Tor Browser- What is it, How Does it Work, and How Does it Relate to Using a VPN?
(Technical writer, ex-robot manual creator gone privacy enthusiast/VPN expert)
Tor is an excellent tool for surfing the web securely and privately. Setup is simple and we highly suggest using it in conjunction with a VPN. There are certain nuances of Tor that you should know about precautions that must be taken when using it. Share
If you’re wondering what Tor is – and if you’re here, chances are that yes, you are – you’ve come to the right place. Tor is short for The Onion Router, and we’ll explain the significance of that name shortly. The first thing you need to know is that Tor is another way to hide your internet footprints, but is altogether different from a VPN. They can be used together, another subject we will touch on.
Tor was originally developed by the U.S. Navy with the purpose of protecting U.S. government communications during intelligence operations. It is now a non-profit organization whose purpose is to research and develop online privacy tools. In short, the Tor network conceals your identity by moving your internet traffic over different Tor servers, which are actually other people’s computers.
Tor is a gateway into the Deep Web, or Dark Web, which actually comprises the major majority of the internet. The popular analogy to describe what is searchable by standard search engines as compared to what is in the Deep Web is that of the tip of an iceberg; the portion of the iceberg below the surface is the deep web. This can be websites that accidentally did not register with any of the search engines, or ones that purposely did not for one reason or another, as was the case with Silk Road, the online drug trafficking marketplace that was shut down a number of years ago, which could not be accessed via normal web browsers like google.
Tor is also very popular with journalists, as well as activists who living or working within countries with internet restrictions. Tor enables a way around this censorship. It is also good for whistleblowers like Edward Snowden, who released information via Tor.
How does Tor work?
To use Tor, you must download and install the Tor Browser, which you would use in replacement of Chrome, Firefox or whatever browser you normally use. Anything you do on this browser is then safe from the prying eyes of the government, hackers, Google Ads and other advertisers. Your data is bundled into encrypted packets before it enters the Tor network. After this, Tor takes off part of this packet’s header, which includes information like the source, size, destination and timing, all of which can be used to learn things about the sender. Next, Tor encrypts the rest of the information, which a normal internet connection cannot do. Finally, the encrypted data is sent through many of the servers (called relays) randomly, each of which decrypts and then re-encrypts just enough of the data to know where it came from and where it is going next. The encrypted address layers used to anonymize data packets that are sent through the Tor network are like an onion, thus the name. The illustration below is a good (albeit very simplified) explanation of how Tor works.
What are the drawbacks?
The biggest, and most immediately noticeable drawback to Tor, is the performance. The fact that the data goes through many relays makes it very sluggish, especially when it comes to audio and video. It is also important to know that using Tor does not make you 100% invulnerable. In fact, many believe Tor to be fairly easily hackable, as exit nodes (the last relay before your information reaches its destination) can see your traffic if the site you are accessing does not use SSL (look for HTTPS instead of just HTTP). Additionally, government agencies can see if you are using Tor, so even if they cannot see what you are doing, it is a red flag to them.
Using Tor with VPN
Tor and TVP can be used in conjunction with each other, though the relationship is a bit of a complex one: You can do Tor-through-VPN or VPN-through-Tor, and there is a big difference between the two configurations. We will not go through every minute detail, but will explain some of the differences. Before we do this though, you should know that no matter that the setup for this is, it will significantly reduce your performance, as both Tor and VPN slow down internet speed, and combining the two only makes this effect more noticeable.
In Tor-through-VPN, the relationship is your computer > VPN > Tor > internet. The first benefit of this is that your ISP will not know that you are using Tor, even though it can still know you are using a VPN. Additionally, the Tor entry node will not see your IP address, which is a good added layer of security. The con to this setup is that your VPN knows your true IP address, and you have no protection from malicious Tor exit nodes (the non-SSL websites we mentioned above). Some VPN providers (such as NordVPN, Privatoria and TorVPN offer Tor-through-VPN configurations. This is good, but nowhere as secure as using the Tor browser, where Tor encryption is performed end-to-end.
In VPN-through-Tor, the relationship is your computer > VPN > Tor > VPN > internet. This setup, though more secure, requires that you configure your VPN to work with TOR, and there are only 2 services that we know of that support this, AirVPN and BolehVPNThe pros to this setup are numerous. First, the VPN provider has no way of knowing your real IP address, but sees the IP of the Tor exit node. If you are going this far, you should pay with Bitcoin via the Tor browser, which means the VPN provider really has no way of identifying you, even if it keeps logs. The next benefit is protection from malicious Tor exit nodes, due to the fact that your data is encrypted by the VPN. This also has the added effect of bypassing any blocks on Tor exit nodes (censorship) which exist with the Tor-through-VPN setup.
The latter method for connection to both VPN and Tor is known to be significantly more secure, providing almost perfect anonymity. If you do not wish to take the steps to run VPN-through-Tor, you can always run Tor-through-VPN by simply running the Tor browser after your VPN connection has been established.
How to use Tor
The first thing you must do to start using Tor is to download the Tor browser, which is actually a modified version of Firefox. From here, you can take the precautionary step of verifying the package signature – this ensures that anyone with an adversary who might try to give them a malicious version, has the right version.
The next step is to install the Tor browser. It does not install like a normal program in that it automatically installs uses your desktop as the destination. This is because Tor is portable software that does not integrate into Windows the way normal programs do, meaning you can run the browser from anywhere, like a USB drive. If you wish to change the install location by clicking Browse and choosing from there. From here, the installation process is just like any other.
Once the browser is installed, a folder called Tor Browser will be created wherever your install destination was set. Inside, you will see Start Tor Browser. Click it and you will be given an option of whether or not to connect directly to the Tor Network, or to configure proxy settings first. For most, the direct connection option will suffice. If you are using the Vpn-through-Tor method or using a proxy, or if you are connected through a network that is monitored, censored or limited in any way, you will need to configure manually using the second option.
Once you are in the Tor Browser, make sure you are connected properly by going to an IP address checker like whatsmyip.org. If it is not your original IP, you are connected properly!
Once you are in, there are some tips that we suggest you follow:
- Do not go to websites that are only HTTP, but only sites that are HTTPS. Tor is only a traffic router and encrypts all traffic within the Tor network. It does not, however, encrypt traffic outside the Tor network, leaving you vulnerable once your traffic reaches the exit nodes as it is unencrypted there. For that reason, you should always use end-to-end encryption like SSL or TLS, as well as use sites that use HTTPS. It is also wise to consider using the HTTPS Everywhere plugin.
- Do not use P2P traffic in Tor. Tor is not built for peer-to-peer file sharing and will likely actually be blocked by many exit nodes. Using P2P traffic on Tor slows down the browsing of other users and is a threat to your online anonymity as BitTorrent clients send your IP address to the BitTorrent trackers and other peers.
- Always delete cookies– You can use an add-on such as Self-Destructing Cookies to automatically delete cookies.
- Do not use your real e-mail– As one website puts it, using your real email while using Tor is like “going to a mask party but wearing your name tag on your costume.”
- Do not use Google– Google is infamous for collecting information on the browsing habits and search data of its users to help grow its ad revenue. Instead, use search engines like DuckDuckGo.
Final thoughts on Tor
Personal privacy has become more and more elusive as the government, hackers and even our beloved Google have come up with more advanced ways to hack and track us. Tor, even with its known flaws and vulnerabilities, is an excellent step towards being more anonymous on the internet. It is, however, only one piece of the puzzle, and other precautions must be taken if you truly want to protect yourself. You must be diligent in deciding how you conduct yourself on the internet.
If you truly want to protect yourself, consider one of the VPNs below in conjunction with Tor browser.