Many think that Tor is a fully anonymous and secure means for browsing the internet, that doesn’t give a chance to anyone to monitor one’s browsing behavior and trace it back to his/her physical location, but is this really true?
Tor is not perfectly anonymous, as it has a group of risks and limitations, which one should pay attention to, before using it. There are many ways that can help deanonymize Tor’s traffic. The following represents the most commonly used ways to monitor Tor’s internet traffic and trace its origin.
Exit Node Sniffing:
To promote anonymity, internet traffic is routed through randomly selected relay nodes across Tor’s network, before exiting the network to the destined web page(s). Hypothetically, Tor’s design renders it impossible to trace the origin of requested internet traffic . A computer could initiate a connection for browsing the surface or deep web, or could be just be acting as a node to relay encrypted network traffic to other nodes across Tor’s network.
Most of Tor’s traffic eventually exits the Tor network. For instance, if you are pointing your browser to Google via Tor, the traffic is routed through many Tor relay nodes, yet it has to eventually leave the Tor network and connect to the servers of Google. The exit Tor node, where traffic exits Tor’s network to reach the destined web page, can be monitored. Exit nodes are also known as exit relays.
If you are browsing an encrypted HTTPS site, e.g. your Gmail account, this is fine, even though the exit node will know that you are accessing Gmail. Whenever you use Tor to access an unencrypted website, the exit node can monitor your browsing patterns, pages your visit, messages you send and searches your perform. One chooses whether or not to turn his/her Tor node into an exit node, as running an exit node has legal liabilities, apart from simply running a relay node that routes traffic. Mostly, governments run many exit nodes to monitor the internet traffic that exits them, in an attempt to track down criminals , or in repressive countries, quell political activists.
This is not just hypothetical as in 2007, a security evangelist managed to intercept email messages and passwords for 100 email accounts via running an exit node on Tor’s network. The users, whose emails and passwords were intercepted, made a mistake of not using encryption for their email communications, as they thought that Tor could shield them via its internal encryption protocol, but the reality is that this is not how Tor works.
When using Tor’s browser, use HTTPS websites whenever sending or receiving sensitive content. Always remember that your traffic can be monitored, not only by law enforcement personnel, but also by malicious attackers who might be looking for your private data.
This risk is not theoretical. In 2011, a team of security researchers managed to acquire the IP addresses of around 10,000 individuals who were using BitTorrent clients via Tor. Similarly to other applications, BitTorrent clients represents a security vulnerability that can expose your real IP address.
Don’t change Tor browser’s default settings. Don’t use Tor with other browsers. Just use Tor’s browser, as it has been preconfigured with the ideal group settings. You shouldn’t also try to use any applications, plug-ins or add-ons with Tor’s browser.
The Risk of Running an Exit Node:
Like we mentioned earlier, running an exit Tor node can put you under legal risks. If someone uses Tor for illegal activities and the traffic exits out of your exit node, this traffic will be traced back to your IP address and you can get the feds knocking on your door. A man in Austria was arrested and faced with charges related to publishing child pornography, and he was busted as he was running an exit node.
The Tor project has a group of instructions for running an exit node. The most important of which is running the node on a dedicated IP address via a Tor friendly ISP.