Onion Routing
Onion routing is a technique for anonymous communication. Multiple layers of encryption are applied to the messages, and they're removed one at a time by different parties, analogous to peeling back the layers of an onion.
Onion Routing Is More Than Encrypting a Message
Encryption allows you to send private messages. We love that. By turning your plaintext into cyphertext before sending it, you ensure that the contents of your message can only be read by the intended party. This is useful if you don't want any listeners on the network to be reading your private messages.
While this is effective in maintaining privacy, it doesn't keep you anonymous. While a listener doesn't know what you're talking to a server about, they still know the conversation is happening.
Onion routing anonymizes your interactions, allowing you to communicate with a server without anyone knowing the contents OR the recipient. Even the server itself doesn't need to know the origin of the message.
How It Works
Instead of sending my message directly to a server, I send it through a random series of nodes. I encrypt my message sequentially with each node's key and send it off.
The first node, Node A, receives my message and is able to decrypt one layer of the message with its private key, which provides it with the destination of the next node, Node B.
Node B then receives the message and decrypts it with its private key, gaining the address of Node C.
Node C does the same and sends the message to its next destination, the recipient.
Nodes A B and C all have the same experience. None of them know if they're the first, second, or 10th node to receive this message, they just know where they got it from and where it's going.
When a node decrypts a message, the only thing they're actually decrypting is the next node's address; the content itself will be encrypted by the recipient's key so only the recipient can decrypt that part.
This example has three nodes, but any number of nodes can be involved in this process.
Nodes
A node in this case is simply a computer running a routing service, similar to p2p torrenting or providing validation for blockchains.
Nodes, or servers, are masking the path of the communication through volume. With many messages coming and going through a server, it's impossible for a listener to track which input became which output.
The use of multiple nodes is what separates onion routing from VPNs. VPNs act as the single node themself. Onion routing uses sets of nodes, with each being randomly selected. This distributed peer-to-peer model takes away a central point of failure.
Tor
Tor, The Onion Router, is the project that gave birth to onion routing. It was developed in the 1990s by the US navy to allow for confidential communications.
Today, Tor is open-source free software. The Tor browser enables users to privately visit clearnet sites or deep web sites with .onion addresses that are not DNS registered.
The Tor browser is based on Mozilla Firefox and can be used on any popular OS. Tails (The Amnesic Incognito Live System) has Tor built in as its default browser.