Need to hire an assassin, buy some contraband, view illegal porn, or just bypass government, corporate, or identity thief snooping?
Tor is your answer. Tor, which stands for “The Onion Router” is not a product, but a protocol that lets you hide your Web browsing as though it were obscured by the many layers of an onion.
The most common way to view the so-called Dark Web that comprises Tor sites is by using the Tor Browser, a modded version of Mozilla Firefox. Using this Web browser also hides your location, IP address, and other identifying data from regular websites.
Accessing Tor has long been beyond the ability of the average user. Tor Browser manages to simplify the process of protecting your identity online—but at the price of performance.
What Is Tor?
If you’re thinking that Tor comes from a sketchy group of hackers, know that its core technology was developed by the U.S. Naval Research Lab and D.A.R.P.A..
The Tor Project non-profit receives sizeable donations from various federal entities such as The National Science Foundation. The Tor Project has a page listing many examples of legitimate types of Tor users, such as political dissidents in countries with tight control over the Internet and individuals concerned about personal privacy.
Tor won’t encrypt your data—for that, you’ll need a Virtual Private Network (VPN). Instead, Tor routes your Internet traffic through a series of intermediary nodes. This makes it very difficult for government snoops or aggressive advertisers to track you online.
Using Tor affords far more privacy than other browsers’ private (or Incognito) modes, since it obscures your IP address so that you can’t be tracked with it.
Standard browsers’ private browsing modes discard your cached pages and browsing history after your browsing session. Even Firefox’s new, enhanced private browsing mode doesn’t hide your identifiable IP address from the sites you visit, though it does prevent them tracking you based on cookies.
Connecting to the Tor network entails more than just installing a browser and firing up websites. You need to install support code, but luckily, the free Tor Browser bundle streamlines the process.
Installers are available for Windows, Mac, and Linux. Tor Project recommends installing the browser on a USB drive for more anonymity and portability; the drive needs to have 80MB free space.
The browser itself is a heavily modified version of Firefox 38.5, and includes several security plug-ins as well as security tweaks such as not caching any website data.
Before merrily browsing along anonymously, you need to inform Tor about your Web connection. If your Internet connection is censored, you configure one way, if not, you can connect directly to the network. Since we live in a free society and work for benevolent corporate overlords, we connected directly for testing.
After connecting to the Tor relay system (a dialog with a progress bar appears at this stage), the browser launches, and you see the Tor project’s page.
The browser’s home page includes a plea for financial support to the project, a search box using the anonymized Disconnect.me search, and a Test Tor Network Settings link.
Hitting the latter loads a page that indicates whether you’re successfully anonymized. We recommend taking this step. The page even shows your apparent IP address—apparent because it’s by no means your actual IP address.
I verified this by opening Microsoft Edge and checking my actual IP address on Web search sites. The two addresses couldn’t have been more different, because the Tor Browser reports the IP address of a Tor node.
The browser interface is identical with Firefox, except with some necessary add-ons installed. NoScript, a commonly used Firefox add-on, is preinstalled and can be used to block most non-HTML content on the Web.
The green onion button to the left of the address bar is the Torbutton add-on. It lets you see your Tor network settings, but also the circuit you’re using: My circuit started in Germany and passed through two different addresses in the Netherlands before reaching the good old Internet.
If that doesn’t suit you, you can request a new circuit, either for the current session or for the current site. This was one of my favorite features.
One thing I really like about the Tor Browser is how it makes existing security and privacy tools easier to use.
NoScript, for example, can be a harsh mistress, who can be difficult to configure, and can break websites. But a security panel in the Torbutton presents you with a simple security slide. At the lowest, default setting, all browser features are enabled.
Everything you do in the browser is tested for anonymity: When I tried full-screening the browser window, a message told us that that could provide sites a way to track me, and recommended leaving the window at the default size.
And the project’s site specifically states that using Tor alone doesn’t guarantee anonymity, but rather that you have to abide by safe browsing guidelines:
The recommendation to only visit secure HTTPS sites is optionally enforced by a plug-in called HTTPS Everywhere.
Even if you follow these recommendations, though, someone could detect the simple fact that you’re using Tor, unless you set it up to use a Tor bridge relay. Those are not listed in the Tor directory, so hackers (and governments) would have more trouble finding them.
One thing I noticed while browsing the standard Web through Tor was the need to enter a CAPTCHA to access many sites. This is because your cloaked URL looks suspicious to website security services such as CloudFlare, used by millions of sites to protect themselves. It’s just one more price you pay for anonymity.
I also had trouble finding the correct version of websites I wished to visit. Directing the Tor Browser to Quora.com, for example, took me to the French, and sometimes Spanish, version of the site. I could not find any way to direct me back to the main URL, which lets me access the U.S. site.
The Dark Web
You can use Tor to anonymize browsing to standard websites, of course, but there’s a whole hidden network of sites that don’t appear on the standard Web at all, and are only visible if you’re using a Tor connection.
You can read all about it in our feature, Inside the Deep Dark Web. If you use a standard search engine, even one anonymized by Disconnect.me, you just see standard websites.
By the way, you may improve your privacy by switching to an anonymous search provider such as DuckDuckGo or Startpage.com. DuckDuckGo even offers a hidden search version, and Sinbad Search is only available through Tor. Ahmia is another search engine, on the open Web, for finding hidden Tor sites, with the twist of only showing sites that are on the up-and-up.
Tor hidden sites have URLs that end in .onion, preceded by 16 alphanumeric characters. You can find directories of these hidden sites with categories resembling the good old days of Yahoo.
There’s even a Tor Links Directory page (on the regular Web) that’s a directory of these directories. There are many chat and message boards, but you even find directories of things like lossless audio files, video game hacks, and financial services such as anonymous bitcoin, and even a Tor version of Facebook.
Many onion sites are very slow or completely down—keep in mind that they’re not run by deep-pocketed Web companies. Very often I clicked an onion link only to be greeted with an “Unable to Connect” error. Sinbad helpfully displays a red “Offline on last crawl” bullet to let you know that a site is probably nonfunctional.
Speed and Compatibility
Webpage loading time under Tor is typically far slower than browsing with a standard Internet connection.
It’s really not possible to state definitively by how much your browsing will be slowed down if you use Tor, because it depends on the particular relay servers your traffic is being routed through. And this can change every time for every browsing session. As a very rough rule of thumb, however, Loudprogrammer.net took 15.3 seconds to load in Firefox and 28.7 seconds in the Tor Browser, at the same time, over the same FiOS connection on the open Web. Your mileage, of course, will vary.
Keep in mind, though, that the Tor Browser is based on the Firefox Extended Support Release versions, which updates less frequently so that large organizations have time to maintain their custom code. That means you don’t get quite the latest in Firefox performance and features, but security updates are delivered at the same time as new main versions.
There’s a similar story when it comes to standards compatibility: On the HTML5Test.com site, which quantifies the number of new Web standards supported by a browser, the Tor Browser gets a score of 412, compared with 468 for the latest Firefox version.
You may run into incompatible sites, though. For example, none of the Internet speed connection test sites performed correctly in the Tor Browser.
Tor, Browser of Thunder
With the near complete lack of privacy on today’s Web, Tor is becoming more and more necessary. It lets you browse the Web knowing that all those tracking services aren’t watching your every move. Most of us have experienced how an ad follows you from site to site, just because you clicked on, or searched for a product or service once. All that goes away.
Of course, you pay a price of extra setup and slower performance with the Tor Browser, but it’s less onerous than you may think.
And the included support for fine-grain privacy and security protection is excellent. If you take your online privacy seriously, you owe it to yourself to check out the Tor Browser.
Have you used the Tor browser before to browse the Web anonymously?
Please share your thoughts in the comments below.
Geoffrey is an experienced software developer and open source evangelist. When not coding he writes and talks about current technology trends, small business tips and developer productivity hacks. He is no coffee addict.
How to Enable and Delete Cookies on Your Browser
How VPN Unblocks Region-Restricted Contents Online
9 Skills That Will Get You a Junior Penetration Tester Job
The Truth About Inside the Deep & Dark Web
Top 11 Bestselling Ethical Hacking Courses on Udemy