Let’s Connect to TOR

All about VPN & Privacy, and Anonymity

JJ's Blog
8 min readOct 17, 2021
Image by The New York Times

Dark Web is a word that makes you more enthusiastic to explore it. Welcome to another part of the darker side internet! If you are in a world of Privacy & Anonymity then you’ve no doubt heard the word TOR (The Onion Router).

In today’s article, we are going to explore Privacy, anonymity, and security in the TOR browser… When someone asked about TOR, the first thing that comes to mind is Anonymity and full of security, privacy, and protection but is it? let’s uncover some facts.

Did you know the difference between Privacy, Anonymity and Security?

The two terms are not as interchangeable as you think. Privacy and Anonymity often get substituted for one another and in the wrong context so it is easy to get confused. It’s important to understand that anonymity and privacy aren’t the same. You could be anonymous, but still not private, or vice versa.

Privacy is the ability to keep certain data and information about yourself exclusive to you and control who and what has access to it. When it comes to online privacy, it’s a matter of how much personal information you can keep to yourself when browsing the internet or using software on any of your devices as Elon Musk is not going to declare his personal Laptop/Phone password to the internet. In short, Privacy is the ability to control what information you allow others to access.

Anonymity is when nobody knows who you are but potentially they know what you are doing. You can be anonymous in the physical world by covering your face and fingerprints. In the digital world, you can be anonymous by preventing online entities from collecting or storing data that could be used to identify you, for example, the Anonymous Hacker group.

If you want to be anonymous, many tools will allow you to do so. One of these is Tor, which is a network that enables users to anonymously browse the web.

Security is a set of measures that protect against potential harm to your online reputation and files. There are various ways to protect yourself from exploitation. To protect against various types of threats and unauthorized access, you can practice online and data security by using antivirus software, encrypting important files, enabling 2FA, and using passwords to secure accounts and devices.

Working Mechanism of TOR

TOR is a browser that allows users to exchange information online anonymously. It bounces the connections between different routes so they are hard to trace which forms anonymity. TOR can manage this by hiding the identity of the users to bounce the connection through 3 different servers across the world by adding some layer of encryption each time, so the name is ONION.

For the users, the known browser such as Google, Bing & Yahoo is the more convenient way to surf the surface of the internet. But the Dark web contains some hidden pages that can’t be indexed on google. so, to access this dark space, you need to connect with TOR.

Tor browsers are work differently on the TCP layer and use communication techniques through socket connections. When a new user joins the network through the Tor browsing, Tor builds a virtual circuit connection with several randomly chosen nodes on the particular network.

Afterward, for approximately 10 minutes it uses this virtual circuit then It creates a new circuit, and so on…

The circuit mainly has 3 types of nodes:

  1. Entry Node: The very first node, which receives the incoming traffic. The main concern here is, your internet traffic won’t be encrypted until it actually enters the Tor network, so the first node you connect to will technically be able to see your router’s IP address.
  2. Intermediate Node: This node passes the data from one node to another line by line.
  3. Exit Node: The last node, delivers the traffic in an unencrypted manner to the open internet.

When a user/source requests access to a particular website, Tor encrypts the request with several layers and sends it to the entry node, and transports it through some intermediate nodes which are distributed across the world and chosen randomly. With every jump to a node, the current node removes one layer of encryption from the encrypted request before passing it to the next intermediate node.

When the request arrives at the exit node, the latter removes all remaining layers of encryption and sends the original unencrypted request to the webserver on the public internet. With this mechanism, all information about the source is lost and the identity of the user remains ambiguous, and it is possible to return only to the last node in the circuit, however, Operators of Tor exit nodes can potentially monitor your internet activity, particularly if you visit an unencrypted web address, That’s why users have to consent to use exit nodes. It’s likely that LEA, Investigation agencies, and governments run some of them in order to monitor criminal activity.

Tor also gives users permission for deploying websites without revealing the location of their hosting servers, and those sites use the extension “.onion” that cannot be processed and rendered outside the Tor network. These are some of the major characteristics which allow users anonymous browsing and make it a safe means of communication among users.

The goal of onion routing was to have a way to use the internet with as much privacy as possible, and the idea was to route traffic through multiple servers and encrypt it each step of the way.

Without Tor, the darknet still exists. Tor is simply a dark web browser like if chrome is shut down tomorrow then the internet still exists.

Why do all the Dark websites mainly contain .onion Top-Level Domain?

Top-level domains like .onion being reserved for the hidden services. The Internet Engineering Task Force (IETF) declared the .onion as a special purpose usable top-level domain (see RFC 7686) which is helps to implement anonymous services with strong confidentiality & anonymity.

Do I need a VPN when using Tor?

While both Tor and VPNs work to protect your online anonymity and privacy. Tor is a free browser that will encrypt your requests, but it’s slow, doesn’t have access to all sites, and can lead to legal trouble. Meanwhile, VPNs are secure, fast, encrypt all your traffic, give you access to any Internet site, and put you in control of your intended location.

Another major difference is that while Tor provides anonymity, and is free, a VPN will provide you with privacy, but not necessarily anonymity. This is because the middle man, the VPN in this case, knows your real IP address. They have to know this information in order to forward your requests. The VPN service is built upon a different technology than Tor. It is built for speed and stability. There are some pros and cons to VPN. First, it is not free and the free ones..haha you know better than me!

For this reason, you need to decide whether you want privacy or anonymity. They are different beasts that require different setups. And not every VPN user uses Tor and not every Tor user uses a VPN service, but it is advantageous to combine these two powerful tools.

Connecting through a VPN is a fantastic way for anyone to improve their online privacy and security. But using a VPN still requires trusting your VPN provider that operates the servers and makes the app. Sometimes, that trust is abused and users’ personal details are exposed. VPN companies claim that they do not store user logs… but If you are doing some nasty things and crime while connecting VPN then they will not go to jail for you, ever. So do your due diligence and research.

Let’s see the different ways to use TOR & VPN together..

Tor over VPN

User -> VPN -> Tor -> Internet

This is the much more continent method for a normal user. In this scenario, users are connecting to VPN first and then access the TOR network. It’s simple and effective.

Your traffic will go through the VPN server before it gets to the Tor entry node. This means that the VPN server can only see that you’re connected to Tor and can’t see where your traffic is going. Whereas your ISP, only sees that you’re connected to a VPN server, and nothing beyond that. This method prevents your ISP from seeing that you’re using TOR.

VPN over TOR

User -> TOR -> VPN -> Internet

This setup is a little more complex and doesn’t offer additional anonymity. In this case, your traffic goes through Tor first. Your ISP can still see you’re connected to the Tor network, the Tor entry node can see your real IP address, and you still need to trust your VPN as it can see where your traffic is going.

One issue VPN over Tor does alleviate is the Tor exit node being able to see which site you’re visiting. One downside to this is that your VPN login information and other activities could be viewed by the Tor exit node operator as it is the last node that has no encryption layer. In my experience, establishing a VPN over Tor is chancy, and requires much tweaking.

A VPN isn’t a requirement to use Tor, but it helps a lot. It encrypts your whole traffic, masking it from the ISP. In short, it’s much safer to use Tor with a VPN

Conclusion

TOR can help you to protect your digital privacy & you can browse the Internet anonymously. Tor also has some weaknesses and vulnerabilities but still, it’s one of the best browsers to protect your digital Identity & Privacy. To access & surf the dark web with TOR is not illegal but please go on at your own risk and take necessary security measurements.

As I said earlier, TOR is a just privacy-designed browser that doesn’t mean to provide 100% anonymity. So, keep these things in mind to connect TOR to next time!

  • Disabling the browser’s plugins & Use VPN services
  • Don’t open TOR in full-screen mode.
  • Do Encrypt your Data Storage & Keep backup of your systems
  • Cover or disconnect your webcam lenses. You must block access to the microphone and camera.
  • Don’t torrent using Tor — File-sharing applications often ignore Tor’s commands and make direct connections between users.
  • Don’t open any documents whilst online — They could be auto-opened by an application outside of Tor.
  • When you have to enter the name, email address, or some identity revealing details, never ever provide the real ones. Trust me, you will regret it later. Prevention is better than cure.
  • I recommend you not browsing the dark web from the main OS that you use every day. On the other hand, there is a tiny OS called Tails. Install the same and use it for maximum security.
  • You must do your research before you visit any deep website link. Be careful during every second you browse the deep web. There are tons of dangers hidden in there. If you don’t act vigilantly, you will lose many things.

Thanks for reading 😊

--

--

JJ's Blog
JJ's Blog

Written by JJ's Blog

Intel | Research | Darkweb | Mystery | Infosec

Responses (2)