Transcript: Episode 61 (Hidden Internet)
Nick: Tonight’s topic is the deep interwebs.
Virginia: Parts of the internet that Virginia has never seen and doesn’t understand!
Nick: The dark corners of the internet.
Virginia: I really feel like this is going to be useful. Educate me!
Andrew: Ok. There’s a piece of software called “Tor,” which stands for “The Onion Router.” It’s initial usage was anonymity when browsing the internet. The way it works is that there’s all these Tor nodes. You can run a node on your home connection or on a server. When you connect to the network, it creates a circuit. The circuit goes through several different nodes and then out an exit node to the internet. It’s all layers of encryption. Each part of the circuit only knows the next part of the circuit and who came before. They don’t know where a connection originates from and where it’s going to.
Nick: And each node kind of wipes the information that it does know.
Andrew: And it’s not terribly useful to hang onto that data. As a node, all you know is that you’re passing an encrypted packet that came from node A and is going to node B. This is utterly useless information.
Virginia: So this differs from HTTP?
Andrew: No. You can do HTTP over Tor. HTTP is how you access a website.
Virginia: And Tor is the transmission of information?
Leland: Yeah. It further obfuscates the IP, TCP and other information.
Andrew: Basically what that means is that if you connect to a site, they don’t see your home IP address. They see the exit IP address. If they were to try to trace things back, the exit node would be all they found. It’s really great for political dissidents.
Virginia: So why don’t most internet surfers do it? It’s a pain in the ass?
Andrew: It’s slow. It’s a pain.
Nick: It’s really slow.
Andrew: And it does not provide privacy. Things that a lot of people get confused on is that there’s a difference between anonymity and privacy. Anonymity means that it’s hard or impossible to figure out who you are by the connection alone. That’s what Tor is good for. It provides good anonymity.
Nick: But, if you post under your username, then it doesn’t matter.
Andrew: That’s right. You just revealed your identity.
Nick: But they still might not know where you’re at.
Andrew: Right. So it could be good if you’re like a fugitive or political dissident on the run and you still want to post to a Twitter account. It also doesn’t provide privacy. The exit node sees all unencrypted data, so if I’m logging into a site, my password is now exposed. If I’m not using SSL or HTTPS over that connection, then that exit node sees that traffic.
Leland: It’s as exposed as your regular internet.
Andrew: The problem is that when you’re using Tor, there’s an exit node that is potentially malicious listening to your traffic, whereas at home, there’s no one listening (other than the CIA).
Leland: And there’s no way to determine what exit node you go through.
Andrew: You get to pick.
Leland: I was unaware of that.
Andrew: You get to pick how your circuits are built. That way no one can force you into a set of compromised nodes.
Leland: I thought it was all randomized.
Andrew: Well, the client picks them semi-randomly. The client actually usually tries to pick nodes in different geographic places to bounce the signal around and make it harder to track. That’s the conventional way of using Tor. All the entry nodes are known. There’s a list of them because that’s how the network works. There’s a new type of node that’s called a bridge node and the IP is not known to the network as a whole. It’s useful if you’re in Iran and want to post something outside their network.
Thanks for reading our transcript! Check out iTunes for the full show!