Are you an online activist? Or you just don’t want to be tracked when doing your things on the internet. Let’s consider one publicly available solution that most activists are already using to override some Internet censorship. TOR: an anonymizer for online activists.
Note: This post isn’t about inviting you to do censored things on the Internet. It is about an open source, though publicly available, a solution that is used by most citizen media activists around the world.
TOR is not illegal
The very nature of this post is to open readers’ eye to an existing technology geared toward people who desperately look for a way to anonymize their online activity, to work around some local internet censorship that they may have. By the way, at this time of writing, and according to TOR’s FAQ “Tor is not illegal anywhere in the world, so using Tor by itself is fine.”
What is TOR?
So what is TOR: in fact, it is a kind of “peer-to-peer” concept but used for security purposes. It is a distributed network and an anonymous network. It is particularly helpful to people who don’t want their Internet traffic to be tracked since the packets are distributed over the whole TOR network. To quote TOR’s website “The idea is similar to using a twisty, hard-to-follow route to throw off somebody who is tailing you — and then periodically erasing your footprints.”
How TOR works?
Let us first explain (roughly) how TOR network works. Before we start, you need to know how information gets in and out your computer. Let say you want to open a website “X.” In the typical case request for that would go from your computer to your ISP server and then directly (or almost directly but in an entirely unencrypted and traceable way) to this website.
It is why your ISP knows exactly what you do on the internet; this is any government agency will know where and when you were connected. Furthermore, by checking data on those computers, you were connected they will know what you did. Also, if you (for example with the use of P2P network) will connect to a “hoax server,” these are set up by different agencies with parts of software or movies for you to download to trace your IP.
So, you think you are just downloading a film (in P2P your computer connects to many different machines without your control) while in reality, you download a movie and also you sand data to those you don’t want to know about it.
What can you do with TOR?
So instead of rewriting a summary of what can be done with TOR service, I’d instead link you to the necessary materials, then you take whatever fits your needs.
Let’s say that you want to organize an anonymous online meeting so secure that even the participants can’t even be tracked. You may want to consider establishing a “Rendez-Vous” point within the TOR network via their hidden services.
Be careful though, as it is the case with other security packages, there are some warnings you need to be aware of. Check them here.
The good thing about joining the TOR network is that it is available for multiple platforms (Linux, Mac, Windows, …), if you want to give it a try, you may want to check the installation guides.
Using TOR …
The first step is to download Tor.
Now, we will tell you how that changes with the use of TOR (and VPN). In this case, information/request from your computer goes to your ISP server and then from there to the first node of TOR network (TOR client downloads a list of nodes/computer from TOR directory. You may even select the exit node.). That information flows between those nodes (selection of those servers always happens at random and they only “know” about nearest servers to them – not the whole route).
After going through a few of those computers (this is one of the reasons TOR is always slower than VPN) finally goes to the destination server with the website “X.” Every few minutes and every time you send new request path between you and destination changes at random and because of that (unless you are specifically targeted, and someone has lots of resources) you are practically invisible on the internet.
As we have said, because of this architecture of the TOR network it is hard to get decent Internet connection speeds. If you watch a movie for 5 minutes, it can be great, but then route changes and your stream becomes unwatchable.
Tor Pros and Cons
- It’s completely free;
- Encrypts all traffic (incoming and outgoing) between his nodes;
- It is virtually unbeatable (if properly configured);
- There are plenty of applications that are based on TOR technology and make its use easier, including a Tor browser;
- It hides your public IP address to browse the web anonymously.
- The configuration is not trivial;
- The performance is unpredictable as it depends on routes between the Tor network nodes;
- Not suitable for P2P applications such as Torrent (however, you may use a VPN for downloading torrents);
- It only protects applications that are configured to work through Tor. No automatic configuration.
- As written on Tor’s Downloading page: “While Tor blocks attackers on your local network from discovering or influencing your destination, it opens new risks: malicious or misconfigured Tor exit nodes can send you the wrong page, or even send you embedded Java applets disguised as domains you trust.”
TOR vs. VPN
Before we tell you the latest news regarding TOR anonymity, let us tell you a few words about VPN. As in the example above in the case of VPN service. Request from your computer gets encrypted, then goes to through ISP server (but since data you send and receive are as we said encrypted ISP could not easily see what is inside) to VPN server and from there to the destination.
It means that only your VPN provider holds all the data about you and your traffic. For the average Joe VPN seems like a much better solution. As long as you do not do something considered (internationally) illegal, like child pornography, terrorism, etc. your VPN provider will never reveal your data (in many cases they do not even hold those data logs if local legislation does not require that). So, if you want to surf the web (use p3p/torrents), stream movies that are usually unavailable for you VPN should be the product of choice.
Lately, several VPN providers have exposed a mixt TOR and VPN solution called “Tor over VPN” or “Onion over VPN” that connects to the Tor network via a VPN server. This approach has several advantages.
Tor Project Awarded for the Role in Middle East Revolutions
Tor Project awarded! Tor project has received recognition from the Free Software Foundation as it helped the protesters and revolutionists in the Middle East and North Africa. The award called Award for Projects of Social Benefit highlights the software as a project which significantly benefited the society by collaborating and accomplishing a task of social importance.
This excellent free software, as well as other online anonymity tools, has changed the lives of millions of people who were previously living under the fear and suppression of the dictators. Governments in countries from North African and the Middle East tried to censor online applications like Twitter and Facebook, and for a while, they succeeded in doing so. But the Tor project was successfully used to bypass the blocks to let the revolutions continue and take a definite shape.
The latest news involving TOR anonymity
OK, now since we are past the differences between TOR, VPN and regular connection to the internet we can tell you about the latest news involving TOR.
French scientists claim they have found a solution to trace user in the TOR network. Here is what they did. They build a small TOR network and then, using holes in the TOR software they have prepared a virus. The virus had infected 1/3 of TOR nodes. Remaining TOR servers were attacked using a different method for them to disconnect them from the network. Once they started to switch off, more and more information were send through still working nodes, most of them which were already infected with a virus. The primary field of this virus activity was to break data encryption.
This allowed them to create a map of the whole TOR network and method they used will aloe form much quicker identification of users using TOR servers. Here you can read TOR comment in this regard.
Since it is impossible to know exactly where the truth lies, we advise you to take extra precautions.
Do not use Tor servers with BitTorrent
Disturbing news regarding the “bombardment” of Tor servers with DMCA notices was published by TorrentFreak.com some time ago. The story is important as may lead (at some point) to the service shut down. BitTorrent and Tor? Not the best idea.
For those that want to be protected while downloading with BitTorrent, there are plenty of solutions, like VPN services and proxies (Recommended reading: Tips to torrent safely.). The benefit of such services is that they allow users to browse and download anonymously at full speeds. The downside is that users have to pay a monthly fee (usually between $5 and $15) for these premium services.
BitTorrent and Tor?
To avoid this fee, many BitTorrent users anonymize their traffic with Tor. It is a big problem. Although one BitTorrent user taking this option is unlikely to prove problematic, a few thousand can cause some severe damage. Tor servers are also being monitored and notified by copyright holders (the DMCA notices) for facilitating “infringing” transfers.
The conclusion is that those who value anti-censorship tools should not abuse Tor by running their BitTorrent traffic over it. Aside from the fact that torrent traffic slows down the network, the massive amount of DMCA notices may lead to servers being disconnected and, finally, Tor would no longer be available to the people who it was built for.
Can you trust Tor’s security?
According to a report on Heise Online, the German IT security portal, two of the seven directory authority servers (moria1 and gabelmoo) that the Tor Project uses to run its anonymous browsing service have been compromised, along with a new server that the project uses to host metrics and graphs (metrics.torproject.org).
Tor team discovered the attack in early January and are advising users to upgrade to version 0.2.1.22 or 0.2.2.7-alpha of the client software – which acts as an interface between the custom version of Mozilla that the project recommends and the internet.
They said that there is no risk that the attackers could have matched Tor users to their browsing habits.
“By design, Tor requires a majority of directory authorities (four in this case) to generate a consensus; and like other relays in the Tor network, directory authorities don’t know enough to match a user and traffic or destination,” Roger Dingledine, the original developer of the Tor Project wrote in an email this week.
Unconfirmed indications suggest that the two servers were hacked to gain access to the high anonymous bandwidth they offered, but it is also possible that the goal was to set up some SSH keys and use the servers to launch other attacks.
Here is what Roger Dingledine says the Tor security: “We’ve taken steps to fix the weaknesses identified and to harden our systems further. Tor has a track record of openness and transparency, with its source code and specifications and also with its operations. Moreover, we’re disclosing breaches such as this so you can monitor our status. You shouldn’t assume those who don’t disclose security breaches never have any!”
Tor alternative – I2P Darknet
An alternative to Tor is the I2P Darknet network. It works similarly to Tor, but it is considered better when it comes to anonymizing your online presence, downloading torrents and sending secure email. In the same time, Tor is an excellent tool for bypassing geo-restrictions.
To sum up
This blog is about “online anonymity guide,” and I thought TOR is in line with what we’re trying to show our users here. Indeed, TOR is an excellent anonymizer for online activists. We’d love to hear from you how you’d use TOR services for anonymizing your internet activity.
Share your views in the comment section.