has to happen since the last node must know what to ask and to who. But your privacy is still safe because even “sniffing” (means intercepting packages sent over the net), the exit node cannot know who has requested the page, and nobody can identify you. The server owner will see the IP address, the number that identifies you as unique on the Internet, from the exit node only. We’ll see how simple it works later on.

Since the Tor network usage is absolutely free of charge, every peer that connects, including you, became a member of the network and starts passing “onions” over and over. But don’t worry, you won’t be enabled to be an exit node, if you want to serve as the last hop you can, but this is an optional setting that must be explicitly enabled.

It sounds very complicated to use, I’m not a hacker! I can’t use it!

Well, you’re right, Tor is a very complicated project. But the developers are doing an incredibly amazing work to make it accessible to everyone, so you can use it! And it’s extremely easy!

Tor has a side project named “Tor Browser Bundle”, which is a no-installation tool that allows you to surf safely and defend your privacy online with just one click! As said this is an installation free program, and that means you can copy it on a USB key, bring it with you and use it on every system you want, even in hotel or internet cafés workstations.

Just download it from the project page: https://www.torproject.org/projects/torbrowser.html.en, where you’ll find versions for Windows, Mac OS X or Linux.

Once downloaded, extract the .exe archive wherever you want and you’ll find this set of icons:

And now you’re just on click away from your safe browsing. Double click “Start Tor Browser.exe”, and Tor will start connecting. Within a few second you’ll see this window:

You really don’t need to worry about all the buttons and the funcions inside the Vidalia Control Panel, you just need to see those words “Connected to the Tor network!”.  And that means that you’re now protected.

But the magic doesn’t end here, because after the Tor connection has been established, a special version of Firefox, included in the bundle, will automatically open up, with this page:

And you’re done! If you keep using this Firefox window you’ll be channeled inside the Tor network and surf anonymously and safe. Want to give it a shot? Go to http://whatsmyip.net/ from both the Tor browser and the browser you used before and you’ll see that the IP addresses are different. You are actually using the IP from the exit node, as explained before.  If you want to stop using it, all you have to do is close the browser window, the Vidalia panel will also close and the connection with the Tor network will end.

So it is that easy. From now on if you want to defend yourself, don’t forget to use Tor browser, and bring it everywhere you go.
You have learned that is not as complicated as you thought, in fact it’s not complicated at all! This is just the beginning of a lot of services that are available within the Tor project, but this first step is all you have to do to be safe and sound.
Happy privacy and safe browsing everyone!


Federico “glamis” Filacchione, born and living in Rome - Italy, he is a security professional with more than 10 years of experience. He tries constantly to spread security awareness, explaining that security is not a simple tool, but thinking to the same old stuff in a totally different way (and it’s not that hard!). You can read his thought (in Italian) on http://glamisonsecurity.com, follow him @glamis on Twitter

Leave a Reply