The Tor Network: Tools for private and secure browsing
Limitations
The Tor browser is a powerful tool for anonymity on the web, but it still has some limitations that users should be aware of. Two obvious ways to compromise the Tor network are:
- Break the encryption (not so easy if the encryption is done properly with up-to-date techniques).
- Exploit a flaw in one of the system components. For example, the Tor browser is based on Firefox, which occasionally has vulnerabilities that require patches and updates.
Beyond these potential attacks are a range of other concerns that are less obvious if you're not an expert. In fact, security researchers make a point of looking for flaws in the Tor network, and the Tor project actually welcomes it, because transparency is one of their values, and if there is a way in, they would rather know about it than have it go unreported.
Governments have also been busy with trying to break into the Tor network, and they are a little less willing than academics to publish the results on how they do it. Several high-profile crackdowns on elements of the dark web have occurred through the years. In 2014, for instance, a coalition of government agencies took control of several Tor relay nodes, resulting in the takedown of several black market sites, including Silk Road 2.0. No one at the time, including the Tor developers, knew exactly how the agencies accomplished this attack, which became known as Operation Onymous, but the Tor developers published a blog post with some ideas about how it might have happened, suggesting things like:
- Operational security – stolen passwords and rogue users (the same way other servers on the Internet are attacked)
- Flaws in the web application that could have led to an SQL injection or other similar attacks.
- Bitcoin de-anonymization – according to experts, the Bitcoin transaction process can reveal information that could potentially de-anonymize a Tor user
- Attacks on the Tor network itself
Tor network attacks can take various forms. In the report following Operation Onymous, the Tor developers state "Some months ago, someone was launching non-targeted deanonymization attacks on the live Tor network. People suspect that those attacks were carried out by CERT researchers. While the bug was fixed and the fix quickly deployed in the network, it's possible that as part of their attack, they managed to deanonymize some of those hidden services" [5].
Much of the research on breaking the anonymity of the Tor network has focused on the entry and exit nodes. You might not know what happens inside the network, but if you watch the exit node, you can still gain insights on the traffic. The Tor project itself warns that it cannot protect users against a so-called end-to-end timing attack. "If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit" [6].
These elaborate attacks that require constant monitoring of all possible entry and exit nodes, infiltration of Tor relay systems, or statistical studies of random nodes across the Internet require enormous resources, and if you're just using Tor because you don't want to get tracked by an ad tracker, you're probably safe. However, if you are truly using Tor because you are trying to avoid capture by a well-funded state actor, it is best to at least be aware of these limitations.
Despite the occasional sting like Operation Onymous, the Tor network continues to provide anonymity for the vast majority of its users.
Conclusion
The Tor developers view privacy as a basic human right that should be available to everyone and must be protected on principle. The project places a high premium on the safety of its users. They acknowledge that some Tor users might access the platform for illegal activities, but they maintain that most users have a legitimate purpose. They argue that Tor is a tool, like any other tool, that can be employed for good or evil. A criminal could use a car, or a gun, or the Internet itself to commit a crime, but people generally acknowledge that these tools also have legitimate uses.
If you are a privacy-conscious user, and you are weary of depending on browser plugins and your clunky browser security settings to protect you from surveillance, this might be the time to explore the Tor Browser. In an era in which privacy and security are a forever increasing concern, Tor is an important option for defending yourself and your data.
Infos
- Tor Browser: https://www.torproject.org
- Reasons for using Tor: https://2019.www.torproject.org/about/torusers.html.en
- Ubuntu and Debian with Tor: https://support.torproject.org/apt/
- Tor Downloads: https://www.torproject.org/download/
- Attacks on the Tor network: https://blog.torproject.org/thoughts-and-concerns-about-operation-onymous/
- About Tor page: https://2019.www.torproject.org/about/overview.html.en#stayinganonymous
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.