IS TOR REALLY ANONYMOUS AND SECURE ? REALITY OF TOR AND HTTPS CONNECTIONS ? [EXPLAINED]

[INTRODUCTION TO TOR]

First and foremost, to protect yourself while browsing the internet you should be using TOR(The Onion Router). Tor will provide you with a degree of anonymity by using an 128-bit encryption i.e AES(Advanced Encryption Standard). Only NSA can crack this code. As a result TOR cannot provide the anonymity against NSA. This is why, you should never send anything over TOR that you're not comfortable in sharing with the world.

[HOW TOR WORKS]

Communication from computer to Internet relies on entry node which enters your computer into TOR network. This entry node communicates with your computer which knows your IP address. This entry node encrypts your request and passes to the relay node. The relay node communicates with the entry node and exit node but doesn't know the IP address. The exit node is where your request is decrypted and sent to Internet. The exit node does not know your IP but it knows IP of relay node. Using this model of 3 nodes it makes it harder, but not impossible to correlate your request to your original IP.

[HOW NSA IDENTIFIES THE ORIGINAL IP]

When you enter plain text into TOR problem arises because anybody can setup an exit node. The FBI can setup an exit node, the NSA, or any other government organisation, or any malicious person who want to steal your data. You must not enter any sensitive data into any websites, especially when accessing them over TOR. If someone have the computing power and is able to decrypt your request that i will not remain sensitive anymore.

[HOW TO FIX THIS]

There are many servers that provide hidden services. You can easily recognize this service by the address .onion. These services offer what's called end-to-end encryption. What this does is take the power out of the exit nodes and put it into your hand. Remember, the exit node has the key to decrypt your request. The exit node can see in clear text what you are sending once they decrpyt it. So if your entering any confidential information than exit node has your infromation.

[HTTPS]

Another thing that you can do is visit the sites with HTTP secure. You can tell if the website you are visiting is using HTTP secure by the prefix at the beginning of the address. If you see https:// then your website is using HTTP Secure. What this does is encrypts your requests so that only the server can decrypt them, and not somebody else such as compromised TOR exit node. This is another form of end-to-end encryption. If somebody were to intercept your request over HTTP secure, they would see encrypted data and would have to work to decrypt it. Another reason you want to use HTTPS whenever possible, is that malicious Tor nodes can damage or alter the contents passing through them in an insecure    fashion and inject malware into connection. This is particularly easier when you  are sending requests in plain text but HTTPS reduces this possibility. You must be made aware however, that HTTPS can also be currently cracked depending on the level of the key used to encrypt it. When you visit a website using HTTPS, you are encrypting your request using their public key and they are decrypting it using their private key. This is  how cryptography works. A public key is provided to those who want to send an encrypted message and the only one who can decrypt is the one with the private key. Unfortunately, many websites today are still using private keys that are only 1,024 bits long which in today’s world are no longer enough. So you need to make sure you find out which level of encryption the website you are visiting uses, to make sure they are using at a minimum 2,048, if not 4,096 bits. Even doing all of this unfortunately is not  enough, because we have another problem. What happens if the web server itself has become compromised? Maybe your TOR nodes are clean, maybe you have used HTTPS for all your requests, but the web server itself of the website you are visiting has been compromised. Well then all your requests are again, as good as plain text.

So, this was all about how TOR and HTTPs network works for anonymity.