Before we share our results, this portion of the paper will include a synopsis of Tor’s history, the setup process, and an explanation in the mechanics of how Tor keeps users activity secret. History The Onion Router (abbreviated by Tor) was originally devised by the Naval Research Laboratory and used by the U.S. Navy to keep the identity of federal employees hidden while on the internet  The idea behind the concept of internet anonymity happened when an employee needed to access the internet, yet they didn’t want anyone to see their IP address.
Tor would hide the IP addresses by passing the requests through several computers before reaching its destination. These paths would change the IP address of the original request, thus making it virtually impossible for any eavesdropper to find the client’s IP address.
The only traffic that would be seen would be the final packet since the request would leave the Tor network to the destination, however, by this time the IP address would’ve been masked by multiple addresses.
The only downside to this idea was that all of the computers on the network belonged to the U.S. Navy and any traffic would still be under their network. In 2003, Tor was released as an open-source software, allowing anyone to use Tor. As Tor picked up steam, users were from all over the globe with different intentions for using the browser; some were using it for masking their daily browsing, while others with malicious intent conducted illegal business.
However, with users utilizing their computers on the Tor network, the U.S. Navy was able to hide while on the Tor network, since their requests would pass through any computer in the world, which was connected to the Tor network. As of today. Tor remains to be a free open-source software who, just about anyone with a computer, can use. The software is available for download for Windows, Mac, and Linux computers. As an open-source software, Tor relays on its community for help. Users to report any vulnerabilities that they may find. Vulnerabilities are usually fixed within a short time and are always documented on the Tor’s website. Also, the users volunteer by using their own computers to allow Tor traffic to pass through. Lastly, Tor receives its funding from various sponsors and their private donations.
Dark Web vs. World Wide Web Websites that reside on the world wide web are known as websites. These websites are frequently visited by many through popular browsers such as Google Chrome, Safari, and Mozilla Firefox. Web browsers that connect users to the world wide web do not have any identity protection feature to mask users traffic history. Thus, many web users data is out in the open for anyone to view. Onion browsers such as Tor connect users to the dark web. Web browsers that are connected to the world wide web cannot access dark websites. This can be viewed based on the domain of the URL. Websites ending with the domain of “onion” are categorized as dark websites. Moreover, the world wide web contains most of its information on databases, which are accessed by the search engine.
A search engine connects users to websites. Unlike the world wide web, Tor and other onion browsers lack a search engine. In other words, users must know the URL of the website that they want to access. Particularly, the deep web lacks a search engine since too much data resides on its network. According to the white paper, “The Deep Web: Surfacing Hidden Value”), “the deep web contains 7,500 terabytes of information compares to 19 terabytes of information” found on the world wide web(https://quod.lib.umich.edu/cgi/t/text/text-idx?c=jep;view=text;rgn=main;idno=3336451.0007.104).
How It Works The way Tor works is by first enclosing your information with layers of encryption and then as your traffic travels through node to node to get to its destination, layers of that encryption are peeled away just enough so that the nodes know where to direct the information next but not too much as to where your private information can be seen or leaked hence its nickname the Onion web browser. Since Tor uses a built-in VPN as well as the https protection standard as much as it can, traffic through Wireshark is hard or impossible to decrypt so we tracked it down by looking for abnormal traffic data in our data capture and that was the unusually high TLS data connections after firing up the web browser and we were able to get the IP address of one of Tor’s VPN servers and track down the first handshake we created with that server and found out the location of it as well which in our case was Australia. Since all of our traffic captured was sent over TLS or SSL it proves that not only were our data packets protected with multiple layers of security, so was our identity to the web by the VPN providing us with a over the sea ip address to hide our real public one instead.