You’re ready for the world’s most private browsing experience.
How does this work? I haven’t changed any settings, and I don’t use a VPN. Other than being by default in Incognito mode and using DDG as search, how does Tor enhance privacy?
A related question, why are .onion addresses so long and randomized? How does having “skfhjkhdksjhk.onion” as URL serve privacy better than “site.com”?
ETA: A huge thanks to everyone who took the time to reply. Interestingly, most of the comments use an envelope/mail analogy and since everyone used a different thinking process, I understood it perfectly, including the “.onion” bit. Thanks and happy new year everyone!
Tor is more private than something like incognito mode because it works differently to protect your anonymity. When you use Tor, your internet traffic doesn’t go directly to the websites you visit. Instead, it’s encrypted and sent through a network of servers, called relays, run by volunteers around the world. This makes it incredibly difficult for anyone to trace what you’re doing back to your device or location. Imagine you’re sending a letter, but the FBI is trying to track you, so instead of sending it to the intended party, you send it to someone else, but this person is randomly selected for you through an organized system that is specifically crafted to send letters through random parties.
Unlike regular browsers, which show your IP address to the sites you visit, they can’t see your real IP if you’re using Tor. This adds privacy, ensuring that websites don’t know where you’re connecting from. So in the earlier example, if the FBI wants to find out where you are, they now need to visit every person your letter went through, and once they get there, they hope that person remembers your name, which they usually don’t. This continues the way you’d expect. The FBI asks the person to inform them the next time you send them a letter so they can pass on your name. Tor knows this, and in the sea of unlimited relays/friends to send letters to, they choose a different one next time. The FBI’s lead is dead and they’ll need to start over.
As for those strange, long .onion addresses, they’re random because they’re generated using cryptographic keys unique to the site. This randomness ensures that the site is authentic and can’t be easily impersonated. It’s like a secure handshake between you and the website, ensuring privacy for both sides. Cryptography is complex and isn’t easily described, but it can be as personal as a handshake with someone who you fully trust.
The difference is huge, Tor gives you privacy by making your activity untraceable, hiding your identity, and providing secure ways to browse, which regular browsers cannot do.
Normal browsing: you send a letter in envelope to someone. Their address and your address are on the envelope, for all to see.
VPN: you send a letter in envelope to your VPN provider. Inside the envelope is ANOTHER envelope. People see an envelope going from you to VPN and from VPN to the real receiver, and a response going back. If you are not the only person using said VPN, you gain privacy this way, only the VPN (or someone the VPN is cooperating with) can know who you are actually sending messages to.
TOR: you send an envelope to another random TOR user. Inside is another envelope, addressed to yet another random TOR user. This goes on for several rounds until the final recipients gets it. The random user who sent it to him had no idea whether he is in fact the final recipient, or just another link. It’s really hard for anyone to figure out who anyone is really messaging with.
When you connect to Tor, only the first machine knows who you are (IP address etc). This machine then bounces your message through a number of other machines. None of them need to know who you are, or who you want to talk to.
Eventually you’ll reach an exit node. Now you’ve got a secure encrypted link to that node, you can tell that node what website you want to access. That one node will make the connection for you, but it still doesn’t need to know who you are.
One reason it’s called “onion” routing is because each link wraps the message in another layer of encryption, so you’ve got a secure link to the end, but each other link is wrapping the message in it’s own encryption so that as close to perfectly anonymous connections can be made as possible. The layers of encryption get added or removed as needed as message pass back and forth.
So the point here is that no machine other than the exit node needs to know what website you’re after, and no machine other than the entry node needs to know your IP address.
If someone was able to tap your ISP and get all your packets then with a normal browser they can’t read the contents of your sessions, but they could definitely tell what websites you’re accessing, while with TOR they can only see that you’re accessing some Tor entry node, and have no idea what sites you’re looking at. Even the entry node doesn’t know.
The receiver’s name and address are on the envelope.
Now, everyone who touches your mail knows you and the receiver talk. If your mailman were a spy planted by a foreign government, he’d know everyone you’re talking to.
When you use Tor, you are participating in a group of people who agree to help each other pass mail along.
You put your envelope, addressed to your receiver, inside of another envelope, addressed to stranger A. Then you put that envelope inside of an envelope addressed to stranger B. And so on.
Now, your mailman knows you talk to stranger Z. However, that doesn’t mean anything to him.
In this case, the ultimate receiver is the website you are accessing.
By the way, this entire thing works under the assumption that each person can only open an envelope if it has been addressed to him, in order to inspect its contents. This is thanks to encryption.
imagine browsing the internet is like shopping. you walk to the shop and buy there groceries. issue with that it’s not private, if you have a sex kink, someone may saw you entering a sex shop and you dont want that to happen because your aunt lives accross the street from the sex shop and there are high chances she may see you entering the shop
you can solve that by hiring a delivery boy to go there, buy your sex things, and deliver them to you so nobody can saw you. but the delivery boy now knows you dirty secret ( kind of like VPN network)
you solve that by hiring multiple delivery boys, each will deliver a package to the next one, when the unpack it, it will contain a smaller box with instructions to deliver it to the next delivery boy etc… the final one will buy the sex toy for you and send it back to you the same way. now you have a chain of delivery boys that can’t leak your dirty secrets. the first one doesnt even know that you bought something as you can just pretend to be delivery boy yourself handling the box for someone else. all the others are middleman and know nothing about you protecting your privacy.
this is how tor works and this chain of delivery boys and the principle of using boxes with instructions nested together is called onion routing and ensures your privacy
now you can build your private sex dungeon and none will be wiser, they will just see a lot of boxes coming in and out of your house but you can just say those are for a charity
Everyone else is doing a good job already explaining it, so I’ll just clear up a couple things.
You’re probably wondering why TOR which is free is more private than incognito mode or Paid VPN’s.
So I’ll explain it in a different way in addition to these comments.
Regular browsing: anything you don’t care people knowing about.
Incognito mode: hiding your degenerate porn from friends
VPN: Used for incognito and to hide which addresses you’re visiting BUT your VPN provider will know as well as picking which country to imitate where your IP is coming from. If your VPN keeps logs and law enforcement compels them they will show it, and even if they say no logs you don’t know for sure. There are some that are trustworthy generally though. Mullvad, Proton, PIA. Generally used to select which country and get around restrictions but with a faster connection. Used for things like Torrenting media for free and visiting things like American Netflix from Australia.
TOR: most private and runs through seperate relays every link/tab you visit, always around 2-3 different ones. Never get to choose where it’s emulated and you can visit TOR sites which gives access to the “dark web”. Used for complete private communication, Drug markets etc
tor masks both who is asking and who is being asked from all parties.
https only masks what is being asked
onion addresses are so long because they arent addresses. they are random codes you send over the network “can anyone get a key to this code?” and if they can, they do. even with an onion address you cant find where the server is. and because of tor, the server wont know who you are, and no one knows what you were looking for.
incognito just deletes your local browsing history so your wife cant tell you were watching porn when she uses your computer. its not really related to the rest
Say you’re in class and you want to ask Betty on a date.
You write a note with your name on it and put it in an envelope and write Betty’s name on it.
Now nothing is anonymous if you just pass this note down the isle to Betty directly; Jimmy, who sits between you two will know that you’re passing letters and may even take a peek at the note inside. So what do you do?
You place that envelope in a slightly bigger envelope and address it to Tim, the person to Betty’s left. You place that in an envelope addressed to Jim, seated behind Tim, and that one in an envelope to Katie who sit behind Jim and to your left.
Now when you had the big envelope to Katie she knows she’s getting something from you, but there is no indication of whether or not you’re the source of just another link in chain. She can only open the one envelope (decrypt) and see that it now needs to go the Jim. Jim does his letter opening and passes it on to Tim who then finally sends the last letter to Betty. Only Betty knows she is the end of the chain, for all Tim knows it could have kept going. Betty only knows what you wrote in the note, which could be any level of personal obfuscation you chose to include. Betty doesn’t even know where you are, just that to respond she has to write a letter and put it in an envelope with ‘return to sender’ on it and hand it back to Jim.
Since any link in the chain only knows who a message came from and where it goes next, they have no ability to provide substantive information about the comms, the metadata is nearly useless unless you control a majority of the potential links in the chain.
Http: You walk paper in hand to Jim’s house. People outside can see what’s on the letter and that you and Jim are together.
You -letter-> Jim
Https: What’s on this letter is important and you only want you and Jim to see it. So you put the letter in a safe that only Jim knows the combination for. People outside can’t see what’s on the letter but can see you and Jim together.
You -Jim’s safe(letter) → Jim
VPN: Jim’s mother thinks you’re a bad influence and prevents you from seeing him. You ask Alex to deliver a safe for you. You get a letter and put it in a safe that only Jim knows the combo for. You then put that safe and a note saying to deliver the safe to Jim in another safe that only Alex knows the combination for. You give the safe to Alex, Alex opens it and delivers it to Jim. Outsiders only see you and Alex or Alex and Jim. If people ask, Alex will say that he delivered a safe from you to Jim.
You -Alex’s Safe (Jim’s safe(Letter))-> Alex
Alex -Jim’s Safe(Letter)-> Jim
TOR: Jim’s mother is on total lockdown only allowing specific people to talk to Jim. You put a letter in a safe that only Jim knows the code to and a note saying to deliver it to Jim. You put that in a safe that only Alex knows the code to. You put all of that into another safe that only Steve knows the code for and a note saying to deliver to Alex. You give the safe to Steve, Steve opens it, sees the note and passes to Alex who opens his safe and passes it to Jim.
From the outside You only had contact with Steve. Steve had contact with you and Alex and finally Alex with Jim. Steve doesn’t know the final destination of the safe is Jim and Alex doesn’t know it originated from you.
You -Steve’s Safe(Alex’s Safe(Jim’s Safe(Letter)))->Steve
Http: you go to a McDonalds and ask for a Grimmace Shake.
Being seen with a Grimmace shake is considered cringe but you crave the Grimussy so you devise a plan
Https: You go to a McDonalds and ask for a Happy Meal with a Grimmace Shake. Your haters can only see you with a happy meal and your rizz is safe for now.
Your parents think you’re a lardass and now refuse to let you go to a McDonalds. You crave the Grimussy. So you come up with a plan.
VPN: You ask Timmy, one of the neighbor kids to go to McDonalds and order you a happy meal with a Grimmace Shake. Timmy does so.
Your parents ask Timmy if he purchased McDonalds for you and Timmy is a snake so he tells your parents.
Your parents are going full private detective mode and you crave the Grimussy. You need a new plan.
Tor: You ask Kyle who is a cool kid and smoke that 'za to get you some munchies. Kyle then goes and asks Timmy to go get a Happy Meal with a grimmace shake and some other orders. Timmy gets the food and gives it to Kyle, Kyle then gives it to you.
Your parents ask Kyle and he said he just got you food from Timmy. Timmy just says he got food orders for Kyle. But doesn’t know what food went to you.
You can add more dudes so it’s harder for people to catch you smashing that Grimmace shake but it also takes longer for you to hit the crave.
People are typing out these huge replies but it’s not that complicated
HTTPS (which is just HTTP wrapped in SSL) is confidential, but it’s not anonymous. TOR is anonymous. SSL’s objective is to provide confidentiality - in other words, an outsider knows WHO you are, but not what you’re sending (ie they know you are sending a message to your friend but they dont know what the message is). To an outsider, TOR would be like knowing what’s being sent, but not who you are (ie they know that there’s a message, but they don’t know who sent it or what the message contains)
I feel its important to note that in my limited research of TOR just know that it isn’t 100% fool proof that the government can’t find you and your TOR traffic. the NSA supposedly has a direct tap into the internet backbone and can store any and all traffic they want, now that traffic will be encrypted but its only a matter of time with AI and quantum computing that they will be able to decrypt it. Also look into intel management engine, it has the ability to run code at the chip level and cant be turned off, while there is no proof that its ever been used for malicious intent, in theory it could be a backdoor Spyware into almost any computer and any computer used by the government is specifically built to not have it. On top of that there are some settings like enabling Java script which can make it easier to find your location. From what I gathered, disabling java script, using a public wifi with poor security camera coverage and an amnesia OS such a tails or whonix will greatly increase the difficulty in finding you
Think of it like a maze, you know where you start and where you end, but every time you take a different route through the maze to get there, so they can’t find the path you used as easily.
Imagine a bunch of cities connected by roads. When you roll into my town i can deduce where you came from by what road you took. Now imagine a bunch of cities not connected by roads only a big dark forest. When you come to town you could be from anywhere.
One thing you didn’t cover is that they wrap the letter in successive envelopes.
You connect to an entry node, that entry note gets a hop node, that hop note gets an exit node, that gets your destination. You get something back that lets you put layers of encryption on your message. Each node only knows about the next and previous ones, no one knows the entire chain.
When you send the message to the entry node, it takes the first envelope off, passed it on, and it continues to the destination. The reply message goes through the same process.
It’s been 10 years since I’ve written that paper, so some details may be wrong, but that’s why it’s called “onion routing”.
