Hardware Reference
In-Depth Information
Realizing the limitations of Tor
Tor is one of the best tools currently available to protect anonymity. However, like all the
security tools discussed in this topic, there are limits to its protection. First of all, Tor's
threat model does not hold up to a global passive adversary. Such an adversary can pass-
ively monitor the entire Internet. If an adversary can monitor the entire Internet, then it can
correlate the traffic entering the Tor network with the traffic leaving the network and can
possibly deanonymize Tor clients. One of the trade-offs of this design is that Tor is a low-
latency system, meaning that you can access the Internet using normal protocols such as
HTTP without experiencing much delay. This is one of the reasons why diversity in the Tor
network is important. If all the relays were in a particular country, it might be easier for that
country to monitor the traffic. However, currently it is thought to be difficult, in spite of the
recent leaks provided by Edward Snowden, for such an adversary to monitor the entire In-
ternet.
Note
Roger Dingledine of the Tor Project commented on NSA's exploits of Tor with the follow-
ing:
"The good news is that they [the NSA] went for a browser exploit, meaning there's no in-
dication that they can break the Tor protocol or do traffic analysis on the Tor network. In-
fecting the laptop, phone, or desktop is still the easiest way to learn about the human be-
hind the keyboard."
The full text and additional commentary is available on the Tor website (
ht-
Also, Tor will not automatically encrypt all your traffic. If you request information over un-
encrypted HTTP, the Tor exit node you use will relay this unencrypted information to its
destination. A malicious exit node can monitor or manipulate your traffic; therefore, it's al-
ways best to use encrypted sessions, such as HTTPS, over Tor. Tor does not protect all your
traffic just because you are running Tor. Applications generally need to be configured to
use Tor. Even if you set up a transparent proxy on your home network and route all of your
traffic through that proxy, the malware or exploits in your browser may leak your identity.
This is why the Tor Project recommends that you use the Tor Browser, which essentially is
a forked version of Mozilla Firefox that has been patched especially to not leak your iden-
tity. Lastly, Tor can't protect your identity if you choose to reveal it. If you decide to log in
