Browse Like a Ghost: A Beginner’s Guide to the Tor Browser
Official Tor Browser logo from The Tor Project
Privacy

Browse Like a Ghost: A Beginner’s Guide to the Tor Browser

Marcos Ceballos
4 min read

The Tor Browser (The Onion Router) is built on the Firefox foundation you likely already use, but it is designed with a completely different purpose: uncensored access and privacy.

Unlike standard browsers, Tor is built to stop websites from tracking your movements. It accomplishes this by "isolating" every page you visit so ad-trackers, can’t follow you from site to site. It also tackles digital fingerprinting—the sneaky way companies identify you based on your device's unique settings. On Tor, your "fingerprint" is identical to every other user on the network, making you just another face in a very large, anonymous crowd.

Official Video from Tor Project

How does Tor work?

The way The Onion Router, TOR, works is just as implied. Imagine you are at the center. Instead of connecting directly to a website, Tor creates a path through three different "nodes" (volunteer-run servers) before reaching your destination.

Example: You <-> A (The Guard Node) <-> B (Middle Node) <-> C (Exit Node) <-> Webpage.

Think of your data as a letter. You put it in an envelope, then put that envelope inside another, and that one inside a third.

Now that envelope to “Webpage” is placed in another envelope to “C” and that envelope is placed into another to “B” and then again to “A” and then again to “you”. At each node, the node only knows where the traffic is going to but not its final destination.

Knowing this, you should already be thinking “well that is a lot of hops—would not that make…” Yes! This will make the load time take much longer. “Where do these nodes come from?” They are users that have volunteered their system to be a node.

.Onion Sites & The "Dark Web"

TOR Network also has its own .onion domain that only works within the TOR network. There is no central authority for these webpages and are considered “the dark web”. But some common sites also have a .onion domain to help end users with privacy or local censorship.

Privacy & Security Options

Stopping Uninvited Guests (XSS)

One of Tor’s best features is its ability to block Cross-Site Scripting (XSS), if you chose to increase your TOR privacy rules to be stronger.

In simple terms, an XSS attack is like an uninvited guest at a dinner party. You think you’re just talking to the host (Website A), but a "guest" (Website B) sneaks in and tries to steal your house keys (your login info or cookies) while you aren't looking. Tor allows you to crank up your security settings to block these malicious scripts from running automatically.

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. The malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

What is the difference between a VPN and TOR?

A Virtual Private Network (VPN) is when a system connects to a private network over the internet using a secure tunnel--like a private pipeline from A to B. The only thing that is usually private here is that some entities cannot see your traffic from your system to the VPN concentrator such as: Internet Service Provider (ISP), and local network.

What's not private is everything else being collected to the sites being visited. This includes but not limited to: your behavior on webpages, Cookies, device fingerprint, source IP (your VPN provider), GPS location provided by your device--that just gave away your location, login locations for the online service you are using, and all the traffic logs collected on the service being provided to you from your VPN provider.

You may stack a VPN and TOR, but the experience will be impacted heavily. It is recommended to use one or the other, but not both technologies. 

TOR browser does restrict many tracking systems mentioned above but your behavior can give up some privacy away if you are using your login with TOR and then without TOR; this will remove anomality for that account you are logging into.

Quick Tips for Staying Private

  1. Do not Log in: Logging into your personal Facebook or Google account inside Tor defeats the purpose—the site now knows exactly who you are.
  2. Use the Default Window Size: Maximizing the browser window can actually help websites guess your screen resolution, which is a part of your digital "fingerprint".
  3. Check for "Brave": If you don't want to download a new browser, the Brave Browser, Chromium based, has a "Private Window with Tor" feature for quick, casual use.

No better way to say it..

Image from Torproject.org/privchat

Here is a page that tracks privacy features for many web browsers PrivacyTests.org

Here is a technical post on TOR that I found to be well written.

 

#Privacy
#Cybersecurity
Share: