How Tor Works
Tor is a free and open source software system that can help you maintain your application while surfing the Internet. When you use the Tor browser to surf, your traffic will be randomly directed through the server network before reaching your final destination to protect your location and identity.
Tor Yes"Onion router”Is an abbreviation that describes how Tor protects its data by wrapping it in multiple encryption layers (like onions).
Tor is essentially an anonymous tool. The proxy is not its strong point. The flow characteristics of the straight-ball Tor connection without pluggable transmission are obvious.
But how is Tor making you surf anonymously? In this series of nonsense, we will delve into the structure and protocols used by the Tor network to understand first-hand how Tor works.
Tor 101 Expand Directory
At a very abstract level, Tor is through a series of servers (called nodes orrelay) Routing traffic.
At present, the Tor network has about 6300+ relays and 1000+ bridges to route traffic through the Tor network. These relays are located all over the world and are operated entirely by volunteers who are willing to contribute bandwidth to the Tor network, non-profit organizations, scientific research institutions and libraries, and honeypot-opening FBI and National Security Bureau. The more relays, the better! This makes sense, because each relay can only provide a certain bandwidth. The more Tor nodes, the better the network performance, redundancy, and security.
Types of RelaysExpand the catalog
By default, the Tor client establishes a connection through 3 relays, each of which has a specific role.
The types of trunks are:
- Guard relay—— The first relay of the Tor link. When using a bridge, the bridge will replace the ingress relay. Stable and high-bandwidth generally use the relay relay flag after a period of use.
- Middle relay —— Middle relay transfers traffic from ingress relay to egress relay as the name suggests.
- Exit relay—— The egress relay is an egress point at the edge of the Tor network, and sends traffic to the client's intended final destination. The so-called honeypot is also on the export relay. If the egress relayed traffic has no TLS, then the connection from the egress to the target service is clear text traffic, which will expose DNS query records for non-Onion addresses (because DNS queries are also processed by egress).
- Bridge —— Entry relays that do not appear in the public directory, and pluggable transmission plug-ins can be deployed, which are non-public nodes.
It should be noted that in addition to the network bridge equipped with modern pluggable transmission plug-ins, other nodes are mandatory, the way is the old school routing black hole.
(Immediate wall IP means)
When a user connects to the Internet through a Tor client (such as a Tor browser), the encrypted traffic will start from the user, enter the Tor network through the entrance relay / bridge first, then send to the intermediate relay, and finally from the exit Then send the plain text to reach the access target. Since each path is randomly generated and there is no record of any relay, it is difficult to be traced.
Onions? Onions! Expand the catalog
Now that we have surfed through a series of applications, how do we know that the relay used for surfing does n’t ignore us? We don't need to know!
Tor is designed to distrust relays as much as possible. It does this through multiple layers of encryption.
- The client encrypts the original data in such a way that only the exit relay can decrypt the original data
- Then, this encrypted data is encrypted again in such a way that only intermediate relays can decrypt.
- Finally, the encrypted data is encrypted again so that only the entry relay / bridge can decrypt it.
Packing the original data in an encryption layer is like onions being packed in layers of onion skin. In this way, each relay has only the information it needs to know-where to get the encrypted data, and where to send the data to the next relay. Encrypting data in this way is beneficial to both parties: client traffic is not affected, and relays do not have to be responsible for invisible data.
The exit relay can see the original data sent by the client because they must pass the data to the destination. If you use HTTP, FTP or other clear text protocol to surf, the exit relay can see what waves you are rushing
From：On DarkNet – Dark Web News and Analysis
Copyright of the article belongs to the author, please do not reproduce without permission.