How To: Internet Condom aka TOR

How To: Internet Condom aka TOR

Well, I'm slowly recreating as many of the "How To" posts that I can remember from enturbulation.

This one is about using the TOR network to surf the internet in relative safety from prying Scino's.

[ame=http://www.youtube.com/watch?v=Gz0VC-e1eZU]YouTube - Vidalia[/ame]

Now the tl;dr.
What is Tor?
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.

Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.

Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?

A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.

The variety of people who use Tor is actually part of what makes it so secure. Tor hides you among the other users on the network, so the more populous and diverse the user base for Tor is, the more your anonymity will be protected.
Why we need Tor

Using Tor protects you against a common form of Internet surveillance known as "traffic analysis." Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests. This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are. For example, if you're travelling abroad and you connect to your employer's computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.

How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that's an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the header, which discloses source, destination, size, timing, and so on.

A basic problem for the privacy minded is that the recipient of your communications can see that you sent it by looking at headers. So can authorized intermediaries like Internet service providers, and sometimes unauthorized intermediaries as well. A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, looking at headers.

But there are also more powerful kinds of traffic analysis. Some attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers.
The solution: a distributed, anonymous network

Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it's going.

Cheers,
Rob

re: How To: Internet Condom aka TOR

Another video for those wanting a portable version of TOR.

[ame=http://www.youtube.com/watch?v=n_4KNND366M&feature=related]YouTube - The Ultimate Proxy: Tor[/ame]

Cheers,
Rob

re: How To: Internet Condom aka TOR

always good advise for searching scio sites. For all the Firefox users FoxyProxy works wonders with Tor.

https://addons.mozilla.org/en-US/firefox/addon/2464

Or just download the Tor Button
https://addons.mozilla.org/en-US/firefox/addon/2275

re: How To: Internet Condom aka TOR

Maybe I'm a n00b, but when it's active I can't get anywhere AT ALL, not even here.

What am I doing wrong, here?

re: How To: Internet Condom aka TOR

the Tor network is typically really slow. If you don't need the securest network (like on this site) use a different proxy. I only use the Tor network when venturing onto a Scilon site.

re: How To: Internet Condom aka TOR

There is a less well known service, hence faster than TOR at times, called JonDo. Similarly to TOR bundles, where everything is pre-configured correctly out of the "box" to work together. There is the JonDo client, and the JonDoFox, which provides you with a separate portable version of FF3, and/or add a profile to your FF3. (And you need Java runtime if you haven't got it already).

On 1/1/2009, all German operators of TOR and JonDo will need to log everything, which can be obtained via German court order. (Maybe we should all be TOR relays for a day? And exchange lots of things in our hard disks?)

re: How To: Internet Condom aka TOR

When all else fails or too slow, there is a fast and free VPN service - Hotspot Shield. The catch is that it is ad based, adding a banner at top of your browser.

It is basically an encrypted proxy, hiding your IP by one level of indirection, and preventing packet sniffing at your Wifi or local network.

VPN means you don't need to set anything to the browser. Everything goes through the private network between your computer and Anchorfree servers, including IM clients, IRC clients etc, and typically for all users in your comp, and all your network if your comp is the internet gateway. You can also run TOR , JonDo or any CGI proxy on top, adding another proxy in the chain.

The encryption seems to be based on OpenVPN, which is reasonably secure. The servers seem to be fast and reliable. Not a surprise as people use it for watching hulu movies from outside US. However, for torrent download the private network may be down in the middle with the default public connection used! So I would use it only interactively when I can watch the status icon.

The other question is whether you can trust the company. The company sniff your contents like Google ad sense, and suggest websites when you make typing mistakes, like any portals do. You can avoid this by adding another encrypted proxy on top. Hotspot shield knows your IP but not the contents you see. Though HSS can do something dangerous like turning off it's encryption when the traffic is already encrypted, leaving you with only one encrypted proxy in the chain. That's the usual problem when Hotspot Shield is not open source.

re: How To: Internet Condom aka TOR

quick question: how do I use things like bittorrent with tor? do I need to configure a port or just turn on tor when I'm using my comp or what

re: How To: Internet Condom aka TOR

Quick question: what are you using BT for?

It can be done, but since many are probably doing it, hour's of download in TOR become days.

Vuze has a hard to read instructions on TOR since a long time ago. But telling you that you should not do it, killing the TOR servers.

A simple way may be Proxifier, turning TOR into a VPN, so you don't need to set anything on your BT client. (Oops, free trial but not free. Though if you buy the software it's better than paying a VPN provider with your credit card.)

To be sure there is Wireshark to see where the packets are going. On a side note, somebody should write a simple tutorial on it, useful for making sure that nobody is sending anything out from your comp behind your back.

re: How To: Internet Condom aka TOR

I use bt for mostly video game patches or mods... yeah

anyway, nothing important. just wondered how to do it

re: How To: Internet Condom aka TOR

Yeah, i agree with you.