Computer users leave broad trails across the Internet. The websites you visit, your interactions, your purchases, your common passwords if you are careless – everything you do online – can be noted and used against you for purposes that range from the annoying to the dangerous, depending on your circumstances. Fortunately, a growing number of applications exist to restore your privacy and security, and the most mature of these is the Tor Browser [1] (Figure 1).

Figure 1: The Tor Browser is one of the simplest and most effective ways to preserve your online privacy.

Tor (short for The Onion Router) is a modified version of Firefox designed to hide your trails on the Internet. Tor obscures your electronic trail by routing your interactions through several servers and encrypting your actions each step of the way. Tor's network of servers is decentralized, making your communications even harder to track down. Over the last two decades, several features have been added to the basic browser, providing a defense in depth against privacy and security intruders.

The concept of onion routing was originally developed by the US Navy in the 1990s as a way of securing communication over the Internet. The Tor project was launched in 2002. In 2004, the Navy released the code under a free license, and the Electronic Frontier Foundation (EFF) became an early financial supporter of the project. In today's world, users in the great western democracies think of privacy as protection from ad trackers and big data aggregation, but the original vision for Tor was very much tied to the idea of providing safe communication for dissidents in authoritarian countries. The Tor project is proud of its contribution and support for the Arab Spring movement in 2010, and Tor has also supported several high-profile whistle blowers, including the famous Eric Snowden. Other humanitarian groups have backed the Tor project for its potential for bringing free speech to users in repressive countries, including Human Rights Watch and the US government's Bureau of Democracy, Human Rights, and Labor.

The privacy offered by Tor is a powerful thing, and it should come as no surprise that criminals have also used Tor to hide their activities. Ransomware attacks often use the Tor network for ransom payments, and the so-called dark web, with its illicit sales of drugs and stolen credit card numbers, makes extensive use of Tor to let its users operate anonymously. The Tor developers acknowledge that some criminals have used their technology for illegal ends, but they insist that "The majority of our users use Tor in a responsible way."

Some Tor users choose to do so out of principle – the belief that everybody has the right to control access to their own data. Others want to avoid the nuisance of being dunned by retailers or enlisted in a cause, or targeted by identity thieves. Still others want to bypass censorship restrictions placed on their browsing by their companies or countries. Others are victims of abuse in hiding, or whistle blowers revealing corporate or government corruption. The Tor project site has a page detailing the growing list of legitimate reasons for using Tor [2] that establishes that privacy and security are increasingly mainstream concerns – and they are concerns that most operating systems do not adequately address. Tor's purpose is to correct these omissions and to give its users greater peace of mind.

Routing in Tor

The Tor network is a collection of servers running software that allows them to participate in onion routing. Onion routing has existed longer than the Tor network and is a more general term – the Tor network has a particular set of protocols based on the onion routing concept.

The details are quite complex, but the basic idea is that the Tor browser client system (called the originator) routes a message through a series of Tor relays (see Figure 2). The message is encrypted in layers, so that each relay along the circuit only knows which node sent it the message and where to forward it next. The relay doesn't know the contents of the message or who originated the message. The exit node at the end of the circuit knows the final destination of the packet but doesn't know the source. The entry node at the beginning of the circuit knows the source but not the destination.

Figure 2: Tor routes the message through a series of routers. No link in the chain knows both the source and the destination of the message.

As you can see from Figure 2, the key to making this process work is assembling a message that allows each node along the path to know only what it needs to know and nothing more. The Tor client builds this message in layers (Figure 3), which are peeled off one step at a time like the layers of an onion (hence the name onion routing).

Figure 3: The message is enclosed in encrypted layers. Each node can only decrypt one layer, which reveals information on where to send the packet next.

To build this many-layered message (called the onion), the Tor client must obtain a symmetric session key from each of the nodes along the circuit. These keys are obtained through a series of public key (Diffie-Hellman) connections among the nodes of the circuit that forward the encrypted session keys back to the client.

The client encrypts the message it intends to send to the destination server in the session key for Node 3. This encrypted message is then encrypted with the session key for Node 2, and this message is encrypted with the key for Node 1. When Node 1 receives the message, it knows the sender, but it doesn't know if the sender is the originator or just another link in the chain. Node 1 decrypts the outer message with the Node 1 session key and learns it is supposed to send the message to Node 2, although it can't see the contents or the eventual destination. Node 2, in turn, decrypts the message with the Node 2 session key and learns it should send the message to Node 3. Node 3 decrypts the final layer and learns that it must send the message to the destination server. Node 3 does not know who originated the message, but it knows it received the message from Node 2 and remembers that fact, so it will know how to forward the reply back from the server.

In the response from the server back to the client, a similar process occurs in reverse. Each node adds a layer of encryption, obscuring the source of the response, and the client at the end of the chain unwraps all the layers using the previously obtained session keys.

As you can see, this process requires many steps and computations, so the Tor network is significantly slower than ordinary Internet traffic.

Installing Tor

Tor releases are available in most distributions. However, except in distributions with rolling releases of frequent security updates, the version is likely not to be the latest and might therefore not be secure. In the past, Ubuntu in particular has lagged so far behind the latest version that the Tor Project permanently warns against using it. Instead, Ubuntu and other Debian derivatives can set up the Debian repository maintained by the Tor Project [3].

Any distribution can download Tor directly from the project site [4]. In addition to Linux, downloads are available for Android, macOS, Windows, and source code, as well as 36 languages other than English (Figure 4). The uncompress download will have the name tor-browser_LANGUAGE-LOCALE – for instance, tor-browser_en-US for the American English version. Descend the directories and click on start-tor-browser.desktop. You can register Tor as part of the desktop environment with the command:

./start-tor-browser.desktop --register-app

Figure 4: The Tor Browser supports multiple operating systems.

To make Tor accessible to the entire system, uncompress or move the download to /opt, changing permissions as needed.

Next, run start-tor-browser.desktop, which opens the Tor Launcher (Figure 5). Configure any network settings, and, if you choose, elect to have Tor connect automatically in the future. Clicking the Connect button for the first time will connect in 15-30 seconds, but it will take only a few seconds later. Start by looking at the online help in the upper-left corner, where, among other things, you can adjust the default privacy and security settings (Figure 6), many of which will be familiar if you have previously used Firefox. As always, your choices are apt to be a balance between security and privacy on the one hand and convenience on the other hand. Finding the settings you can tolerate may be an ongoing experiment. What you have is a modified Firefox browser, but remember not to add any extensions not specifically supported by the Tor Project, since they can potentially compromise security and privacy. As convenient as Firefox extensions can be, there are simply too many to vet. Similarly, do not change any of the default configuration settings, which have been carefully configured.

Figure 5: The launcher prepares the Tor Browser for use.

Figure 6: The Tor Browser uses many of the existing Firefox settings.

Once connected, the Tor browser can be used like any other version of Firefox. You can configure the browser to automatically use hidden .onion sites where available. The browser uses DuckDuckGo to anonymize searches, including searches on Google. For the latest protection, you should also check frequently for updates.

Features Specific to Tor

While you are using the Tor Browser, you should be aware of its unique features, located in the upper-right corner of the window. Right next to the field for entering URLs is a button for adjusting the Security Level, using the same window available from the Tor Launcher's online help. The broom icon next to it restarts Tor, giving you a new temporary identity. The third button is the standard Firefox menu, modified for Tor. Under Add-Ons and Themes, you will find the add-ons for use with Tor. HTTPS Everywhere (Figure 7) is a collaboration between the Tor Project and the EFF that, if possible, forces sites to display using the encrypted HTTPS protocol rather than the unencrypted HTTP. A second add-on, NoScript (Figure 8), allows you to set how and when JavaScript runs, both generally and on individual pages. Both add-ons are essential parts of the Tor Browser's functionality. Currently, they are the only add-ons you should use with the Tor Browser.

Figure 7: HTTPS Everywhere is an add-on to default to encrypted HTTPS whenever possible.

Figure 8: With NoScript, you can control the use of JavaScript on individual pages.

Note that if you are looking at old documentation, you may come across a reference to TorButton. TorButton is an obsolete feature that allowed the Tor Browser to be turned off, leaving only the features of Firefox. Although convenient for some users, TorButton was discontinued because the Tor project is too small to keep up with Firefox's steady stream of releases. Should you somehow find a version of Tor that includes TorButton, you have an obsolete release and should upgrade immediately.

Notice, too, that because your identity changes each time you start the Tor Browser, you will see a notice about cookies each time you open a page that uses them (Figure 9). Your choices will not matter, because Tor deletes all collected cookies when it closes.

Figure 9: Because you are browsing anonymously, be prepared to see plenty of cookie notices.