HOWTO use TOR to enhance your privacy

Here's the final installment in the amazing Instructables series of HOWTOs inspired by my young adult novel Little Brother. This week, it's a HOWTO on TOR, The Onion Router, a technology for increasing your privacy and anonymity when you look at the web, and for getting around censorwalls.

The Instructables folks did an amazing job with this -- and the response has been great!

When you go online, you leave tracks all over the place. You could be hanging out with friends on IM, checking out websites, or downloading music. If you live in a country where snoops are prying into what ordinary citizens do online (lke, um, the US) you want a way to cover those tracks.
If you're in school, though, then it's even worse. No matter what country you're in, chances are that your access to the internets is as snooped-on as any police state in the world.
So, how do we escape our little virtual prisons? In this Instructable, I'll tell you about something called Tor (The Onion Router.) I'll tell you how it works, and then offer some simple instructions on how to get your web browser hooked up. No more getting snooped!

Link

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: Book • Civlib • Kids • Safety

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

controlbroke

@ snirkles

try enabling tor using the vidalia control panel, it should be in your taskbar :-)
The Unusual Suspect

@ snirkles

Me too. And changing the proxy to any of the recommended settings doesn’t help.
Not a Doktor

just use torpark 1.0.5

duh
The Unusual Suspect

Bravo, Shava.
Naikrovek

Tor is more for anonymity than privacy. if I run a Tor node and your data is coming from it, all I need to do is set up a packet sniffer. If your stuff isn’t encrypted as it leaves or enters my pc, it isn’t private.

Tor anonymizes your IP address to servers which you connect to. It does not make insecure data secure. It does not, on its own, make anything more secure or more private.

Please stop billing Tor as a privacy enhancer. Tor ADDS MIDDLEMEN to your network traffic, any of whom can be sniffing your traffic.
astrochimp

Note the first comment from the link, though:

TOR is only more secure if the exit node it happens to use is more trustworthy than not using TOR at all. This may not be the case.
Rich

@14 – Only exit nodes. The in-between traffic is encrypted.

HTTPS SHOULD BE STANDARD! DOWN WITH HTTP, UP WITH HTTPS!
astrochimp

(Of course, it may very well be more secure, especially if your home locale is a repressive regime with monitoring of electronic communications. In this case, the merits of TOR shine.)
arkizzle

HOWTO use TOR to enhance your piracy

Fixed.
Conservationist

Tor is great, especially if you have opinions the ruling junta (and its citizen toadies) don’t find appealing.
Agent 86

OW
OM

…The great thing about this is that finally, those who’ve been blocked from contributing to Wikipedia by one or more of the petty little “cabals” that have taken over the genre articles can now regain access and help at least try to keep the content balanced.
coaxial

@6 XHON:

It’s a file naming convention from source code distributions. Spaces (weren’t) allowed (and still are bad form) and typing the letters in all caps meant that when display the directory listing in default ascii sorted order, the filenames would be listed first. Other common files are:

INSTALL
README
CHANGELOG
LICENSE

and to a lesser extent

Makefile
mark zero

Om, from what I’ve read, it’s easy to obtain lists of Tor exit nodes, and Wikipedia can (and perhaps already does) block those IPs or require that they log in to edit.

A quick Google turned up this, for example.
controlbroke

if you want to control which exit nodes tor uses you need to edit the torrc config file here.

start/all programs/vidalia/tor/

this are my config additions to enable only U.S. exitnodes

—————————————————–

StrictExitNodes 1
exitnodes desync, whistlersmother, lefkada, bettyboop, croeso, TorLuwakOrg, nixnix, inap1, redpineapple, cronic, sasquatch, slowturtle2, jalopy, BostonUcompsci, whistlersmother, PolynaTor, phobos, lostinthenoise, WeAreAHedge, tordienet

—————————————————–

the first line ‘StrictExitNodes 1′ forces tor to only use exitnode in the list provided
the lines below are the list of nodenames themselves seperated by commas

exitnode names can be found in
/vidalia control panel/view the network

they can be organised by country , throughput and iirc uptime

—————————————————–

Always assume your tor connection is being watched
do not leave personal information over an open connection (tor exit node|open wifi), do not use insecure mail apps ie GMAIL
as your name and pass can be revealed and abused

see the comments thread in the instructable !!
Xohn le Doe

Just out of curiousity, what is the etymology of “HOWTO”? That is, why are the words “how” and “to” in all caps and crammed together?
controlbroke

@ Xohn. Yep i think thats the answer right there

also “this are”?
BB I know you have a preview for posts, I am stupid enough to need an edit also :-(
Ernunnos

I’d be willing to bet that 99% of TOR users are Nigerian 419 scammers using it to launder their connection to the web mail systems they abuse. Just like 99% of TTY relay users.

It’s a fine idea in theory, but in practice it’s been rapidly coopted by the lowest common denominator. Which seems to be the universal fate of idealistic anarchies, for reasons obvious to everyone but idealistic anarchists.

Unfortunately, everyone else now gets to deal with the fallout of a system that is a near-perfect fraud enabler. It’s now necessary to create and maintain lists of TOR exit points, and add mechanisms for denying access to any service you don’t want flooded with Nigerian fraud based on those lists.
grz

they shouldn’t promote tor like they do. Tor must be use only by experienced user who are really aware of how the tor network work.

By using an exit node, the only thing you hide is your IP and not the content of your traffic. This is a big issue, if you are sending normally your traffic from A to B thought C (internet provider), with tor, you are sending your traffic from A to B, thought D (exit node), E (c’s internet provider). You hide your content only to C and the common user have no idea who could be D and E. (C can equals E)

if you are not an experienced user, you probably decrease your privacy by using Tor and an exit node. (not if you are using only hidden services)
Chevan

Just be DAMN sure you have your system set up so that you’re actually anonymous. And practice secure browsing. Don’t send any kind of identifying information, don’t browse email, don’t use passwords, don’t log into forums, and so on. Most of the known exit nodes have been watched like a hawk ever since asshats started using Tor to get their illegal porn, and if you really want to be anonymous that’s not the kind of environment you want to send your information through.
shava

@8 — Actually tor routers come with port 25 (email) disabled — so it’s highly unlikely that we are the recourse of Nigerian spammers.

As former executive director of The Tor Project, hardly a day went by when I wasn’t talking to people who were grateful for the service. Those folks included journalists, bloggers, activists, union organizers, people with health issues, people participating in support groups online for drug/alcohol/abuse issues, and a plethora of others who want anonymity for perfectly legitimate, and sometimes quite laudable reasons.

Our country was founded by activists who had to use anonymous publishing (at that time, broadsheets and leafleting) to organize a rebellion against what they perceived as tyranny.

Every day, the journalists you read online are risking much — sometimes their lives — to file the stories you want to know from danger zones all over the world.

Are there people who abuse anonymity? Yes. But if any one person can be anonymous, all people can — it’s the actual structural nature of the beast.

Do you want to live in a world where some folks can abuse the system, but we preserve important freedoms of expression, freedom of the press, and the ability to access information without fear?

Or do we shut down our freedoms in fear of a few bad actors?

Shava Nerad
Anonymous

If The Crown agents use Tor to commit sabotage of the U S government and the U K government as aleged by Captain Sherlock at http://www.abeldanger.net it is very likely very secure.
snirkles

I just installed this, but when I try to use it I’m getting the message “Firefox is configured to use a proxy server that is refusing connections.”

Any ideas? Thanks!
stevew

Tor’s anonymity has been hacked …
[quote]
Furthermore, we show that a well-provisioned adversary, using a topological map of the network, can trace-back the path of an anonymous user in under 20 minutes. Finally, we can trace an anonymous Location Hidden Service in approximately 120 minutes.
[/quote]

Last paper presented: Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems http://web.crypto.cs.sunysb.edu/spday/

[via http://cryptome.org/