Myth 1: Tor Is Unsafe Because It Was Developed by the U.S. Government
I cannot contradict the notion that onion routing was developed by the U.S. Navy and State Department because, well, it was. Because of this, there is a notion that suspects it may include a backdoor that allows the government to tune in and remove the veil that is put in front of all the communication you participate in. Although the U.S. government has funded (and in all likelihood continues to fund) the Tor project, the software’s source code is visible to everyone who uses it. So far, no one who has taken a serious look at the source code has ever found malicious backdoors in any version of the software released. It is, however, important to be aware that this could change at any time. There is no guarantee preventing the developers of Tor using it as a tool for spying on the people who depend on it, but the likelihood of this happening is extraordinarily low.
Myth 2: Tor Makes You Absolutely Anonymous
It’s a very common misconception that Tor is a magical tool that will completely mask your identity at the push of a button. When using onion routing, make sure you keep in mind that it’s basically a glorified encrypted proxy. It is very effective at hiding where traffic originates from, but that information isn’t as important as the information you give away to places you visit. If you create accounts with personal data or communicate in public forums, it’s still going to be easy to find out who you are. You can be “made out” by a simple analysis of your writing style, your interests, your clicking habits, and several other factors that uniquely “belong” to you. My advice is to avoid giving personal data to anyone that you’re not ready to trust. Using Tor isn’t going to stop people from handing your information to third parties.
Myth 3: Tor Cannot Be Monitored
Tor has constantly been hailed as a tool that could bring an end to government-sponsored surveillance. To some extent, it is true that surveillance efforts will constantly hit obstacles when trying to monitor the OR network on any significant level. However, that doesn’t mean that such a task is necessarily impossible. Yes, your own IP would remain a mystery if someone were to find your traffic by looking at what your exit node is spewing out. But exit nodes themselves are not immune to being tracked. They can easily be geolocated as you can see here.
Myth 4: All My Traffic Is Encrypted
Whether you’re using Tor or not, my advice to you is to attempt to use HTTPS and TLS in every situation in which you can. Tor only encrypts traffic as it journeys through all of the nodes, but whatever comes out of the exit node is the plain-text version of your message. Someone with a bit of know-how can run an exit node that logs all of the information you sent through it and gain access to all of your accounts and emails. You’re doing yourself a disservice if you do not take every step possible to encrypt all of the data you send before it reaches the Tor network. It’s not a magical encryption tool.
Conclusion
I am completely aware that I sound like a naysayer right now, but it’s very important to understand all of the risks surrounding onion routing so that you can be prepared to compensate for them. It’s better to do this than to allow yourself to be lulled into a false sense of security. Tor is a powerful tool, but it has a very specific purpose. In the end, you must treat Tor like you would a socket wrench or power drill. You can’t build a house with it, but it’ll surely help you along the way! Do you know of any other Tor myths that are circulating? Let us know in a comment!