Information icon.svg The RationalWiki community standards are under review, and voting on a proposed change has begun. Your comments and inputs are welcome on the community standards talk page


From RationalWiki
(Redirected from Tor)
Jump to: navigation, search
Tor logo
Warning, deep web memetic hazards ahead

Tor (not TOR, which some incorrectly call it[1]) is a for internet anonymity and censorship circumvention. Tor allows the user to have dynamic IP addresses that can be changed with a click of a button or every ten minutes.[note 1][2] Tor Browser can be confusing to set up without using the ready-made Tor Browser Bundle. Also, using it slows down page load speed.[note 2] Start by getting it at Tor project's website.

Tor is slow[edit]

Tor compared to a direct internet connection, Tor is relatively slow due to having connections going through three nodes; an entry or guard node, a middle node, and an exit node. This is done to confuse the shit out of people who are trying to monitor traffic. Also arma has addressed some design issues on Tor's blog that are related to speed in 2009.[3] Be warned, even though Tor encrypts traffic, traffic from an exit node is unencrypted for clearnet sites unless it uses SSL protocol;Wikipedia's W.svg[4] however, it is unnecessary for Hidden Services because they already provide end-to-end encryption.[5]

Tor may also be slow because it sets up an entry node for approximately a year[citation needed] to protect against Sybil attacks,Wikipedia's W.svg a traffic confirmation attack.[note 3][6] If you have shitty luck, you will get an entry node that runs at a pace of a sloth compared to others. In this case, reinstall Tor Browser.

Complete list of safe onion sites[edit]

The Digicert club[edit]

These sites all use HTTPS certificates from Digicert to verify their identity.
  • nytimes3xbfgragh.onion — It's The New York Times, on the deepweb! (features unlimited subscription free articles)
  • propub3r6espa33w.onion — ProPublica on the onion, for anyone that wants it
  • facebookcorewwwi.onion Facebook is evil, even super-secret deep web Facebook.
  • 3g2upl4pq6kufc4m.onion — Everyone's favorite search engine. What, you thought that was Google? It's DuckDuckGo!

Poor people[edit]

These sites don't use HTTPS, make sure to verify the address before use.
  • expyuzz4wqqyqhjn.onion - The Tor Project's own website, also found at
  • archivecaslytosk.onion - Supposedly just on the deep web, doesn't archive deep web sites (total rip-off).
  • nzh3fv6jc6jskki3.onion - An address that might be, for pete's sake make sure to get the right one.

That's it! All other .onion sites are either scams, stings, or adverts for guns, drugs, and goat porn for cheap $bitcoin$ prices.

Stop liking cool features[edit]

Do you like listening to Taylor Swift (on your computer, we assume you aren't cool enough to have her sing to you in person) while browsing the Internet and love flash games? Well if you want to do that while using Tor Browser, you are only hurting yourself. Programs that aren't configured for Tor traffic can leak your DNS hence making you less anonymous.[7] Even worse, torrenting over Tor will actually reveal your IP address (and no, the fact that torrent has the word "Tor" in it makes it no less of a bad idea).[7] Lucky for you, there is handy site that tests for DNS leaks. Also having other plugins installed in Firefox exposes you to security risks, especially flash.[7] For maximum security, keep the onion slider at the highest setting and disable scripts with the noscript plugin.[citation needed]

Tor doesn't make you invincible[edit]

The Tails website has a warning page with a list of shortcomings that Tails and Tor has. Therefore, leaving the end-user to practice good opsec to keep themselves safe. While the list applies to tails, it can apply to Tor Browser as well.[8]

  • Tails does not protect against compromised hardware.
  • Tails can be compromised if installed or plugged into untrusted systems.
  • Tails does not protect against BIOS or firmware attacks.
  • Tor exit nodes can eavesdrop on communications.
    • By design, Tor cannot encrypt information sent from the exit node to the destination server. Therefore, an exit node can monitor your unencrypted data. For this reason, it's advised to use SSL or Hidden Services that provide end-to-end encryption, however, even with these, the exit node already knows the destination that the data will be sent to.
  • Tails makes it clear that you are using Tor and probably Tails[9]
    • All tor exit IP addresses are public, however, bridges are not.
  • Man-in-the-middle attacks
  • Confirmation attacks
  • Tails doesn't encrypt your documents by default
  • Tails doesn't clear the metadata of your documents for you and doesn't encrypt the Subject: and other headers of your encrypted e-mail messages
  • Tor doesn't protect you from a global adversary
  • Tails doesn't magically separate your different contextual identities
    • For example don't email your mom on Gmail and then buy drugs on the same tails session. In a browsing session, Tor tends to reuse onion circuits. Exit nodes are one of the most vulnerable parts of Tor and if used maliciously, can be used to correlate you with your activity
    • If your Tails becomes compromised in your session, your identities could be connected.
  • Tails doesn't make your crappy passwords stronger
  • Tails is a work in progress


[F]rom today on I will search for "Tails" everyday on every major search engine

As revealed by the Snowden leaks in 2013, only a small fraction of Internet users are actually placed under surveillance,[11] although the productivity of doing so is questionable.[12] For your average boring Joe, their NSA's database entry is flushed every two or thirty days (because it's a waste of resources); however, if an individual is under suspicion, then the collected data is held indefinitely. Anyone found searching up Tails or Tor is added to a list indefinitely to be placed under surveillance.[11][13] This falls under the assumption that these people have something to hide. In fact, here's what the NSA looks for when passively monitoring raw Internet packets (the full source code can be found here):

  1. Search for potential Tor clients connecting to onion servers on ports 80 and 443
  2. Check if user accessed
  3. Extract Tor bridge IP addresses from confirmation emails
  4. Check what region reads from the user.
  5. Check if a user searches for the following terms on a search engine:
    1. 'tails'
    2. 'Amnesiac Incognito Live System' with one of the words
      1. 'linux'
      2. ' USB '
      3. ' CD '
      4. 'secure desktop'
      5. ' IRC '
      6. 'truecrypt'
      7. ' tor '
  6. Check if user accesses '' or '*' and fingerprint them.
  7. Aggregate Tor hidden service addresses by spotting the ".onion" extension.

The best part is that the NSA spends taxpayer's money and dedicates actual time to perform these checks on a daily basis on raw Internet traffic. To that, we can only hope it keeps digging the United States into deeper and deeper debt. Putting citizens on a watch list for simply accessing the Tor website is just ridiculous considering how mainstream it is. Not to mention that "tails" is also the name for a video game character, so there will be false positives.


  1. The middle and exit relays change about every ten minutes, the guard node stays the same.
  2. The speed issue can be minimized by using the Tor-enabled browser for only the pages you need anonymity and a different browser for everything else, or use proxy auto-configWikipedia's W.svg to sort out the sites.
  3. Confirmation attacks are when a clients connect goes through an entry and exit node that is used by an adversary.