The Tor browser is a tool used by Edward Snowden, journalists, US government workers traveling overseas, terrorists, criminals, pedophiles, and people downloading movies and doing chat to protect their IP address from discovery. But recently there was a zero day defect that unmasked the identity of whoever was using it. So Tor has hardened its browser against that. Here we given an overview of that.
Using Tor to Hide Your IP Address
When you visit a web set, you transmit your IP address to that site. That is necessary so that the website knows where to send the page you requested.
Tor, is opensource software that lets you mask your IP address. Tor, ironically, was developed with American Department of Defense funding. This is ironic because now their enemies are using it.
Why is Tor important? If law enforcement, content owners, or an intelligence agency knows you IP address then they can go to your ISP and, using a warrant or subpoena, make them hand over your name and address. So if you are downloading software or movies without paying for those then you can get sued. If you are breaking the law, you can be jailed.
What Tor does is use a distributed network of other people running Tor to bounce your request for a web page in a circuitous route around the internet.
Each Tor node does not know the IP address from where the data came nor where it is going. Instead it just knows the IP address of the next node where it is supposed to hand off the data that passes through it. Only the entry and exit node know the originating address. Even those two do not know both the source and target IP addresses, because that IP address data is encrypted in the Tor payload.
FBI Exploits Weakness
Threatpost reports that in 2015, the FBI exploited a weakness found in Tor. They recorded the IP and MAC addresses of people who were visiting a child porn website.
The MAC address uniquely identifies a single computer, while the IP address only identities the router in a home or office, unless you are using a cell phone.
Because of NAT (network address translation), the IP address broadcast on the public internet is not enough to show exactly from which computer a request came when you use a router. That is because all the people in a home or small office share the same public IP address, since they all share the same router. The router translates that to the internal IP address on the home or small office network to send it to the respective computer.
Each computer networking card has a unique MAC address. That is like a serial number created when the network card was manufactured. This is true for any device that connects to any ethernet (i.e., internet) network.
Hardening Tor using Sandbox Containers
The new version of Tor runs in a sandbox that does not know the IP or MAC address of the user running the Tor browser. The idea of a sandbox is to run a process in a container that has limited access to the host operating system. Android, for example, recently added containers to its OS recently to harden them from hacking. So has Windows.
As you can imagine, since knowing the IP address is a key piece to using the internet (which is an IP network), getting the sandbox idea to work by the Tor project has been difficult, they say. So it is still in Alpha mode. Tor developers caution that it might still have other security problems.
The Alpha version only works on Linux, for now. The Tor developers say to also add Qubes, Subgraph, or Tails to further harden the OS against leaking the IP address if you want to use their Alpha version.
Bittorrent and Tor
Finally, users who want to use Tor should know that if you use the Tor browser that does not hide your IP address in a bittorrent client. To do that you would need to configure your bittorrent client to use the Tor proxy. After all the Tor browser is just a Mozilla/Firefox browser that has been compiled to use the Tor proxy server on the PC when the browser is started.