Tor

From P2P Foundation
Jump to: navigation, search

"The Onion Router", = software to protect anonymous communication through the internet.

URL = http://www.torproject.org/

“Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy…”


Description

"the Tor system works by using a volunteer network of computers that offer to relay your Web traffic, encrypted and anonymously, through the Tor network. It relays your traffic through three Tor intermediary nodes, the idea being that each relay node knows which neighboring node packets are coming from and going to, but no one knows the entire path to the final destination address." (http://www.andrewlih.com/blog/2007/09/11/using-tor-assume-exit-nodes-are-monitored/)

Technical definition:

"“Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.” (http://www.torproject.org/)


Discussion

On the proper usage of Tor

Andrew Lih [1]:

"The problem is, people are using Tor without understanding exactly what it does and does not provide.

The weak link is when a user’s data finally emerges at the last computer (the exit node) which relays the request to the public Internet. Anyone operating a final exit node can see what you’re sending and receiving. So while Tor provides for end-user anonymity at the network/packet level (IP address), it does not provide for end-to-end data secrecy. The traffic coming off the the exit node on your behalf is exactly what protocol and data your application (Web browser, mail program, instant messenger, etc) sent out.

If it’s a cleartext data stream like HTTP or mail (IMAP or POP3) then anyone running a Tor exit node can see and capture it.

Tor uses the SOCKS proxy protocol to receive transactions for the Tor network. SOCKS has been around a long time and is a solid generic protocol. It handles HTTP (Web) requests as well as other data streams, so yes, it can support end-to-end encrypted sessions using HTTPS or secure sockets. So if you use Tor, combine it with a secure protocol if you need data secrecy! This is where people may get confused — data is encrypted within the Tor network, but it exits the Tor network exactly as your browser or application requested — most likely unencrypted. So use an end-to-end encryption solution in addition to Tor, if that’s what you need.

If you’re surfing CNN or ESPN to get the latest sports scores, no problem. If you’re logging into a system or sending/receiving e-mail, you better make sure it’s encrypted.

Tor has also been in the news related to a phishing/trojan scheme, where spam email asked folks to download Tor, but it really pointed to a trojan program instead.

It’s important to note in both instances, Tor is not the one at fault. The trojan problem is your typical phishing problem — never click on any hyperlink ever sent to you in email, and don’t trust any sites you didn’t find or search yourself.

Tor is a great program, but it’s not a cure-all. You need a wide spectrum of tools to do it right, or you can also do what many corporations do — require the use of a Virtual Private Network, and all your data packets are routed and encrypted back to a trusted corporate home base." (http://www.andrewlih.com/blog/2007/09/11/using-tor-assume-exit-nodes-are-monitored/)


The Military Background to Tor

By Seth David Schoen, EFF:

"It's totally true that the military people who invented Tor were thinking about how to create a system that would protect military communications. The current iteration of that is described at

right on the Tor home page.

However, the Tor developers also became clear early on that the system wouldn't protect military communications well unless it had a very diverse set of users. Elsewhere in that same e-mail discussion, Mike Perry (a current Tor developer) alludes to this:

https://lists.torproject.org/pipermail/tor-talk/2011-March/019898.html


In fact, the best known way we have right now to improve anonymity is to support more users, and more *types* of users. See:


The first link is to a paper called "Anonymity Loves Company", which explains the issue this way:


- No organization can build this infrastructure for its own sole use. If a single corporation or government agency were to build a private network to protect its operations, any connections entering or leaving that network would be obviously linkable to the controlling organization. The members and operations of that agency would be easier, not harder, to distinguish. Thus, to provide anonymity to any of its users, the network must accept traffic from external users, so the various user groups can blend together.

You can read the entire (ongoing) discussion about government funding for Tor development via

(source, cited in http://cryptome.org/0003/tor-spy.htm)


Evaluation

From eWeek at http://www.eweek.com/article2/0,1759,2009849,00.asp


"Using the tools available at tor.eff.org, I have been able to easily install Tor (along with the Privoxy secure Web proxy) and run it seamlessly without affecting my daily Web usage. One of the main reasons is that the Tor downloads include Vidalia, an easy-to-use GUI that made it simple to turn Tor on whenever I wanted to be more anonymous in my surfing.

Best of all, I've seen very-little-to-no performance hit while Web surfing using Tor. Using the bundled Vidalia/Tor/Privoxy packages, which run on Windows, Mac OS X and Linux systems, I could easily set up any of my less tech-savvy friends and family.

As the Tor network becomes easier to use and more people begin to use it, it will become that much more effective and make it that much more difficult for oppressive regimes or sleazy companies to defeat it-the larger the onion network, the more layers that need to be dealt with."


Tutorial: Anonymous Blogging using Tor

By Ethan Zuckerman [2]:

(See also: The entry on Anonymous Blogging contains how-to instructions without access to Tor.)

Step 1: Disguise your IP.

Every computer on the internet has or shares an IP address. These addresses aren’t the same thing as a physical address, but they can lead a smart system administrator to your physical address. In particular, if you work for an ISP, you can often associate an IP address with the phone number that requested that IP at a specific time. So before we do anything anonymous on the Internet, we need to disguise our IP.

What to do if you want to blog from your home or work machine:

a) Install Firefox. Download it at the Mozilla site and install it on the main machine you blog from.

Why?

Internet Explorer has some egregious security holes that can compromise your online security. These holes tend to go unpatched for longer on IE than on other browsers. (Don’t believe me? Ask Bruce Schneier.) It’s the browser most vulnerable to spyware you might inadvertently download from a website. And many of the privacy tools being released are being written specifically to work with Firefox, including Torbutton, which we’ll be using in a future step.

b) Install Tor. Download the program from the Tor site. Pick the “latest stable release” for your platform and download it onto your desktop. Follow the instructions that are linked to the right of the release you downloaded. You’ll install two software packages and need to make some changes to the settings within your new installation of Firefox.

Why?

Tor is a very sophisticated network of proxy servers. Proxy servers request a web page on your behalf, which means that the web server doesn’t see the IP address of the computer requesting the webpage. When you access Tor, you’re using three different proxy servers to retrieve each webpage. The pages are encrypted in transit between servers, and even if one or two of the servers in the chain were compromised, it would be very difficult to see what webapge you were retrieving or posting to.

Tor installs another piece of software, Privoxy, which increases the security settings on your browser, blocking cookies and other pieces of tracking software. Conveniently, it also blocks many ads you encounter on webpages.

c) Install Torbutton. Read about it and install it, following the instructions on the installation page. You’ll need to be using Firefox to install it easily - from Firefox, it will simply ask you for permission to install itself from the page mentioned above.

Why?

Turning on Tor by hand means remembering to change your browser preferences to use a proxy server. This is a muiltistep process, which people sometimes forget to do. Torbutton makes the process a single mouse click and reminds you whether you’re using Tor or not, which can be very helpful.

You may find that Tor slows down your web use - this is a result of the fact that Tor requests are routed through three proxies before reaching the webserver. Some folks - me included - use Tor only in situations where it’s important to disguise identity and turn it off otherwise - Torbutton makes this very easy.

d) Turn on Tor in Firefox and test it out. With Tor turned on, visit this URL. If you get a message telling you, “You seem to be using Tor!”, then you’ve got everything installed correctly and you’re ready for the next step.

Why?

It’s always a good idea to see whether the software you’ve installed works, especially when it’s doing something as important as Tor is. The page you’re accessing is checking to see what IP address your request is coming from. If it’s from a known Tor node, Tor is working correctly and your IP is disguised - if not, something’s wrong and you should try to figure out why Tor isn’t working correctly.

Alternative instructions if you’re going to be writing primarily from shared computers (like cybercafe computers) or you’re unable to install software on a computer.

a) Download Torpark Download the package from the Torpark site onto a computer where you can save files. Insert your USB key and copy the Torpark.exe onto the key. Using this USB key and any Windows computer where you can insert a USB key, you can access a Tor-protected browser. On this shared computer, quit the existing web browser. Insert the key, find the key’s filesystem on the Desktop, and double-click the torpark.exe. This will launch a new browser which accesses the web through Tor.

b) Test that Torpark is working by visiting the Tor test site with the Tor-enabled browser and making sure you get a “You seem to be using Tor!” message.

Why?

Torpark is a highly customized version of the Firefox browser with Tor and Privoxy already installed. It’s designed to be placed on a USB key so that you can access Tor from shared computers that don’t permit you to install software. While I recommend Torpark and use it when I travel, it is not formally supported by the folks behind Tor - they’re not happy that early versions of the program weren’t released with source code, which meant that it was impossible to determine precisely what Torpark did and how it used Tor’s source code. A more recent version of the program includes source code - it will be interesting to see whether Tor’s programmers offer their blessing of this version. Roger Dingledine of Tor has also indicated that he and his colleages are planning an open source version of a portable browser with Tor installed, but the timeline for this new project is unknown.


Step 2: Generate a new, hard to trace email account.

Most web services - including blog hosting services - require an email address so that they communicate with their users. For our purposes, this email address can’t connect to any personally identifiable information, including the IP address we used to sign up for the service. This means we need a new account which we sign up for using Tor, and we need to ensure that none of the data we use - name, address, etc. - can be linked to us. You should NOT use an existing email account - it’s very likely that you signed up for the account from an undisguised IP, and most webmail providers store the IP address you signed up under.

a) Choose a webmail provider - we recommend Hushmail and Gmail, but as long as you’re using Tor, you could use Yahoo or Hotmail as well.

Why?

Webmail is the best way to create a “disposeable” email address, one you can use to sign up for services and otherwise ignore. But a lot of users also use webmail as their main email as well. If you do this, it’s important to understand some of the strengths and weaknesses of different mail providers.

Hotmail and Yahoo mail both have a “security feature” that makes privacy advocates very unhappy. Both include the IP address of the computer used to send any email. This isn’t relavent when you’re accessing those services through Tor, since the IP address will be a Tor IP address, rather than your IP address. Also, Hotmail and Yahoo don’t offer secure HTTP (https) interfaces to webmail, this means a Tor exit node or any hop afterwards can read your email. For your main webmail account, it’s worth choosing a provider that has an https interface to mail.

Hushmail provides webmail with a very high degree of security. They support PGP encryption - which is very useful if you correspond with people who also use PGP. Their interface to webmail uses https and they don’t include the sending IP in outgoing emails. But they’re a for-profit service and they offer only limited services to non-paying users. If you sign up for a free account, you have to log into it every couple of weeks to make sure the system doesn’t delete it. Because they’re aggresive about trying to convert free users to paid users, and because their system uses a lot of Java applets, some find that Hushmail isn’t the right choice for them.

Gmail, while it doesn’t advertise itself as a secure mail service, has some nice security features built in. If you visit this special URL, your entire session with Gmail will be encrypted via https. (I recommend bookmarking that URL and using it for all your Gmail sessions.) Gmail doesn’t include the originating IP in mail headers, and you can add PGP support to Gmail by using the FreeEnigma service, a Firefox extension that adds strong crypto to Gmail (it works with other mail services as well.) The problem with Gmail is their signup process - to sign up for a Gmail account, you either need an invitation from an existing Gmail member, or you need to use your mobile phone to sign up for an account. Needless to say, we do not recommend using your mobile phone to request an invitation sign up to Gmail - it gives Google far too much personally identifiable information about you linked to that account.

Instead, if you already have a Gmail account, send an invitation to yourself. This will send you an email with a unique URL in it - copy that URL into a text editor or write it down. Turn on Tor, paste that URL into your browser and use it to sign up for the new account. Better yet, get an invitation from soneone who doesn’t know you - visit Bytetest or FatWallet, both of which maintain lists of free Gmail invitations.

A warning on all webmail accounts - you’re trusting the company that runs the service with all your email. If that company gets hacked, or if they are pressured by other governments to reveal information, they’ve got access to the text of all the mails you’ve received and sent. The only way around this is to write your mails in a text editor, encrypt them on your own machine using PGP and send them to someone also using PGP. This is way beyond the level of secrecy most of us want and need, but it’s important to remember that you’re trusting a company that might or might not have your best interests at heart. Yahoo, in particular, has a nasty habit of turning over information to the Chinese government - Chinese dissidents are now suing the company for illegal release of their data. Just something to think about when you decide who to trust…

b) Turn Tor on in your browser, or start Torpark. Visit the mail site of your choice and sign up for a new account. Don’t use any personally identifiable information - consider becoming a boringly named individual in a country with a lot of web users, like the US or the UK. Set a good, strong password (at least eight characters, include at least one number or special character) for the account and choose a username similar to what you’re going to name your blog.

c) Make sure you’re able to log onto the mail service and send mail while Tor is enabled.

Step 3: Register your new anonymous blog

a) Turn Tor on in your browser, or start Torpark. Visit Wordpress.com and sign up for a new account by clicking the “Get a New WordPress Blog” link. Use the email address you just created and create a username that will be part of your blog address: thenameyouchoose.wordpress.com

b) Wordpress will send an activation link to your webmail account. Use your Tor-enabled browser to retrieve the mail and follow that activation link. This lets Wordpress know you’ve used a live email account and that they can reach you with updates to their service - as a result, they’ll make your blog publicly viewable and send you your password. You’ll need to check your webmail again to retrieve this password.

c) Still using Tor, log into your new blog using your username and password. Click on “My Dashboard”, then on “Update your profile or change your password.” Change your password to a strong password that you can remember. Feel free to add information to your profile as well… just make sure none of that information is linked to you!


Step 4: Post to your blog

a) Write your blog post offline. Not only is this a good way to keep from losing a post if your browser crashes or your net connection goes down, it means you can compose your posts somewhere more private than a cybercafe. A simple editor, like Wordpad for Windows, is usually the best to use. Save your posts as text files.

b) Turn on Tor, or use Torpark, and log onto Wordpress.com. Click the “write” button to write a new post. Cut and paste the post from your text file to the post window. Give the post a title and put it into whatever categories you want to use.

c) Before you hit “Publish”, there’s one key step. Click on the blue bar on the right of the screen that says “Post Timestamp.” Click the checkbox that says “Edit Timestamp”. Choose a time a few minutes in the future - ideally, pick a random interval and use a different number each time. This will put a variable delay on the time your post will actually appear on the site - Wordpress won’t put the post up until it reaches the time you’ve specified.

Why?

By editing the timestamp, we’re protecting against a technique someone might use to try to determine your identity. Imagine you’re writing a blog called “Down with Ethiopia Telecommunications Company!” Someone at ETC might start following that blog closely and wonder whether one of their customers was writing the blog. They start recording the times a post was made on downwithetc.wordpress.com and check these timestamps against their logs. They discover that a few seconds before each post was made over the series of a month, one of their customers was accessing one or another Tor node. They conclude that their user is using Tor to post to the blog and turn this information over to the police.

By changing the timestamp of the posts, we make this attack more difficult for the internet service provider. Now they’d need access to the logs of the Wordpress server as well, which are much harder to get than their own logs. It’s a very easy step to take that increases your security.


Step 5: Cover your tracks

a) Securely erase the rough drafts of the post you made from your laptop or home machine. If you used a USB key to bring the post to the cybercafe, you’ll need to erase that, too. It’s not sufficient to move the file to the trash and empty the trash - you need to use a secure erasing tool like Eraser which overwrites the old file with data that makes it impossible to retrieve. On a Macintosh, this functionality is built it - bring a file to the trash and choose “Secure Empty Trash” from the Finder Menu.

b) Clear your browser history, cookies and passwords from Firefox. Under the Tools menu, select “Clear Private Data”. Check all the checkboxes and hit “okay”. You might want to set up Firefox so that it automatically clears your data when you quit - you can do this under “Firefox -> Preferences -> Privacy -> Settings”. Choose the checkbox that says “Clear private data when closing Firefox”.

Why?

It’s very easy for someone to view the websites you’ve visited on a computer by reviewing your browser history. More sophisticated snoops can find out your browsing history by checking your cache files, which include stored versions of webpages. We want to clear all this data out from a public computer so that the next user doesn’t find it. And we want to eliminate it from our personal computer so that if that computer were lost, stolen or seized, we can’t be linked to the posts we’ve made." (http://ethanzuckerman.com/blog/?p=1015)

More Information

The entry on Anonymous Blogging contains how-to instructions without access to Tor.

See Also:

TOR Made for USG Open Source Spying Says Maker (cryptome.org) http://cryptome.org/0003/tor-spy.htm