When it comes to online privacy, Tor has been the programme of choice for nearly two decades. Every day millions of users log on to the Tor-enabled network to browse, communicate, and purchase services anonymously. As DIGIT has noted in the past, anonymous forums are far from inherently malicious places, in many cases securing their users’ safety as well as their privacy.
For the first time in a decade, Tor has ‘revamped’ its security provisions, alongside integrating other handy services into the programme. An official changelog has been released, which provides an overview of the tweaks to be implemented in the alpha release of the update, most of which centre on bolstering the strength of the network’s security nodes.
Nodes function as anonymising points in the network, and so if just one node is compromised, the privacy of the user is too. At least two major security systems previously used in Tor nodes have been dropped by the Tor team, in light of recent security events. The first of these defunct systems, named RSA (Rivest–Shamir–Adleman, in which the encryption keys that unlock information are separated from hidden decryption keys), was removed from Tor in light of the widely publicised Estonian ID card fault
The second security feature, titled SHA-1 (Secure Hash Algorithm 1), has been widely regarded as shaky for some time, and was cracked in February by Google engineers. The updated SHA-3, according to Professor of Computing at Napier University Bill Buchanan, is fit for IoT and lighter cryptography methods.
Professor Buchanan told DIGIT: “The TOR network is created with each routing node adding its encryption key, and then all the keys are used to encrypt the data.
“Each routing node along the way then decrypts the packet with the negotiated encryption key, and where no other node can determine the contents of the data transmitted. If a malicious entity places its own nodes for routing, it may be possible, over time, for some traffic to travel over the malicious routing elements, and thus gain all of the encryption keys. These updates further guard against this, by monitoring the routing agents more strictly.”
The Tor team have also been quick to update a major exploit detected in Mac and Linux versions of the programme, which would not extend the protection of Tor to some browsers in certain instances. Summarising the speediness of this fix and the other updates in general, Professor Buchanan added: :The attention to detail is something that the TOR Project has continually showcased, and have always been quick to update and patch.”