The importance of excluding exit nodes in TOR

[Tomcat]

​

Everyone knows that TOR hides the real IP address and encrypts traffic. However, few people understand how the Onion Router works. I will try to explain in an accessible and understandable way about this router and the importance of excluding exit nodes.

For reference: What many call a torus is actually not a torus, but a torus browser. Tor browser is a complex for anonymous surfing, which consists of:
1. Browser Mozilla Firefox
2. TOR (The Onion Router)
3. HTTPS Everywhere add-on
4. Noscript add-on
5. Add-on TOR Button
6. Add-on UBlock Origin
7. Configurator

How TOR works.
Torah-free packages from our car to the final site go straight. That is, the final site sees our IP address:
When TOR starts, several chains are generated, each of which consists of three random evils: input, average and output. Moreover, each packet is encrypted three times. After that, the packages go from our machine to the first node. He removes the first layer of encryption, sees where to send the packet next and transmits it to the middle node. The middle node removes the second encryption layer, sees where to send the packet and sends it to the output node, where the last encryption layer is removed from the packet, after which the UNECRYPTED packet is sent to the final site:

The default chain lifetime is 10 minutes. After ten minutes, all three nodes will change randomly and the chain will look like this:

Everything seems to be fine, but only at first glance. Unlike i2p, where packets are transmitted through several tunnels with "one-way traffic" in TOR, all packets go along the same chain both from us to the addressee and from the addressee back to us. This means that if the output node is captured by a "probable enemy" or even created by him (which is what most often happens), then we can get into trouble, one of which is traffic analyzers.

To prevent this, the HTTPS Everywhere add-on is enabled by default in your browser. And it is also configured by default to start SSL encryption IF SUPPORTED BY the site or server. If not, then it will pass unencrypted HTTP traffic - which even a schoolboy can sniff. As a result, you can lose accounts and a lot of other confidential information.

Defense strategy.
Prevent this with two settings. The first is to exclude nodes that may belong to a "probable enemy". The second is to switch the HTTPS Everywhere add-on to the "Block all unencrypted request" mode.
To exclude nodes in TOR, we need to find its configurator . The configuration file is called torrc and looks like a regular text file. At the bottom of this file, add the following line:

ExcludeExitNodes {ru}, {ua}, {by}

Then we save the file and restart TOR or Tor browser. Tracking chains can be done either in the Tor Button (if you have Windows) or using Onion Circuits (if you have Linux). Advanced Linux users can instead use TOR ARM - which not only shows chains but also allows you to configure the router.

Android OS.
In the Orbot settings, you can also exclude nodes, but not weekends, but everything. We are looking for the ExcludeNodes option and enter the same (the letters will change to uppercase).