Hacker Depictions

Onion and on and on: Hacking the Internet with Tor

Even if you haven’t heard of Tor, you probably know it by its nickname: the “Dark Net” or “Dark Web”. Imagined as an online Wild West, it lives on an anonymous, hyper-secure part of the Internet. In the nightmare visions of popular media and government policy, it is a place where people buy drugs, weapons, and contraband in outlaw communities where the police cannot touch them. If your only encounter with Tor was through Mr. Robot, you might well understand it to be a rebel, anti-authoritarian, even criminal technology. But peel away a layer of the Onion and the picture becomes a lot stranger.

While some people do indeed use Tor to nefarious ends, in fact, the vast majority use it simply to live their day-to-day lives online. Tor is a “hack,” but not a criminal one. The developers of Tor are hacking the fundamental infrastructure of the Internet itself, reaching down deep into its technical guts and rewriting how it works. Rather than accept the rules that underpin contemporary digital societies—permitting platforms and governments to see who you’re talking to and what you’re doing—Tor users experience a different version of the Internet, where the user has control over their anonymity.

The Tor network is an infrastructure of servers run by volunteers stretching around the world, sitting like a thin and fragile spiderweb on top of the Internet. Downloading the Tor browser (which to the user looks much like Firefox, Chrome, or Safari) for free from www.torproject.com or from your mobile app store gives you access to this network. Tor buries the information used to get your Internet traffic from A to B in three layers of encryption, then bounces it around the Tor network; each “hop” through the network decrypts a layer, until the final hop, which gets you to the website you were trying to access. This design (called “Onion Routing”) means that no individual node in the network (or the nation-states and providers who spy on them) knows both where your traffic came from, and where it is going.

This grants Tor users extremely strong anonymity and security protections, hiding your browsing information from governments and corporations. Using Tor to browse the Internet feels a bit like having a superpower, allowing you to easily bypass content restrictions and state censorship. Tor is used by around two million unique users a day, mostly for everyday web browsing, watching films, and speaking to friends and family. These everyday users provide a vast cloud of “cover traffic” in which those who really need it—journalists, activists, and others who face state repression—can hide.

The side of Tor catastrophized in the media imagination emerged in the late 2000s, when the project released web services accessible only through Tor, which are extremely difficult to shut down (called Onion Services). This rapidly became a contentious issue. People were using these to set up anonymous eBay-like services called cryptomarkets, where illegal goods could be sold. These were widely reported in the media, generating a public image of Tor as a hotbed of criminality, even terror. In pop culture, the “Dark Net” became routinely depicted as an online demimonde—a nightmare vision of the dark side of the Internet.

But despite the continued existence of the cryptomarkets, the idea of Tor as an inherently criminal technology is woefully inaccurate. If you were going to design a service to commit online crime, it wouldn’t be Tor. It’s slower than the regular Internet and getting it to work poses a barrier to entry for customers of illegal services, who largely find what they need on forums and social media. Most cybercrime doesn’t rely on Tor, and instead uses so-called bulletproof hosting providers and dodgy VPNs, which are readily available for sale online. In fact, cryptomarkets are notoriously vulnerable to exit scams and being knocked offline by their competitors. The longest running Onion Services are for non-criminal services, like SecureDrop (which helps sources share files with journalists); even Facebook and the New York Times run Onion versions, which allow access in countries that block Western media.

This video shows the developers of Tor. Hardly the shadowy demons of an online underworld, they are passionate, activist, and value-driven (and endearingly nerdy). Tor was originally designed by US Navy researchers looking for a way to allow secure communications on insecure networks, who teamed up with activist hackers and academic researchers who shared their vision of a private and secure Internet. Now, much of the work Tor’s developers do not only tries to protect users against nation-states, but also against surveillance by platforms like Google and Facebook, who track our online behavior and sell the resulting profiles to advertisers. Tor is an attempt to seize back the possibility of a different future of the Internet—part of the long hacker history of utopian dreams of global community, resistance, and sharing of information.

Tor reveals a vision of hacking bound up with infrastructure, with hackers not only able to break systems but to reach far down into the innards of the technologies our societies are built on and rewrite the basic rules of how they work. We’ve grown accustomed to a corporatized Internet with digital platforms exerting significant technological control over our lives, able to make sweeping decisions about what we can do and say, the ads we get and how vital infrastructures work. Tor not only provides anonymity, but a hopeful vision of the Internet’s future, one in which these infrastructures of control may be less powerful than we might think.

Back to Hacker Depictions