If you are following the Martha O’Donovan case you might have seen mention of The Onion Router (Tor) on her charge sheet. The charge sheet says O’Donovan says,
The accused made significant use of the Onion Router (TOR) browser, a tool which is used to hide online activity.
To understand what the Tor browser we first have to talk about the Tor Network.
What is the Tor Network?
Tor is the software and network of computers that allows users to browse the internet anonymously. The network disguises your identity by encrypting and directing your traffic across several different Tor servers. It is a volunteer network of more than seven thousand relays. Your IP address is hidden from the sites you visit.
By relaying traffic through various computers it becomes difficult for the party at the end of the network to trace the traffic back to you. Anyone eavesdropping will only see traffic coming from random nodes on the network. The more Tor users there are the more protected your information is. The goal is to protect the identity of the user, you, by concealing your usage and location.
Simply put instead of directly connecting to a server of your choice, your connection is encrypted, bounced around three other servers (relays), before being decrypted and sent to your destination.
So how does one access the Tor network?
The Tor browser.
The browser is your access point. The browser automatically starts the Tor background processes and all your traffic will go through the Tor network and that happens with no configuration needed on your part.
So Martha O’Donovan was using the Tor network to stay anonymous online if the charge sheet is to be believed.
Is the Tor network effective?
If your goal is to stay anonymous online Tor is probably your best bet. Like all security or anonymity solutions Tor is not perfect. You would do well to note that Tor aims to provide anonymity and NOT security.
A really dedicated hacker or government can figure out who you are although that takes a lot of work. The network itself is much harder to crack and it doesn’t appear as if it has ever been hacked. The browser however is a different story. After the NSA in the USA had seemingly hacked the Tor network through exploiting browser deficiencies this is what The Tor Project Inc had to say,
The good news is that they went for a browser exploit, meaning there’s no indication they can break the Tor protocol or do traffic analysis on the Tor network. Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.
Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.
Just using Tor isn’t enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications.
Why not just use a VPN?
That’s the question isn’t it? They are a bit different. If you are after the highest level of anonymity then Tor is the choice. In cases like O’Donovan’s where your life could depend on it go with Tor. Maybe you work for a human trafficker and you’ve just realised and want to report that anonymously, Tor is your service. However note that Tor is slow to use. It’s even worse for downloading torrents or those HD movies you love.
If you require anonymity but are not dealing with anything governments or other powerful entities or people would be interested in then go with a VPN. They are faster to use.
Remember though that Tor is completely free whilst to get a really good VPN that doesn’t store data or communication logs and is secure you would probably have to fork out some cold hard cash.
We might go into a more comprehensive VPN vs Tor article if needed.
Did the ZRP hack the Tor network?
No. We do not know how they caught O’Donovan yet, all we can do is speculate but they did not hack the Tor network. They merely discovered that she used the Tor network after seizing her devices.
Having said all that you can probably see that you should be using a VPN at the very least but remember to keep it within the law.
12 comments
I like your article. Very informative!
I don’t think the browser did anything bad here, it still does hides your identity when you are up to date with the latest version which is patches as from the last version which would reveal the IP when you trigger the file upload popup to select a file within your machine to set a profile picture or something like it.
Back to the subject, the fact that she was using Twitter which when using TOR browser you might not be identified or your traffic be snooped at the exact time of posting but the fact that Twitter has history and this history can reveal who you are by username and hashtag there is a high chance you can be studied and identified. Then there are some cases when you decide to use Chrome or Firefox and you browse publicly, once information has been gathered, you can still be identified exce, remember an IP address can live to up to a week on the same network, and with services like Geo IP, your location can be revealed. Ndatenda
Good explanation there!!!!!
If someone is caught with a knife, does it automatically makes you accountable for all the knife crimes which just happened?
The mere discovery of tor browser on her pc or ipad does not automatically point to subversive activities from her party. Its just goes on to prove how naive and less technical the investigating officer is.
Beatrice Mtetwa will have them for meal should it go to just like Bennet’s case few years ago
is it just me or the techzim site is taking a while to load??????
TOR should NEVER be used with any P2P service running. So Mr. Author please don’t use TOR while using torrents.
Also remember that you shouldn’t use your public handle while using TOR; that’s the same as labeling your IP with your name
Interesting. Let me download it myself! hehehe!!
Check out Tails OS if you are really interested in anonymity.
Hey TOR is for anonymising traffic, A VPN is for ensuring the privacy of the traffic. Best practice is to use VPN + TOR i.e. use a VPN to connect to the TOR network.
You can use VPN, but definitely not ZOL VPN.
So I guess anonymity is now a crime zve….
from that cyber crime bill owning such sofwares unosara uri pama1