Originally posted by sanchoearlyjones
that's a great point. I know an IP address can be traced, but going the route You mention is more difficult to track. I guess it is only a matter
of People realizing how important it is to do this. Soon, I think it'll be self evident, that is the necessity.
The more People using this system the better, and the smoother it'll be.
Actually it is currently impossible to track a TOR connection if used correctly, let me explain.
If you connect through a standard proxy server then your home connection goes to that server (through a few normal servers) and then accesses the net.
The problem with this is that most proxy servers online are run by large companies and they keep logs, for a long time.
TOR however is run by people who are obsessed with anonymity. You or i could set up a server right this minute and mix it with the TOR proxies. If we
choose to not keep logs for longer than a few hours and set it up so that those logs are regularly overwritten, well no one is getting that data.
I'll explain it in more detail.
Say you set your system to connect through TOR, it will bounce that connection between nodes (proxy servers sort of) run by everyday people. It could
bounce it between 5 different nodes! If you do it properly you encrypt your data going from your computer to the first node and each node encrypts the
data to every other node. Doing this means that if you post a political blog and expose a scandal then law enforcement will have to undergo the
First they ask the blog provider to give them your name, address and email, of course you use false details and you access your email through TOR.
They then check the last IP address to access your blog or email. These addresses won't match because TOR uses a different node each and every time.
So they take this IP address and run it down, lets say you were bouncing through 5 nodes. They will find the 5th node in that chain. They then have to
get a court order to physically access and often confiscate that node. The most troubling thing for them is that this node will probably be in another
country and so they have to go to that countries authorities to access that computer. This could take weeks of paperwork and by that time the nodes
access logs have probably been over written a hundred times.
If they get access to the node and that node has been properly set up not to store logs (most are due to the very nature of TOR) then the only
possible hope they have of retrieving the logs is by using an electron scanning microscope. The sheer cost of that is out of reach of most police
departments and is often only used in high profile terrorism cases. Even if they do all of this it is highly doubful they can retrieve the IP address
of the node that accessed the node they have!
Now repeat this procedure 4 more times and well, you get the security of this system
There are a few ways around this. If someone can examine the data coming from your computer and the data at it's arriving location they can use
statistical analysis to figure what is in it. However this is horribly difficult! Someone would have to know who you are and the likely websites you
access. If you encrypt your data from source and then use a further proxy browser then they can pretty much forget that option. Of course they could
expend many hours of time on a supercomputer to crack the encryption but if users of nodes use different encryption systems, well it will take a
while. That is unless the government has secretely developed a quantum computer and i somehow doubt they would use it on a political blog user
So yeah that is TOR in a large nutshell, i skipped over a few thing but that is it basically.