2

When I visit any website in Tor browser and if I see the diagram of the circuit that Tor Browser is using for the current tab in the site information menu in the URL bar, it shows 3 relays: Guard, Middle node, and Exit node. enter image description here

Now if I visit any onion site (eg: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion) and see the circuit, it shows 6 relays: Guard, Middle node, Exit node, and three extra relays. What are those three extra relays? enter image description here

Sann
  • 33
  • 3
  • 1
    3 are from your side and 3 are from the hidden service side. – defalt Nov 13 '21 at 06:28
  • @defalt What are the benefits of these 3 relays from the hidden service side? – Sann Nov 13 '21 at 11:27
  • @SanniddhaChakrabarti look at it like you are building a tunnel from your location to the hidden service's location. You start from your location, and the hidden service starts from its location, and you are meeting in the middle, which is the node in Germany. The benefits of the 3 relays from the hidden service side are that these nodes help to keep the hidden service hidden. – mti2935 Nov 13 '21 at 11:33
  • Just like 3 nodes from your side keep you anonymous, 3 nodes from the hidden service side also keep it anonymous. – defalt Nov 13 '21 at 12:01
  • @defalt means IP addresses of hidden service relays are not public, unlike other relays? – Sann Nov 13 '21 at 12:38
  • @SanniddhaChakrabarti: See the discussion [here](https://security.stackexchange.com/q/239809/662). – President James K. Polk Nov 13 '21 at 14:24

1 Answers1

3

To connect to a hidden service (.onion site) your computer connects to a random relay, called the rendezvous point and stops there. Then, it tells the server to also connect to the same relay using Tor. The server chooses 3 relays and sets up its own connection to the same rendezvous point. This scheme means the server stays anonymous. You have absolutely no clue where the server is. Even the owner of the relay 217.182.196.71 has no clue where the server is (or where you are).

Your computer knows which relays it chose, so it can display them, but it doesn't know which relays the server chose.

(How does it tell the server where to connect? The server connected to a random relay called the introduction point and then it published that relay's address in the Tor directory service. Your computer connects to the introduction point to tell the server about the rendezvous point. Why not just use the introduction point for the connection? Because that would overload the introduction point if the server was busy.)

Official explanation with pictures: https://community.torproject.org/onion-services/overview/

user253751
  • 3,885
  • 3
  • 19
  • 15
  • A clarification for @Sanniddha Chakrabarti - When connecting to a hidden service, i.e. a "**.onion**", there is no *exit node* as you never exit the Tor system. Instead of an *exit*, it's simply another *relay*. – user10216038 Nov 16 '21 at 16:44