TOR - Technical overview.
In today's world owning our own data is rarity. Every app and service we use becomes a privacy concern. There are only a few services that can be used without compromising on privacy and anonymity.
Tor
The TOR network, the main part of the so called dark web, is often thought of as an illegal marketplace, and a breedingroom of hackers. This couldn't be further from the truth. The project started as a way to anonymize communications of american intelligence, then it was released to the public as an open source project. Many of it's users are escaping from oppressive regimes or simply seeking privacy in their lifes.
How does TOR work?
In the simplest terms, a tor circuit is formed from client through 4 relays: the entry guard, middle relay, exit relay. Traffic is decrypted layer by layer in each relay, hence the name "onion" routing. This makes the entry guard know the source (IP) of the traffic, while the exit node could only see what was sent but not who sent it, that's also problematic since if we are not using an encrypted protocol like HTTPS the exit node could see plaintext messages.
Every link client-to-router and router-to-router is encrypted with TLS.
The client establishes a shared secret using ECDH - Elliptic-curve Diffie–Hellman algorithm (curve25519), it uses that shared secret for encrypting the the data using AES-256(in CTR mode). It establishes a shared secret with each node in the circuit over the previous nodes encryption. Finally after establishing a circuit, the client sends the data encrypted 3 times with each nodes shared secret. As it traverses through the nodes it's decrypted layer by layer using the shared secret in each relay, as finally the data is decrypted into plain text format by the last node.
This process assures privacy and anonymity of the user, but what bout the server?
Hidden services
These are the hidden sites that sometimes make it to the news. They connect to the tor network in a similar way to a client, keeping their anonymity. But for this to work the process is a bit more complicated:
Setting up the service
First, the hidden service picks 3 relays from the tor network, it establishes a circuit to them, and asks them tho be its introduction points (IP). The circuit has 2 relays between the server and the IP.
Then the hidden service creates a descriptor containing info about the introduction points, public keys and other information. This descriptor is then signed and uploaded to special tor nodes marked as HSDir (hidden service directory).
Connecting a client
When a client want's to connect, it first downloads the descriptor for the service it wants to connect to. To verify the descriptor it uses the public key enbeded into the onion address (onion_address = base32(PUBKEY | CHECKSUM | VERSION) + ".onion").
Then the client picks a relay, creates a circuit to it (through two other relays), and asks it to be its rendezvous point(RP). A special cookie is passed to the rendezvous point, that will later be used to bridge the connection.
In the next step, the client creates a circuit to one of the IPs and passes the same secret cookie + the address of the rendezvous point, encrypted with services public key.
The hidden service decrypts the rendezvous point data, and creates a circuit to it, the secret cookie is used by the rendezvous point to bridge the connection between the client and the server. Also in the process a keypair is created ensuring end-to-end encryption. Finally the server and the client are talking, both anonymously and privately.
All of this is a very big simplification of the process. If you are hungry for more i recommend the official docs:
spec.torproject.orgtorproject.gitlab.io/torspec
torproject.gitlab.io/torspec/rend-spec-v3
Now you know how tor works, but remember, even tho TOR helps you stay anonymous, it does nothing with bad opsec.