Anonymous Internet for the Masses

Hendrik Weimer


Normal version

There are many reasons to stay anonymous when using the Internet. This does not only apply to countries where free speech is limited, but also to all other people who are afraid that their boss or ISP invades their privacy, to people reporting from pressure groups or journalists involved in undercover investigations.

For sending and receiving e-mails the problem has long been solved. Anonymous remailers have been proposed in the 80s and have resulted in a reliable network in the 90s. A remailer basically receives an encrypted message, decrypts it and forwards the decrypted version to the recipient that was embedded in the encrypted part. If this decrypted mail is again an encrypted message for another remailer, the real message can travel along a chain of remailers until it reaches the final recipient. Since every remailer involved knows only of the next hop along the message's path, it is necessary to obtain this information from all remailers the message has travelled through. If there is only one single remailer that doesn't log the communication (which all remailer operators assert), it is impossible to trace the source of said message. Most remailers even support to provide an return path (another chain of remailers that typically ends in an encrypted posting to a special Usenet group) in order to establish two-way communication.

This works so nicely for e-mails because the latency of the communication may be high — messages usually take hours or even days to pass through the remailer chain. However, this is unacceptable for many other internet services such as the WWW or IRC, where users expect real-time communication. A few years ago, the concept behind remailers was generalized to any kind of network communication. The new framework was coined "Onion Routing" since each router has to peel off a layer of encryption to get the routing instructions providing the next destination. Tor is an implementation of an onion routing protocol, sometimes called a second-generation onion routing network because some design issues of the initial proposal have been eliminated.

After installation, the Tor client connects to a directory server to obtain a list of routers for the Tor network. If the user wants to access a server over the Tor network, the client first selects a random path through several Tor routers. The request for the server is encrypted with the public keys of the routers as mentioned earlier. The last router in the chain send the unencrypted request to the destination and sends the server's answers back to the client by using the Tor network.

The Tor client receives the user's request as a SOCKS proxy, so any application wanting to communicate anonymously must either speak this protocol or a wrapper program has to be used. Unfortunately, this means that only TCP connections are possible via the Tor network. Furthermore, users should be aware that sensitive information may leak through DNS requests, even when the actual communication is properly anonymized. For certain protocols such as HTTP or FTP special proxies can be installed to solve this problem.

The user hardly notices anything of this, the latency of the Tor network is surprisingly low. Sometimes, especially during the week-end, the latency increases noticeably, but for example responses to requests to web servers are usually delivered within a few seconds.

An interesting feature of the Tor network is that its users can run anonymous servers that are reachable from other Tor clients. However, these servers cannot be reached from the rest of the Internet. If you decide to run a hidden service you should use the development version of Tor, as the stable release currently allows to quickly track them down.

The biggest problem the Tor network faces is its vulnerability to timing attacks. If an attacker sees a packet from the user to the first Tor router and shortly afterwards a packet from the last router to the final destination, it is possible to identify the user. This is an inherent issue of low-latency anonymizers and its solution is still an open research problem.

While the timing problem lowers the overall security of the Tor network, it is still a reliable way to improve your privacy in many situations.

Got a question on Tor? Post it as a comment!

Distributions: [?]□ Debian stable■ Debian unstable
□ Fedora■ Mandriva
□ Suse■ Ubuntu


  • Fast and reliable anonymizer
  • Hidden services
  • Vulnerable to timing attacks
  • Only TCP is supported

Copyright 2006–2008 OS Reviews. This document is available under the terms of the GNU Free Documentation License. See the licensing terms for further details.