Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature: Programming
Securing your online privacy with Tor
Share
Print
CommentsTraffic analysis is based on the fact that every packet of data sent from your computer includes a header containing information about source, destination, size, timing, and other items. If you take a look at a packet header you can at the very least see who sent the the data packet. That's what traffic analysis in its simplest form is about: intercepting data packets and looking at their headers.
Tor tries to keep your packets private by distributing your transactions over several places on the Internet, so there is no direct connection to your destination. As Tor's Web site puts it: "The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you -- and then periodically erasing your footprints."
The Tor network consists of servers known as onion routers. Instead of sending data directly to a destination server, your computer uses these onion routers. To do this, the computer obtains a list of onion routers from a directory server and then selects a random path to the destination server. The clever part is that each onion router along the way knows only which server data is received by and which server data is being sent to -- as each layer in an onion touches only the ones on either side of it. In other words, none of the onion routers know where the data packet originated from.
To be able to use the Tor network you have to install a Tor client on your machine. The Tor software is available for Windows, Linux, and Mac OS X platforms and is pretty easy to install.
To protect your Web browser from leaking information via DNS requests, Tor client software relies on Privoxy, "a Web proxy with advanced filtering capabilities for protecting privacy, modifying Web page content, managing cookies, controlling access, and removing ads, banners, pop-ups, and other obnoxious Internet junk." This means that before you can use your Web browser with Tor software, you should install and configure Privoxy. Luckily, this is also an easy thing to do. Then add the following line to Privoxy's configuration file (on Windows right-click on the Privoxy icon in the System Tray and choose Edit > Main Configuration):
forward-socks4a / localhost:9050 .
Finally you have to "torify" your Web browser and other applications. This basically means that you have to specify proxy settings in the application. To configure, for example, a Firefox browser, choose Tools > Options, select the General section, and click the Connection settings button. Select the manual proxy configuration option, in the HTTP Proxy field enter localhost and in the Port field type 8118. Click OK, and you are done. If you need to configure other applications, check Tor's wiki, which provides detailed instructions on how to "torify" different software.
To begin preserving your online privacy, make sure that Tor and Privoxy are started, launch your Web browser, and point it to Junkbusters Web site. If Tor is working properly, the Web page will display an IP address that is different from your own.
Tor was initially designed and developed as part of the U.S. Naval Research Laboratory's Onion Routing program with support from DARPA. Today it is supported by Electronic Frontier Foundation, among others.
As any other open source project Tor needs help. If you are not a developer you can help by setting up an onion server, provided you have spare hardware and bandwidth. The installed Tor client can easily be turned into an onion router by simply editing its configuration file. However, doing so requires you have a working knowledge of server configuration, and it's a good idea to check Tor's documentation beforehand. If you are concerned about legal issues, check the Legal FAQ for Tor Server Operators as well.
Dmitri Popov is a freelance contributor, whose articles have appeared in Russian, British, and Danish computer magazines.
Comments
on Securing your online privacy with TorNote: Comments are owned by the poster. We are not responsible for their content.
Afterall, that kind of freedom exists under any repressive regime. No, to have freedom of speech, one must be free of reprisals even though your identity is KNOWN.
All of which rates as ironic, since I didn't take the time to create an account.
MG
In the real world of fascist states - like the US, freedom of speech means you don't get arrested when you speak. Especially if you DON'T want to speak publicly.
For that, you need anonymity.
Secondly, like Nixon, Bush sets the IRS and the FBI on muslim charities or individuals who say such things. These people then have their employers, neighbours colleagues interviewed. The effect on them is obvious.
Note that no-one is arrested but the damaging effect of the harrassment on these 'revisionists' is the same. These are not terrorists but just people who just "aren't with the program" who ask critical questions. THAT is the oppression the original poster was talking about.
The truth is Americans, God love 'em (and most Yanks are convinced he does), are not that bright and cannot see whats obvious.
----------------
I don't think you are qualified to know how much we see. Since you evidently speak English, I'd suggest you take a look around your own country.
What's happening here is not just a local phenomenon.
The problem isn't that there's good uses of anonymous applications. The problem is that there's no policing of the anonymous system. All the bad uses anonymous apps. are being put to degrade any legitimacy the good uses generate.
"As well, to have freedom of speech you need the ability to speak anonymously [wikipedia.org], otherwise are you really free to speak if you are non-anonymous and are under threat of attack, punishment and reprisal? (Incidently this is why voting is done by secret (anonymous) ballot, to prevent this kind of intimidation allowing the electorate to voice its will freely)."
No for various reasons to the above.
Since Synonymous here has already mentioned IRC, let me use IRC as an example. Tor allows almost any TCP connection to be anonymized, and this includes connections to IRC servers. Many script kiddies have discovered that you can connect to an IRC server through Tor and wreak whatever havoc you want (flooding, spamming, trolling) under the anonymous identity. There is no way to track the attacker, because the whole point of Tor is to make connections untrackable. The result is that every participating machine in the Tor network is rapidly banned from IRC after not too many occurrences of such abuse.
Getting Tor banned from IRC doesn't cause much harm in the end, but it does cause enough harm that one ought to at least give some thought to changing the Tor policy to not allow connections to IRC. Given the way that Tor is presented in this article (as primarily a browser anonymizing tool), it is not obvious to me that the added feature of anonymous IRC is worth the added costs. As mentioned above, one of these costs is that Tor machines tend to get banned very quickly from IRC networks. I therefore find Synonymous's mention of IRC to be incredibly ironic, since users of machines that run Tor are more likely than not already banned from most major IRC networks because of past abuse of Tor by script kiddies.
"The result is that every participating machine in the Tor network is rapidly banned from IRC after not too many occurrences of such abuse."
Oh the abuses this could be put to. From spammers, to Bin Laden. Must be nice knowing that for every human ill, there's a tecnological solution.
Anonymous access to internet services is frequently abused. To provide Tor users with as reliable freenode access as possible, while reducing the impact of any abuse on the rest of our users, we label all Tor client users with the cloak hostname RANDOMHASH.node.tor (where RANDOMHASH is a series of random characters which are different each time the tor user reconnects, and thus useless in denying any specific user access for very long).
Channel owners are free to deny access to their channels by Tor users. But freenode and PDPC urge you not to use a "ban" command<nobr> <wbr></nobr>/mode #foo +b *@*.node.tor
but instead to use a "quiet" command<nobr> <wbr></nobr>/mode #foo +q *@*.node.tor
and to make such denials-of-access temporary, not permanent, whenever possible.
Network staff tries to weed out various forms of abuse (such as user harassment, denial-of-service attacks and channel flooding) on a daily basis. We use a number of automated and semi-automated tools to achieve this end and we're frequently in a hurry. Because of this, and because Tor creates special needs, access to the network by Tor users will sometimes be blocked. We apologize in advance for any problems of this sort which may occur, and we ask for your patience and understanding. We support Tor and we will do everything we can to resolve any access issues in a timely fashion. "
<a href="http://freenode.net/policy.shtml#tor" title="freenode.net">http://freenode.net/policy.shtml#tor</a freenode.net>
Interesting Article + Comments
Posted by: Synonymous on April 01, 2005 02:42 AMThere are many legit uses to anonymous applications or anonymous p2p such as this,
<A HREF="http://yro.slashdot.org/yro/05/03/30/2018225.shtml?tid=158&tid=103&tid=17" title="slashdot.org"> including
not having the FBI trace you going to naughty (in their mind) sites</a slashdot.org>.
As well, <A HREF="http://en.wikipedia.org/wiki/Anonymous_P2P" title="wikipedia.org">to have freedom
of speech you need the ability to speak anonymously</a wikipedia.org>, otherwise are you
really free to speak if you are non-anonymous and are under threat of attack,
punishment and reprisal? (Incidently this is why voting is done by secret
(anonymous) ballot, to prevent this kind of intimidation allowing the electorate
to voice its will freely).
Other anonymous p2p applications
Other good anonymous p2p content/publishing systems are: <A HREF="http://www.i2p.net/" title="i2p.net">I2P</a i2p.net>
and <A HREF="http://freenet.sourceforge.net/" title="sourceforge.net">Freenet</a sourceforge.net>. There isn't
much 'interesting' content on I2P which leads me to doubt its anonymity (the
'interesting' people may know something we do not) so I do not recommend it for
hardcore anonymity until probably 1.0 (it is at ~0.55).
Working p2p content/publishing systems such as <A HREF="http://sourceforge.net/projects/antsp2p/" title="sourceforge.net">AntsP2P</a sourceforge.net>
and <A HREF="http://sourceforge.net/projects/mute-net/" title="sourceforge.net">MUTE</a sourceforge.net> are interesting
to check out too, although MUTE lacks end to end encryption and had a recent
security flaw in it which was resolved via the cooperation and discussion of
these two communities.
You can come and chat on irc.freenode.net in #I2P-Chat for general chat
(about 40 people in total, 20 ppl nonanonymously on freenode.net's server, and
the other 1/2 devided between IIP and i2p's anonymous chat servers). Other
good channels on irc.freenode.net are: #I2P, #Freenet, #GNUnet<nobr> <wbr></nobr>.
Anyone know of good mailing lists? <A HREF="http://lists.sourceforge.net/lists/listinfo/mute-net-discuss" title="sourceforge.net">Mute's
is quite good</a sourceforge.net> for general cooperation and discussion for developers and
general users for MUTE and anonymous p2p in general.
#