Tuesday, June 20, 2017

TOR - The Onion Router

TOR is free software for enabling anonymous communication. TOR enables its users to surf the Internet, chat and send instant messages anonymously, and is used by a wide variety of people for both licit and illicit purposes. The name is derived from an acronym for the original software project name "The Onion Router".

TOR software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

TOR won't encrypt your data - for that, you'll need a Virtual Private Network (VPN). Instead, TOR routes your Internet traffic through a series of intermediary nodes. This makes it very difficult for government snoops or aggressive advertisers to track you online. Using TOR affords far more privacy than other browsers' private (or Incognito) modes, since it obscures your IP address so that you can't be tracked with it.

TOR does not prevent an online service from determining when it is being accessed though TOR. TOR protects a user's privacy, but does not hide the fact that TOR is being used.

You can access the TOR web-site at https://www.torproject.org/ and download the latest version of TOR for your particular operating system. I strongly recommend that you download and use a copy of the TOR browser to help protect your on-line privacy. If you have the computer resources and a bit of technical skill, run a TOR node. If you don't have the technical savvy to personally run a TOR node, you can still help expand the TOR network by encouraging your public library or local college to run a TOR node on their network.

As you will see as you begin to use TOR and learn more about the TOR network, the system is not perfect. While TOR greatly improves your on-line privacy, you must practice good cyber-security to make TOR work most efficiently. Think of TOR as just one more important tool in your cyber-security toolbox.

TOR Security Tips from the TOR Web-site:
 
Use the TOR Browser - Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser. It is pre-configured to protect your privacy and anonymity on the web as long as you're browsing with Tor Browser itself. Almost any other web browser configuration is likely to be unsafe to use with Tor.
 
Don't torrent over TOR - Torrent file-sharing applications have been observed to ignore proxy settings and make direct connections even when they are told to use Tor. Even if your torrent application connects only through Tor, you will often send out your real IP address in the tracker GET request, because that's how torrents work. Not only do you deanonymize your torrent traffic and your other simultaneous Tor web traffic this way, you also slow down the entire Tor network for everyone else.

Don't enable or install browser plugins - Tor Browser will block browser plugins such as Flash, RealPlayer, Quicktime, and others: they can be manipulated into revealing your IP address. Similarly, we do not recommend installing additional addons or plugins into Tor Browser, as these may bypass Tor or otherwise harm your anonymity and privacy.

Use HTTPS versions of websites - Tor will encrypt your traffic to and within the Tor network, but the encryption of your traffic to the final destination website depends upon on that website. To help ensure private encryption to websites, Tor Browser includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website. Also see EFF's interactive page explaining how Tor and HTTPS relate.
 
Don't open documents downloaded through TOR while online - Tor Browser will warn you before automatically opening documents that are handled by external applications. DO NOT IGNORE THIS WARNING. You should be very careful when downloading documents via Tor (especially DOC and PDF files, unless you use the PDF viewer that's built into Tor Browser) as these documents can contain Internet resources that will be downloaded outside of Tor by the application that opens them. This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, we strongly recommend either using a disconnected computer, downloading the free VirtualBox and using it with a virtual machine image with networking disabled, or using Tails. Under no circumstances is it safe to use BitTorrent and Tor together, however.
 
Use bridges and/or find company - Tor tries to prevent attackers from learning what destination websites you connect to. However, by default, it does not prevent somebody watching your Internet traffic from learning that you're using Tor. If this matters to you, you can reduce this risk by configuring Tor to use a Tor bridge relay rather than connecting directly to the public Tor network. Ultimately the best protection is a social approach: the more Tor users there are near you and the more diverse their interests, the less dangerous it will be that you are one of them. Convince other people to use Tor, too!

To learn more about TOR, see the official TOR website (https://www.torproject.org/), particularly the following pages:








No comments:

Post a Comment

Note: Only a member of this blog may post a comment.