Always Use Tor
What is Tor?
Tor is an acronym for The Onion Router. Tor is free software that enables anonymous communication. The Tor Project, a non-profit 501c3 organization, is primarily responsible for maintaining Tor. It has been funded by human rights organizations, the US government, the national science foundation, NGOs and thousands of individual sponsors. It enables millions to use the internet in privacy, including me.
Why I Always Use Tor
I use Tor for nearly everything. I use it for browsing the Web, sending and retrieving emails and files, SSH, Git, Atom/RSS, and updating system packages. When I’m trying out a new application, I immediately check if it can be used safely over Tor.
Of course the normies are confused why I use Tor. They assume I must have something to hide because they basically have no understanding of the right to privacy at all. I’m not even going to bother addressing them because PRATT.
What befuddles me isn’t the normies. It’s those in the privacy community who are shocked when I say I use Tor for everything. I’ve found others use it mostly for strictly sensitive transmissions. But I argue that you should always use it, whether or not you’re doing anything sensitive.
Why You Should Always Use Tor
Tor works because people use it for a variety of things. My relatively mundane Tor traffic masks people whose lives depend on Tor’s anonymity. The more people that use Tor, the more anonymous everyone is.
Many people in the privacy community only use Tor for sensitive searches, such as when they’re searching medical symptoms. That’s a great use of Tor, but it’s more helpful for the anonymity of the network to use Tor for all searches. That’s why I always use it, even when I’m doing nothing particularly sensitive.
If you rarely use Tor, only when you think you need anonymity, your ISP can make an educated guess that you’re doing something private. Depending on the context surrounding that, such as what you were doing before and after you went on Tor and the traffic pattern, they might be able to figure out what you were doing anyways. Analysis is harder if you always use it though.
Personally, I’ve been using Tor for so long that I don’t even mind the slowness anymore. I’ve gotten used to it. I’ll gladly wait the few extra seconds for my data to load if it means having greater privacy. In my opinion, speed is overrated anyways.
Be Careful When Using Tor
With that said, you need to be careful how you use Tor. Tor cannot protect you if you use it wrong. If you use Tor for applications that don’t have explicit Tor support, be wary of IP address leakage. Only trust Tor running on machines you control and don’t blindly route all traffic on your network or computer over Tor. VPNs are better for that sort of thing.
Be aware that Tor is not a panacea. It has serious drawbacks. To mitigate Tor’s drawbacks, at least use it over a trusted VPN or bridge relay. Despite all the drawbacks, it’s still the best piece of anonymity software available, for now.
The Internet is Broken
In the future, we don’t just need stronger anonymity networks. We need a new network stack. The existing stack was formalized a long time ago when security and privacy were not a concern.
So, predictably, the physical layer, Ethernet, IP/BGP, TCP/UDP, DNS/X.509, and application-layer protocols are very insecure and lack basic privacy protections. Just to give a few examples:
- DNS is centralized, censorable, and insecure
- BGP is “the duct tape of the internet”
- TCP/UDP packets are trivially spoofable, and insecure
- IP lacks encryption and there aren’t sufficient IPv4 addresses
- HTTP leaks metadata, and the web is a bloated privacy disaster
And I’m not even scratching the surface.
GNUnet is a modern alternative network stack that seems to address the problems of the piss poor stack we’re all forced to use today, although honestly I haven’t done enough research on it. It’s in heavy development without a stable release, but I’m optimistic.
Ideally, something like GNUnet will fully replace the existing network stack so we can have real privacy, by default. But until then, a VPN + Tor is your best chance. So use it! And help out by hosting a relay if you can.