Onion routing: Definition, mechanism, and key features

Onion routing is the privacy-enhancing technique used on The Onion Router (Tor) network. This technique encapsulates the data traveling the computer network in multiple layers of encryption, resembling layers of an onion.

The encrypted data passes through a series of nodes (onion relays and servers), making it difficult for unauthorized parties to trace the source or the final destination of the message or access its content. As the encrypted data travels to its destination, with each layer of encryption corresponding to a different node in the circuit, each intermediary node decrypts one layer of encryption, similar to how you would peel an onion.

Onion domains (.onion) are the addresses of websites and services hosted on the Tor network. They employ the onion routing technique to maintain enhanced privacy of both the users and the onion routing servers.

1. Layered encryption. In onion routing, the data is enveloped in multiple layers of encryption at the first node, known as the entry node. Then the data passes through multiple middle nodes until it reaches the exit node. The first middle node decrypts the first layer of encryption, revealing the destination of the next node in the circuit. The next node removes a layer of encryption and so on. As the message travels through each node, one layer of encryption is removed each time, revealing the destination of the following node. Only the final node, the exit node, knows where the message should go. It removes the final layer of encryption and delivers the message to its final destination. Onion routing obscures your IP and other system information from the websites you visit and your ISP.
2. Volunteer-operated nodes. The onion router network is an open-source, decentralized network consisting of thousands of volunteer-run servers (often referred to as “relays” or “nodes”). There is no central authority, which reduces the risk of data interception.
3. Enhanced resistance to traffic analysis. Due to the layers of encryption that onion routing envelops your traffic in, it is challenging for malicious actors to analyze network traffic patterns and perform traffic analysis to identify the source and the destination of the message. Advanced cybercriminals could possibly observe parts of the network but could not easily piece together the complete path of communication.
4. Access to the deep web. Onion routing allows users to access a portion of the deep web known as the Dark Web. These parts of the deep web require special software, such as the Tor browser, to access (read our article on the browser to learn if Tor is safe to use). However, accessing the Dark Web is risky and not advisable because it hosts illicit activities and services.
5. Bypassing censorship. Users can employ the onion network to bypass censorship and access the free internet in heavily restricted countries, where government agencies monitor the internet.
6. No direct connection. The data transferred between the sender and the receiver never travels directly between the two but is routed through a series of intermediary nodes, ensuring privacy from snoopers.
7. Secure public Wi-Fi usage. Onion routing helps to secure your online communications over public Wi-Fi networks, which are known for their lack of encryption and other security vulnerabilities.

1. Slower browsing speeds. In onion routing, the hopping from node to node can impact network performance and slow down the browsing speeds due to increased latency.
2. Not all traffic is encrypted end-to-end. Onion routing only provides privacy for your messages up to the point of exit from the network. The traffic between the exit node and its destination is not encrypted, so it might become vulnerable to surveillance and modification, especially if it leaves the onion routing network to access a website that runs on the unencrypted HTTP protocol.
3. Exit node vulnerabilities. Even though most relay servers on the onion routing network are operated by volunteers with good intentions, it is possible that some of the nodes might be set up by malicious actors. The exit node, where the data exits the Tor network and enters the regular internet, might be controlled by a cybercriminal.
4. Not immune to sophisticated traffic analysis attacks. While the content of the messages is encrypted, cybercriminals can still observe the timing, size, and frequency of data packets entering and exiting the network to deduce patterns and relationships between the user and their activities.
5. Possible exposure to illegal or harmful deep web content. Part of the deep web, known as the Dark Web, is infamous for malicious websites, scams, and other cyberthreats. So practice caution accessing the deep web or, better yet, don’t do it at all. Luckily, you can make use of onion routing without accessing the deep web or the Dark Web. To make sure your account information has not been leaked to the Dark Web, visit our webpage on Dark Web monitoring.
6. Dependency on volunteer-operated infrastructure. Not all nodes are equally well maintained. During high levels of traffic the network could experience congestion, resulting in limited speed, reliability, or, if poorly configured, even security.

I2P (the Invisible Internet Project) scatters your online traffic. Unlike the onion network, which envelops a single message in layers of encryption, I2P uses garlic routing to bundle multiple messages together into a single encrypted packet called a “garlic clove.” These packets are then further encrypted and only then routed through the I2P network.

I2P focuses on creating a separate ecosystem — an encrypted overlay network on top of the regular internet. I2P website addresses end in .i2p, while Tor domains end in .onion. Tor is typically used more for general web browsing over a public network, while I2P provides more privacy for your online communications within its network by bundling up your messages and scattering them.

Onion routing and a VPN might seem similar because they both use encryption to protect your online traffic. Also, onion routing hides your IP from your ISP just as a VPN does. However, the two have more differences than similarities:

• Encryption process. Onion routing encrypts your data in multiple layers of encryption and routes it through a series of individually maintained nodes. A VPN encrypts your traffic and sends it over a secure tunnel between your device and a remote VPN server.
• Privacy and accountability. The nodes in the onion network are operated by volunteers, and there is no single entity overseeing the process, which opens a possibility that some nodes could be run by malicious actors. Reliable VPN services are transparent about their operations, protect their user’s privacy, and do not store users’ connection logs.
• Connection speed. Routing your data through multiple nodes on the onion network can slow down your internet speed drastically, while with a VPN you shouldn’t notice any significant slowdowns.

FAQ

How many layers are there in onion routing?

The onion network typically uses three layers of encryption. However, the number of layers and the specific routing configurations can vary depending on different implementations of onion routing and different privacy networks. The number of encryption layers corresponds to the number of nodes (servers) the data passes through in the network.

What is onion routing combined with a vpn?

NordVPN offers a special feature that combines the security and privacy of a VPN service with onion routing’s benefits. Our Onion Over VPN servers allow users to access the onion network securely without the need for a separate Tor browser. When you connect to one of these servers, your traffic is being redirected through the onion network and passes though it before reaching its final destination.