Onion routing: Definition, mechanism, and key features
Onion routing is a technique for enhancing your online privacy by covering your data with layers of encryption when you browse the internet. Learn about how onion routing works, how you can benefit from it, and what risks you might face if you use it.
Contents
What is onion routing?
Onion routing is the privacy-enhancing technique used on The Onion Router (Tor) network. This technique encapsulates the data traveling the computer network in multiple layers of encryption, resembling layers of an onion.
The encrypted data passes through a series of nodes (onion relays and servers), making it difficult for unauthorized parties to trace the source or the final destination of the message or access its content. As the encrypted data travels to its destination, with each layer of encryption corresponding to a different node in the circuit, each intermediary node decrypts one layer of encryption, similar to how you would peel an onion.
An .onion domain is the address of a website that can only be accessed through the Tor anonymity browser. Regular browsers won’t be able to navigate the relay of proxy servers that will take users to this type of website.
Onion domains (.onion) are the addresses of websites and services hosted on the Tor network. They employ the onion routing technique to maintain enhanced privacy of both the users and the onion routing servers.
Seven key features of onion routing
- Layered encryption. In onion routing, the data is enveloped in multiple layers of encryption at the first node, known as the entry node. Then the data passes through multiple middle nodes until it reaches the exit node. The first middle node decrypts the first layer of encryption, revealing the destination of the next node in the circuit. The next node removes a layer of encryption and so on. As the message travels through each node, one layer of encryption is removed each time, revealing the destination of the following node. Only the final node, the exit node, knows where the message should go. It removes the final layer of encryption and delivers the message to its final destination. Onion routing obscures your IP and other system information from the websites you visit and your ISP.
- Volunteer-operated nodes. The onion router network is an open-source, decentralized network consisting of thousands of volunteer-run servers (often referred to as “relays” or “nodes”). There is no central authority, which reduces the risk of data interception.
- Enhanced resistance to traffic analysis. Due to the layers of encryption that onion routing envelops your traffic in, it is challenging for malicious actors to analyze network traffic patterns and perform traffic analysis to identify the source and the destination of the message. Advanced cybercriminals could possibly observe parts of the network but could not easily piece together the complete path of communication.
- Access to the deep web. Onion routing allows users to access a portion of the deep web known as the Dark Web. These parts of the deep web require special software, such as the Tor browser, to access (read our article on the browser to learn if Tor is safe to use). However, accessing the Dark Web is risky and not advisable because it hosts illicit activities and services.
- Bypassing censorship. Users can employ the onion network to bypass censorship and access the free internet in heavily restricted countries, where government agencies monitor the internet.
- No direct connection. The data transferred between the sender and the receiver never travels directly between the two but is routed through a series of intermediary nodes, ensuring privacy from snoopers.
- Secure public Wi-Fi usage. Onion routing helps to secure your online communications over public Wi-Fi networks, which are known for their lack of encryption and other security vulnerabilities.
Six potential risks and downsides of onion routing
- Slower browsing speeds. In onion routing, the hopping from node to node can impact network performance and slow down the browsing speeds due to increased latency.
- Not all traffic is encrypted end-to-end. Onion routing only provides privacy for your messages up to the point of exit from the network. The traffic between the exit node and its destination is not encrypted, so it might become vulnerable to surveillance and modification, especially if it leaves the onion routing network to access a website that runs on the unencrypted HTTP protocol.
- Exit node vulnerabilities. Even though most relay servers on the onion routing network are operated by volunteers with good intentions, it is possible that some of the nodes might be set up by malicious actors. The exit node, where the data exits the Tor network and enters the regular internet, might be controlled by a cybercriminal.
- Not immune to sophisticated traffic analysis attacks. While the content of the messages is encrypted, cybercriminals can still observe the timing, size, and frequency of data packets entering and exiting the network to deduce patterns and relationships between the user and their activities.
- Possible exposure to illegal or harmful deep web content. Part of the deep web, known as the Dark Web, is infamous for malicious websites, scams, and other cyberthreats. So practice caution accessing the deep web or, better yet, don’t do it at all. Luckily, you can make use of onion routing without accessing the deep web or the Dark Web. To make sure your account information has not been leaked to the Dark Web, visit our webpage on Dark Web monitoring.
- Dependency on volunteer-operated infrastructure. Not all nodes are equally well maintained. During high levels of traffic the network could experience congestion, resulting in limited speed, reliability, or, if poorly configured, even security.
Tor vs. I2P: Understanding the differences between onion and garlic routing
I2P (the Invisible Internet Project) scatters your online traffic. Unlike the onion network, which envelops a single message in layers of encryption, I2P uses garlic routing to bundle multiple messages together into a single encrypted packet called a “garlic clove.” These packets are then further encrypted and only then routed through the I2P network.
I2P focuses on creating a separate ecosystem — an encrypted overlay network on top of the regular internet. I2P website addresses end in .i2p, while Tor domains end in .onion. Tor is typically used more for general web browsing over a public network, while I2P provides more privacy for your online communications within its network by bundling up your messages and scattering them.
What is the difference between onion routing and a VPN?
Onion routing and a VPN might seem similar because they both use encryption to protect your online traffic. Also, onion routing hides your IP from your ISP just as a VPN does. However, the two have more differences than similarities:
- Encryption process. Onion routing encrypts your data in multiple layers of encryption and routes it through a series of individually maintained nodes. A VPN encrypts your traffic and sends it over a secure tunnel between your device and a remote VPN server.
- Privacy and accountability. The nodes in the onion network are operated by volunteers, and there is no single entity overseeing the process, which opens a possibility that some nodes could be run by malicious actors. Reliable VPN services are transparent about their operations, protect their user’s privacy, and do not store users’ connection logs.
- Connection speed. Routing your data through multiple nodes on the onion network can slow down your internet speed drastically, while with a VPN you shouldn’t notice any significant slowdowns.
FAQ
Want to read more like this?
Get the latest news and tips from NordVPN.