Linux.com

Home Learn Linux Linux Documentation Protect Yourself Online With Tor, TAILS, and Debian

Protect Yourself Online With Tor, TAILS, and Debian

Our privacy and rights to our own data mean nothing on the Internet as businesses and governments freely capture, mine, and sell as much personal information on Web users as they can possibly grab. There is no oversight or accountability, and we have little say. Sure, there are always people who shrug and say "I have nothing to hide and I don't care." Fine for them, but not fine for Web users who do care about this. I daresay they would care if the consequences were as immediate as multitudes of strangers entering their homes and snooping into all of their stuff, but it's abstract and the consequences are not as obvious as physical trespass. Though for some Internet users the consequences are drastic, such as whistleblowers and journalists who live in Figure 1: The anonymous TAILS desktop.countries where they face arrest or worse.

There are some tools we can use to try to protect ourselves, and one of them is Tor, the onion router. Tor was originally developed by the U.S. Naval Research Laboratory for protecting government communications. Tor is a distributed, anonymous network of thousands of relays that obscure your pathways as you use the Internet. Tor aims to foil traffic analysis, which is widely used to track sites that you visit, your location, and your identity. Encrypting your data doesn't protect you from traffic analysis, because packet headers must be unencrypted, and a whole lot of information is gleaned from packet headers. Most Internet users don't bother to encrypt their data, so it's a feast for snoopers.

Tor creates private network pathways for you by building chains of encrypted TCP connections. Each link in the chain only knows about the previous link and the next link, so your "footprints" are erased as you go.

If you tried Tor in the past and struggled to configure it, it's easier than ever to use, thanks to the Tor Browser Bundle. This is a pre-configured Web browser all ready to anonymize your Web surfing. Tor also supports the Thunderbird mail client, the Tor Cloud project creates anonymous bridges across Amazon EC2, and Orbot anonymizes Android users.

What Tor Does Not Do

Tor is about hiding your location, not encrypting your communications. It cannot encrypt the exit node from the Tor network to your destination, and if anyone is in a position to snoop your computer and any of your destinations it is possible for them to connect the dots and do some traffic analysis. For end-to-end encryption you're on your own and need SSL or SSH.

Anyone running a Tor exit node has the ability to perform mischief; this is the weakest point in Tor. A security researcher ran several Tor exit nodes to see what information he could snoop, and it was a lot. The Tor documentation warns about this-- again, you are responsible for your own end-to-end security.

Tor can't protect you from yourself; it can't stop you from clicking on scammy email links, downloading scammy games and apps, or revealing everything about yourself in Web forms and on Facebook. Tor does not support IPv6. Tor is slower than unprotected Internet travels.

TAILS, the Anonymous Distro

TAILS, the Amnesic Incognito Live System, is a complete live Debian distro that routes all network traffic through Tor, and erases all traces of your network activities from your local storage devices, unless you explicitly allow it. TAILS is not just for Web surfing, but routes all of your Internetworking through Tor-- email, IRC, the works. It is a complete Debian system all ready to do actual work as it includes the usual system tools and productivity applications such as OpenOffice, Scribus, Audacity, and GIMP. Use it like any live distro: copy it to a DVD or USB stick and boot it up. Figure 2 shows what it looks like after booting. Click the big green button and it will confirm that you're protected.Figure 2: TAILS boots to Tor-enabled Iceweasel.

TAILs uses the Iceweasel Web browser (Debian's version of Firefox) and enables HTTPS Everywhere by default. This is a plugin that ensures your Web sessions use HTTPS on sites that support it. (It won't magically make HTTPS work on sites that do not deploy it.) There is a handy CS Lite cookie manager button, NoScript, and the Torbutton. The Torbutton gives you a great deal of control and the default configuration is very safe. Some of the options include not writing cookies to disk, setting the User Agent for Tor usage, controlling your History, disabling plugins and isolating dynamic content. It sends a minimum of browser identifying information, and the "New Identity" options clears your browser state and starts over with a new Tor session. Try the EFF's Panopticlick to see how trackable your Web browser is.

Pidgin is included for anonymous IRC, and Claws-Mail for anonymized emailing. You can create a persistent storage volume on a TAILS USB stick with Tails > Configure Persistent Volume, and delete it just as easily with Tails > Delete Persistent Volume.

Running TAILS from a USB stick is faster than from a DVD-R, and you have the persistent storage option, but it's also less safe because a USB stick is writable, and a DVD-R is not.

I used TAILS for my daily work for a week, and it's definitely a lot slower for Internet activities. Though it might help to keep in mind that reading and communicating online is a lot faster than visiting people and libraries in person. It's very easy to use, and I figure something that you can actually use is always better than something that isn't used because it's difficult.

 

Comments

Subscribe to Comments Feed
  • maha Said:

    It's great Tool and we are waiting a tool like this previously we used tor for browsers and now this tool has fulfilled our Privacy requirements Thanks for the Entire team Of TAILS.

  • hughetorrance Said:

    Using Firefox you can use 'https everywhere' use duckduckgo to find and install it.

  • Gel Gradi Said:

    When we're running Tor to browse anonymously, do we become exit nodes? If so, how responsible are we for what other people browse using us as exit nodes? If someone commits a crime online, do we go to jail because the traffic was routed through our node? On the other hand, if no one is responsible for Tor traffic, can't we just commit crimes online and blame it on Tor? I know I'm oversimplifying it, but I think this is an important issue that needs to be addressed.

  • Anon Said:

    Basically, its your IP but not you in person, an IP isnt a person commiting a crime, only a gateway. also, the police\fbi can tell when you ran a tor exit node.

  • Torbert Said:

    No running Tor to browse does not make you an exit node. You must run a Tor server (relay) set up as an exit node for that.

  • SND Said:

    After reading this i dont know more than before. Good would be instructions how to actually make it work in your distro and browser or similar, instead of installin extra browser or extra distro.

  • AJ_ Said:

    It isn't designed to work with your current browser, it takes extra steps to keep your data anonymous.

  • jackob Said:

    I want to have something like vpn in ubuntu becouse this debian tails is to much inconvient. I worked using tails but it isnt nthing specjial to my mind. I like my ubuntu lts and i would like to use something like tails in ubuntu, but not tor but something else i think. what do U tking about it? Is something else such as hot spot shield, but for ubuntu?

  • ffrrfrfe Said:

    https? I might be wrong, but after heartbleeding , ins't https just crap?

  • YaYa Said:

    Heartbleed should be patched on MOST systems by today or tomorrow. It effects SSL (https://) and it allows a client in a two way conversation access to the servers root certificate, which could potentially allow a person to execute a MITM attack on you by ARP poisoning or DNS funkyness. That said, as of today the only effect is reduced overall bandwidth: http://www.pcworld.com/article/2145280/tor-anonymity-network-to-shrink-as-a-result-of-heartbleed-flaw.html

Upcoming Linux Foundation Courses

  1. LFS426 Linux Performance Tuning
    08 Sep » 11 Sep - New York
    Details
  2. LFS520 OpenStack Cloud Architecture and Deployment
    08 Sep » 11 Sep - Virtual
    Details
  3. LFD320 Linux Kernel Internals and Debugging
    15 Sep » 19 Sep - Virtual
    Details

View All Upcoming Courses

Become an Individual Member
Check out the Friday Funnies

Sign Up For the Linux.com Newsletter


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board