Originally known as “The Onion Router,” Tor is a free tool that helps its users anonymize key elements of their internet activities. The tool is notably sustained by open-source development, which means its codebase is maintained for the public and is open to contributions from the public.
Since its introduction in 2002, Tor has notably earned its place as among the most popular online privacy technologies in the world. The software’s maintenance is currently supported by a handful of non-profit groups, namely the Tor Project, as well as a few government organizations. Tor’s biggest funder to date has been the U.S. federal government.
While the alpha version of Tor first launched in 2002, the project grew out of research pioneered in the 1990s by specialists at the United States Naval Research Laboratory. Those specialists -- computer scientists David Goldschlag and Michael Reed David and mathematician Paul Syverson -- had been tasked with finding a way to anonymize online communications for U.S. intelligence operatives.
The trio of experts thus developed “onion routing,” the privacy technique that would soon underpin Tor. Years later, developers Roger Dingledine and Nick Mathewson took up work on the technique and built out the first version of Tor. While that early development was still backed by the U.S. government, Tor was eventually open-sourced and handed off to the Electronic Frontier Foundation (EFF) in 2004.
That transition came as the Navy and other agencies realized the anonymity system would need to be public and have a variety of users if U.S. operatives’ activities on it were to be effectively obscured. “If you have a system that’s only a Navy system, anything popping out of it is obviously from the Navy,” onion routing pioneer Paul Syverson later noted to the press.
With that shift to the EFF, a digital civil liberties group, also came a shift in branding. The non-profit organization pivoted to hailing Tor as a powerful grassroots tool for protecting ordinary peoples’ privacy online, supporting free speech, and resisting oppressive governments. After a few years with the EFF, Tor’s builders spun out and started their own independent 501(c) nonprofit, the Tor Project, in 2007. Since then, development has centered around making Tor more user-friendly for everyday folks.
How it works
As mentioned before, the Tor client is based on onion routing. Such routing encrypts a user’s data and then randomly bounces that data through a peer-to-peer volunteer relay network. Once that data comes out the other side of Tor, it’s not clear who it was sent from. Every relay on Tor thus provides a new layer of encryption.
This design makes it so that an observer of the Tor network can’t identify where a given piece of communication is coming from and where it’s going. It also makes it look like the last Tor node to deliver a comm was its sender, when in actuality that node was only the last in a line of senders.
Moreover, beyond anonymizing web traffic and instant messages, Tor can also be used to obscure websites and servers. These sites or servers, which are known as onion services, are accessed through “onion addresses” and facilitate encrypted end-to-end traffic. If users prefer to access onion addresses through the web instead of downloading the Tor client, tools like the Tor Browser or the Brave browser can be used.
Like most tools that can be used in a neutral way, Tor’s contemporary use cases range across the good, the bad, and the ugly.
As for the good, Tor has proven to be a powerful tool in the civil liberties arena in general, namely on the fronts of privacy and free speech, as well as for productive societal stakeholders that are often targeted by oppressive forces, including political dissidents, journalists, and whistleblowers. Perhaps the most famous example of Tor as a public good came via Edward Snowden, who used the network in 2013 to securely leak troubling details about the U.S. National Security Agency’s secret PRISM tool to leading news organizations.
The darker side of Tor’s possibilities pertains to the network’s popularity among users of the “dark web,” the large swathe of the internet that isn’t accessible by traditional search engines. Here, Tor is often used to help privately facilitate sales through a variety of black markets, though illicit, global, and discreet online drug markets have arguably been the most popular of these enterprises. However, some dark web vendors have been known to vend crimes-as-a-service like hacks, counterfeit currencies, stolen credit cards, child pornagraphy, and more. This reality has led some people to fault Tor for guilt by association, even though the network is itself just a neutral tool open to the public.
That neutrality, too, is why law enforcement and intelligence agencies around the world now routinely use Tor. And these institutions sometimes team up on taking down some of the dark web’s most egregious stakeholders, so Tor is just another arena of human affairs where the cat and mouse game between cops and rogues continues.
Due to Tor’s design, it does nothing to protect data at its fringes, i.e. at its entrances and exits. This means that Tor is most vulnerable to large state actors that have the resources to effectively monitor massive stretches of the Internet around Tor for traffic analysis. This isn’t to say that a powerful government can deanonymize all Tor users or activity, but they do have significant technical capabilities for probing for small amounts of identities.
Also, institutions from around the world have reportedly been trying to find and penetrate weaknesses inside of Tor for years. How successful these efforts have been remains to be seen, at least in the public eye. It’s possible that some of Tor’s largest nodes are run by intelligence agencies, and if these large nodes process most of Tor’s transactions thanks to the network’s preference for speed, then in theory it would be easier for these nodes to analyze activity inside of Tor.