PDA

View Full Version : Tor. Information and download here.



Magda Hassan
07-03-2009, 02:29 AM
https://www.torproject.org/overview.html.en#whyweneedtor
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor's hidden services (https://www.torproject.org/docs/tor-hidden-service.html.en) let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they're in a foreign country, without notifying everybody nearby that they're working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company's patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
The variety of people who use Tor is actually part of what makes it so secure (http://freehaven.net/doc/fc03/econymics.pdf). Tor hides you among the other users on the network (https://www.torproject.org/torusers.html.en), so the more populous and diverse the user base for Tor is, the more your anonymity will be protected.
Why we need Tor (https://www.torproject.org/overview.html.en#whyweneedtor)

Using Tor protects you against a common form of Internet surveillance known as "traffic analysis." Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests. This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are. For example, if you're travelling abroad and you connect to your employer's computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.
How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that's an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you're doing and, possibly, what you're saying. That's because it focuses on the header, which discloses source, destination, size, timing, and so on.
A basic problem for the privacy minded is that the recipient of your communications can see that you sent it by looking at headers. So can authorized intermediaries like Internet service providers, and sometimes unauthorized intermediaries as well. A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, looking at headers.
But there are also more powerful kinds of traffic analysis. Some attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers.
The solution: a distributed, anonymous network (https://www.torproject.org/overview.html.en#thesolution)

Tor helps to reduce the risks of both simple and sophisticated traffic analysis by distributing your transactions over several places on the Internet, so no single point can link you to your destination. The idea is similar to using a twisty, hard-to-follow route in order to throw off somebody who is tailing you — and then periodically erasing your footprints. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several relays that cover your tracks so no observer at any single point can tell where the data came from or where it's going.
https://www.torproject.org/images/htw1.png
To create a private network pathway with Tor, the user's software or client incrementally builds a circuit of encrypted connections through relays on the network. The circuit is extended one hop at a time, and each relay along the way knows only which relay gave it data and which relay it is giving data to. No individual relay ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can't trace these connections as they pass through.
https://www.torproject.org/images/htw2.png
Once a circuit has been established, many kinds of data can be exchanged and several different sorts of software applications can be deployed over the Tor network. Because each relay sees no more than one hop in the circuit, neither an eavesdropper nor a compromised relay can use traffic analysis to link the connection's source and destination. Tor only works for TCP streams and can be used by any application with SOCKS support.
For efficiency, the Tor software uses the same circuit for connections that happen within the same ten minutes or so. Later requests are given a new circuit, to keep people from linking your earlier actions to the new ones.
https://www.torproject.org/images/htw3.png
Hidden services (https://www.torproject.org/overview.html.en#hiddenservices)

Tor also makes it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server. Using Tor "rendezvous points," other Tor users can connect to these hidden services, each without knowing the other's network identity. This hidden service functionality could allow Tor users to set up a website where people publish material without worrying about censorship. Nobody would be able to determine who was offering the site, and nobody who offered the site would know who was posting to it. Learn more about configuring hidden services (https://www.torproject.org/docs/tor-hidden-service.html.en) and how the hidden service protocol (https://www.torproject.org/hidden-services.html.en) works.
Staying anonymous (https://www.torproject.org/overview.html.en#stayinganonymous)

Tor can't solve all anonymity problems. It focuses only on protecting the transport of data. You need to use protocol-specific support software if you don't want the sites you visit to see your identifying information. For example, you can use web proxies such as Privoxy while web browsing to block cookies and withhold information about your browser type.
Also, to protect your anonymity, be smart. Don't provide your name or other revealing information in web forms. Be aware that, like all anonymizing networks that are fast enough for web browsing, Tor does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit.
The future of Tor (https://www.torproject.org/overview.html.en#thefutureoftor)

Providing a usable anonymizing network on the Internet today is an ongoing challenge. We want software that meets users' needs. We also want to keep the network up and running in a way that handles as many users as possible. Security and usability don't have to be at odds: As Tor's usability increases, it will attract more users, which will increase the possible sources and destinations of each communication, thus increasing security for everyone. We're making progress, but we need your help. Please consider running a relay (https://www.torproject.org/docs/tor-doc-relay.html.en) or volunteering (https://www.torproject.org/volunteer.html.en) as a developer (https://www.torproject.org/documentation.html.en#Developers).
Ongoing trends in law, policy, and technology threaten anonymity as never before, undermining our ability to speak and read freely online. These trends also undermine national security and critical infrastructure by making communication among individuals, organizations, corporations, and governments more vulnerable to analysis. Each new user and relay provides additional diversity, enhancing Tor's ability to put control over your security and privacy back into your hands.

Peter Presland
07-03-2009, 07:03 AM
I've had Tor installed for about 3 months now. There are a couple of problems with it (at present) which render it impractical for regular full-time use:

1. Speed: This can be a function of a number of factors including the global location of your ISP but I have found that it slows things down by a factor of 2 - 10 or more sometimes, making rich content sites unusable.

2. Google reader screws it up. Every time it auto-refreshes the reading list, the browser hangs (That's Firefox for me).

You need to be absolutely clear what it does and does NOT do if it is to be a part of your cyber-security. It does NOT make you (your IP address) anonymous to the sites you visit. What it does do is hide your visited site IP addresses from your ISP; that's all. Useful if your ISP is required to operate a site filter (China, Iran - and probably coming to an ISP near you soon enough). It also means that your ISP logs will not list your visited sites for the benefit of government snoopers etc - or rather the sites listed will be the IP address of the first Tor node in each of your network sessions.

My solution has been to install the Tor/Browser combo bundle such that I now use a separate browser for 'sensitive' browsing.

Other cyber security gizmos I use are:

1. Scroogle scraper (http://www.scroogle.org/cgi-bin/scraper.htm): Hides search engine use from the search engine providers but no guarantees the service itself is not or cannot be compromised. It does claim to irrevocably flush its searches cache every few hours and not maintain any usage logs.

2. GnuPG (http://www.gpg4win.org/download.html) email encryption: This is a Open Source PGP project (The original PGP having gone commercial and now costing too much for my money). It takes a fair bit of 'under the hood' tinkering to get it going properly though - at least for me it did - but works a treat.

3. TrackMeNot (http://www.mrl.nyu.edu/%7Edhowe/trackmenot/): A clever little gizmo that sends random searches out to any search engine(s) specified at user specified intervals. It guarantees that the likes of google can not tailor ads etc to your search usage profile - and anything that screws up the advertising industry is OK by me.

4. TrueCript (http://www.mrl.nyu.edu/%7Edhowe/trackmenot/): A solid Open Source file/drive encryption tool with equally solid 'plausible deniability'. It facilitates the creation of hidden files/drives within already created encripted files/drives such that there is no forensic way to prove that a properly accessed encrypted drive at the first level does or does not contain a further encrypted drive - Neat.

FWIW I reckon we're all fighting a loosing battle of this whole cyber security/anonymity front though. With the vast sums being thrown at establishing tight control over the 'threatening monster' that is the current internet, the best anyone can really do is make life as difficuly as possible for THEM.

Magda Hassan
07-04-2009, 12:35 PM
Thanks for all this additional information Peter. Very useful and I'll have to check these out.


3. TrackMeNot (http://www.mrl.nyu.edu/%7Edhowe/trackmenot/): A clever little gizmo that sends random searches out to any search engine(s) specified at user specified intervals. It guarantees that the likes of google can not tailor ads etc to your search usage profile - and anything that screws up the advertising industry is OK by me.
I consider it my sworn duty to do to mess around with the advertising industry. It is the least we can do.




FWIW I reckon we're all fighting a loosing battle of this whole cyber security/anonymity front though. With the vast sums being thrown at establishing tight control over the 'threatening monster' that is the current internet, the best anyone can really do is make life as difficuly as possible for THEM.
You may be right but I am with you - why make it easy for them.

Peter Presland
07-14-2009, 10:57 AM
Tor now has another, potentially VERY subversive, capability which the spooks are no doubt nervous about. It provides tools to set up a hidden TCP/IP service. That is a service (eg a web site or messaging service) whose host machine IP address - and hence whoever controls it - cannot be traced using conventional snooping forensics. Such a site operates as a 'localhost' service on the host machine. Briefly, Tor auto-generates an encrypted public key for the host location and broadcasts it to the Tor network. This allows any Tor user who knows the public key to access the service whilst keeping the location of the host itself securely hidden. Whilst various convoluted forensics are available to spooks trying to find such a service operator, 'Ping', 'Tracert', 'Whois' and their complex derivative tools are of no use whatsoever, making the task much more difficult.

It is also possible to set the service up on a securely encrypted 'Truecrypt' hidden volume. It would be impossible to prove that a particular machine was in fact the host for such a service unless analysis of the machine were carried out whilst the Truecrypt hidden volume was actually mounted - 'plausible deniability' being one of Truecrypt's' major strengths.

So now - for example - OBL's orders could be broadcast to his acolytes from a desk-top machine in - wherever - and the spooks would have a tough time figuring out:

1. That anything IS being broadcast by OBL in the first place
2. That anyone is actually accessing said broadcasts, much less who they are.
3. Whether the service machine is in downtown NYC or Timbuktu.

Not that they need any such knowledge you understand, since they are quite capable of manufacturing it to their own ends anyway. But you get the drift.

Neat eh?

Magda Hassan
07-14-2009, 11:09 AM
I love it when you talk tech to me!
There was something in the media a couple of weeks ago about skype. It too has capabilities which render it unable to be traced or tracked by the snoops and spooks. http://www.dailymail.co.uk/news/worldnews/article-1055611/Taliban-using-Skype-phones-dodge-MI6.html

Peter Presland
07-14-2009, 11:15 AM
Sorry - I hadn't noticed that the hidden service capability was mentioned in Magda's original post - but my last post does provide a bit more detail.

I've tried it too and it works a treat. If anyone's using Tor and would like to see a demo, let me know and I'll PM the public key address of a test site I have on one of my own home machines.

Peter Presland
07-14-2009, 11:21 AM
I love it when you talk tech to me!
There was something in the media a couple of weeks ago about skype. It too has capabilities which render it unable to be traced or tracked by the snoops and spooks. http://www.dailymail.co.uk/news/worldnews/article-1055611/Taliban-using-Skype-phones-dodge-MI6.html


Sir David Pepper, the head of GCHQ, the British Government’s top-secret listening post, has told MPs that internet calls are ‘seriously undermining’ his organisation’s ability to intercept communications. What a shame. Wicked internet!

David Guyatt
03-18-2010, 03:14 PM
I have just started using Tor and I have to say it is impressive. Well worth using.

Peter Presland
03-18-2010, 05:42 PM
I have just started using Tor and I have to say it is impressive. Well worth using.

It is an impressive project - but it is undoubtedly seen as a serious threat to the SIS's and the Establishment in general. I therefore have no doubt they are beavering away at ways to harness it to their own purposes. I read an article recently (can't find it right now but will post if it turns up) which suggested a serious potential vulnerability. It had to do with the algorithms that determine the Tor exit nodes. They naturally are determined (among other things) by the destination of the traffic.

Briefly, Tor is plagued by restricted bandwidth on the majority of its volunteer nodes. If a node with copious unrestricted bandwidth is positioned in such a manner as to be available as an obvious potential exit node for a 'site of interest' then it turns out that a high proportion of traffic to that site will indeed exit the Tor network at said node. So naturally, the SIS's are busy providing vast bandwidth nodes to the Tor network and hoovering up everything that passes through them. Where the server is in fact the exit node for a piece of traffic then the originator of that piece of traffic is readable by the operator of the node.

I can envisage circumstances where, far from protecting a user, it actually delivers them into the hands of the authorities when normal use would have left them free and clear - except for historical evidence contained in logs of course.

Oh dear.

David Guyatt
03-18-2010, 06:56 PM
Any sound alternatives Peter?

Peter Presland
03-18-2010, 08:08 PM
Any sound alternatives Peter?
David, Tor seems to be 'state of the art' right now. It's just that ANY such anonymising system will inevitably become a target for the spooks. That article simply suggested a potential vulnerability which made technical sense to me.

I know that, if I were in possession of super-sensitive information that I wanted to get to the likes of Wikileaks - or wherever - whilst minimising the risk of being caught at it, Tor is still the network I'd use. I'd also send it just once to a single destination then wait for a week or two to see what happens.

If the purpose of using it is simply to hide your browsing habits from the commercial data-harvesters, then I reckon Tor is still a very effective solution. Also, it is a good way to circumvent an ISP or China-type 'firewall' block on specific sites since Tor entry nodes change constantly.

The thing is, with the extent and sophistication of internet surveillance being what it has lately become, there cannot be any cast-iron guarantees about maintaining anonymity when it comes to information that the State regards as sensitive.

BTW, I don't claim serious in-depth technical expertise on this sort of stuff. I just take a keen techi-type interest, that's all.

David Guyatt
03-18-2010, 10:19 PM
Thanks Peter. I take your point. Everything can be broken providing enough time and assets are thrown at it.

Your knowledge on the subject is a heck of a LOT more than mine, I assure you. :embarassed:

Peter Presland
03-19-2010, 09:37 AM
Thanks Peter. I take your point. Everything can be broken providing enough time and assets are thrown at it.

Your knowledge on the subject is a heck of a LOT more than mine, I assure you. :embarassed:
David brief additional info:

Searching for that article I quoted above (didn't find it) I put 'Tor vulnerabilities' (http://www.google.co.uk/search?hl=en-GB&q=tor+vulnerabilities&sourceid=navclient-ff&rlz=1B3GGGL_en-GB___GB328&ie=UTF-8) through a Google search. It produced a lot of hits, one of the most interesting of which is here (http://events.ccc.de/congress/2008/Fahrplan/events/2977.en.html).

It is a slide show type presentation by the developers of Tor themselves to a recent cryptology symposium. They are ruthlessly honest about past, fixed and possible present vulnerabilities. It gets a bit technical but it does illustrate the minefield that glib offers of internet anonymity has become.

David Guyatt
03-19-2010, 10:58 AM
Thanks Peter. I very much respect honesty of that kind. They're a good outfit, I think.