Tor in The Workplace

Cyber Incident

The Tor browser is enticing, because it is a fantastic tool for remaining anonymous on the Internet.  We are constantly monitored and tracked at almost every site we visit, and of course, we never know when governments are snooping on our private online behavior.  Properly leveraging Tor, we can reclaim control of our online privacy.

Like many useful tools in our lives, Tor has a good side and a bad side.  When used appropriately, the benefits are positive and when used inappropriately, the results can be dangerous and lead to disaster.  Perhaps an extreme analogy, but consider for a moment a gun.  In the right hands, and for the right purpose, a gun can protect someone from harm, or be a tool for law enforcement to apprehend a criminal. In the wrong hands and used will ill intent, the weapon can be misused and cause bodily harm or death to innocent people or even ourselves.  Tor too has extremes.

Generally, Tor is a useful and beneficial tool.  Assuming we are not involved in illicit activities, and deployed correctly, we can essentially remain anonymous and avoid tracking out on the Internet.  Leveraging the Tor browser, along with a virtual operating system such as Tails, or Whonix running on Oracle Virtual Box, it can become close to impossible to track us or learn our identity unless we foolishly leave clues or give up that information.  We can read what we wish, and join in online discussions with others without fear of who might be listening or tracking us.

So where is the danger in permitting Tor in the workplace?  In spite of all the positive uses for Tor, there is a dark underside known as the Dark Web.  This is a place on the Internet that we cannot ordinarily reach through Google or other search engines.  Instead of a .com domain suffix, these sites have a .onion suffix and can only be accessed using the Tor browser.  Accessing the dark web can be likened to walking through the red light district in any major city.  There are criminals, thieves, muggers, prostitutes and more.  One can find sites selling PayPal accounts or credit card numbers to be plundered.  There are links to terrorist organizations, organized crime, and pornography.

Visiting or clicking on many of the links found on the dark web can cause our computers to become infected with malware.  For this reason, simply running a Tor browser for anonymity is insufficient  because it can expose our PC to unacceptable risks.  To be safe in this dangerous neighborhood, it is essential to run Tor in a contained, virtual system to protect our host computer from compromise.  (And even then there are still risks.)

Privately, we can all use Tor and make the decision as to whether or not to use it responsibly and take the necessary precautions to protect ourselves.  In business, I am hard pressed to think of a reasonable business case for allowing employees to use Tor as the risk to the business is simply too high.


Leave a Reply