Onion routing is a technique for achieving anonymity on the Internet. Here, the web content is routed over constantly changing routes of several mixes, which are also called nodes in this context. These are each a kind of encrypting proxy server. As a result, the true identity of the person requesting the data remains anonymous to the web server on the other side, and not even the operators of the nodes themselves can establish an association between the user and their requested web content, unless all the nodes of the respective route work together.
The term onion is derived from the encryption scheme used. The data to be transmitted is encrypted several times. Within each node, the data is either decrypted or encrypted, depending on whether the data is sent (“upstream”) or received (“downstream”). The client encrypts each packet to be sent and consequently decrypts each received packet multiple times according to the number of nodes within the route. This step-by-step encryption scheme is in the shape of an onion with its shells, hence the name. It guarantees that only the last node can see the data to be sent in plain text (although it may still be subject to end-to-end encryption). It is also not possible to track the data across a node, because each node performs an encryption or decryption step that is only comprehensible to it and the client, i.e. the data looks different at the input of the node than at the exit of the node.
In contrast to services that rely on fixed mix cascades, i.e. that always use the same route between mixes for all users, onion routing changes the selection and order of the nodes used individually by each user. Thus, from the point of view of this server, a later re-access to a server also seems to come from a new user, since the IP address has also changed in the meantime. However, this only applies if no further identification is possible on the basis of the transmitted content data, e.g. due to cookies or personalized links.
The main difference between the concept of fixed mix cascades and free routing lies in the transmission capacity and the number of nodes needed. While fixed mix cascades require all users to use the same mixes, i.e. they must provide correspondingly large capacities, but a small number is sufficient, the onion routing concept requires a large number of nodes, but these require lower bandwidths because the individual node is only used by a few users at a time. As a result, onion routing can be realized within a grassroots approach, as users with broadband access (with sufficient transmission rate) can often operate a node themselves. On the other hand, a low participation threshold and thus the lack of central control is also the greatest risk: such a service can be infiltrated and controlled to a large extent with relatively little effort by individual persons operating nodes under many pseudonyms. Even if there are still enough “good” nodes in the network, there is a correspondingly increased probability that a user will compose a route exclusively from the number of controlled nodes and thus his actions will be comprehensible to the operator of these nodes. This is even facilitated by the constantly changing route choices. While this reduces the likelihood that all of the user’s actions can be controlled, as they are constantly dialing new nodes, it does increase the likelihood that at least some of their actions can be deanonymized.