2007-09-13 14:09:05
Misconceptions of Tor
There have been some articles recently about Tor, specifically with people getting their sensitive information stolen while using Tor. The gist was, "I'm using Tor, my information should have been private, what gives?"Let's get one thing straight. Anyone who uses Tor and thinks that their sensitive data is private is a Grade A Moron! That's right, you don't deserve to breathe the same air as I, or anyone else who isn't an idiot, do. In a previous post of how to get Tor/Privoxy to work I briefly explained how Tor operates. Let me get very specific and explain exactly what happens.
You start with your computer, that is running Tor. You try to login to GMail. Your browser sends the request to Tor, which encrypts it 3 times and then sends it to the first Tor node. The first Tor node is only able to decrypt the first layer. It does so and sends it to the second Tor node. The second Tor node can only decrypt the second layer. It does so and sends it to the third Tor node. The third node can decrypt the third, and last, layer and send your data, unencrypted just like all other data on the internet, to Gmail so that you can be logged in. Here is a little list showing what information each node knows:
- Your computer - knows your data, where it's going (Gmail), and to which Tor node to send it
- Tor node 1 - knows where the data came from (your IP) and where it's going (node 2)
- Tor node 2 - knows where the data came from (node 1) and where it's going (node 3)
- Tor node 3 - knows where the data came from (node 2), where it's going (Gmail), and knows your data
- GMail - knows where the data came from (node 3) and knows your data
So, after seeing how your data gets routed to it's destination, what on earth would make you think that your sensitive data was private? There is nothing in the above explanation that implies that. You can plainly see that your data goes unencrypted from your computer to Tor node 1, so someone could jump in between and grab your data. Your data goes unencrypted from Tor node 3 to it's destination, so someone could grab it there. And the big thing that most people don't think about, and also what the above article is talking about, is if a malicious person configures a Tor server. If the malicious Tor server happens to be the 3rd server in someone’s route list, that means it can do the final decryption of your data. That means that the last Tor server in your route list actually can read your data, unencrypted, if it wants to, before sending it to the destination. This just proves the point that Tor protects your identity, as in anything that can trace your web traffic back to your IP address, not your data. Anything you send over the internet can be intercepted at various places.
You may ask, "What about HTTPS?" This brings up my last point. Anytime you send sensitive information over the internet, such as a username and password for GMail, your credit card number to Amazon, or your bank account number to your bank's site, MAKE SURE YOU ARE USING HTTPS. This will ensure that those 3 vectors of attack I just explained are closed. Why? Because you encrypt your data before it even gets sent to Tor. Tor does it's 3 level encryption. But even after the last node takes off the last layer of Tor encryption, there is still that one level of encryption you originally added by using HTTPS. This means that only the destination, in our example, GMail, can decrypt and read your data.
So, in summary, I want to make sure you understand the two main points of this article:
- Tor does not hide the data you send, it only hides the IP address it came from
- When sending sensitive data over the internet (passwords, etc.) use HTTPS
Back