Two weeks ago, I wrote about a portable Web browser, Torpark, that's designed to keep you relatively anonymous as you browse. Torpark is based on the Mozilla Firefox source code, and you might recall that one of the big advantages of using Torpark is that it comes with The Onion Router (Tor) built in. So you don't need to install and configure that separately. If you missed that editorial, you can read it at the URL below.
Tor is a client and server SOCKS-based proxy that's designed to route traffic through a series of anonymous servers, the number of which varies depending on how you configure the Tor client. Anyone can run a Tor client or server without having to reveal anything to the outside world except an IP address, and that address is made known only to the first Tor server your traffic passes through.
Traffic is encrypted by Tor along the route, and Tor routers know only about the hops of the routers immediately before and after them. Tor handles its own traffic encryption, so in theory, Tor server operators shouldn't be able to snoop on the contents of your network traffic.
The exception is the Tor server operator of the exit router--the last hop along your traffic's route through Tor servers. Other servers on the Internet don't understand Tor encryption, so obviously they can't receive and process traffic that originates from a Tor network. Therefore the traffic must be decrypted before being passed on to its final destination. And therein resides Tor's inherent weakness. You must trust an unknown Tor server operator to not snoop on your traffic as it exits the Tor network. Inevitably, some Tor server operators do snoop on traffic. That's why I said that Tor provides "relative" anonymity. It protects your actual IP address but not the nature of what you're doing on the Internet.
Anyone that can see your Internet traffic can also manipulate it. This certainly holds true for Tor exit server operators. This presents another danger of using Tor. In one of many possible scenarios, someone could monitor for traffic destined for port 80, typically used for Web traffic, and then manipulate Web pages, cookies, headers, and so on in just about any way you can image. Now someone has proven just how easy it is to use this weakness to discover your real IP address, which in effect destroys your anonymity and thus defeats the purpose of using Tor.
If you're interested in Tor's weaknesses, or even in how easy it is to manipulate network traffic, then be sure to read the white paper.