Tor (The Onion Router): Difference between revisions

From BoyWiki
(merged javascript article)
(added a workaround for the javascript problem of limiting site functionality)
Line 24: Line 24:
== Javascript Exploit ==
== Javascript Exploit ==
Javascript provides many "whistles and bells" in your browser while you browse the Internet. Without javascript enabled in your browser, you may find the functionality of many websites diminished. Some sites will not function at all without javascript enabled in your browser.
Javascript provides many "whistles and bells" in your browser while you browse the Internet. Without javascript enabled in your browser, you may find the functionality of many websites diminished. Some sites will not function at all without javascript enabled in your browser.
<small>(NOTE: One "workaround"--which ''sometimes'' works--to the problem of javascript limiting site functionality is to access the site desired using the Wayback machine found at https://www.web.archive.org)</small>


But you should be aware that at least one "exploit" (a "trick" used in computer programming to compromise a computer) exists which law-enforcement personnel can use to expose your identity '''even though you may be surfing behind the protection provided by Tor'''.
But you should be aware that at least one "exploit" (a "trick" used in computer programming to compromise a computer) exists which law-enforcement personnel can use to expose your identity '''even though you may be surfing behind the protection provided by Tor'''.

Revision as of 04:28, 5 May 2016

Tor is a free open source project providing people with a proxy to make their computer IP address anonymous when surfing the Internet.

NOTE: This article gives some of the technical details on how Tor works. If you'd like to skip the technical information, then just see link to the Tor Project homepage at the end of this article, visit the Tor homepage, download the browser bundle, and install it. You should make sure that the "global scripts option" (the "S" with a circle and line through it, found on the the upper-left corner of your screen) is set to not allow scripts. (You can disable this option, and enable scripts, for visiting "safe" sites which do not contain sensitive information.) Using Tor, you can begin to surf the Internet safely and securely. (Note: Never try to download bit torrents that contain sensitive information through Tor--you are NOT protected from others monitoring your downloads, and your real IP address will be exposed! Also, you should NEVER combine the visiting of sites which have the details of your real-life identity at the same time that you visit "sensitive" sites. Only do one thing at a time--browsing that involves your "real-life identity," should not be done at the same time that you are using Tor to visit "sensitive" sites (like BoyChat, for example) Remember: close your Tor browser, and then start it again to protect your real-life identity and to keep yourself safe.


Technical details about Tor

Normal proxies forward your data using a single server: they hide your computer IP from websites you visit by placing themselves in the middle of the data transfer. But your privacy could still be compromised by the owner of that single proxy, or by a hostile party monitoring the proxy server.

The Tor network uses "onion layer routing," called this because it resembles the the layers of an onion. Instead of data being routed through a single proxy, everything will be send encrypted using a chain of proxies, routing your browser's request for pages through a minimum of three servers, often located in different countries. If a Tor server administrator has followed the instructions for setting up their server, then no logs will be kept of traffic through the server. This makes it impossible to compromise people's security, even if the server is seized. The proxy chain is also set up to keep changing servers every few minutes, so for a major spy agency to be able to spy on the Tor network they would have to control all of the servers in the Tor network--controlling just a few servers would not be enough to track down a user. The Tor network is known to be somewhat slow and is not recommended for downloading large files. The speed it provides is normally enough to anonymously browse websites that are not too heavy on photos or videos, though it can cause the buffering of streaming videos.

To access the Tor network the end user runs a program called a Tor client (a special Internet browser) on his computer, this comes with an extra filtering program (like Privoxy) between the Tor client and the Internet browser on the local computer due to the risk of applications like Java revealing user information. Any Tor user with sufficient bandwidth can also choose to run a proxy allowing other Tor users to route traffic through his computer, but one has to be very careful when running an Tor "exit" node, which is the last computer in the chain, and the one that connects directly to the site you are visiting.

Used correctly, Tor protects one's anonymity. But there can be problems: In 2013 Ross William Ulbricht was arrested for running a Web site--Silk Road--using Tor. It was primarily a marketplace where illegal drug sellers and buyers could connect. He was sentenced to life in prison without parole. (See Wikipedia for information on how his site was compromised by the legal authorities.)

The Tor technology is attractive to boylovers because of the anonymity offered by the proxy network. Some sites, such as Wikipedia, restrict access or posting using Tor software, to reduce spam and malicious hackers. BoyChat for example, will only allow people to post using Tor if they have a registered nick. The Tor network also hosts hidden sites that can not be taken offline because it is not possible to work out which server is hosting them, however these sites, with the extension .onion, are only accessible if you run Torsoftware in your computer.

Tor and live CD

Even when you use Tor it could still be possible for someone to see information on your computer hard drive, and to look at your drive's contents--websites that you have visited using Tor proxy can be found in the Internet browser cache (if it is enabled). But if you use the "Tor browser bundle," with the special version of Firefox that comes with it, then you do not have to worry about your browser cache being stored on your computer.

Using a "live CD" to browse the Internet avoids leaving any traces of your browsing history on your hard drive, because after you have finished browsing using a live CD all of the data held in volatile RAM memory will disappear, and recovery will not be possible. A live CD (i.e. Tails) with Tor is one of the most powerful anonymity tools that exist.

Javascript Exploit

Javascript provides many "whistles and bells" in your browser while you browse the Internet. Without javascript enabled in your browser, you may find the functionality of many websites diminished. Some sites will not function at all without javascript enabled in your browser.

(NOTE: One "workaround"--which sometimes works--to the problem of javascript limiting site functionality is to access the site desired using the Wayback machine found at https://www.web.archive.org)

But you should be aware that at least one "exploit" (a "trick" used in computer programming to compromise a computer) exists which law-enforcement personnel can use to expose your identity even though you may be surfing behind the protection provided by Tor.

Javascript should never be enabled in a browser used to visit "sensitive" sites, such as sites posting information which is "pro-pedophile" (or even "anti-pedophile") or which contains other information (or images) which may be of interest to a pedophile.

A large number of BoyLovers (and GirlLovers) are now serving very long terms in prison because they enabled javascript in their browsers. Don't be one of them!

List of links proving the Javascript problem

  • Inside the Tor exploit | ZDNet
http://www.zdnet.com/inside-the-tor-exploit-7000018997/
  • Firefox Zero-Day Exploit used by FBI to shutdown Child porn on Tor ...
http://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-pornography-Freedom-Hosting.html
  • FBI Admits It Controlled Tor Servers Behind Mass Malware Attack ...
http://www.wired.com/2013/09/freedom-hosting-fbi/
  • The FBI TOR Exploit - InfoSec Institute
http://resources.infosecinstitute.com/fbi-tor-exploit/
  • Actual risks of javascript and Flash? : TOR - Reddit
http://www.reddit.com/r/TOR/comments/1y8r3m/actual_risks_of_javascript_and_flash/
  • Identity-exposing malware on Tor "could be work of FBI"
http://www.welivesecurity.com/2013/08/05/identity-exposing-malware-on-tor-could-be-work-of-fbi/

See also

External links