The Tor Network: Tools for private and secure browsing


The Tor browser is a powerful tool for anonymity on the web, but it still has some limitations that users should be aware of. Two obvious ways to compromise the Tor network are:

  • Break the encryption (not so easy if the encryption is done properly with up-to-date techniques).
  • Exploit a flaw in one of the system components. For example, the Tor browser is based on Firefox, which occasionally has vulnerabilities that require patches and updates.

Beyond these potential attacks are a range of other concerns that are less obvious if you're not an expert. In fact, security researchers make a point of looking for flaws in the Tor network, and the Tor project actually welcomes it, because transparency is one of their values, and if there is a way in, they would rather know about it than have it go unreported.

Governments have also been busy with trying to break into the Tor network, and they are a little less willing than academics to publish the results on how they do it. Several high-profile crackdowns on elements of the dark web have occurred through the years. In 2014, for instance, a coalition of government agencies took control of several Tor relay nodes, resulting in the takedown of several black market sites, including Silk Road 2.0. No one at the time, including the Tor developers, knew exactly how the agencies accomplished this attack, which became known as Operation Onymous, but the Tor developers published a blog post with some ideas about how it might have happened, suggesting things like:

  • Operational security – stolen passwords and rogue users (the same way other servers on the Internet are attacked)
  • Flaws in the web application that could have led to an SQL injection or other similar attacks.
  • Bitcoin de-anonymization – according to experts, the Bitcoin transaction process can reveal information that could potentially de-anonymize a Tor user
  • Attacks on the Tor network itself

Tor network attacks can take various forms. In the report following Operation Onymous, the Tor developers state "Some months ago, someone was launching non-targeted deanonymization attacks on the live Tor network. People suspect that those attacks were carried out by CERT researchers. While the bug was fixed and the fix quickly deployed in the network, it's possible that as part of their attack, they managed to deanonymize some of those hidden services" [5].

Much of the research on breaking the anonymity of the Tor network has focused on the entry and exit nodes. You might not know what happens inside the network, but if you watch the exit node, you can still gain insights on the traffic. The Tor project itself warns that it cannot protect users against a so-called end-to-end timing attack. "If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit" [6].

These elaborate attacks that require constant monitoring of all possible entry and exit nodes, infiltration of Tor relay systems, or statistical studies of random nodes across the Internet require enormous resources, and if you're just using Tor because you don't want to get tracked by an ad tracker, you're probably safe. However, if you are truly using Tor because you are trying to avoid capture by a well-funded state actor, it is best to at least be aware of these limitations.

Despite the occasional sting like Operation Onymous, the Tor network continues to provide anonymity for the vast majority of its users.


The Tor developers view privacy as a basic human right that should be available to everyone and must be protected on principle. The project places a high premium on the safety of its users. They acknowledge that some Tor users might access the platform for illegal activities, but they maintain that most users have a legitimate purpose. They argue that Tor is a tool, like any other tool, that can be employed for good or evil. A criminal could use a car, or a gun, or the Internet itself to commit a crime, but people generally acknowledge that these tools also have legitimate uses.

If you are a privacy-conscious user, and you are weary of depending on browser plugins and your clunky browser security settings to protect you from surveillance, this might be the time to explore the Tor Browser. In an era in which privacy and security are a forever increasing concern, Tor is an important option for defending yourself and your data.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • TorK

    If you're worried about eavesdroppers, connect to the Tor network with KDE's handy TorK configuration tool.

  • Overlay Networks

    An overlay network will help you block unwanted eavesdroppers on the Internet. We show you some of the leading open source options.

  • SelekTOR

    If you want to exploit protection through the anonymous Tor router fully, you need to delve deep into the underlying technologies. The SelekTOR front end saves you much of that effort.

  • Tor and Privoxy

    Internet users typically reveal their IP addresses, and this lets companies compile a profile of your Internet activities. Tor and Privoxy can help protect your privacy.

  • P2P Networks

    Many users associate the term P2P with BitTorrent and the (not always legal) exchange of files. But peer-to-peer networks offer an option for anonymously offering websites and other services. We examine five popular alternatives for P2P networking.

comments powered by Disqus