Tor Project | Anonymity Online
Tor Browser isolates each website you visit so third-party trackers and ads can’t follow you. Any cookies automatically clear when you’re done browsing. So will your browsing history.
DEFEND AGAINST SURVEILLANCE
Tor Browser prevents someone watching your connection from knowing what websites you visit. All anyone monitoring your browsing habits can see is that you’re using Tor.
Tor Browser aims to make all users look the same, making it difficult for you to be fingerprinted based on your browser and device information.
Your traffic is relayed and encrypted three times as it passes over the Tor network. The network is comprised of thousands of volunteer-run servers known as Tor relays.
With Tor Browser, you are free to access sites your home network may have blocked.
ABOUT USWe believe everyone should be able to explore the internet with privacy.
We are the Tor Project, a 501(c)(3) US nonprofit.
We advance human rights and defend your privacy online through free software and open networks. Meet our team.
Onion routing – Wikipedia
This article’s factual accuracy may be compromised due to out-of-date information. Please help update this article to reflect recent events or newly available information. (March 2017)
Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is transmitted through a series of network nodes called onion routers, each of which “peels” away from a single layer, uncovering the data’s next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.  While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis. 
Development and implementation
Onion routing was developed in the mid-1990s at the U. S. Naval Research Laboratory by employees Paul Syverson, Michael G. Reed, and David Goldschlag to protect U. intelligence communications online.  It was further developed by the Defense Advanced Research Projects Agency (DARPA) and patented by the Navy in 1998. 
This method was publicly released by the same employees through publishing an article in the IEEE journal of communications the same year. It depicted the use of the method to protect the user from the network and outside observers who eavesdrop and conduct traffic analysis attacks. The most important part of this research is the configurations and applications of onion routing on the existing e-services, such as Virtual private network, Web-browsing, Email, Remote login, and Electronic cash. 
Based on the existing onion routing technology, computer scientists Roger Dingledine and Nick Mathewson joined Paul Syverson in 2002 to develop what has become the largest and best-known implementation of onion routing, then called The Onion Routing project (Tor project).
After the Naval Research Laboratory released the code for Tor under a free license,  Dingledine, Mathewson and five others founded The Tor Project as a non-profit organization in 2006, with the financial support of the Electronic Frontier Foundation and several other organizations. 
In this example onion, the source of the data sends the onion to Router A, which removes a layer of encryption to learn only where to send it next and where it came from (though it does not know if the sender is the origin or just another node). Router A sends it to Router B, which decrypts another layer to learn its next destination. Router B sends it to Router C, which removes the final layer of encryption and transmits the original message to its destination.
Metaphorically, an onion is the data structure formed by “wrapping” a message with successive layers of encryption to be decrypted (“peeled” or “unwrapped”) by as many intermediary computers as there are layers before arriving at its destination. The original message remains hidden as it is transferred from one node to the next, and no intermediary knows both the origin and final destination of the data, allowing the sender to remain anonymous. 
Onion creation and transmission
To create and transmit an onion, the originator selects a set of nodes from a list provided by a “directory node”. The chosen nodes are arranged into a path, called a “chain” or “circuit”, through which the message will be transmitted. To preserve the anonymity of the sender, no node in the circuit is able to tell whether the node before it is the originator or another intermediary like itself. Likewise, no node in the circuit is able to tell how many other nodes are in the circuit and only the final node, the “exit node”, is able to determine its own location in the chain. 
Using asymmetric key cryptography, the originator obtains a public key from the directory node to send an encrypted message to the first (“entry”) node, establishing a connection and a shared secret (“session key”). Using the established encrypted link to the entry node, the originator can then relay a message through the first node to a second node in the chain using encryption that only the second node, and not the first, can decrypt. When the second node receives the message, it establishes a connection with the first node. While this extends the encrypted link from the originator, the second node cannot determine whether the first node is the originator or just another node in the circuit. The originator can then send a message through the first and second nodes to a third node, encrypted such that only the third node is able to decrypt it. The third, as with the second, becomes linked to the originator but connects only with the second. This process can be repeated to build larger and larger chains, but is typically limited to preserve performance. 
When the chain is complete, the originator can send data over the Internet anonymously. When the final recipient of the data sends data back, the intermediary nodes maintain the same link back to the originator, with data again layered, but in reverse such that the final node this time adds the first layer of encryption and the first node adds the last layer of encryption before sending the data, for example a web page, to the originator, who is able to decrypt all layers. 
One of the reasons why the typical Internet connections are not considered anonymous, is the ability of Internet service providers to trace and log connections between computers. For example, when a person accesses a particular website, the data itself may be secured through a connection like HTTPS such that the user’s password, emails, or other content is not visible to an outside party, but there is a record of the connection itself, what time it occurred, and the amount of data transferred. Onion routing creates and obscures a path between two computers such that there’s no discernible connection directly from a person to a website, but there still exists records of connections between computers. Traffic analysis searches those records of connections made by a potential originator and tries to match timing and data transfers to connections made to a potential recipient. If an attacker has compromised both ends of a route, a sender may be seen to have transferred an amount of data to an unknown computer a specified amount of seconds before a different unknown computer transferred data of the same exact size to a particular destination.  Factors that may facilitate traffic analysis include nodes failing or leaving the network and a compromised node keeping track of a session as it occurs when chains are periodically rebuilt. 
Garlic routing is a variant of onion routing associated with the I2P network that encrypts multiple messages together, which both increases the speed of data transfer and makes it more difficult for attackers to perform traffic analysis. 
Exit node vulnerability
Although the message being sent is transmitted inside several layers of encryption, the job of the exit node, as the final node in the chain, is to decrypt the final layer and deliver the message to the recipient. A compromised exit node is thus able to acquire the raw data being transmitted, potentially including passwords, private messages, bank account numbers, and other forms of personal information. Dan Egerstad, a Swedish researcher, used such an attack to collect the passwords of over 100 email accounts related to foreign embassies. 
Exit node vulnerabilities are similar to those on unsecured wireless networks, where the data being transmitted by a user on the network may be intercepted by another user or by the router operator. Both issues are solved by using a secure end-to-end connection like SSL or secure HTTP (S-HTTP). If there is end-to-end encryption between the sender and the recipient, and the sender isn’t lured into trusting a false SSL certificate offered by the exit node, then not even the last intermediary can view the original message.
Degree of anonymity
Diffie–Hellman key exchange
Java Anon Proxy
Mixmaster anonymous remailer
Tox – implements onion routing
Tribler – implements onion routing
^ Goldschlag D., Reed M., Syverson P. (1999. ) Onion Routing for Anonymous and Private Internet Connections, Onion Router.
^ Soltani, Ramin; Goeckel, Dennis; Towsley, Don; Houmansadr, Amir (2017-11-27). “Towards Provably Invisible Network Flow Fingerprints”. 2017 51st Asilomar Conference on Signals, Systems, and Computers. pp. 258–262. arXiv:1711. 10079. doi:10. 1109/ACSSC. 2017. 8335179. ISBN 978-1-5386-1823-3. S2CID 4943955.
^ Reed M. G., Syverson P. F., Goldschlag D. M. (1998) “Anonymous connections and onion routing”, IEEE Journal on Selected Areas in Communications, 16(4):482–494.
^ a b US patent 6266704, Reed; Michael G. (Bethesda, MD), Syverson; Paul F. (Silver Spring, MD), Goldschlag; David M. (Silver Spring, MD), “Onion routing network for securely moving data through communication networks”, assigned to The United States of America as represented by the Secretary of the Navy (Washington, DC)
^ a b Levine, Yasha (16 July 2014). “Almost everyone involved in developing Tor was (or is) funded by the US government”. Pando Daily. Retrieved 30 August 2014.
^ Fagoyinbo, Joseph Babatunde (2013-05-24). The Armed Forces: Instrument of Peace, Strength, Development and Prosperity. AuthorHouse. ISBN 9781477226476. Retrieved August 29, 2014.
^ Leigh, David; Harding, Luke (2011-02-08). WikiLeaks: Inside Julian Assange’s War on Secrecy. PublicAffairs. ISBN 978-1610390620. Retrieved August 29, 2014.
^ Reed, M. G. ; Syverson, P. F. ; Goldschlag, D. (May 1998). “Anonymous connections and onion routing”. IEEE Journal on Selected Areas in Communications. 16 (4): 482–494. 1109/49. 668972. ISSN 1558-0008.
^ Dingledine, Roger (20 September 2002). “pre-alpha: run an onion proxy now! “. or-dev (Mailing list). Retrieved 17 July 2008.
^ “Tor FAQ: Why is it called Tor? “. Tor Project. Retrieved 1 July 2011.
^ Krebs, Brian (8 August 2007). “Attacks Prompt Update for ‘Tor’ Anonymity Network”. Washington Post. Retrieved 27 October 2007.
^ a b c d Roger Dingledine; Nick Mathewson; Paul Syverson. “Tor: The Second-Generation Onion Router” (PDF). Retrieved 26 February 2011.
^ Shmatikov, Wang; Ming-Hsiu Vitaly (2006). Timing analysis in low-latency mix networks: attacks and defenses. Proceedings of the 11th European Conference on Research in Computer Security. ESORICS’06. 4189. pp. 18–33. CiteSeerX 10. 1. 64. 8818. 1007/11863908_2. ISBN 978-3-540-44601-9.
^ a b Dingledine, Roger; Mathewson, Nick; Syverson, Paul (August 2004). “Tor: The Second-Generation Onion Router”. San Diego, CA: USENIX Association. Retrieved 24 October 2012.
^ Wright, Matthew. K. ; Adler, Micah; Levine, Brian Neil; Shields, Clay (November 2004). “The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems” (PDF). ACM Transactions on Information and System Security. 7 (4): 489–522. 1145/1042031. 1042032. S2CID 7711031. Archived from the original (PDF) on 2016-03-04. Retrieved 2012-07-04.
^ “Common Darknet Weaknesses: An Overview of Attack Strategies”. 27 January 2014.
^ Zantour, Bassam; Haraty, Ramzi A. (2011). “I2P Data Communication System”. Proceedings of ICN 2011: The Tenth International Conference on Networks: 401–409.
^ Bangeman, Eric (2007-08-30). “Security researcher stumbles across embassy e-mail log-ins”. Retrieved 2010-03-17.
– site formerly hosted at the Center for High Assurance Computer Systems of the U. Naval Research Laboratory
Sylverson, P. ; Reed, M. (1997). “Anonymous Connections and Onion Routing”. IEEE Symposium on Security and Privacy. CiteSeerx: 10. 4829 – The original paper from the Naval Research Laboratory
Anonymous online: Is Tor (The Onion Router) legal? | VPNoverview
Tor (The Onion Router) offers an effective way to browse the internet anonymously and even get access to the dark web. To instantly answer the question many are wondering about: using the Tor browser is completely legal almost everywhere in the world. However, it’s always wise to check whether this is actually the case for the country you’re currently residing general, you won’t have to worry about the police rounding you up because you’ve used Tor to watch a YouTube video or do a Google search. However, if you use the Tor browser to benefit from its increased anonymity while you take part in illegal activities, you are, of course, still subject to the law. If you’re found out, you could be in big and Edward SnowdenQuite regularly, Tor is thought of as closely connected to criminal activities. This is the case, because a lot of criminals use Tor for their practices on the dark web. The browser ensures users are more anonymous on the internet, which makes it their perfect tool. The definition of what’s considered criminal or illegal differs per country – and it can differ a lot. This is also the case for cybercrime. For example, selling harddrugs and weapons online is illegal almost all around the world. However, in some countries, giving your critical opinion on a dictatorship or leaking state documents can be considered a crime as example of the grey area online practices can fall in, is Edward Snowden’s case. In 2013, Snowden leaked secret documents about the NSA and their espionage to the bigger public. For this reason, he’s now wanted by the American government. What Edward Snowden has done (uncovering state secrets) is illegal according to American law. However, many argue that Snowden was right in doing what he did. After all, don’t all citizens have the right to know when someone – anyone – is watching their moves and listening in on their conversations? This is a moral dilemma in which privacy plays a huge other things, Edward Snowden used Tor to reveal secret NSA documents to the broader public. He also called for others to use the Tor browser whenever they go online. According to him, this is one of the few ways that allows you to stay anonymous and use your right to publish freely. Governments and official organisations, such as the NSA in the USA, won’t be able to follow you there – most of the time. Snowden used the browser for activities that were against the law. His call to others, however, wasn’t criminal: he only suggested more people protect their online privacy by surfing the web with the Tor browser. There are some discussions on how safe the Tor browser really is, but the fact remains that Tor makes it a lot harder for governments, websites and other organizations to spy on people and illegal practicesAside from Snowden’s case, there are many other, mostly less well-known or controversial, examples where Tor was used for illegal business. Silk Road is probably the most famous case. Silk Road was an online marketplace for illegal weapons, drugs, and other products. The website has been traced back to its source and taken offline, but there are bound to be similar marketplaces on the dark web. Even if Tor isn’t illegal by itself, it still gives users anonymous access to these kinds of platforms and pages. Therefore, you could say that Tor indirectly supports criminality because it ensures that criminals aren’t as easily identifiable. Whenever something as big as the shutdown of Silk Road happens, heavy discussions about whether the Tor browser is needed or not tend to start up. This then leads into broader debates about online anonymity in general. The consideration that people will have to make is between fighting cybercrime and caring about their online privacy. It’s a tough balance to find, which often becomes not just a legal, but an ethical to newsworthy cases such as Silk Road, the general public frequently associates Tor with illegal activities on the dark web. Tor allows you to host websites that are only accessible for other Tor users, which doesn’t help Tor’s case. Illegal marketplaces and fora are easily set up and instantly accessible for the ‘right’ audience. The Tor browser facilitates such practices, even if that’s not the reason the platform was set and privacyTor might be frequently used by criminals, but this doesn’t mean the browser itself is per definition criminal. On the contrary: Tor helps create an online environment that’s all about freedom and privacy. With Tor, you can browse without others (for example hackers, governments and your boss) looking over your shoulder. It strengthens your right to publish and your freedom of speech. If we’re talking about online safety and anonymity, Tor is a great so, Tor has had to deal with several safety issues. Multiple official organizations, among them the CIA and the FBI, have been able to circumvent and even breach Tor’s security. This way, they were able to track down individuals that were connected to certain illegal practices. Moreover, back in 2017 a weak spot in Tor’s system created the possibility to expose Linux and MacOS IP addresses, cancelling out the browser’s take into consideration that, even with the Tor browser, you and your online data might be uncovered in some way. However, as long as you stick to the (local) law, this shouldn’t be a problem for you. Using the Tor browser usually isn’t problematic in and of itself. Even so, to ensure you’re working with the best possible online protection, you could always use Tor in combination with a VPN connection. If you do this, your online traffic is secured in two different ways and you have an extra layer of encryption guarding your privacy and nclusionUsing Tor isn’t illegal. The Tor browser gives users anonymous access to a free internet. As is the case with everything, this access can be used in both good and bad ways. After all, Tor also allows people to visit criminal websites and marketplaces on the dark web. Despite this, Tor offers an important and adequate option to anonymously spread important information. In short: legally speaking, you can use Tor without any consequences, as long as the things you do online aren’t against the law.
Frequently Asked Questions about onion proxy server
What is onion proxy?
Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to layers of an onion. … When the final layer is decrypted, the message arrives at its destination.
Is Onion browser illegal?
Using Tor isn’t illegal. The Tor browser gives users anonymous access to a free internet. As is the case with everything, this access can be used in both good and bad ways. After all, Tor also allows people to visit criminal websites and marketplaces on the dark web.
What is an onion server?
Onion servers are volunteer-operated – anyone can set up and run one. That means authorities or bad actors could deploy thousands of compromised servers to track you online.