How Tor Works

Another 3 part series:<p><a href="http:&#x2F;&#x2F;jordan-wright.com&#x2F;blog&#x2F;2015&#x2F;02&#x2F;28&#x2F;how-tor-works-part-one&#x2F;" rel="nofollow">http:&#x2F;&#x2F;jordan-wright.com&#x2F;blog&#x2F;2015&#x2F;02&#x2F;28&#x2F;how-tor-works-part-...</a><p><a href="http:&#x2F;&#x2F;jordan-wright.com&#x2F;blog&#x2F;2015&#x2F;05&#x2F;09&#x2F;how-tor-works-part-two-relays-vs-bridges&#x2F;" rel="nofollow">http:&#x2F;&#x2F;jordan-wright.com&#x2F;blog&#x2F;2015&#x2F;05&#x2F;09&#x2F;how-tor-works-part-...</a><p><a href="http:&#x2F;&#x2F;jordan-wright.com&#x2F;blog&#x2F;2015&#x2F;05&#x2F;14&#x2F;how-tor-works-part-three-the-consensus&#x2F;" rel="nofollow">http:&#x2F;&#x2F;jordan-wright.com&#x2F;blog&#x2F;2015&#x2F;05&#x2F;14&#x2F;how-tor-works-part-...</a>

Cool blogpost. People that enjoyed this might also like to take a look at &quot;The Architecture of Open Source Applications&quot; <a href="http:&#x2F;&#x2F;aosabook.org&#x2F;en&#x2F;index.html" rel="nofollow">http:&#x2F;&#x2F;aosabook.org&#x2F;en&#x2F;index.html</a>.<p>Also, a few months back I annotated the original Tor whitepaper here <a href="http:&#x2F;&#x2F;fermatslibrary.com&#x2F;s&#x2F;tor-the-second-generation-onion-router" rel="nofollow">http:&#x2F;&#x2F;fermatslibrary.com&#x2F;s&#x2F;tor-the-second-generation-onion-...</a>

Remember that Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can&#x27;t encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet — use HTTPS or other end-to-end encryption and authentication.<p><a href="https:&#x2F;&#x2F;www.torproject.org&#x2F;projects&#x2F;torbrowser.html.en" rel="nofollow">https:&#x2F;&#x2F;www.torproject.org&#x2F;projects&#x2F;torbrowser.html.en</a>

It would also be useful to point out limitations and vulnerabilities. Tor browser has no protection against malware that hits the Internet directly, bypassing Tor circuits. But Tor Project does not prominently warn users about that on its website. While Tor Project does acknowledge Tor&#x27;s vulnerability to global adversaries, there&#x27;s also no prominent warning about that. If you run Tor in a terminal, you see &quot;This is experimental software. Do not rely on it for strong anonymity.&quot; But how many users will ever see that warning?

I&#x27;ve also written up a comprehensive IoT infrastructure using Tor, Node-Red, MQTT, and sensor&#x2F;actuator nodes as you choose.<p>It&#x27;s all documented here: <a href="https:&#x2F;&#x2F;hackaday.io&#x2F;project&#x2F;12985-multisite-homeofficehackerspace-automation" rel="nofollow">https:&#x2F;&#x2F;hackaday.io&#x2F;project&#x2F;12985-multisite-homeofficehacker...</a>

When I see articles about security related topics I immediately expect them to be served over HTTPS and get frustrated when they are not.<p>It makes me think if HN should perhaps make a stand and either display some sort of lock icon next to secure links or make it harder for insecure links to show in the front page. Where is the right place to discuss this?