Synopsis:
Google- internet-social media has made human existence vulnerable to public scrutiny- a microscopic existence. One of the biggest concerns today for everyone is “online privacy” everyone, everything, every place is exposed. Some people are really “Loving It” and some dreading! Incidents of Edward Joseph Snowden and wiki-leaks have made the world not only more paranoid but also cyber security obsessed. Everyone is highly apprehensive of monitoring their online activity and are frantically worried as to how, why and when this peek-boo intrusion can be obstructed.
Deep Web, Surface web, Visible Web:
Well! We are all under false assumption that the internet is a great asset for information, in reality what we normally see on the internet is just a link which is actually a long chain, consisting of underground websites and content most unseen. Deep web is part of this internet that is actually hidden from human view. Deep Web is also known as “Invisible Web” and the content of which cannot be indexed by search engines and hard to keep track of (96% of content). Deep Web is 500X the size of estimated surface web. There is also something called Surface Web (containing 4% of content) is also known as “visible Web” which is normally traced while using search engines viz. Google or Yahoo. Surface Web is under constant surveillance by the Government. Voila! TOR the Onion router is an answer to this grave concern for sure!
What is TOR?
TOR (The Onion Router) is like a Rescue Operation which allows users to use the internet and Deep Web devoid of any microscopic government surveillance, spyware or even hackers. Let us therefore by this blog try to understand what exactly is TOR and Deep Web all about. I am sure this will help you to certain extent, guard you on how to be safe on internet. TOR (network) is nothing but a group of volunteer-operated servers that enables users and people to improve-protect their privacy and security on the internet. TOR network is employed by users, by having it connected through a series of virtual tunnels instead of making a direct connection. Apparently, this allows both, the organization and individuals to have access or share information over public networks protecting their privacy substantially. Tor is considered as a very effective censorship circumvented tool which allows exclusivity to users to have a reach to content or blocked destinations. Tor is effectively used by soft ware developers as a building block to create new communication tools with built-in privacy features.
Who mostly uses Tor?
Individuals:
Highly used by individuals simply because it protects theirs, their family, their friend’s websites from tracking. Also with instances where users would like to be connected to news, instant messaging services, or some similar sites, which are otherwise blocked by the local Internet providers. The most interesting part of Tor is that with its Hidden Services it allows users to publish web sites and other related services, without actually disclosing the site location. Individuals also use Tor for socially sensitive communication platforms such as chat rooms and web forums. It is of great help to rape and abuse survivors or people with some grave illnesses of peculiar nature.
Journalists-Media:
Also a favourite with journalists and Media because it allows secure safer interactions with dissidents, criminals or whistleblowers. While in foreign shores NGOs use Tor to enable their workers to easily connect with their home websites without notifying anyone in their purview that they are working for a particular organisation.
Groups in particular:
Groups like Indymedia and others extensively recommend using Tor for protecting and safeguarding privacy and security of their online members. EFF-Electronic Frontier Foundation Activist groups also highly recommend Tor as an effective mechanism for maintaining their online civil liberties. Tor is a hot favourite for Corporations and Business houses because it offers safe competitive analysis, as well as protects sensitive procurement patterns from eavesdroppers-great safety measure. Tors are also used in place of traditional VPNs who otherwise reveal exact amount and timing of communication. Identifying incidents such as, which particular locations have employees working late hours? Or locations which has employees engaged in consulting job-hunting websites? Or locations where research divisions are interacting with the company's patent lawyers etc. are picky-handy. Would like to mention here that a branch of the U.S. Navy uses Tor frequently for open source intelligence gathering. It is also reported recently that one of the U.S. Navy teams used Tor while being deployed in the Middle East. However, Law enforcement also uses Tor for surveilling or visiting web sites without actually leaving government IP addresses in their web logs and of course for security during sting operations.
Tor is being used by wide spectrum of people simply because it assures lot of security and also because it makes you literary invisible midst other users in your network. Thus making anonymity a big asset to relish in this otherwise public glared world.
The Need for Tor:
Using of Tor allows one to be safeguarded from Traffic Analysis which is a form of internet surveillance. Over public network Traffic Analysis is very useful in inferring and detecting who is talking to whom. Because once others have been successful in detecting the source and destination of your internet traffic, it allows them to easily track your behaviour and interests. Say for example based on the origin of your country or institution if an eCommerce site uses price discrimination, you may experience a very big impact on your check-book. In some cases this can prove very fatal as it may cost both your job as well as pose a threat to your physical safety revealing who you are and where you are. Or for example you are on an official tour outside the country and happen to connect to your employer’s computers either to send/check a mail you tend to reveal to anyone who is deliberately (with a motive) observing the network, your national origin and professional affiliation even when the connection is encrypted.
How traffic analysis work?
Internet data packets have two parts one is a data payload and the other is a header used for routing. The data payload is concerned with whatever is being sent from your system. It can either be an email message, a web page or even an audio file. Incidentally, even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're currently doing and possibly what you're interacting. This is because Traffic analysis focusing only on the header obviously discloses the source, size, destination, and timing of your internet communication. However, a very simple form of traffic analysis involves, sitting somewhere between the sender and the recipient on the network and gazing at headers. Isn’t that alarming? However, Traffic Analysis can also be of more powerful kind. Many a times you may find that some habitual attackers spy on multiple parts of the Internet, using sophisticated statistical techniques to track the communications patterns either of individuals or of different organizations. Eventually, encryption in these cases does not work much against these attackers, because unfortunately the content of the internet traffic is hidden and not the headers.
Tor helps to reduce:
By distributing transactions over several places on the internet Tor helps in reducing the risks of simple and sophisticated traffic analysis. Subsequently, no single point can allow you to be linked to your destination. This is similar to something like say for example a person is stalking you and to misguide him you use a twisty or hard-to-follow path and then periodically erase your footprints. Similarly instead of taking a direct route from source to destination, data packets on the Tor network choose a tricky random pathway which has several relays that conveniently cover your tracks, so that no observer from any single point can actually trace where the data originated and where it further moves.
Private Network Pathway Tor:
For creating this pathway with Tor, a circuit of encrypted connections through relays on the network is incrementally built by the client or user’s software. Great care is practised to see that the circuit is only extended at one hop at a time enhancing at the same time that each relay along the way knows specifically which relay gives it data and which relay is giving data to. Interestingly, no individual relay ever knows the complete path that a data packet has taken. The client in the course of passing through skilfully negotiates a separate set of encryption on keys for each hop along the circuit, so that not a single hop is in a position to trace these connections in such cases.
Circuit established:
Once the circuit is established, it becomes very easy to have various kinds of data exchanged as well as various sorts of software applications deployed over the Tor network. The fact that, each relays sees not more than one hop at a time in the circuit, neither an eaves dropper nor the compromised relay is in a position to use traffic analysis to link the connection’s source as well as destination. Tor exclusively works for TCP streams and can be used by any application which supports SOCKS. Interestingly, for the sake of efficiency Tor software uses within same 10 mins same circuit for connections.
Maintaining anonymity:
Since its focus mainly on protecting of transport of data Tor is not in a position to solve all problems related to anonymity. Hence the need for using protocol-specific support software is essential in case you wish to have the sites that you visit; have your identifying information exposed. However, while browsing, using Tor Browser is effective because it withholds information about your computer’s configuration. It equally calls for individual’s smartness with respect to protecting one’s anonymity. It is always advisable to reserve providing details like your name or any other personal information in the web forms. Tor however donot provide protection against any end-to-end timing attacks as is seen in the case of all anonymizing networks that are fast enough for web browsing. In any case, if your attacker is in a position to detect and watch the traffic coming out of your computer, as well as arriving at your specific destination, he can conveniently use statistical analysis to spot that they are very much part of the same circuit.
Future of Tor:
Great challenge as of today is to provide a usable anonymizing network on the Internet. There is therefore a great demand for software that meets users' needs. At the same time the need to keep the network up and running (in such a way) that it handles many users at the same time is of prime concern. In which case security and usability don't have to be necessarily at odds. As will be the case that, as soon as Tor's usability increases it will obviously attract more users. This will not only increase the possible sources and destinations of each communication but also increase security for everyone. Progress is being made considerably in this aspect but, more help is still anticipated.
Constant change in trends as regards law, technology and policy does pose a grave threat to anonymity. It affects the ability to speak and read online with fear. They also pose a threat to national security and sensitive infrastructure as well. It makes communications amongst organizations, individuals, corporations and government subject to more open analysis. Every new user and a relay in this case provide additional diversity, thereby allowing Tor’s ability to exert control over security and privacy back into user’s hands. Although Tor Browser is in a position to offer many security, privacy features and properties however, it is not affordable (round the world) by everyone to be connected to use it. However, by default Tor Browser has the tendency to make its users pose alike, either by way of spoofing User Agent or other such methods, in order to avoid fingerprinting attacks. But this obviously is at the cost that it does not hide the fact that, you are connected to Tor (viz. an open network where anyone is in a position to have access to list of relays). This transparency in network does have benefits and non-benefits as well. It is experienced that many governments (who are repressive in approach) and a few authorities do benefit in a big way due to this transparency in network by blocking users having free and open access to the internet. This proves very convenient for them, because they just have to procure a list of Tor relays and block them. Results, millions of people are barred from free information; sometimes even those who are in dire need are genuinely deprived off. However, Tor is more concerned about offering freedom of access to information and is not in favour of censorship. Keeping this in mind they have exerted great efforts to develop methods such as Pluggable Transports (PTs) which connects to the network and skips censorship. PTs are actually bridge to the Tor network. PTs are such fascinating methods that they literary take advantage of varied transports and tend to make encrypted traffic to Tor appear, either as garbage traffic or not-interesting. Bridge information is kept discreet and distributed only amongst users via Bridge DB unlike normal relays. (Bridge DB is a framework for finding and mapping equivalent database identifiers. BDB has many facets. It is both a framework of live services as well as identifier of mapping files).
Putting Procedures:
In Tor Project, unlike other organizations putting procedures in place is rather difficult. Reason being the staffs that are on Tor project, work either in partnership with a broad Tor community or are volunteers, freelancers or employed by other organizations. Hence you donot operate in a typical top-down management environment as in a corporate scenario. Nevertheless, diligent efforts are progressive both by Tor Project and Tor community to take active steps to tackle problems and behaviours which are of unprofessional pattern in a more professional manner. Having created an anti-harassment policy, conflict of interest policy, procedures for submitting complaints as well as internal complaint review process Tor Project has been welcomed and approved by Tor’s board of directors (which comprises of significant experience in governance and executive leadership). Furthermore, Tor Community have also created community council to solve and resolve intra community difficulties. For this they have developed membership guidelines, code of conduct as well as social contract that affirms shared values and behaviours which they incline to model. These policies and practices are expected to go a long way in moulding Tor Project and Tor community as a much stronger key source of support.
TOR program:
Is comprised of a project which does researching, designing, building and analyzing various anonymous communication systems. The focus is more on practical systems for low-latency internet-based connections. All these consequently resist traffic analysis, eaves dropping as well as attacks both from outside (internet routers) and inside (Onion Routing servers themselves). Onion routing does prevent transport medium from knowing who is communicating with whom. The network is only aware that communication is taking place and nothing else. Interestingly, the content of the communication is hidden from eavesdroppers to the point where the traffic leaves the TOR network.
Tor or The Onion Router is a messiah for all internet security and surveillance problems. Why? Because Tor directs internet traffic through free, worldwide, volunteer network consisting more than seven thousand relays to conceal user’s location and usage (from any conducting network surveillance or traffic analysis). Tor network, with many hundred nodes, processes traffic from hundreds of thousands of unknown users. The secret of Tor being successful lies in how the packets are constructed viz. whenever the user sends the packet, the top layer tells it to go to Router A which obviously is the first stop on the circuit. In a nutshell TOR is a wonder magic free software, an open network that allows people to learn how to protect their digital identity as well as information online. This gives them a security of achieving greater level of discreetness and efficiency. There are always two sides of the coin similarly; TOR also has some security issues. There are many instances of growing number of IP addresses that are not part of Tor network and are interfering while Tor Browsing. Brazil is a country subject to maximum iplookups to quote. It is also experienced that growing number of “onion with red cross errors” on the last check pages is frequently seen. This is not warned by Torbutton as a broken Tornetwork while already blinking as a yellow sign indicating” for available update”.
Security issues a simple guide to Tor and IoT (internet of things):
Remote control and networking of everyday devices is “The Internet of Thing”. Devices can range from anything, like a babycam, a family's lawn sprinkler or to a corporation's entire HVAC system. Free open-source platform built on Python is what the system uses as Home Assistant that runs on Raspberry Pi. The system can be set up to both control and network users. “Internet of Things” says for e.g. can be anything from smart light bulbs, home security systems, weather sensors, thermostats household appliances etc. New “Tor Onion Service Configuration” setup is also available on the websites of all these IoT items. Tor Project therefore aspires for Tor privacy technology that is deeply integrated in everyday life of people. Keen to see that it is part and parcel of them enabling them to cherish their inbuilt privacy and security at length.
The grave danger with the "Internet of Things" is (opportunity for surveillance) that an individual hacker or a state actor can either store, accumulate, or exploit very private information either against individuals or companies which are far from being hypothetical. There are instances where attackers have stolen 40 million credit card numbers after hacking into a national retailer’s HVAC system. Then conveniently used it to access their computer system and customers. To combat this shortfall Tor has successfully developed a method which builds a buffer of privacy between HVAC system and the internet in such a way, that HVAC is never exposed to the open interne. As a result, instead of hack able or a single point of failure, attackers can be contended with global network of thousands of Tor nodes. With real-world hard ended, open source software, state of the art cryptography is offered by Tor free of cost which proves handy in managing things either at home, at hospitals, at businesses which are otherwise exposed to public internet without the ability to protect communication.
Conclusion:
It is predicted that in coming times Networked sensors and Internet of Things are projected to grow rapidly which has huge potential to drastically change the entire internet surveillance. Still images, videos and audios captured by these devices, may however, enable smooth real-time intercept and recording with after-the-fact access. Therefore the inability to monitor an encrypted channel can be easily prevented by way of monitoring from afar a person through a different channel altogether Tor is certainly more for Internet security and surveillance.
