Exploring Onion Routing: The Key to Anonymous Internet Communication

Harsha KamakshigariHarsha Kamakshigari
6 min read

Table of contents

Introduction

Think Google Chrome’s incognito mode keeps you invisible online? Think again. It only hides your browsing from others using your device—not from the internet itself. ISPs, advertisers, and governments can still track your every move. So, who’s the real gangster of online anonymity? Meet Tor, powered by onion routing—a system that cloaks your identity by bouncing your data through a labyrinth of encrypted servers. In a digital world teeming with surveillance, onion routing is your secret weapon for anonymous communication. Let’s peel back the layers and see how it works.

What is Onion Routing?

Onion routing is a privacy technique that lets you communicate online without revealing who you are or where you’re going. Imagine wrapping your data in multiple layers of encryption, like an onion, where each layer is peeled off by a different server (or “node”) along the route. No single node knows both your identity and your destination, making it nearly impossible for snoopers—whether hackers, ISPs, or governments—to trace you.

Developed in the 1990s by the U.S. Naval Research Laboratory to protect intelligence communications, onion routing is now the backbone of Tor (The Onion Router), a free, open-source browser used by millions to browse anonymously, bypass censorship, or access hidden parts of the internet.

How Tor Works

Tor sends your internet traffic through a network of volunteer-run servers, or nodes, to keep it private. Here’s the process in simple terms:

  1. Building the Path: When you open Tor, it connects to a trusted server called a Directory Authority to get a list of available nodes. It then picks three random nodes: an entry node (the guard), a middle relay, and an exit node, often in different countries (like France, Germany, and the Netherlands).

  2. Layered Encryption: Your data, like a website request, is encrypted three times, each with a unique key. Think of it as sealing your message in three locked envelopes:

    • The entry node opens the first envelope, revealing instructions for the middle relay.

    • The middle relay opens the second, passing the message to the exit node.

    • The exit node opens the final envelope and sends your request to the destination, like facebook.com.

  3. Routing:

    • The entry node knows your device’s address but not your destination.

    • The middle relay knows neither your address nor the destination.

    • The exit node knows the destination but not your address. The website sees only the exit node’s address.

  4. Reply: The website’s response travels back through the same path, with each node re-encrypting it to keep it secure.

For example, if Alice in New York uses Tor to visit facebook.com, her request might bounce through France, Germany, and the Netherlands. The website thinks the request came from the Netherlands, with no clue about Alice. As the saying goes, “Everyone’s a gangster until the real gangster arrives”—and Tor’s layered encryption is the real deal.

My Onion-Routing Prototype

To understand onion routing hands-on, I built a Python-based prototype simulating a three-node network, inspired by Tor. The system uses:

  • AES for symmetric encryption of the message.

  • RSA for encrypting AES keys, ensuring secure key exchange.

  • Sockets for communication between nodes (running on localhost ports 5002 and 5003).

Here’s how it works:

  • Client (main.py): The user inputs a message, which is encrypted in layers. The build_onion function encrypts the message for Node 3, wraps it for Node 2, and sends it to Node 2 via a socket.

  • Node 2 (node2.py): This middle relay decrypts its layer using its RSA private key to retrieve the AES key, then uses AES to uncover the next layer (a JSON payload). It forwards this to Node 3.

  • Node 3 (node3.py): The final node decrypts the last layer, revealing the original message.

The payload files (payload.json, payload_node2.json, payload3.json) show the encrypted data as it’s passed along, with base64-encoded ciphertexts, keys, and IVs. I also included a FastAPI WebSocket server (main.py) to simulate real-time communication, though it’s more of an experimental add-on.

Challenges? Debugging socket connections was a nightmare—nodes often timed out or received malformed JSON. Ensuring proper padding for AES encryption was another hurdle; one wrong byte and the whole chain broke. But seeing the final message pop up on Node 3 after peeling all layers was incredibly rewarding. Check out the code on my GitHub Onion Routing.

Strengths of Onion Routing

Tor’s onion routing shines in:

  • Anonymity: No single node has the full picture, thwarting trackers.

  • Censorship Resistance: Tor helps users in restrictive regimes access blocked sites like news outlets or social media.

  • Open-Source Trust: Tor’s code is public, audited, and maintained by the nonprofit Tor Project.

As Edward Snowden said, “Privacy isn’t about something to hide. Privacy is about something to protect.” Tor embodies this.

Limitations

Onion routing has trade-offs:

  • Exit Node Risks: The exit node decrypts your data before forwarding it. Without HTTPS, a malicious exit node could snoop. Always use secure sites!

  • Latency: Multiple hops slow things down, as I noticed in my prototype’s socket delays.

  • Advanced Attacks: State-level actors might correlate traffic patterns, though this is rare and complex.

Real-World Uses of Tor

Beyond the dark web, Tor has noble uses:

  • Journalists and Whistleblowers: Reporters in censored regions use Tor to share stories securely, like exposing government corruption without being traced.

  • Activists: People in oppressive regimes access blocked platforms, such as Twitter, to organize protests or share ideas.

  • Everyday Privacy: Regular users browse privately to avoid tracking by advertisers or data brokers, like checking health information without targeted ads.

Security Tips for Tor Users

1. Always Use HTTPS

Tor encrypts traffic within its network, but the exit node can see unencrypted data. Always use HTTPS (look for the padlock or https://) to protect your communication end-to-end.

2. Avoid Logging Into Personal Accounts

Don’t sign into personal services like Gmail, Instagram, or online banking. Logging in can easily de-anonymize you, defeating the purpose of using Tor.

3. Disable JavaScript

JavaScript can expose information via tracking scripts or fingerprinting. Use Tor Browser’s “Safest” security setting to block potentially harmful scripts.

4. Use Bridges (if needed)

If Tor is blocked or throttled in your region, enable Bridge relays via Tor’s settings. They help you bypass censorship and connect to the network anonymously.

5. Don’t Torrent Over Tor

Tor isn’t built for torrenting. P2P traffic can leak your IP, harm performance, and slow down the network for others. Use a privacy-focused VPN if torrenting is a must — but never over Tor.

6. Consider Using a VPN with Tor

Using a VPN + Tor setup can hide your Tor usage from your ISP, especially in countries with heavy surveillance.
You have two options:

  • VPN → Tor (safer for most users): Connect to a VPN first, then open Tor. Your ISP only sees encrypted VPN traffic, not Tor usage.

  • Tor → VPN (advanced use cases): Rarely used, as it sends traffic from Tor to a VPN server, but this can weaken anonymity and leak data if not done right.

Caution: Always use a trustworthy, no-log VPN provider.

Bonus: Use Tails OS

For ultimate privacy, boot into Tails OS — a portable Linux distro that routes everything through Tor and leaves no trace on the machine.

Conclusion

Onion routing, as seen in Tor and my simple prototype, offers a powerful way to protect online privacy. My project—a basic three-node system using AES, RSA, and sockets—gave me a glimpse into Tor’s layered encryption, despite challenges like socket hiccups. Tor’s ability to shield users from surveillance and censorship is invaluable, though its dark web ties show its dual-use nature. Always use HTTPS and avoid sensitive logins on Tor to stay safe. As privacy matters more than ever, tools like onion routing help us reclaim control over our digital lives.

GitHub Repo- https://github.com/HarshaKamakshigari/Onion-Routing

8
Subscribe to my newsletter

Read articles from Harsha Kamakshigari directly inside your inbox. Subscribe to the newsletter, and don't miss out.

onion routingtorSecurityProxies IP, internet security, HTTP protocol, internet privacy, Anonymous Proxy

Written by

Harsha Kamakshigari
Harsha Kamakshigari