October 20, 2015
TLS gives you confidentiality, integrity, and authentication.
But a network eavesdropper can tell what server you are talking to.
And the server knows who is talking to it.
Tor (www.torproject.org) is an anonymity network.
Don’t call it “TOR” unless you want to look like a noob.
Tor sends user traffic through a series of encrypted hops before it reaches its destination.
Each hop only knows its predecessor and successor; no hop knows the entire path.
This prevents your ISP from knowing your browsing, and prevents web sites from knowing it’s you.
The exit node can potentially see or modify your traffic to the web site (even if they don’t know it belongs to you). Prefer using end-to-end encrypted protocols such as TLS.
An attacker who can view the whole network can deanonymize you just by watching traffic flows.
Even just by watching entry and exit traffic, an attacker can guess at correlations using traffic timing and volume.
Many other anonymity dangers exist at the application layer. Tor Browser is designed to defend against them. (Don’t try to use a different browser with Tor.)
The client and server build their own circuits to a relay in the middle.
OnionShare lets you serve a file through a temporary hidden service.
You can share files without setting up a server or sharing your IP address!
Tor hides the endpoint of your communication: It does not hide the fact that you are using Tor.
In fact, it is very easy to block Tor connections (the list of relays is public).
Tor provides secret bridge relays. Bridges are not listed publically like relays are.
You can only learn a few bridges at a time by visiting bridges.torproject.org or by sending email to firstname.lastname@example.org.
The use of bridges prevents IP blocking, but it does not prevent blocking Tor by its protocol.
Pluggable transports disguise Tor traffic to make it difficult to block.
Pluggable transports are also used by some other projects.
See A Child’s Garden of Pluggable Transports for more technical details.