Tor is a standard in the world of Internet privacy, and deservedly so. However, if you’re using Tor to browse the conventional web, be aware that while Tor’s exit nodes (which route your original data out of the Tor network) don’t know who you are, they, by necessity, have access to the original data you sent through the network.
There are some exit nodes out there that are being run by cyber-criminals and governments in the hopes of scraping up valuable data generated by those seeking privacy for some reason. Learn how you can protect yourself from malicious Tor exit nodes.
What’s going on under the Tor hood?
A Tor connection to a non-onion (i.e., normal Internet) site looks like this:
- Your computer establishes an encrypted connection to the Tor network and finds an entry guard, which can be any relay with sufficient bandwidth and a history of uptime. The browser calculates a random route through the Tor network (this changes every 10 minutes) and wraps your data in several layers of encryption.
- Your data travels between nodes on the route, each one only knowing about the node before it and the node after it, meaning your original address is obfuscated after one bounce. Every Tor node can decrypt one layer, giving it information on the next place to send the data – thus, the “onion” terminology associated with Tor.
- Upon reaching the final node, the last layer of encryption is stripped away, and the data is sent to the server outside the Tor network where it was originally headed.
The final node is the weakest link in the Tor network since Tor’s encryption is gone and any unencrypted data is now readable by the node. If the traffic was encrypted before it entered the Tor network, though, that encryption remains in place until the traffic reaches the external destination server, which is key to maintaining your privacy and security.
Who runs bad exit nodes?
The two main categories of exit node attackers are cyber-criminals and governments. The cyber-criminals want passwords and other personal data they can use, and governments want to monitor criminal activity, surveil citizens, and even check up on other countries.
Malicious exit nodes have been uncovered or demonstrated in multiple independent experiments:
- 2007: Security researcher Dan Egerstad runs five Tor exit nodes and intercepts sensitive data that includes confidential diplomatic communications. He was subsequently arrested but not charged.
- 2014: Researchers discover “numerous” malicious exit nodes.
- 2015: Independent researcher Chloe sets up fake logins for different nodes and uses them over an unencrypted Tor connection. Her honeypot site gets a lot of hits and about 30 login attempts.
- 2016: Researchers from Northeastern University identify over a hundred misbehaving relays.
- 2017: Jigsaw Security identifies nodes geographically located in areas belonging to U.S government agencies and the Russian Kremlin.
How to stay safe from malicious exit nodes
1. Only browse with HTTPS
Hands-down the best way to keep your data safe from snooping exit nodes is good old HTTPS. Determined exit node attackers could theoretically get around this, but because traffic over HTTPS is encrypted on the whole journey from your computer to the destination server and back, it means that your traffic will never appear by default in cleartext to any Tor node. Even the exit node is sending encrypted information to the site.
Tor automatically upgrades every possible connection to HTTPS, but if you ever find yourself on a non-encrypted connection (HTTP sites, for example), be aware that your traffic is visible to the exit node. Luckily, most modern sites use HTTPS by default, but be careful and don’t log in or transmit any sensitive information at all over an HTTP connection.
2. Keep your sensitive information to a minimum
For maximum privacy, it’s best to just assume that someone is watching and encrypt everything accordingly, even if the connection uses HTTPS. If you have sensitive data to communicate to someone, encrypt it with something like PGP first. Don’t provide personal information or log in to accounts associated with the real you.
In practice, if you’re on an HTTPS connection, you’re probably fine to browse relatively normally, but don’t let your guard down.
3. Only consume .onion sites
.onion sites are hosted on the Tor network and don’t require leaving through an exit node, meaning there’s no opportunity for a malicious node to see your decrypted traffic. Major sites with onion versions are few and far between, but you can at least read the New York Times and browse Facebook (if that seems like a good idea to you).
What about VPN + Tor?
Tor is good for privacy, and VPNs are good for privacy, so VPN + Tor = double privacy, right? Well, it’s a little more complex than that. Using a combination can be good for some things, but it comes with tradeoffs – especially in terms of speed.
1. Tor over VPN (VPN connection to the Tor entry guard)
Connect to the VPN first and then using the Tor browser. This will provide some safety. It prevents entry nodes from seeing your IP address and stops your ISP from knowing that you’re using Tor. However, this means you have to trust your VPN provider as well as the Tor network and also does nothing to protect you from bad exit nodes. For getting around Tor-blocking censorship, though, bridge relays are probably better.
2. VPN over Tor (VPN after the exit node)
VPN over Tor is a bit harder to set up, as you have to set up the connection to the VPN, send the data through Tor, then pass it off to the VPN server. This means bad exit nodes can’t read unencrypted data, but it also makes you less anonymous since the exit node and the site both see your VPN server. You also can’t access .onion sites and don’t benefit from some Tor network anonymization features like circuit switching. There’s a lot of debate over this one, but in general, sticking to encrypted HTTPS connections is a better choice, and VPN over Tor is only useful in specific cases.
Basically, you can use a VPN with Tor, but the easy way doesn’t protect you from bad exit nodes, and the hard way comes with some significant catches. These approaches can be helpful, but it’s best to be aware of the tradeoffs.
The good, the bad, and the Tor
Tor is an amazing way to get around censorship and preserve online privacy, but being aware of its limitations and myths is important. The Tor network hosts a lot of illicit and private activity, and when you use it, you’re potentially exposing your traffic to people and institutions that are targeting exactly that. Even if malicious Tor exit nodes are the minority on the network, the fact remains that they do exist, and most of the owners aren’t just curious researchers.