HOWTO use TOR to enhance your privacy

Discuss

24 Responses to “HOWTO use TOR to enhance your privacy”

  1. controlbroke says:

    @ snirkles

    try enabling tor using the vidalia control panel, it should be in your taskbar :-)

  2. The Unusual Suspect says:

    @ snirkles

    Me too. And changing the proxy to any of the recommended settings doesn’t help.

  3. Not a Doktor says:

    just use torpark 1.0.5

    duh

  4. The Unusual Suspect says:

    Bravo, Shava.

  5. Naikrovek says:

    Tor is more for anonymity than privacy. if I run a Tor node and your data is coming from it, all I need to do is set up a packet sniffer. If your stuff isn’t encrypted as it leaves or enters my pc, it isn’t private.

    Tor anonymizes your IP address to servers which you connect to. It does not make insecure data secure. It does not, on its own, make anything more secure or more private.

    Please stop billing Tor as a privacy enhancer. Tor ADDS MIDDLEMEN to your network traffic, any of whom can be sniffing your traffic.

  6. astrochimp says:

    Note the first comment from the link, though:

    TOR is only more secure if the exit node it happens to use is more trustworthy than not using TOR at all. This may not be the case.

  7. Rich says:

    @14 – Only exit nodes. The in-between traffic is encrypted.

    HTTPS SHOULD BE STANDARD! DOWN WITH HTTP, UP WITH HTTPS!

  8. astrochimp says:

    (Of course, it may very well be more secure, especially if your home locale is a repressive regime with monitoring of electronic communications. In this case, the merits of TOR shine.)

  9. arkizzle says:

    HOWTO use TOR to enhance your piracy

    Fixed.

  10. Conservationist says:

    Tor is great, especially if you have opinions the ruling junta (and its citizen toadies) don’t find appealing.

  11. Agent 86 says:

    OW

  12. OM says:

    …The great thing about this is that finally, those who’ve been blocked from contributing to Wikipedia by one or more of the petty little “cabals” that have taken over the genre articles can now regain access and help at least try to keep the content balanced.

  13. coaxial says:

    @6 XHON:

    It’s a file naming convention from source code distributions. Spaces (weren’t) allowed (and still are bad form) and typing the letters in all caps meant that when display the directory listing in default ascii sorted order, the filenames would be listed first. Other common files are:

    INSTALL
    README
    CHANGELOG
    LICENSE

    and to a lesser extent

    Makefile

  14. mark zero says:

    Om, from what I’ve read, it’s easy to obtain lists of Tor exit nodes, and Wikipedia can (and perhaps already does) block those IPs or require that they log in to edit.

    A quick Google turned up this, for example.

  15. controlbroke says:

    if you want to control which exit nodes tor uses you need to edit the torrc config file here.

    start/all programs/vidalia/tor/

    this are my config additions to enable only U.S. exitnodes

    —————————————————–

    StrictExitNodes 1
    exitnodes desync, whistlersmother, lefkada, bettyboop, croeso, TorLuwakOrg, nixnix, inap1, redpineapple, cronic, sasquatch, slowturtle2, jalopy, BostonUcompsci, whistlersmother, PolynaTor, phobos, lostinthenoise, WeAreAHedge, tordienet

    —————————————————–

    the first line ‘StrictExitNodes 1′ forces tor to only use exitnode in the list provided
    the lines below are the list of nodenames themselves seperated by commas

    exitnode names can be found in
    /vidalia control panel/view the network

    they can be organised by country , throughput and iirc uptime

    —————————————————–

    Always assume your tor connection is being watched
    do not leave personal information over an open connection (tor exit node|open wifi), do not use insecure mail apps ie GMAIL
    as your name and pass can be revealed and abused

    see the comments thread in the instructable !!

  16. Xohn le Doe says:

    Just out of curiousity, what is the etymology of “HOWTO”? That is, why are the words “how” and “to” in all caps and crammed together?

  17. controlbroke says:

    @ Xohn. Yep i think thats the answer right there

    also “this are”?
    BB I know you have a preview for posts, I am stupid enough to need an edit also :-(

  18. Ernunnos says:

    I’d be willing to bet that 99% of TOR users are Nigerian 419 scammers using it to launder their connection to the web mail systems they abuse. Just like 99% of TTY relay users.

    It’s a fine idea in theory, but in practice it’s been rapidly coopted by the lowest common denominator. Which seems to be the universal fate of idealistic anarchies, for reasons obvious to everyone but idealistic anarchists.

    Unfortunately, everyone else now gets to deal with the fallout of a system that is a near-perfect fraud enabler. It’s now necessary to create and maintain lists of TOR exit points, and add mechanisms for denying access to any service you don’t want flooded with Nigerian fraud based on those lists.

  19. grz says:

    they shouldn’t promote tor like they do. Tor must be use only by experienced user who are really aware of how the tor network work.

    By using an exit node, the only thing you hide is your IP and not the content of your traffic. This is a big issue, if you are sending normally your traffic from A to B thought C (internet provider), with tor, you are sending your traffic from A to B, thought D (exit node), E (c’s internet provider). You hide your content only to C and the common user have no idea who could be D and E. (C can equals E)

    if you are not an experienced user, you probably decrease your privacy by using Tor and an exit node. (not if you are using only hidden services)

  20. Chevan says:

    Just be DAMN sure you have your system set up so that you’re actually anonymous. And practice secure browsing. Don’t send any kind of identifying information, don’t browse email, don’t use passwords, don’t log into forums, and so on. Most of the known exit nodes have been watched like a hawk ever since asshats started using Tor to get their illegal porn, and if you really want to be anonymous that’s not the kind of environment you want to send your information through.

  21. shava says:

    @8 — Actually tor routers come with port 25 (email) disabled — so it’s highly unlikely that we are the recourse of Nigerian spammers.

    As former executive director of The Tor Project, hardly a day went by when I wasn’t talking to people who were grateful for the service. Those folks included journalists, bloggers, activists, union organizers, people with health issues, people participating in support groups online for drug/alcohol/abuse issues, and a plethora of others who want anonymity for perfectly legitimate, and sometimes quite laudable reasons.

    Our country was founded by activists who had to use anonymous publishing (at that time, broadsheets and leafleting) to organize a rebellion against what they perceived as tyranny.

    Every day, the journalists you read online are risking much — sometimes their lives — to file the stories you want to know from danger zones all over the world.

    Are there people who abuse anonymity? Yes. But if any one person can be anonymous, all people can — it’s the actual structural nature of the beast.

    Do you want to live in a world where some folks can abuse the system, but we preserve important freedoms of expression, freedom of the press, and the ability to access information without fear?

    Or do we shut down our freedoms in fear of a few bad actors?

    Shava Nerad

  22. Anonymous says:

    If The Crown agents use Tor to commit sabotage of the U S government and the U K government as aleged by Captain Sherlock at http://www.abeldanger.net it is very likely very secure.

  23. snirkles says:

    I just installed this, but when I try to use it I’m getting the message “Firefox is configured to use a proxy server that is refusing connections.”

    Any ideas? Thanks!

  24. stevew says:

    Tor’s anonymity has been hacked …
    [quote]
    Furthermore, we show that a well-provisioned adversary, using a topological map of the network, can trace-back the path of an anonymous user in under 20 minutes. Finally, we can trace an anonymous Location Hidden Service in approximately 120 minutes.
    [/quote]

    Last paper presented: Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems http://web.crypto.cs.sunysb.edu/spday/

    [via http://cryptome.org/

Leave a Reply