Gareth Owenson

How Tor Works

the onion router (tor) is one of the most commonly used dark web networks

what is tor?

Tor is a privacy network and free browser software that enables more anonymous internet activity than standard web browsers. It also hosts sites that are inaccessible through standard web browsers, known as hidden services or onions. Tor achieves this anonymization via a process called onion routing. Originally developed at the U.S. Naval Research Lab to enable secure communication, Tor is now maintained and managed by a non-profit organization called The Tor Project with thousands of relays – also called nodes – all over the world.

How does Tor Work?

When using a standard browser, the user’s computer encrypts their data to be sent into packets and makes a direct TCP connection, also known as a TCP handshake, with the website’s server before the data is decrypted. This direct connection enables any observers, such as the user’s internet service provider (ISP) or the website’s owners, to view the user’s IP address and by extension their location. This method of sending and receiving data is used as it is fast and simple.

When using Tor to access a website, data is encrypted in multiple layers – like an onion – before being sent through a networking protocol known as onion routing. Unlike a standard HTTPS connection, onion routing works by sending the packets of encrypted data through multiple servers, also called relays or nodes. These nodes are located and maintained worldwide, thus obscuring the user’s true location. As the data passes through each node, a single layer of encryption is removed. When the data eventually reaches the website’s server, its original location cannot be viewed, protecting user anonymity.

Who Uses Tor?

There are several reasons why someone would choose to use the Tor network, though use cases can generally be categorized into three main groups. The first user group can be classed as privacy advocates who, while not necessarily doing anything untoward, feel strongly about the increasing levels of surveillance in the modern world, be it at the hands of governments or other powerful actors such as corporations. These netizens use Tor in order to minimize the extent to which their data and internet use is observed or harvested.

The second user group of Tor, and arguably the most well-known, is comprised of criminal actors, including fraudsters, hackers, drug dealers, and those producing, distributing, or consuming CSEA (child sexual exploitation and abuse) content. The relative anonymity conferred by Tor lends itself to these actors’ need to evade detection by law enforcement while still operating fairly openly. Though some of the user base in this group perpetrate scams, relying on Tor’s anonymity and the lack of legal recourse available to those seeking or selling illicit goods and services, the majority of buyers and vendors on dark web markets are genuine. As well as online marketplaces, this subset of Tor users often congregate on dark web forums, to take part in discussions, knowledge sharing, and reviews relevant to their particular criminal niche.

The final typology of Tor users are those attempting to evade government censorship of the internet, in countries where access to information and self expression online is tightly controlled by the state. In China, for example, many foreign websites are restricted by the “Great Firewall”. In order to circumvent these restrictions, netizens can use the Tor network to access blocked sites and criticize their government relatively freely, as well as engaging in whistleblowing activities such as sending documents securely to journalists.

Other dark webs

While the most popular and populous, Tor is not the only privacy network that enables users to access the “hidden” spaces of the dark web. Other examples of privacy networks that work to achieve the same goal – protecting the user’s anonymity – include the Invisible Internet Project (I2P), Zeronet, Freenet and BitBazaar.