Increasing Your Online Privacy And Security With Tor

• Tweet

Security and the protection of an individual’s online activity is becoming an ever more relevant issue for the global citizen. Whether we are being monitored by a malicious third party, an employer, an ISP or our own government, security and privacy in online communications is seen by many as a basic human right. If you adhere to this belief and would like to know how to obtain a satisfactory level of security with relative ease, I would like to introduce you to Tor.

Tor is free, open source software that is meant to deter traffic analysis, i.e., the process of intercepting and examining data in order to deduce information from patterns in communication. Originally developed by the US Naval Research Laboratory as a third generation onion routing project (i.e., an architecture that employs encryption in a multi-layered manner), Tor is now maintained by the Tor project, a 501(c)(3) research/education non-profit organization based in the U.S.A.

It is utilized by hundreds of thousands of people from all over the world, including journalists, non-governmental organizations (NGOs), law enforcement agencies, activists, militaries, IT professionals and average Internet users for a variety of personal/professional reasons.

How It Works

Tor works by funneling your traffic over a distributed, anonymous network. Try to imagine that you are being followed by a malevolent individual. Instead of taking the most direct route to your destination, you’d try to lose your tail by taking a circuitous route with many twists and turns. In a similar manner, Tor attempts to thwart traffic analysis by distributing your transactions over several places on the Internet, so no single point can lead back to your destination.

To create a private network pathway, the Tor client software incrementally builds a circuit of encrypted connections through relays on the network. Critically, the circuit is extended one hop at a time, and each relay along the path only knows which relay gave it data and which relay it is giving data to, ensuring that no individual relay knows the complete path a data packet has taken. Separate encryption keys are negotiated at each hop along the circuit to ensure that each relay can’t trace these connections as they pass through.

In addition, for connections that do not occur within the same ten minute time frame, new circuit pathways are negotiated to prevent someone from linking your earlier actions to newer ones. Many types of data can be passed over the Tor network, and the following applications can be configured to utilize it:

• Web Browsers
• Internet Relay Chat (IRC) Programs
• Instant Messaging (IM) Clients

Installation

Since the Tor Project has only throughly tested Tor operability with the Firefox web browser, I am going to focus on this specific implementation for setting up Tor on your system. The first step is to download and install the Tor client on your computer (it will be called Vidalia in your Applications folder after installation).

This is the component that connects to the Tor network and establishes a virtual circuit for routing your data. Upon opening the application, the connection process will automatically commence and, once complete, will tell you that you are connected to the Tor network.

The next step involves configuring your application, in this case FireFox, to utilize the Tor network for sending and receiving traffic. While this can be done manually through Firefox’s proxy settings, the Tor project recommends utilizing an extension to automate the process, the eponymous Torbutton.

After you install the extension, you will see new text in the status bar that displays whether the Torbutton is enabled or disabled. Simply click on it to enable it, and your configuration process is complete. You are now browsing the web using the Tor network. To verify that configuration was correctly implemented, you can visit check.torproject.org.

Caveats

Although Tor is an excellent tool, it is not a security/anonymity panacea, i.e., it does not encrypt all of your Internet activities. In order to engender a more comprehensive level of security, there are a few more steps you will need to take:

1. Remember, each application needs to be configured to send traffic through Tor. Although the Torbutton makes this a facile process for the FireFox web browser, other applications will need to be manually configured. The exact settings will vary depending on the application and the protocol(s) it uses, but the common proxy settings for web browsers (HTTP(S) traffic) will be 127.0.0.1 (i.e., the loopback address) for the Server I.P. address and 8118 for the Port. Check out the Tor Project for more detailed installation guides specific to your use case.
2. Any additional extensions you have installed in FireFox may bypass Tor and broadcast sensitive information about your browsing habits.
3. If you have cookies enabled in your browser, they may retain information that could be used to identify you. To be most secure, you can disable cookies in FireFox. Click on Tools -> Options -> Privacy and uncheck both Accept cookies from sites and Accept third-party cookies.
4. Be aware that while Tor anonymizes the origin of your traffic and encrypts everything between you and the Tor network and everything in the Tor network, it does not encrypt traffic between the Tor network and its final destination. For ultimate protection, ensure that you are using an end-to-end encryption/authentication connection (i.e., HTTPS).

Portable Tor

If you find that Tor is sufficient for your needs, you might also be interested in the Tor Browser Bundle (Windows only; Linux and OS X versions currently in Beta). This package will let you use Tor without needing to install any software on a computer. It can run off a USB flash drive, comes with a pre-configured web browser and is self-contained.

Just download the bundle, extract the package to a USB drive, open the folder, Tor Browser, and double click on the Start Tor Browser application. Vidalia will start and once Tor is ready, FireFox will automatically open. Lastly, make sure that the Tor Enabled text is displayed in the status bar before beginning your browsing session.

Image via Global Voices Advocacy