The Onion Router, Router

There's been a lot of publicity about a new router, called the anonabox, that promises to make all of your anonymous browsing dreams come true through an open-source software known as TOR. Given that I'm a lover of Kickstarter and an outspoken critic of a lot of voyeurism on the Internet in the post-Snowden world, a lot of my colleagues have approached me on what the hell TOR is, and whether or not this router is worth the pledge.

TOR stands for The Onion Router, which is an open source project designed to enable revolutionaries and journalists in oppressive countries (like China) to bypass the filtering that's done at the Internet Service Provider (ISP) level. You've likely heard of the "Great Firewall of China" and took it at face value that people in China are unable to visit certain websites without fully understanding what that entailed.

In order for you to appreciate the value that TOR provides people who find themselves in China, you first need to understand how something like The Great Firewall works. The overly simplistic version of how these things work is that when you attempt to access a blocked website within a country like China, your Internet Service Provider (ISP) reads where your data is attempting to go, and decides to block your access.

Your unencrypted (blue) traffic is sent through your ISP and is stopped at its filter (the X).

This is pretty prolific in places like China, or during times of unrest in other countries (like Egypt's recent protests), but it also affects the Western world with more nuanced internet access attempts, like major sporting events which often block your access to games if you're in the wrong state. The Onion Router - and by extension, the anonabox - enable you to bypass this through a technology known as proxying.

Proxies use a virtual private network, or tunnel, to encrypt your traffic through a portion of your internet journey, making it extremely difficult for your ISP to determine where you intend to go, and then visit your blocked website as if you were someone else.

Your traffic is encrypted (green) through your ISP, and its filter, to your Proxy and then is sent unencrpyted to your website.

Source: Wikipedia

Source: Wikipedia

This allows you to bypass filters and firewalls that your Internet Service Provider (ISP) has set in place, allowing you to exchange data with the blocked website based on whatever parameters you and the website agreed on. The Proxy and the virtual private network that enabled it no longer offer you any protection as you exchange data with the website. The Onion Router allows you to participate in this open-source proxy network.

The Onion Router is an open-source software that configures your computer (or in the case of the anonabox, your router) to operate as an exit relay, bridge, or middle relay within the TOR proxy network. 

In order for The Onion Router to protect journalists who may be speaking ill of their autocratic government, every time you access TOR, you go through a series of relays (at least three) before it is sent into the unencrypted Internet.  This has to do with the way data packets are encapsulated, and it helps obfuscate the true identity of the original requester - something that's beyond the scope of this blog post. What you need to know, should you decide to purchase an anonabox, is what these relays mean for you.

Should I run an exit relay from my home?

No. If law enforcement becomes interested in traffic from your exit relay, it’s possible that officers will seize your computer. For that reason, it’s best not to run your exit relay in your home or using your home Internet connection.
— The Electronic Frontier Foundation

An Exit Relay is essentially a proxy server. To the blocked website, and everyone who can intercept the unencrypted traffic between the exit relay and the blocked website, it appears as if the traffic is originating from the exit relay. This is important, because if you're running an exit relay in your home, and if people are using TOR to visit illegal websites (child pornography, movie piracy, etc), then your IP address will be the one showing up as the IP address visiting these illegal websites.

A Middle Relay is only there to pass information along from the initial computer to the exit relay. It advertises itself on the TOR network, so that anyone (using TOR) can pass through your router on towards an exit relay. Whenever traffic leaves the TOR network and accesses the blocked website, the middle relay's IP address is not included, making it "generally safe" to operate on your home networks.

A bridge is a middle relay that is not publicly broadcast throughout the TOR network, making it harder for governments and internet service providers to prevent access to the TOR network. These are particularly handy in countries like China that may have prevented access to millions of websites and thousands of publicly listed middle relays. As a result, these are also generally safe to use on home networks.

The anonabox

Now that we have a basic understanding of the technology behind TOR, let's look at why the anonabox might (or might not) be a good purchase for you. The good news is that TOR may allow you to have some level of anonymity on the internet, but the bad news is that it may not allow you as much privacy as you (the average user) might think.

While obfuscating your IP address may seem like you're getting away from Facebook or Google being able to track you down throughout the internet - most of that is done through cookies, not IP addresses. In fact, IP addresses are seldom used for identification on their own due to the practice of internet service providers of switching a users IP address on a regular basis. So most of your creepy voyeurism on the internet is going to be combated by something simple and free (like Privacy Badger), not a TOR router.

Second, while this may enable you to bypass certain regional restrictions to watch sports games or view blocked YouTube videos, it may make other content unavailable at seemingly random intervals. While it is (allegedly) possible to change the source code in the anonabox to enable you to set a preferred exit region, this is far from something in which your average user is going to want to partake.

I had thought this would be like push-starting a car. Instead, it’s been like being handcuffed to a rocket.
— Wired

Finally, given that the anonabox has had some very real concerns raised over its WiFi security practices, and has yet to release the specifics on its WiFi bands or other nuanced technical specifications, I am not entirely certain that using the anonabox to route your Netflix or Destiny traffic through is something you want to do.

The main benefit that an average internet user is going to be the encryption of your traffic through the TOR network. This makes it less likely for a hacker that is targeting you to snoop your information while it's in transit, but it does little to protect you from hackers that are targeting your exit relay.  Plus, as we learned in the Malware Business Model, you're not likely to be the target of that sort of attention anyways.

All of this said, The Onion Router is a vital tool to ensure the security and integrity of The Open Internet, and it is something that helps ensure journalistic integrity and the freedom of protest and speech. This is absolutely a cause worth supporting, and the anonabox promises to be a way to exchange money ($48) for the convenience of not having to download and tweak the open source TOR software onto each of your computers. However, as backlash against the project has already proven, the largest enemy is going to be unmet expectations.