Is TOR really anonymous


In the corporate environment, maintaining employee privacy ensures that the risks of social engineering attacks or blackmail are reduced. Because the more criminally motivated attackers can find out about the key people within an organization, the more targeted and effective their attacks will be.

Therefore, educating and training employees on how to best protect their privacy should be a fundamental part of any security awareness program. You can take concrete, specific measures and precautions to protect your privacy - and that of your employees. That costs you energy and time - and also requires a little technical know-how.

We'll tell you how to move (almost) anonymously and safely through the global network in eight steps. One more note: privacy and anonymity are not synonymous. Do not be under any illusions - there is no such thing as one hundred percent anonymity on the internet in the digitized world. All you can do is protect your privacy as best you can.


Signal is a messaging app for encrypted communication. Text and voice messages can be sent and received as well as video and audio calls. Signal feels just like any other messaging app - but uses encryption that (at least according to the current status) not even the NSA can crack. As for the metadata, any adversary at the network level can see that you are using Signal. If these adversaries are intelligence agencies, they can very likely determine who, when, and for how long they are communicating with.

The makers of Signal are well aware of these technical limitations and are researching ways and means to solve the problem. So far, however, metadata-resistant communication has remained a beautiful dream. Nonetheless, Signal is the most secure and easy-to-use messaging app available today and offers significantly more privacy than any of its more popular counterparts. However, you do not communicate anonymously with Signal either - although, as already mentioned, this is generally hardly possible these days.


The largest and most effective metadata-resistant software project is still Tor. But here, too, there are technical limitations that have not yet been eliminated despite extensive security research. Tor is optimized for low latency web browsing and only supports TCP. If you try to visit various well-known websites, Tor will also not work, as most of these sites generally block access via Tor.

Although Tor does not guarantee 100% anonymity when surfing the net, it is the best tool available in this regard. Like so many things in life, the Tor project is a double-edged sword: on the one hand, it is used by journalists and bloggers to research or publish anonymously, on the other hand, it is also used by criminal hackers for various malicious purposes.

Should you ever meet someone who complains about the "evil dark web" that someone should finally do something about - please remind them that bank robbers flee from the crime scene after their "work" is done, but nobody gets the idea To want to ban cars and roads.

You should rely on the Tor browser, especially for mobile use. There is an official app for Android devices and an authorized but unofficial app for iOS by the Tor project.

  1. Enter the Dark
    In the 1970s, the term "darknet" was by no means ominous. Back then it simply referred to networks that were isolated from the mainstream network for security reasons. When the Arpanet first became the Internet, which then "swallowed" all other computer networks, the word was used for the areas of the network that could not be easily found by everyone. And as it is in the Shadow Realm: Of course it is also a refuge for illegal activities and disturbing goods of all kinds, as Loucif Kharouni, Senior Threat Researcher at Damballa emphasizes: "On the Darknet you can get pretty much everything you can imagine. "
  2. Made in the USA
    A recent whitepaper from Recorded Future explains the connection points between the web, which we all know, and the darknet. Initial traces can usually be found on sites like Pastebin, where links to the Tor network are "deposited" for a few days or hours. Incidentally, Tor was developed by the US Navy with the aim of military reconnaissance. The extensive anonymization ultimately made Tor darknet heaven.
  3. Drugs
    In the darknet, among other things, the trade in illegal drugs and prescription drugs is flourishing. "The Darknet has revolutionized drug trafficking in much the same way that the Internet has revolutionized retail," says Gavin Reid of security provider Lancope. "It puts a layer of abstraction between buyer and seller. Before sites like Silk Road existed, drug users had to drive into semi-silky neighborhoods and take the risk of being mugged as well as being caught by the police. Now people can do it from the comfort of your home and barely have to interact with the dealer. This has led many people to jump on this bandwagon and thereby decentralized both the sale of drugs and the risks associated with their use. "
  4. Please rate your purchase!
    The Internet has revolutionized trade - for example through evaluation and rating systems. The same principle is also used in the Darknet - only you don't evaluate an SSD, but crack. After the fall of Silk Road, The Hub now serves as the central platform for drug trafficking.
  5. weapons
    In some parts of the world, drug users use the darknet to avoid armed dealers. The latter target group, on the other hand, can upgrade in the dark part of the network: A large-scale raid on a large arms shipment that was supposed to go from the USA to Australia was stopped. In addition to shotguns, pistols and rifles, things like a ballpoint pen pistol are also available on the Darknet. Greetings from James Bond. Radiant personalities can even find uranium in the web lowlands. Not weaponized, but still.
  6. Identity trading
    Many underground traders also offer fake documents such as driver's licenses, passports and ID cards on the Darknet. Quite similar to the contemporary on this Thai market, only online. What could be done with it ... In any case, the likelihood that a teen will get an identification document on the Darknet to buy the beer for the next Facebook party is pretty low.
  7. Digital life
    Raj Samani, CTO at Intel Security, is amazed at how personal the products and services in the Darknet have become over time: "The sale of identities goes far beyond cards and medical data: entire digital lives are sold there - including Social media and email accounts, as well as loads of other personal information. "
  8. Contract killer
    Before you get the impression that the darknet is a place where you can really buy any service: the vast majority of the people who offer killing services are scammers. Although they like to take money from willing customers, they don't like getting their fingers dirty. The operator of Silk Road, Ross Ulbricht, fell victim to such a fraud: The half-silly Darknet "pioneer" invested one million bitcoins in contract killings that were never carried out. A crowdfunding platform for attacks on celebrities is also likely to be a lucrative fraud.
  9. Quick exit
    It might come as a surprise, but the people you meet on the Darknet are usually not honest people. The increasing professionalism in the Darknet and the psychological pressure that weighs on drug and arms dealers in the Darknet is leading to a new trend: the exit scam. Here, a dealer who has already built up customer trust decides to end his activities. To do this, he ends relationships with his suppliers, but continues to take orders and money from customers. Just as long until they realize that they are not getting any benefits for their money. The time window created in this way is used by the retailers to really cash in again before they finally disappear into digital nirvana.
  10. Freedom?
    One thing should not be forgotten in relation to the Darknet: While we mainly think of drugs, weapons and contract murder in this context, the Darknet is often the only means for people in countries where war and / or political persecution prevails to come into contact with the outside world safely and / or without supervision.


Virtual private networks do not offer anonymity. But because everyone expects VPNs in an article like this, we're going to dispel this myth at this point. All a VPN does is redirect traffic from your ISP - or hotel or airport WiFi, if you're on the move - through an encrypted tunnel. There are many legitimate reasons to use VPNs - anonymity is not one of them. Not even remotely.

In contrast to Tor - which routes your traffic through three different nodes distributed around the world, making it difficult (if not impossible) for potential adversaries to see what you are doing - a virtual private network simply reroutes. The VPN provider is therefore able to trace your activities at any time. On the other hand, this means that malicious or state actors who gain access to the VPN servers - be it via hack or a court order - can do just as well.

So that we understand each other correctly: VPNs are a good thing. Use them whenever you can. But don't expect anonymity.

Zero Knowledge Services

Google can see every email you write and receive. Office 365 scans every line you write. DropBox analyzes each of your uploads. Each of these companies - and many others - are PRISM providers and cooperate with state actors in the context of mass surveillance programs. So if you use the services of these companies, privacy is fundamentally not available.

You could of course counteract this by encrypting your data before uploading. For example, you could acquire knowledge of how to use PGP. Or you can opt for providers who are committed to the zero-knowledge principle. In doing so, however, you can never be sure that the relevant state actors also have appropriate back doors in these cases.

Possible alternatives are, for example, companies such as SpiderOak in the USA, which offer Zero Knowledge File Storage, or the Swiss provider Protonmail, which advertises that it is mathematically impossible for third parties to view the content of your e-mails. We do not want to recommend any of the services mentioned to you - these are only examples of zero-knowledge providers and do not release you from your obligation to conduct background research on the providers before using such services.

Social media

Online privacy also means that you decide what you want to share with the world and what you don't. If there are things going on in your (work) life that are not suitable for being shared with the general public, you should consequently avoid spreading them on social media platforms.

This complex of topics is without a doubt also a question of generations: While older people usually shudder at the thought of sharing their private life with the world on social media channels, the majority of the smartphone generation consider it completely normal to "share every aspect of their life" -bar "to make.

Before you post on social media, you should keep the big picture in mind: a single post may seem insignificant - but does it still do so when combined with the rest of the information available about your life? Before you click the button, think carefully about the overall picture your contribution could create.

App permissions

Mobile apps - regardless of whether they are on Android or iOS devices - generally tend to "demand" far more authorizations than necessary. The result is that personal data is extracted and transferred to the app manufacturer on a very regular basis. Does every app really need access to your smartphone's microphone, your whereabouts or your address book?

Even if it is a bit cumbersome and complicated on both Android and iOS: Rummage through the appropriate settings and systematically switch off unnecessary app permissions. The following applies: Better to deny one authorization too much than too little.

Ad blockers