What is Tor Browser and How Does Tor Work

What is TOR and why is it needed

TOR is a technology that allows with some success to hide a person’s identity on the Internet. It stands for The Onion Router – an onion router.

TOR was originally a US military project, then it was opened to sponsors, and now it is called the Tor Project. The main idea of ​​this network is to ensure anonymity and security in a network where most participants do not trust each other. The essence of this network is that data passes through several computers, is encrypted, their IP address changes and you get a secure data channel. Why is the IP address so important and what can be done with it, read the recent Internet issue.

A by-product of this technology is darknet, or the Internet inside the Internet. We’ll write a separate article about him, but for now let’s say that these are sites that cannot be accessed from the normal Internet through a regular browser. Search engines do not see them and it is impossible to establish their real owners – the Internet turns out without rules and restrictions.

Why use TOR

We cannot tell you this by law.

How TOR works

The principle of work at TOR is the same as in films about hackers: it takes turns connecting to the website or service you need through several servers. Typically, three servers are involved in a chain: input, intermediate, and output.

Before the request or data goes to the network, a special program on the user’s computer encrypts them so that each server can decrypt only its part. It looks like this: the source data is taken and encrypted for the input node, then what happened is encrypted for the intermediate node, and now it is still encrypted for the output node. If you draw this, it will look something like this:

Looks like an onion. This is where the name “onion encryption” came from, because each server removes only its part of the cipher and transfers the data further down the chain.


The first node is the input node, through which the user enters the TOR network. Usually they are selected from those servers that have proven their reliability. Another requirement for an input node is a stable and fast connection. The input node receives the “onion” from the ciphers, decrypts the first layer and finds there the address to which this packet should be transmitted further. He does not see anything else, because the data inside is encrypted twice.

The second node is an intermediate one. It does the same as the first one: removes its cipher layer, finds out where to send them, and sends still secret data to the output node. Intermediate servers are the easiest to maintain, because they simply decrypt and transmit data. They do not know where they originally came from and where they will go at the very end.

The last node in the chain is the output, it is the most important of all. The fact is that it removes the last layer of encryption and sends your data in pure form to the desired address. It is his address that will be visible to the site to which the request is being sent. Law enforcement agencies will come to them when they investigate crimes committed through TOR.

From the output node, the request is sent to the desired site, a response is received from there, and the whole chain moves in the opposite direction also with triple encryption.

Usually they use Tor Browser, the official browser from the creators of this network, for safe Internet surfing. It already contains all the settings that are needed to connect to the network, but for complete privacy you will need to turn on some of the extensions yourself, for example, NoScript. It disables all scripts through which you can calculate your real address.

What could go wrong

Despite triple encryption, TOR has several vulnerabilities to be aware of.

Wiretap on the output node. Through the output node, traffic goes to the network in its pure form, so some unscrupulous owners of such nodes can read something there. For example, the username and password of the online store, mail or the text of the correspondence, if the messenger does not encrypt messages. SSL encryption also will not save by itself – there are already programs that decrypt it.

To protect yourself from such leaks, use sites that support the HTTPS protocol: it encrypts all data and protects it from listening. Use instant messengers and email clients with built-in encryption – this will also help protect your messages.

Global observation. Theoretically, a situation is possible when someone simply watches from within the network and how traffic flows. If you watch long enough for those who are sitting on the same channel and do not change the chain of nodes, then you can calculate its real IP address. In laboratory conditions, this takes about two hours, but this has not yet happened in life (at least the general public is not aware of this).

Blocking by provider. In some countries it is forbidden to use TOR, so providers find all the input nodes and block them. The fact is that everyone can get a list of input nodes, and so does the provider, so network developers have come up with a solution for these situations.

The developers of TOR made part of the input nodes secret and do not publish in the public domain. When the program tries to establish a TOR connection and sees that the nodes from the list are blocked, it makes a special request and receives the address of the secret node. But the provider can also make this request …

Information hygiene. If you go online via TOR and log in to your social network using your username (or mail, or on a forum where it is known that you are you), then the degree of anonymity decreases dramatically. Specially trained people will be able to establish your identity on other sites.

How to make TOR even safer

The main problem of TOR is output nodes and open traffic. To provide the necessary level of security, use a bunch of TOR + VPN. We’ll talk about VPN soon – sign up so you don’t miss.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.