The Tor Network: Tools for private and secure browsing
Limitations
The Tor browser is a powerful tool for anonymity on the web, but it still has some limitations that users should be aware of. Two obvious ways to compromise the Tor network are:
- Break the encryption (not so easy if the encryption is done properly with up-to-date techniques).
- Exploit a flaw in one of the system components. For example, the Tor browser is based on Firefox, which occasionally has vulnerabilities that require patches and updates.
Beyond these potential attacks are a range of other concerns that are less obvious if you're not an expert. In fact, security researchers make a point of looking for flaws in the Tor network, and the Tor project actually welcomes it, because transparency is one of their values, and if there is a way in, they would rather know about it than have it go unreported.
Governments have also been busy with trying to break into the Tor network, and they are a little less willing than academics to publish the results on how they do it. Several high-profile crackdowns on elements of the dark web have occurred through the years. In 2014, for instance, a coalition of government agencies took control of several Tor relay nodes, resulting in the takedown of several black market sites, including Silk Road 2.0. No one at the time, including the Tor developers, knew exactly how the agencies accomplished this attack, which became known as Operation Onymous, but the Tor developers published a blog post with some ideas about how it might have happened, suggesting things like:
- Operational security – stolen passwords and rogue users (the same way other servers on the Internet are attacked)
- Flaws in the web application that could have led to an SQL injection or other similar attacks.
- Bitcoin de-anonymization – according to experts, the Bitcoin transaction process can reveal information that could potentially de-anonymize a Tor user
- Attacks on the Tor network itself
Tor network attacks can take various forms. In the report following Operation Onymous, the Tor developers state "Some months ago, someone was launching non-targeted deanonymization attacks on the live Tor network. People suspect that those attacks were carried out by CERT researchers. While the bug was fixed and the fix quickly deployed in the network, it's possible that as part of their attack, they managed to deanonymize some of those hidden services" [5].
Much of the research on breaking the anonymity of the Tor network has focused on the entry and exit nodes. You might not know what happens inside the network, but if you watch the exit node, you can still gain insights on the traffic. The Tor project itself warns that it cannot protect users against a so-called end-to-end timing attack. "If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit" [6].
These elaborate attacks that require constant monitoring of all possible entry and exit nodes, infiltration of Tor relay systems, or statistical studies of random nodes across the Internet require enormous resources, and if you're just using Tor because you don't want to get tracked by an ad tracker, you're probably safe. However, if you are truly using Tor because you are trying to avoid capture by a well-funded state actor, it is best to at least be aware of these limitations.
Despite the occasional sting like Operation Onymous, the Tor network continues to provide anonymity for the vast majority of its users.
Conclusion
The Tor developers view privacy as a basic human right that should be available to everyone and must be protected on principle. The project places a high premium on the safety of its users. They acknowledge that some Tor users might access the platform for illegal activities, but they maintain that most users have a legitimate purpose. They argue that Tor is a tool, like any other tool, that can be employed for good or evil. A criminal could use a car, or a gun, or the Internet itself to commit a crime, but people generally acknowledge that these tools also have legitimate uses.
If you are a privacy-conscious user, and you are weary of depending on browser plugins and your clunky browser security settings to protect you from surveillance, this might be the time to explore the Tor Browser. In an era in which privacy and security are a forever increasing concern, Tor is an important option for defending yourself and your data.
Infos
- Tor Browser: https://www.torproject.org
- Reasons for using Tor: https://2019.www.torproject.org/about/torusers.html.en
- Ubuntu and Debian with Tor: https://support.torproject.org/apt/
- Tor Downloads: https://www.torproject.org/download/
- Attacks on the Tor network: https://blog.torproject.org/thoughts-and-concerns-about-operation-onymous/
- About Tor page: https://2019.www.torproject.org/about/overview.html.en#stayinganonymous
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.