What is Tor?
Tor is an application that allows you anonymise your IP address. I.e you can visit www.google.com on 1st July 2010 and Google will not record your actual IP address, but the one presented by Tor, this means that a review of logs stored by Google will not, in theory, show a record of you visiting the site on that date.
For those campaigning in places like Taiwan, China, Tibet, Iran, etc, then this anonymity is critical, potentially a matter of life and death.
Tor works by passing the data through numerous different servers or nodes, so that it is all but impossible (in theory) to track the source IP address.
To further prevent traffic analysis Tor jumps IP addresses every 5 or 10 minutes. E.g Your IP address going to Google at 8pm and then at 8:10 pm be different, jumping both range and country.
The emphasis on Tor is that the IP address is hidden and it prevents traffic analysis – however it does not truly encrypt the data – nor does it pretend to.
The data transferred between the nodes is encrypted, but it is transferred from the last node to the destination in clear/un-encrypted text
This does create a vulnerability in that a person at the final node (who could be anyone) can set up a monitoring station, as was done in 2007. This allows the monitor/hacker to watch and intercept all of the traffic going through this final node.
While this documented feature/flaw in Tor allows a person at the final node to monitor the network traffic is does not allow them know the source IP address (only the content), which is the aim of Tor – to hide the source IP address.
It should also be remembered that this ability to monitor network traffic, during normal use, occurs at every point in the data transmission from your machine to the destination machine, via the ISP. I.e Tor is not adding any more risk to the transmission of information across the internet than already exists.
If the data load to be transmitted needs to be secured, as well as the sender, e.g. email or an attachment, then encryption of the information should be used in conjunction with the obfuscation of the source IP.