The Importance of Excluding Exit Nodes in TOR
Everyone knows that TOR hides your real IP address and encrypts your traffic. However, not many people truly understand how the “Onion Router” works. In this article, I’ll explain how this router operates and why it’s crucial to exclude certain exit nodes.
What Most People Call TOR
For reference: what many people call TOR is actually the TOR Browser. The TOR Browser is a suite for anonymous browsing, which includes:
- Mozilla Firefox browser
- TOR (The Onion Router)
- HTTPS Everywhere add-on
- NoScript add-on
- TOR Button add-on
- UBlock Origin add-on
- Configurator
How TOR Works
Without TOR, packets travel directly from your machine to the destination website, so the site sees your real IP address.
When you launch TOR, several chains are generated, each consisting of three random nodes: entry, middle, and exit. Each packet is encrypted three times. The packets go from your machine to the first node, which removes the first layer of encryption, sees where to send the packet next, and forwards it to the middle node. The middle node removes the second layer of encryption, determines the next destination, and sends it to the exit node. The exit node removes the final layer of encryption, and then the unencrypted packet is sent to the destination website.
By default, each chain lasts for 10 minutes. After ten minutes, all three nodes are randomly changed, and the chain is rebuilt.
Potential Risks
At first glance, this seems secure. However, unlike i2p, where packets travel through multiple one-way tunnels, in TOR all packets go through the same chain both to and from the destination. This means that if the exit node is compromised by an “adversary” (or even created by them, which is often the case), you could face problems such as traffic analysis.
To help prevent this, the TOR Browser includes the HTTPS Everywhere add-on by default. This add-on is set to enable SSL encryption if the website or server supports it. If not, it will allow unencrypted HTTP traffic—which can be intercepted even by a beginner. As a result, you could lose accounts and other confidential information.
Protection Strategy
You can prevent this with two settings. First, exclude nodes that may belong to a “potential adversary.” Second, set the HTTPS Everywhere add-on to “Block all unencrypted requests.”
To exclude nodes in TOR, you need to find its configuration file. The configuration file is called torrc and is a plain text file. At the bottom of this file, add the following line:
ExcludeExitNodes {ru}, {ua}, {by}
Then save the file and restart TOR or the TOR Browser. You can monitor the chains either in Tor Button (on Windows) or with Onion Circuits (on Linux). Advanced Linux users can use TOR ARM, which not only shows the chains but also allows you to configure the router.
Android OS
In Orbot settings, you can also exclude nodes, but not just exit nodes—all nodes. Look for the ExcludeNodes option and enter the same values (the letters should be uppercase).