Anonymity & Privacy

What is really on the ‘Dark Net’, and how does it work? πŸ‘€

TOR, otherwise known as the ‘Darknet’ is one of the most widely used anonymising services available.

What is TOR?

Tor, short for The Onion Router, is a free and open-source software that allows users to browse the internet anonymously. It was first developed in the mid-1990s by the United States Navy Research Laboratory as a way for government agents to communicate anonymously. In 2002, the Tor Project was established as a non-profit organisation to develop and maintain the Tor software.

How does TOR work?

Tor uses a system of relays and encryption to ensure that internet traffic is anonymous and untraceable. When a user connects to Tor, their internet traffic is encrypted and routed through a series of relays, each of which only knows the IP address of the relay before and after it. This creates multiple layers of encryption, like the layers of an onion, which makes it extremely difficult for anyone to trace the user’s internet activity back to their physical location.

One of the key features of Tor is that it allows users to access the dark web, a part of the internet that is not indexed by traditional search engines and is only accessible through the use of specialised software like Tor. The dark web includes websites that offer illegal goods and services, such as drugs, weapons, and hacking tools, as well as websites that promote free speech and anonymity, such as whistleblower sites and online forums.

While Tor provides a high level of anonymity, it is not foolproof. For example, if a user logs into a personal account, such as an email or social media account, while using Tor, their identity may be revealed. In addition, Tor does not provide end-to-end encryption, which means that the user’s internet traffic is only encrypted between the user’s device and the final relay, not all the way to the destination server.

Another potential weakness of Tor is that it relies on a network of volunteer relays, which can be compromised by malicious actors. If a relay is compromised, it may be possible for an attacker to trace a user’s internet activity back to their physical location. However, the Tor Project takes steps to prevent this from happening, such as monitoring the network for unusual activity and removing compromised relays.

TOR works by routing your traffic through multiple hops, and obfuscating

The weaknesses of TOR

While Tor provides a high level of anonymity, it is not foolproof. For example, if a user logs into a personal account, such as an email or social media account, while using Tor, their identity may be revealed. In addition, Tor does not provide end-to-end encryption, which means that the user’s internet traffic is only encrypted between the user’s device and the final relay, not all the way to the destination server.

Another potential weakness of Tor is that it relies on a network of volunteer relays, which can be compromised by malicious actors. If a relay is compromised, it may be possible for an attacker to trace a user’s internet activity back to their physical location. However, the Tor Project takes steps to prevent this from happening, such as monitoring the network for unusual activity and removing compromised relays.

In recent years, Tor has been the subject of controversy due to its association with criminal activity on the dark web. While Tor does provide a way for users to access illegal goods and services, it also provides a way for individuals to access information and communicate anonymously in countries with oppressive governments or where free speech is restricted.

End to end correlation attacks

If your adversary is a nation state with sufficient resources, it’s possible to perform an end-to-end correlation attack to attribute TOR traffic to your network.

An end-to-end correlation attack attempts to break this anonymity provided by TOR by monitoring the traffic at both ends of the communication, i.e., at the entry node (guard node) and the exit node. By controlling both ends of the connection, an attacker can analyse the timing and volume of the traffic, as well as examine other identifying features, to try to link the incoming and outgoing traffic.

The attack works by using various techniques, such as traffic confirmation attacks or statistical analysis, to identify patterns in the traffic flows. These patterns can reveal information about the user’s activities and potentially link their Tor traffic to their actual IP address or other identifying information.

There have been research papers and demonstrations that illustrate the feasibility of such attacks under certain conditions. However, it is important to note that Tor developers are constantly working to improve the network’s security and resilience against such attacks. Additionally, implementing good operational security practices, such as avoiding known vulnerable software and keeping Tor software up to date, can help mitigate the risk of end-to-end correlation attacks.

Javascript vulnerabilities

Finally, if you are using the TOR browser, it’s best practice to enable the ‘safest’ option in your browser security settings. This mitigates the risks posed by Javascript: a client-side scripting language that can determine your battery usage, screen resolution, and even your location.

In the past, there have been instances where malicious JavaScript code has been used to exploit vulnerabilities in the Tor browser. These exploits targeted security flaws in the browser’s JavaScript engine or used JavaScript to bypass certain security measures. The Tor Project and the browser developers actively work to address these vulnerabilities and release patches to protect users.

Enabling JavaScript in the Tor browser can potentially introduce security risks. JavaScript is a powerful scripting language that, if executed, could be used to reveal identifying information or compromise the user’s anonymity. For this reason, the Tor browser disables JavaScript by default to minimise such risks. Enabling JavaScript in Tor is generally discouraged, as it can undermine the privacy and security protections provided by the network.

It’s important to note that vulnerabilities and security risks are an ongoing concern for any software, including the Tor browser. The Tor Project and the broader security community are actively engaged in identifying and addressing vulnerabilities to enhance the security and privacy of the Tor network. It’s always recommended to keep the Tor browser up to date with the latest versions and follow best practices suggested by the Tor Project to maintain a secure and anonymous browsing experience.

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe πŸ˜‡

Anonymity and Privacy

Living off the grid with TAILS OS πŸ‘»

Your mobile phone is SPYING on you. Here’s how πŸ‘€

Anonymise yourself with TAILS OS… the operating system used by Edward Snowden πŸ‘»

What is really on the ‘Dark Net’, and how does it work? πŸ‘€

How do VPNs work (and how they don’t) πŸ‘€

Stylometry: how intelligence agencies track you by your writing style ✍️

The 2024 Complete Guide To Online Privacy πŸ€“

Fifteen Steps to maximising firefox privacy πŸ”’βœ…

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity.Β 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me πŸ˜‡

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties πŸ˜‡

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.