Sending Onions: safeguarding your privacy with Tor.

Conversations about psychedelics are often a very private matter, especially in regards to mental health. Despite a renewal of research showing its benefits of these drugs, the legal status in New Zealand is nebulous at best. In light of this, discussions about psychedelics go hand in hand with privacy issues – specifically online privacy issues.

New Zealand is not immune from privacy breaches, whether its from our own government or corporations [1, 2, 3]. Matters get worse because many e-commerce companies fingerprint their customer and create user profiles. Your browser combined with your mobile phone (pc or laptop) provides a very precise ‘fingerprint’ of who you are online. Once you login to a site, companies can build a deeper profile of your habits since they have now captured additional data such as email, address and full name. For example, Google (via gmail) keeps your online purchase history  and has collected health data from millions of profiles without permission. Facebook is also no stranger to privacy violations.

Here is where the Tor project is of great value. Tor is a both a network and browser that allows users to browse the internet private to circumvent tracking, surveillance, and censorship. The Tor project was initially developed by the US Navy, but has been an open source project and a non-profit organisation since 2006. Finally, the Tor project is free and does not require an account to set up.

Tor is an acronym for The onion router – this describes how layered encryption is used to send data. Let’s have a look at how Tor keep users anonymous. Let’s say I am based in Auckland, and I wanted to reach a server is based in Munich. The first step that Tor does is establish a 3 random relay connections between your computer and the server based in Munich. In this situation, we establish a route through Lima, Atlanta, and Inverness before we decide to connect to the Munich server. It may look something like this:

After it establishes the connections between your computer and its destination, Tor grabs a key from each one of the connections. Here we see a red key for Lima, a green key for Atlanta, and a blue key for Inverness. Tor will create a padlock for that will require all three keys to open it. Your communications are nestled in this padlock:

Now we are ready to connect with the server! We send our communication through 3 layers of encryption. The red key held by Lima can unlock a part of the encryption. However, Lima still can’t read the message, because its encrypted by a green and blue lock. It forwards the message to Atlanta. Atlanta can unlock its part with its green key, however, it still can’t read the message because of the blue lock held by Inverness. The message forwards to Inverness. Finally Inverness can unlock the message, and has the information to connect with the Munich server

If the server then needs to connect back to Auckland, it follows the same process, but in reverse (Munich -> Inverness -> Atlanta -> Lima -> Auckland. These layers of encryption, like onion skins, have to be peeled back to reveal the message.

Once you have connected to the Tor Network you can use the Tor Browser to test your fingerprint. To see what your digital fingerprint looks like, visit https://www.deviceinfo.me/ and/or https://browserleaks.com/canvas. Below is the Browser Leaks comparison to my Tor Browser Fingerprint vs my IE Explorer Fingerprint.  The Tor Browser resists fingerprinting, while the IE Explorer fingerprint is unique by more 99%  amongst all other test profiles on record:

There is much more that Tor Project does, we recommend you read more of what this non-profit organisation does. For more information about how to safeguard your privacy online, please visit here.

Happy Browsing,

The Entheos Team