Tor is a standard in the Internet privacy world, and rightly so. However, if you are using Tor to browse the conventional web, be aware that even if the Tor exit nodes (which route your original data out of the Tor network) do not know who you are, they do, by necessity, have access to the original data that you sent over the network.
There are exit nodes that are run by cyber criminals and governments in the hopes of recovering valuable data generated by those who seek privacy for some reason. Learn how to protect yourself from malicious Tor exit nodes.
What’s going on under the Tor hood?
A Tor connection to a non-onion site (i.e. normal internet) looks like this:
- Your computer establishes an encrypted connection to the Tor network and finds an entry guard, which can be any relay with sufficient bandwidth and an availability history. The browser calculates a random route through the Tor network (this changes every 10 minutes) and wraps your data in several layers of encryption.
- Your data travels between nodes on the route, each knowing only the before node and the after node, which means that your original address is obscured after a bounce. Each Tor node can decrypt a layer, giving it information about where to send the data next – so the “onion” terminology associated with Tor.
- Upon reaching the endpoint, the last layer of encryption is removed and the data is sent to the server outside the Tor network where it was originally directed.
The end node is the weakest link in the Tor network, because Tor encryption has disappeared and all unencrypted data is now readable by the node. If the traffic was encrypted before entering the Tor network, this encryption remains in place until the traffic reaches the external destination server, which is essential to maintain your privacy and security.
Who manages bad exit nodes?
The two main categories of exit node attackers are cybercriminals and governments. Cybercriminals want passwords and other personal information they can use, and governments want to monitor criminal activity, monitor citizens, and even verify in other countries.
Malicious exit nodes have been discovered or demonstrated in several independent experiments:
How to protect yourself from malicious exit nodes
1. Navigate only with HTTPS
By far, the best way to protect your data from spying on exit nodes is the good old HTTPS. Targeted exit node attackers could theoretically work around this problem, but since traffic via HTTPS is encrypted over the entire path between your computer and the destination server and vice versa, this means that your traffic will never appear by default in plain text on a Tor node. Even the egress node sends encrypted information to the site.
Tor automatically upgrades all possible connections to HTTPS, but if you are ever on an unencrypted connection (HTTP sites, for example), be aware that your traffic is visible to the egress node. Fortunately, most modern sites use HTTPS by default, but be careful and do not connect or transmit any sensitive information at all over an HTTP connection.
2. Keep your sensitive information to a minimum
For maximum privacy, it’s best to just assume that someone is watching and encrypting everything accordingly, even if the connection uses HTTPS. If you have sensitive data to communicate to someone, encrypt it first with something like PGP. Do not provide personal information or log into accounts associated with the real you.
In practice, if you are on an HTTPS connection, you can probably navigate relatively normally, but don’t let your guard down.
3. Consume only .onion sites
.Onion sites are hosted on the Tor network and do not need to go through an egress node, which means there is no way for a malicious node to see your traffic decrypted. The main sites with onion versions are rare, but you can at least read the New york times and browse Facebook (if that sounds like a good idea).
What about VPN + Tor?
Tor is good for privacy, and VPNs are good for privacy, so VPN + Tor = double privacy, right? Well, it’s a little more complex than that. Using a combination can be good for some things, but it comes with compromises – especially in terms of speed.
1. Tor over VPN (VPN connection to Tor entry guard)
Connect to the VPN first, then using the Tor browser. This will provide some security. It prevents entry nodes from seeing your IP address and prevents your ISP from knowing that you are using Tor. However, it does mean that you need to trust your VPN provider as well as the Tor network and does nothing to protect yourself from faulty egress nodes. To get around Tor blocking censorship, relays relays are probably better.
2. VPN over Tor (VPN after the exit node)
VPN on Tor is a bit more difficult to configure, as you need to configure the connection to the VPN, send the data via Tor, and then transmit it to the VPN server. This means that faulty egress nodes cannot read unencrypted data, but it also makes you less anonymous, because both the egress node and the site see your VPN server. You also cannot access .onion sites and do not benefit from certain Tor anonymization features such as circuit switching. There is a lot of debate about this, but in general, sticking to encrypted HTTPS connections is a better choice, and VPN over Tor is only useful in specific cases.
Basically, you can use VPN with Tor, but the simple method does not protect you from faulty egress nodes, and the difficult method comes with large captures. These approaches can be useful, but it is better to be aware of the trade-offs.
The good, the bad and the Tor
Tor is an incredible way to get around censorship and maintain online privacy, but it’s important to be aware of its limitations and myths. The Tor network hosts many illicit and private activities, and when you use it, you potentially expose your traffic to people and institutions that target exactly that. Even if malicious Tor exit nodes are a minority on the network, the fact remains that they exist, and most of the owners are not just curious researchers.
Is this article useful?