Tor is safe for the average internet user. It has some advantages and useful applications as well as drawbacks and vulnerabilities. Tor is in some ways less secure than VPN, but using Tor with VPN can provide anonymity and privacy on the internet.
Use a Tor browser for opposition research in a legal dispute, to keep your web footprint away from advertisers and to bypass internet censorship restrictions.
First things first: Peeling back the layers of Tor
Tor is the acronym for the internet browsing system “the onion router.” The Tor Browser connects to another random Tor server, which relays the connection request along a pathway to an exit node. The Tor browser ensures that the user’s web traffic remains anonymous and protects the user’s identity online.
That random routing offers a high degree of anonymity for net users by:
- hiding the user’s location through IP address concealment
- preventing the traffic from being tracked en route
- blocking the tracing of online activity after the fact
The multiple routing process keeps the user’s identity secure. Each node of the Tor routing path only knows the IP address of the previous node and the node where the traffic is heading for next.
Advantages of Tor
Tor’s main advantages include:
- Tor is free to use. Download the Tor Browser—no charge, but donations are welcomed. Tor is compatible with Windows, MacOS, Unix like systems and Android.
- Using Tor supports open and free use of the internet, which was its founding principle.
- Tor allows access to otherwise geographically restricted websites through geo-blocking. Geo-blocking prevents servers outside a restricted area from accessing web content only available locally. For example, Netflix users in the United States could be blocked from accessing content in the United Kingdom. Tor, like VPN, bypasses those restrictions.
- Tor is a distributed network. A distributed network is spread out to provide a single data communication grid. The distributed network is managed jointly or separately by each network node to spread the storing and processing workload, again making Tor user tracking difficult.
- Because it is on a distributed network, Tor’s operation is not dependent on a single node. If one server goes down, the system relays it to the next available node.
- The network is run by volunteers. Tor volunteers are community-minded people who help support the Tor ecosystem. Technically sophisticated volunteers provide their computing resources as relays, documentation translators, and community advocacy. See the 2019 Tor Project web page for details.
- The Tor network is resistant to government meddling and efforts to shut it down. Because of its network distribution and wide variety of volunteers, there are built-in redundancies to Tor. Shutting down one or more relay nodes will not disable the Tor network.
Tor has a bad rep because of the Dark Web
Yes, Tor has been used by online hackers and criminals in illegal activities. Its association with the sinister terms of “dark web” or “deep web” obscures the fact that ordinary, honest people need privacy and the protection Tor serves law-abiding internet users as well.
Disadvantages and vulnerabilities of Tor
The bottom line is that the Tor Browser is 100% legal, depends on what you are using it for. There are, however, some disadvantages to consider:
- A Tor Browser tends to be rather slower than the open net.
- Some major web services block Tor users.
- Authoritarian regimes have outlawed Tor to keep their citizens from communicating anonymous.
In his CSOonline piece, Senior Writer J.M. Porup makes the case for Tor. “It is easy to see why a repressive regime hates Tor.” Tor, says Porup, “makes it easy for journalists to report on corruption and helps dissidents organize against political repression.”
Although generally safe, Tor has known vulnerabilities
Tor vulnerabilities include the following:
The final Tor exit node could be exposed.
The exit node is the last node to handle the Tor data before it reaches its final destination. The data on the exit node is completely decrypted. Unless the traffic is via an HTTPS connection, the information is exposed to the operator running the exit node. (See below.)
Tor can be defeated through confirmation attacks.
Powerful entities like the NSA as well as unfriendly foreign governments can compromise Tor user anonymity. Using powerful and relentless surveillance techniques, Tor attacks correlate user transmissions between entry and exit nodes to determine use patterns, for example.
Tor nodes can be compromised along the path to the final exit.
Tor’s safety is based on the assumption that most of the Tor volunteers are honest and do not spy on the traffic. Tor forensic investigators, however, have found exit nodes that actively interfere with users’ traffic to perform man-in-the-middle attacks.
A study by Guevara Noubir at Northeastern University also highlights some sinister and sophisticated infiltration techniques by Tor hackers. User detection ranged from automated probing to dangerous SQL injection into databases to steal system login data.
Windows digital files are vulnerable.
Downloading and opening Windows DRM copyrighted digital files can compromise the identity of Tor Browser users. Setting up a so-called deanonymization attack requires resources typically within the means of government and law enforcement agencies. The user opens the DRM file and downloads the code to decloak Tor Browser user location and identification.
How to use Tor Securely
For most users, it is a simple matter of downloading the Tor Browser and running it the same way as Chrome, Firefox, or Safari. In addition to standard websites, the Tor Browser can enter .onion web sites only available within the Tor network. For example, the New York Times hosts an .onion site for those who want to read the news anonymously.
Warning: The Tor Browser is effective in masking the user’s location and identity. However, it does not offer the same level of security and safety like a VPN like Surfshark does. The good news, however, is that you can use the Tor Browser and a VPN in concert.
Use VPN over Tor
In this method the user connects to the VPN service first. The next step is to load the Tor Browser. Using VPN over Tor typically provides good security and privacy protection. Principal benefits are:
- Connecting first to the VPN prevents the internet service provider from detecting the user’s access to Tor.
- Using a no logs VPN service like Surfshark will prevent the VPN provider from logging the Tor usage.
- VPN also allows the user to select login from a server outside the user’s country. This provides an additional level of anonymity as well as another safeguard against geo-blocking.
Final advice on Tor
Despite its drawbacks and flaws, the Tor is safe. It is an effective online tool for protecting the user’s privacy and anonymity.
Tor is legal, except in countries that want to stifle free speech and universal access to the internet. Despite its association with illegal activity, Tor has legitimate uses for the ordinary, law-abiding person.
Tor does has some vulnerabilities:
- Tor is slow because of its pathways to the exit node.
- Some websites and governments block Tor connections.
- Unencrypted traffic on the Tor exit node (i.e., the final server before the browser target) could be intercepted by unscrupulous users.
- High-powered attacks can track Tor users.
- Downloading and opening Windows DRM files can compromise the user’s identification.
The average internet user will NOT benefit from Tor, mainly due to its snail-paced speeds. Likewise, downloading large files, through services like BitTorrent for example, will not protect the Tor user’s anonymity.
So, Tor is not the ideal tool for internet users who rely on speed. A VPN like Surfshark provides a faster, more secure alternative. Tor can, however, be used in concert with VPN for added security. Use VPN over Tor to gain the best of both worlds with totally secure internet browsing.
Use Surfshark over Tor
Only $2.49/mo. 30-day money-back guarantee with every planBuy NOW