Tor (The Onion Router)

From BoyWiki
Jump to: navigation, search

Tor is a free open-source project providing people with a proxy to make their computer IP address more anonymous (harder to find) when surfing the Internet. It contains its own browser.

Every computer (or phone or tablet) that is accessing the Internet has an IP (Internet Protocol) address. Typically these are assigned by the Internet Service Provider (the company you connect to which then connects you to the Internet using their own permanent connection), and can and often are different each time you use the Internet. They are in digits and typically take the form 000.00.000.0. There are more computers than there are IP addresses, so in most cases a number is assigned when you connect and the number is released when your Internet session ends. (There are partially implemented plans to increase the number of IP addresses, by making them longer.) Internet Service Providers typically keep records of which IP address is assigned to which customer at which time. Thus, a warrant from a judge can (in the U.S.) compel the Internet Service Provider to identify who used an IP address at a certain time.

A proxy is a computer server that acts as an intermediary. It receives your request for a Web page, with your IP address exposed. It then forwards the request, using its own IP address as the requestor. When the requested page arrives, the proxy computer sends it to you.

Tor typically uses as series of servers (10 is a number frequently seen), each located in a different country. Thus the origin of the name: there is an similarity to layers of an onion.

To track the request for a Web page back to you, law enforcement must track it through multiple servers in multiple countries. These servers change (a new route is selected) frequently, adding to the difficulty in tracking through them. Many of the proxy servers deliberately do not keep records of the requests received and processed. Tor also encrypts the data leaving or arriving at your computer. Your IP address cannot be encrypted.

However, what cannot be concealed from your Internet Service Provider is the time you connected to Tor. At the other end, the same thing applies. In other words, if law enforcement wants to device the resources, the times you logged on to Tor can be matched with those of a recipient. This is not a hypothetical danger; law enforcement has done this. The solution is to use a VPN, in any country other than the one in which you reside.

Because of the multiple steps involved, using Tor will result in slower Web page loading than when it is not used. This is, to a degree, common to all types of encryption.

The Darknet

There are a variety of services, both legal and illegal, that can be accessed using Tor and only Tor. This is called the Darknet (http://en.wikipedia.org/wiki/Darknet). There is no single directory of them; they change frequently. Tor conceals which country the server of the requested material is in.

Browsing on the Darknet can easily reveal disturbing material - animal torture, for example - which is not available on the regular Internet. One can order an assassination ("no prominent politicians"). There is much copyrighted material posted illegally.

However, there is plenty of material on the Darknet which is legal under the laws of all Western democracies, but is illegal under the laws where some user finds him- or herself. For example, anti-Islamic writings or discussions of textual or other errors in the Koran, can lead to formal execution or assassination in many Islamic countries. Conversely, in the United States there is an active anti-birth control movement, where, not long ago, birth control information could not be mailed, and Planned Parenthood founder Margaret Sanger fled the country, under indictment for distributing it.

No one is in favor of the free distribution of all the information and communication, including child pornography and torture of children, found on the Darknet. (OK, a few left-wing First Amendment nuts are.) But there is no way to shut it down without shutting down the whole Internet, in which case the cure would be worse than the disease. The Darknet is, on purpose, completely decentralized; one would have to shut down individually all the hundreds of thousands if not millions who use it.

Limitations on Tor security

Originally, it was thought that the anonymity provided by Tor was total. However, law enforcement, which has more resources than all the boylovers in the world put together, has developed a number of ways to penetrate Tor security. Ross Ulbricht, on whom there is a Wikipedia article (http://en.wikipedia.org/wiki/Ross_Ulbricht) is serving a life sentence as a result of law enforcement penetrating his Tor security. It only took them a few months.

  • The fact that you sent a request for an Internet page, through your Internet Service Provider, to a Tor proxy is not and cannot be concealed using current technology. Even though the name of the page is encrypted, law enforcement can easily find out that you requested some Web page through Tor (but not which one) at a particular time. Most Internet Service Providers keep logs of which pages each user requests and when they request them. At the other end of the chain of servers, law enforcement can find out which IP addresses requested the page the users of which they are investigating. Even if all they can find out is the IP address of the final Tor proxy in the chain, the time the page requested cannot be concealed. If the time the page is served matches with the time you requested a page, this does not prove that you requested that page, but it could serve as grounds to seize and search your computer (phone, tablet).
  • Nothing prevents law enforcement from acting as a Tor proxy -- anyone running the browser can -- and thus spying on the data requests sent and received somewhere in the chain.


NOTE: This article gives an overview of how Tor works. If you'd like to skip the technical information, then just see link to the Tor Project home page at the end of this article, visit the Tor home page, download the browser bundle, and install it. You should make sure that the "global scripts option" (the "S" with a circle and line through it, found on the the upper-left corner of your screen) is set to not allow scripts. (You can disable this option, and enable scripts, for visiting "safe" sites which do not contain sensitive information.) Using Tor, you can surf the Internet more securely. (Note: Never try to download bit torrents that contain sensitive information through Tor--you are NOT protected from others monitoring your downloads, and your real IP address will be exposed! Also, you should NEVER combine the visiting of sites which have the details of your real-life identity at the same time that you visit "sensitive" sites. Only do one thing at a time--browsing that involves your "real-life identity," should not be done at the same time that you are using Tor to visit "sensitive" sites (like BoyChat, for example) Remember: close your Tor browser, and then start it again to protect your real-life identity and to keep yourself safe.


To access the Tor network the end user runs a program called a Tor client (a special Internet browser) on his computer, this comes with an extra filtering program (like Privoxy) between the Tor client and the Internet browser on the local computer due to the risk of applications like Java revealing user information. Any Tor user with sufficient bandwidth can also choose to run a proxy allowing other Tor users to route traffic through his computer, but one has to be very careful when running an Tor "exit" node, which is the last computer in the chain, and the one that connects directly to the site you are visiting.

Used correctly, Tor protects one's anonymity. But there can be problems: In 2013 Ross William Ulbricht was arrested for running a Web site--Silk Road--using Tor. It was primarily a marketplace where illegal drug sellers and buyers could connect. He was sentenced to life in prison without parole. (See Wikipedia for information on how his site was compromised by the legal authorities.)

The Tor technology is attractive to boylovers because of the anonymity offered by the proxy network. Some sites, such as Wikipedia, restrict access or posting using Tor software, to reduce spam and malicious hackers. BoyChat for example, will only allow people to post using Tor if they have a registered nick. The Tor network also hosts hidden sites that can not be taken offline because it is not possible to work out which server is hosting them, however these sites, with the extension .onion, are only accessible if you run Tor software in your computer.

Many files on Tor may be accessed at http://tor2web.org.

Tor and live CD

Even when you use Tor it could still be possible for someone to see information on your computer hard drive, and to look at your drive's contents--websites that you have visited using Tor proxy can be found in the Internet browser cache (if it is enabled). But if you use the "Tor browser bundle," with the special version of Firefox that comes with it, then you do not have to worry about your browser cache being stored on your computer.

Using a "live CD" to browse the Internet avoids leaving any traces of your browsing history on your hard drive, because after you have finished browsing using a live CD all of the data held in volatile RAM memory will disappear, and recovery will not be possible. A live CD (i.e. Tails) with Tor is one of the most powerful anonymity tools that exist.

Javascript Exploit

Javascript provides many "whistles and bells" in your browser while you browse the Internet. Without javascript enabled in your browser, you may find the functionality of many websites diminished. Some sites will not function at all without javascript enabled in your browser.

(NOTE: One "workaround"--which sometimes works--to the problem of javascript limiting site functionality is to access the site desired using the Wayback machine found at https://www.web.archive.org)

But you should be aware that at least one "exploit" (a "trick" used in computer programming to compromise a computer) exists which law-enforcement personnel can use to expose your identity even though you may be surfing behind the protection provided by Tor.

Javascript should never be enabled in a browser used to visit "sensitive" sites, such as sites posting information which is "pro-pedophile" (or even "anti-pedophile") or which contains other information (or images) which may be of interest to a pedophile.

A large number of BoyLovers (and GirlLovers) are now serving very long terms in prison because they enabled javascript in their browsers. Don't be one of them!

Links to articles describing the risks of browsing with javascript enabled

  • Inside the Tor exploit | ZDNet
http://www.zdnet.com/inside-the-tor-exploit-7000018997/
  • Firefox Zero-Day Exploit used by FBI to shutdown Child porn on Tor ...
http://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-pornography-Freedom-Hosting.html
  • FBI Admits It Controlled Tor Servers Behind Mass Malware Attack ...
http://www.wired.com/2013/09/freedom-hosting-fbi/
  • The FBI TOR Exploit - InfoSec Institute
http://resources.infosecinstitute.com/fbi-tor-exploit/
  • Actual risks of javascript and Flash? : TOR - Reddit
http://www.reddit.com/r/TOR/comments/1y8r3m/actual_risks_of_javascript_and_flash/
  • Identity-exposing malware on Tor "could be work of FBI"
http://www.welivesecurity.com/2013/08/05/identity-exposing-malware-on-tor-could-be-work-of-fbi/

See also

External links