Tor
Tor = software to protect anonymous communication through the internet.
URL = http://freenetproject.org/
Description
"the Tor system works by using a volunteer network of computers that offer to relay your Web traffic, encrypted and anonymously, through the Tor network. It relays your traffic through three Tor intermediary nodes, the idea being that each relay node knows which neighboring node packets are coming from and going to, but no one knows the entire path to the final destination address." (http://www.andrewlih.com/blog/2007/09/11/using-tor-assume-exit-nodes-are-monitored/)
Discussion
On the proper usage of Tor
Andrew Lih [1]:
"The problem is, people are using Tor without understanding exactly what it does and does not provide.
The weak link is when a user’s data finally emerges at the last computer (the exit node) which relays the request to the public Internet. Anyone operating a final exit node can see what you’re sending and receiving. So while Tor provides for end-user anonymity at the network/packet level (IP address), it does not provide for end-to-end data secrecy. The traffic coming off the the exit node on your behalf is exactly what protocol and data your application (Web browser, mail program, instant messenger, etc) sent out.
If it’s a cleartext data stream like HTTP or mail (IMAP or POP3) then anyone running a Tor exit node can see and capture it.
Tor uses the SOCKS proxy protocol to receive transactions for the Tor network. SOCKS has been around a long time and is a solid generic protocol. It handles HTTP (Web) requests as well as other data streams, so yes, it can support end-to-end encrypted sessions using HTTPS or secure sockets. So if you use Tor, combine it with a secure protocol if you need data secrecy! This is where people may get confused — data is encrypted within the Tor network, but it exits the Tor network exactly as your browser or application requested — most likely unencrypted. So use an end-to-end encryption solution in addition to Tor, if that’s what you need.
If you’re surfing CNN or ESPN to get the latest sports scores, no problem. If you’re logging into a system or sending/receiving e-mail, you better make sure it’s encrypted.
Tor has also been in the news related to a phishing/trojan scheme, where spam email asked folks to download Tor, but it really pointed to a trojan program instead.
It’s important to note in both instances, Tor is not the one at fault. The trojan problem is your typical phishing problem — never click on any hyperlink ever sent to you in email, and don’t trust any sites you didn’t find or search yourself.
Tor is a great program, but it’s not a cure-all. You need a wide spectrum of tools to do it right, or you can also do what many corporations do — require the use of a Virtual Private Network, and all your data packets are routed and encrypted back to a trusted corporate home base." (http://www.andrewlih.com/blog/2007/09/11/using-tor-assume-exit-nodes-are-monitored/)
Evaluation
From eWeek at http://www.eweek.com/article2/0,1759,2009849,00.asp
"Using the tools available at tor.eff.org, I have been able to easily install Tor (along with the Privoxy secure Web proxy) and run it seamlessly without affecting my daily Web usage. One of the main reasons is that the Tor downloads include Vidalia, an easy-to-use GUI that made it simple to turn Tor on whenever I wanted to be more anonymous in my surfing.
Best of all, I've seen very-little-to-no performance hit while Web surfing using Tor. Using the bundled Vidalia/Tor/Privoxy packages, which run on Windows, Mac OS X and Linux systems, I could easily set up any of my less tech-savvy friends and family.
As the Tor network becomes easier to use and more people begin to use it, it will become that much more effective and make it that much more difficult for oppressive regimes or sleazy companies to defeat it-the larger the onion network, the more layers that need to be dealt with."
More Information
See also iPhantom