Tor Isn’t As Safe As You Think. Here Is Why.

Tor is the safest option yet. But it isn’t infallible.

Most of you probably know by now that nothing in the real world is one hundred safe and secure. Not your paycheck, not your social security number and definitely not your “private” internet connection via Tor.

While there are always steps you can take to make sure that you are protected to the maximum possible level, cyber criminals along with other hackers are always hard at work in inventing new ways to hack into your personal information or steal your online identity.

Tor, a software used to gain online anonymity, is one of the best-known software when it comes to hiding your identity and protecting your privacy when it comes to the online world.

But as it turns out, Tor users can also be exposed with a new DNS exploit.

Let’s talk about that for a bit before we describe a couple of ways you can still stay safe.

As indicated before, one of the most well-reputed anonymity networks on the internet is the Tor network. It allows whistleblowers along with other users who can particularly concerned about their online identity and privacy, a safe passageway through the online world in order to get work down without exposing their true identities.

Tor also allows online workers to work on their projects, secret or not, anonymously. The example of Edward Snowden is a perfect one to quote here since nothing he has trying to do could be labeled as illegal.

Snowden wanted a secure way to communicate the information he had to reputed new sources such as The Washington Post and The New York Times and chose Tor as his preferred way of transferring information without revealing his identity and physical location.

In short, Tor (or as some other people like to call it, The Onion Router) is essentially a modern web browser that allows anyone with a laptop and an internet connection total anonymity on the internet. The Tor web browser is managed by a non-profit organization which goes by the name of the Tor Project.

As of this moment in time, there are about two million of us who use the Tor browser on a regular basis to get work done without revealing our true identities. Most of the users who utilize the Tor Service, do so because this fantastic piece of software allows them to carry out their online duties and everyday tasks on the internet without having to worry about revealing their true identities or physical location.

And that keeps them safe from the prying eyes of the government or even online bullies. We’ll get to that part a bit later in the post.

As indicated earlier as well, the vast majority of the people who use Tor in order to gain anonymity are people who work in sensitive or even controversial lines of work. People who use Tor and its other services usually work as journalists, activists, whistleblowers in their daily lives in order to deliver the truth to their respective organizations.

But what if you’re not one of these people? Does that mean you can’t use the Tor network or it would be unethical of you to use the Tor browser just because you don’t work in the field of journalism or whistleblowing?

Thankfully no. Even if you just a regular internet user who is a bit more concerned about his/her privacy than the average user, means that you are well within your rights to use the Tor browser and carry out whatever it is you want to carry out without having to worry about leaking out your personal information or your online identity to people who may try to harm you if they got hold of your true identity.

With that said, Tor is used by privacy conscious people all over the world, so it doesn’t matter which part of the world you currently reside or plan to go to. Tor browser is truly for the masses since anyone with an internet connection and a laptop can make use of the software in order to gain anonymity and secure his/her private data.

Tor is great if you want to secure your online identity. Not great when you want to get away from the NSA

What About The Other Side

We would be doing you an injustice if we didn’t make you aware of the other side of the coin regarding Tor.

While it is still true that many people who want to do good in the society make use of Tor whenever a need arises, media outlets have seen an increasing number of criminals turning to the services of Tor in order to gain anonymity and carry out their criminal acts without having fear of getting caught by law enforcement agencies.

That, as you can probably imagine, is a really bad thing.

Tor networks have been seen to be regularly used for port scans along with hacking attempts at sensitive services such as those of hospitals and banks. Tor networks have also been used by cyber criminals along with hackers to release, sell and then disseminate stolen data. It has also been used by cyber criminals to carry out many other forms of crimes on the internet that has ended up hurting a lot of innocent people in the process.

Though overall, the Tor network can be used both as a force for good and as a force of evil, from what we have seen in the past, it is mostly used as a force for evil. But that doesn’t mean that it can never be used to achieve something good and that is why for people like Edward Snowden, Tor is such a vital piece of technology that simply can’t be labeled either bad or good based on what a small percentage of people do or don’t do with the product.

What Are The Researchers Doing About It?

Because the Tor network can potentially become a very powerful tool, researchers around the world have been studying the software ever since its creation in order to improve it and protect it from being used by cyber criminals and hackers.

Now, researchers,

  • Benjamin Greschbach of the KTH Royal Institute of Technology
  • Tobias Pulls of Karlstad University
  • Nick Feamster, Laura M. Roberts and Philipp Winter of the Princeton University in the United States of America

Have teamed up and have found out that Tor users aren’t as anonymous as they would like to think they are. In other words, Tor users can be identified if one can monitor a specific Domain Name System (DNS).

Researchers were also able to find out that Tor users could be identified without the use of any extensive equipment or technology, fairly accurately with nothing but information from a Domain Name System.

To understand how researchers were able to identify users who used the internet through the Tor Browser, let’s take a look at how Tor generally works before we begin to understand what researchers have been able to accomplish in their labs.

How Does Tor Work?

Tor achieves its purpose of providing anonymity to the user by routing a user internet traffic through a circuit of three nodes from over 7000 machines that are selected randomly. These machines are set up in various parts of the world for the sole purpose of offering anonymity services to users who want them.

For example, if a user starts Tor in order to hide his/her online identity, all the data of that user passes through the first node which is present in the aforementioned circuit. It passes through the circuit that has been selected from a pool of 2500 out of 7000 machines.

This initial process is known as the entry guard. This process is the most reliable process in the whole chain since it has a high uptime and is available almost around the clock at all times.

Readers should also know that even though, at one point or another, this circuit has some idea about the source of any given internet traffic, it does not know what is in that internet traffic data.

So a user using Tor is always safe because no one can know for sure what he/she is doing on the internet while using the services of the Tor browser.

We talked about “entry guard’s” just a few lines ago, now we’ll introduce another concept by the name of exit nodes. These are basically final nodes in the circuit and it is through these nodes that your encrypted data or internet traffic is routed to its intended destination. Exit nodes perform the job of delivering your data to its intended recipient without compromising your identity.

But that’s not all, there are also intermediate routers in the overall circuit. These intermediate routers act as Tor nodes and their primary job is to operate and maintain a balance between output and input nodes in order to transfer the required online data as efficiently and securely as possible.

Cyber criminals and other hackers can’t intercept a Tor users data because all the traffic that is passed through the client to the recipient is encrypted and goes through the exit node where cyber criminals can’t get a sniff at it, let alone capture it and then study it for their nefarious designs.

The only things that may help cyber criminals to track down a specific Tor user are the packet lengths along with directions, size and time. Sometimes these  techniques are known as fingerprinting.

So What Have The Researchers Found About Revealing The Identities of Tor Users?

Tor is still one’s best bet at getting safe online. But don’t do something illegal just because you’re using Tor.

Fundamentally, the DNS combines domains into machine-readable IP addresses. These, in turn, allow online users to visit and interact with different websites through the use of human-readable names.

It is this essential method or the specific block of the used network that enables or rather can enable cyber criminals and hackers to track Tor users if they wanted to and knew how to.

Researchers told reporters that Tor users could be followed by cyber criminals and hackers if they knew how to combine techniques such as DNS request monitoring and fingerprinting in order to expose the true identities of Tor users.

In fact, researchers were able to combine the two aforementioned techniques themselves and even gave a name to it. It is called Domain Name System enhanced website fingerprinting attack.

Researchers were able to discover that about 40% of the traffic that exited the Tor network came from Google’s public DNS servers and this was a high volume of traffic from one single source.

This also allowed techniques such as fingerprinting to reveal the identities of Tor users more easily since most of the traffic came from one organization.

It was also revealed that this network could be used to identify the hidden services that could then be utilized to disclose identifying particulars such as the correct IP address of individuals and even the physical location of Tor servers in some of these occasions.

Who Can Carry Out Such An Attack?

Well, it is no secret that public DNS resolvers such as Google are considered to be in a prime position to carry out such an attack on Tor users. If the organization can successfully monitor the DNS traffic and then combine that data with advanced techniques such as fingerprinting then the source of any given traffic data can be identified.

The method described above is especially potent on websites that are not visited often by internet users because that allows these organizations to sift through their DNS traffic records rather quickly and easily.

However, researchers did say that Tor was a decentralized system and that allowed it anonymize its users using very little resources but Tor inherently did not support comprehensive ecosystem that it itself existed in.

Researchers were also able to come up with a tool that allowed them to trace the DNS path regarding a fully qualified domain name. The tool also allowed researchers to run UDP traceroutes on almost all DNS servers. The path that the researchers used was called “ddptr.”

So Should We Just Give Up Tor?

If you are one of those users who are not using any kind of other encryption levels such as HTTPS, SSH or TLS, then know that your Tor traffic is capable of being monitored using insecure websites such as forums which normally do not use HTTPS.

These can also be used to steal your login page, password, cookie session and posts.

Also, keep in mind that any email message sent using technologies such as SMTP (no TLS) is exploitable as well.

Thanks to online services such as Google Maps, exit nodes can also be Geo-located using freely available tools such as FREE GEO-IP, APIs, and Maximind Geocities lite.

What Does The Research Team Want?

Right now the research team is spending time to improve and then develop exit nodes which would enhance the current Domain Name System setup.

Researchers say that their methods will guard against circumstances that would allow Google to monitor a major portion of the DNS requests that exit through one of its networks.


Tor should be used with good habits. Those good habits can easily be studied on Tor’s homepage.

Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment