03-07-2009, 08:03 AM
(This post was last modified: 03-07-2009, 08:09 AM by Peter Presland.)
I've had Tor installed for about 3 months now. There are a couple of problems with it (at present) which render it impractical for regular full-time use:
1. Speed: This can be a function of a number of factors including the global location of your ISP but I have found that it slows things down by a factor of 2 - 10 or more sometimes, making rich content sites unusable.
2. Google reader screws it up. Every time it auto-refreshes the reading list, the browser hangs (That's Firefox for me).
You need to be absolutely clear what it does and does NOT do if it is to be a part of your cyber-security. It does NOT make you (your IP address) anonymous to the sites you visit. What it does do is hide your visited site IP addresses from your ISP; that's all. Useful if your ISP is required to operate a site filter (China, Iran - and probably coming to an ISP near you soon enough). It also means that your ISP logs will not list your visited sites for the benefit of government snoopers etc - or rather the sites listed will be the IP address of the first Tor node in each of your network sessions.
My solution has been to install the Tor/Browser combo bundle such that I now use a separate browser for 'sensitive' browsing.
Other cyber security gizmos I use are:
1. Scroogle scraper: Hides search engine use from the search engine providers but no guarantees the service itself is not or cannot be compromised. It does claim to irrevocably flush its searches cache every few hours and not maintain any usage logs.
2. GnuPG email encryption: This is a Open Source PGP project (The original PGP having gone commercial and now costing too much for my money). It takes a fair bit of 'under the hood' tinkering to get it going properly though - at least for me it did - but works a treat.
3. TrackMeNot: A clever little gizmo that sends random searches out to any search engine(s) specified at user specified intervals. It guarantees that the likes of google can not tailor ads etc to your search usage profile - and anything that screws up the advertising industry is OK by me.
4. TrueCript: A solid Open Source file/drive encryption tool with equally solid 'plausible deniability'. It facilitates the creation of hidden files/drives within already created encripted files/drives such that there is no forensic way to prove that a properly accessed encrypted drive at the first level does or does not contain a further encrypted drive - Neat.
FWIW I reckon we're all fighting a loosing battle of this whole cyber security/anonymity front though. With the vast sums being thrown at establishing tight control over the 'threatening monster' that is the current internet, the best anyone can really do is make life as difficuly as possible for THEM.
1. Speed: This can be a function of a number of factors including the global location of your ISP but I have found that it slows things down by a factor of 2 - 10 or more sometimes, making rich content sites unusable.
2. Google reader screws it up. Every time it auto-refreshes the reading list, the browser hangs (That's Firefox for me).
You need to be absolutely clear what it does and does NOT do if it is to be a part of your cyber-security. It does NOT make you (your IP address) anonymous to the sites you visit. What it does do is hide your visited site IP addresses from your ISP; that's all. Useful if your ISP is required to operate a site filter (China, Iran - and probably coming to an ISP near you soon enough). It also means that your ISP logs will not list your visited sites for the benefit of government snoopers etc - or rather the sites listed will be the IP address of the first Tor node in each of your network sessions.
My solution has been to install the Tor/Browser combo bundle such that I now use a separate browser for 'sensitive' browsing.
Other cyber security gizmos I use are:
1. Scroogle scraper: Hides search engine use from the search engine providers but no guarantees the service itself is not or cannot be compromised. It does claim to irrevocably flush its searches cache every few hours and not maintain any usage logs.
2. GnuPG email encryption: This is a Open Source PGP project (The original PGP having gone commercial and now costing too much for my money). It takes a fair bit of 'under the hood' tinkering to get it going properly though - at least for me it did - but works a treat.
3. TrackMeNot: A clever little gizmo that sends random searches out to any search engine(s) specified at user specified intervals. It guarantees that the likes of google can not tailor ads etc to your search usage profile - and anything that screws up the advertising industry is OK by me.
4. TrueCript: A solid Open Source file/drive encryption tool with equally solid 'plausible deniability'. It facilitates the creation of hidden files/drives within already created encripted files/drives such that there is no forensic way to prove that a properly accessed encrypted drive at the first level does or does not contain a further encrypted drive - Neat.
FWIW I reckon we're all fighting a loosing battle of this whole cyber security/anonymity front though. With the vast sums being thrown at establishing tight control over the 'threatening monster' that is the current internet, the best anyone can really do is make life as difficuly as possible for THEM.
Peter Presland
".....there is something far worse than Nazism, and that is the hubris of the Anglo-American fraternities, whose routine is to incite indigenous monsters to war, and steer the pandemonium to further their imperial aims"
Guido Preparata. Preface to 'Conjuring Hitler'[size=12][size=12]
"Never believe anything until it has been officially denied"
Claud Cockburn
[/SIZE][/SIZE]
".....there is something far worse than Nazism, and that is the hubris of the Anglo-American fraternities, whose routine is to incite indigenous monsters to war, and steer the pandemonium to further their imperial aims"
Guido Preparata. Preface to 'Conjuring Hitler'[size=12][size=12]
"Never believe anything until it has been officially denied"
Claud Cockburn
[/SIZE][/SIZE]