In this age when privacy and security are more important than ever, is someone intent on undermining one of the most secure and private networks on the internet?

For those unfamiliar with The Onion Router, also known as Tor, let’s take a quick look at how it works. Understanding how the network works is crucial to explaining if Tor has been compromised. 

What is The Onion Router: Tor?

Tor is a non-profit organization that protects and preserves online privacy and anonymity. People – such as government agencies and corporations – cannot track your location or online habits.

It proposes a technology that bounces internet traffic among thousands of relay stations across the globe, making it extremely difficult for anyone to determine the information’s origin or destination.

Users can download this technology via the Tor browser bundle, which is also compatible with Android smartphones. 

Due to the relays, Tor may have some drawbacks, such as slower browsing and blocking some browser plugins like Flash. You can play YouTube videos for free using HTML5, but not by default.

Tor nodes

The Tor network relies on nodes that are operated by volunteers, these nodes form parts of the relay system. A Tor node may be set up by anyone, whether they are at home with a spare computer or a raspberry pi or even in a data centre. As data passes through the Tor network, a multilayered encryption system is used to ensure that no one relay can see the data inside the packets. Tor creates a series of virtual tunnels between all nodes in its network, and for each data transmission, a random relay path of tunnels, known as the route, is chosen.

There are three main types of Tor nodes:

  1. entry-guards
  2. middle-relays
  3. exit-nodes

Before it reaches its destination, every Tor packet is passed through at least three relays. Tor relay nodes are necessary for the Tor operation. Without them, there is no hiding of anyone’s identity or data on the network, which defeats the purpose of its creation.

Now we have a basic understanding of how the Tor network works, let’s take a look at where things went wrong.

How Was the Tor Network Compromised?

As we have alluded to above, the Tor network relies on nodes that are operated by volunteers. Anyone can establish a relay on the Tor network, and this may have been its very downfall.

Part of the signup process is you have to submit contact information to the Tor Project, Tor server operators are required by law enforcement and network administrators to cooperate with them in the event of a misconfiguration or abuse complaint.

By all accounts, this policy of having to submit contact information during the signup process wasn’t enforced as strictly as it should have been. The Tor Project may have overlooked this critical aspect in order to maintain a large number of nodes on the network.

Due to this oversight, a threat actor known as KAX17 was able to add nodes to the network in their hundreds. According to The Record, this threat actor has been traced back as far as 2017 and may have had control of over 900 nodes at one point in time.

So why is this a problem?

The reason this is a big issue lies in the fact that, as the data passes through the Tor network, a layer of encryption is peeled away as it passes through each relay. By controlling multiple relays, you can see more of the data and start piecing together a bigger picture.

Due to the volumes of KAX17’s servers, Tor users had a 16 per cent chance of connecting to the Tor network through one of them, a 35% chance of passing through one of its middle relays, and up to 5% probability of exiting via one, according to an interview with Nusenu, the security researcher who uncovered this issue.

Thanks to the work of Nusenu, the Tor Project has now removed the malicious relays associated with KAX17’s in October and November 2020.


As we have learned, the Tor network is a huge benefit to those looking for privacy and anonymity. But it’s not without its flaws. Tor has for many years, been the gateway to the DarkWeb, is it to be trusted more than a VPN company? One of the best ways we can improve the resilience of the network is by running a Tor node. This will help to dilute the efforts of bad actors while improving the available bandwidth on the Tor network.

Similar Posts