Encrypting internet communications is a great start in addressing privacy concerns. But encryption solves only part of the anonymity issue: It hides what is being said, but not who is communicating.
Anonymous services take that next step to protect the parties in an online communication. The Tor project. a network of servers deployed across the Internet, is intended to shield parties from prying eyes and ears. Tor ("the onion router") describes both the development project and related software created to advance the privacy technology. Tor also provides a feature called hidden services that lets servers remain anonymous and provides secure services exclusive to the Tor network that are not visible, nor available, to the Internet public.
Tor offers many practical uses, such as researching sensitive topics and ensuring you can view the same information as the general public on a competitor's Web site. And, it can protect your VPN connections.
As it exists now, Tor is close but not quite ready for widespread enterprise employment. The network relies on volunteers for nodes and bandwidth, leaving the reliability of the network dependent on the goodwill of others. Funding is growing but is still a concern. In addition, there are legal uncertainties you should examine before you think about publicizing Tor to your users.
LAYERS OF PROTECTION
The onion routing technology, so named for its layered encryption approach and developed by the U.S. Naval Research Lab, works by passing encrypted messages from server to server within a distributed network (see "Onion Routing Defined" at nwc.com/2007/0205). Each onion server within the Tor network receives the encrypted message and decrypts the addressing information for the next server. The rest of the message remains encrypted with a different key and is then sent to the next server in the path. Each server can decrypt only the layer intended for it. This layering of encryption and routes ensures that no single server knows the message being sent, where it originally came from or its final destination. This technique, along with frequently changing the network path used for messages, prevents detection by traffic pattern analysis.
However, the onion routing protocol is not tamper-proof. Using various techniques, such as timing traffic patterns and correlating sent traffic with exit nodes, interested parties can figure out that messages are being sent to or from certain servers. In addition, detailed analysis of message patterns can determine how often servers are used and thus make educated guesses about that usage. However, the message content is still encrypted and remains private as long as that encryption isn't broken.