Tor (The Onion Router): Difference between revisions

From BoyWiki
No edit summary
Line 1: Line 1:
'''Tor''' is a free open source project providing people with a [[proxy]] to make their computer IP address more anonymous (harder to find) when surfing the Internet.
'''Tor''' is a free open source project providing people with a [[proxy]] to make their computer IP address more anonymous (harder to find) when surfing the Internet. It contains its own browser.
 
Every computer (or phone or tablet) that is accessing the Internet has an IP (Internet Protocol) address. Typically these are assigned by the Internet Service Provider (the company you connect to and then connects you to the Internet through a permanent connection), and can and often are different for each time you use the Internet. They are in digits and typically take the form 000.00.000.00. There are more computers than there are IP addresses, so a number is assigned when you connect and the number is released when your Internet session ends. Internet Service Providers typically keep records of which IP address is assigned to which customer at which time. Thus, a warrant from a judge can (in the U.S.) compel the Internet Service Provider to identify who used an IP address at a certain time.
 
A proxy is a computer server that acts as an intermediary. It receives your request for a Web page, with your IP address exposed. It then forwards the request, using its own IP address as the requestor. When the requested page arrives, the proxy computer forwards it to you.
 
Tor typically uses as series of servers (10 is a number frequently seen), each located in a different country. This means that to track the use of the Web page back to you, it must track it through multiple servers in multiple countries. Many of the proxy servers deliberately do not keep records of the requests received and processed. Tor also encrypts the data leaving or arriving at your computer. Your IP address cannot be encrypted.
 
== Limitations on Tor security ==
Originally, it was thought that the anonymity provided by Tor was total. However, law enforcement, which has more resources than all the boylovers in the world put together, has developed a number of ways to penetrate Tor security. Ross Ulbricht, on whom there is a Wikipedia article, is serving a life sentence as a result of law enforcement penetrating his Tor security. It only took them a few months.
* The fact that you sent a request for an Internet page, through your Internet Service Provider, to a Tor proxy is not and cannot be concealed using current technology. Even though the name of the page is encrypted, law enforcement can easily find out that you requested some Web page through Tor (but not which one) at a particular time. Internet Service Providers keep logs of which pages their users request and when they request them. At the end, law enforcement can find out which IP addresses requested the page the users of which they are investigating. Even if all they can find out is the IP address of the final Tor proxy in the chain, the time the page requested cannot be concealed. If the time the page is served matches with the time you requested a page, this does not prove that you are the one, but it could serve as grounds to seize and search your computer (phone, tablet).


:NOTE: This article gives an overview of how Tor works. If you'd like to skip the technical information, then just see link to the Tor Project home page at the end of this article, visit the Tor home page, download the browser bundle, and install it. '''''You should make sure that the "global scripts option" (the "S" with a circle and line through it, found on the the upper-left corner of your screen) is set to ''not'' allow scripts.''''' (You can disable this option, and enable scripts, for visiting "safe" sites which do not contain sensitive information.) Using Tor, you can surf the Internet more securely. (Note: ''Never'' try to download bit torrents that contain sensitive information through Tor--you are NOT protected from others monitoring your downloads, and your real IP address will be exposed! Also, you should NEVER combine the visiting of sites which have ''the details of your real-life identity'' at the same time that you visit "sensitive" sites. Only do one thing at a time--browsing that involves your "real-life identity," should ''not be done'' at the same time that you are using Tor to visit "sensitive" sites (like BoyChat, for example) Remember: close your Tor browser, and then start it again to protect your real-life identity and to keep yourself safe.
:NOTE: This article gives an overview of how Tor works. If you'd like to skip the technical information, then just see link to the Tor Project home page at the end of this article, visit the Tor home page, download the browser bundle, and install it. '''''You should make sure that the "global scripts option" (the "S" with a circle and line through it, found on the the upper-left corner of your screen) is set to ''not'' allow scripts.''''' (You can disable this option, and enable scripts, for visiting "safe" sites which do not contain sensitive information.) Using Tor, you can surf the Internet more securely. (Note: ''Never'' try to download bit torrents that contain sensitive information through Tor--you are NOT protected from others monitoring your downloads, and your real IP address will be exposed! Also, you should NEVER combine the visiting of sites which have ''the details of your real-life identity'' at the same time that you visit "sensitive" sites. Only do one thing at a time--browsing that involves your "real-life identity," should ''not be done'' at the same time that you are using Tor to visit "sensitive" sites (like BoyChat, for example) Remember: close your Tor browser, and then start it again to protect your real-life identity and to keep yourself safe.

Revision as of 19:33, 20 June 2016

Tor is a free open source project providing people with a proxy to make their computer IP address more anonymous (harder to find) when surfing the Internet. It contains its own browser.

Every computer (or phone or tablet) that is accessing the Internet has an IP (Internet Protocol) address. Typically these are assigned by the Internet Service Provider (the company you connect to and then connects you to the Internet through a permanent connection), and can and often are different for each time you use the Internet. They are in digits and typically take the form 000.00.000.00. There are more computers than there are IP addresses, so a number is assigned when you connect and the number is released when your Internet session ends. Internet Service Providers typically keep records of which IP address is assigned to which customer at which time. Thus, a warrant from a judge can (in the U.S.) compel the Internet Service Provider to identify who used an IP address at a certain time.

A proxy is a computer server that acts as an intermediary. It receives your request for a Web page, with your IP address exposed. It then forwards the request, using its own IP address as the requestor. When the requested page arrives, the proxy computer forwards it to you.

Tor typically uses as series of servers (10 is a number frequently seen), each located in a different country. This means that to track the use of the Web page back to you, it must track it through multiple servers in multiple countries. Many of the proxy servers deliberately do not keep records of the requests received and processed. Tor also encrypts the data leaving or arriving at your computer. Your IP address cannot be encrypted.

Limitations on Tor security

Originally, it was thought that the anonymity provided by Tor was total. However, law enforcement, which has more resources than all the boylovers in the world put together, has developed a number of ways to penetrate Tor security. Ross Ulbricht, on whom there is a Wikipedia article, is serving a life sentence as a result of law enforcement penetrating his Tor security. It only took them a few months.

  • The fact that you sent a request for an Internet page, through your Internet Service Provider, to a Tor proxy is not and cannot be concealed using current technology. Even though the name of the page is encrypted, law enforcement can easily find out that you requested some Web page through Tor (but not which one) at a particular time. Internet Service Providers keep logs of which pages their users request and when they request them. At the end, law enforcement can find out which IP addresses requested the page the users of which they are investigating. Even if all they can find out is the IP address of the final Tor proxy in the chain, the time the page requested cannot be concealed. If the time the page is served matches with the time you requested a page, this does not prove that you are the one, but it could serve as grounds to seize and search your computer (phone, tablet).
NOTE: This article gives an overview of how Tor works. If you'd like to skip the technical information, then just see link to the Tor Project home page at the end of this article, visit the Tor home page, download the browser bundle, and install it. You should make sure that the "global scripts option" (the "S" with a circle and line through it, found on the the upper-left corner of your screen) is set to not allow scripts. (You can disable this option, and enable scripts, for visiting "safe" sites which do not contain sensitive information.) Using Tor, you can surf the Internet more securely. (Note: Never try to download bit torrents that contain sensitive information through Tor--you are NOT protected from others monitoring your downloads, and your real IP address will be exposed! Also, you should NEVER combine the visiting of sites which have the details of your real-life identity at the same time that you visit "sensitive" sites. Only do one thing at a time--browsing that involves your "real-life identity," should not be done at the same time that you are using Tor to visit "sensitive" sites (like BoyChat, for example) Remember: close your Tor browser, and then start it again to protect your real-life identity and to keep yourself safe.


Technical details about Tor

Normal proxies forward your data using a single server: they hide your computer IP from websites you visit by placing themselves in the middle of the data transfer. But your privacy could still be compromised by the owner of that single proxy, or by a hostile party monitoring the proxy server.

The Tor network uses "onion layer routing," called this because it resembles the the layers of an onion. Instead of data being routed through a single proxy, everything will be send encrypted using a chain of proxies, routing your browser's request for pages through a minimum of three servers, often located in different countries. If a Tor server administrator has followed the instructions for setting up their server, then no logs will be kept of traffic through the server. This makes it impossible to compromise people's security, even if the server is seized. The proxy chain is also set up to keep changing servers every few minutes, so for a major spy agency to be able to spy on the Tor network they would have to control all of the servers in the Tor network--controlling just a few servers would not be enough to track down a user. The Tor network is known to be somewhat slow and is not recommended for downloading large files. The speed it provides is normally enough to anonymously browse websites that are not too heavy on photos or videos, though it can cause the buffering of streaming videos.

To access the Tor network the end user runs a program called a Tor client (a special Internet browser) on his computer, this comes with an extra filtering program (like Privoxy) between the Tor client and the Internet browser on the local computer due to the risk of applications like Java revealing user information. Any Tor user with sufficient bandwidth can also choose to run a proxy allowing other Tor users to route traffic through his computer, but one has to be very careful when running an Tor "exit" node, which is the last computer in the chain, and the one that connects directly to the site you are visiting.

Used correctly, Tor protects one's anonymity. But there can be problems: In 2013 Ross William Ulbricht was arrested for running a Web site--Silk Road--using Tor. It was primarily a marketplace where illegal drug sellers and buyers could connect. He was sentenced to life in prison without parole. (See Wikipedia for information on how his site was compromised by the legal authorities.)

The Tor technology is attractive to boylovers because of the anonymity offered by the proxy network. Some sites, such as Wikipedia, restrict access or posting using Tor software, to reduce spam and malicious hackers. BoyChat for example, will only allow people to post using Tor if they have a registered nick. The Tor network also hosts hidden sites that can not be taken offline because it is not possible to work out which server is hosting them, however these sites, with the extension .onion, are only accessible if you run Torsoftware in your computer.

Tor and live CD

Even when you use Tor it could still be possible for someone to see information on your computer hard drive, and to look at your drive's contents--websites that you have visited using Tor proxy can be found in the Internet browser cache (if it is enabled). But if you use the "Tor browser bundle," with the special version of Firefox that comes with it, then you do not have to worry about your browser cache being stored on your computer.

Using a "live CD" to browse the Internet avoids leaving any traces of your browsing history on your hard drive, because after you have finished browsing using a live CD all of the data held in volatile RAM memory will disappear, and recovery will not be possible. A live CD (i.e. Tails) with Tor is one of the most powerful anonymity tools that exist.

Javascript Exploit

Javascript provides many "whistles and bells" in your browser while you browse the Internet. Without javascript enabled in your browser, you may find the functionality of many websites diminished. Some sites will not function at all without javascript enabled in your browser.

(NOTE: One "workaround"--which sometimes works--to the problem of javascript limiting site functionality is to access the site desired using the Wayback machine found at https://www.web.archive.org)

But you should be aware that at least one "exploit" (a "trick" used in computer programming to compromise a computer) exists which law-enforcement personnel can use to expose your identity even though you may be surfing behind the protection provided by Tor.

Javascript should never be enabled in a browser used to visit "sensitive" sites, such as sites posting information which is "pro-pedophile" (or even "anti-pedophile") or which contains other information (or images) which may be of interest to a pedophile.

A large number of BoyLovers (and GirlLovers) are now serving very long terms in prison because they enabled javascript in their browsers. Don't be one of them!

Links to articles describing the risks of browsing with javascript enabled

  • Inside the Tor exploit | ZDNet
http://www.zdnet.com/inside-the-tor-exploit-7000018997/
  • Firefox Zero-Day Exploit used by FBI to shutdown Child porn on Tor ...
http://thehackernews.com/2013/08/Firefox-Exploit-Tor-Network-child-pornography-Freedom-Hosting.html
  • FBI Admits It Controlled Tor Servers Behind Mass Malware Attack ...
http://www.wired.com/2013/09/freedom-hosting-fbi/
  • The FBI TOR Exploit - InfoSec Institute
http://resources.infosecinstitute.com/fbi-tor-exploit/
  • Actual risks of javascript and Flash? : TOR - Reddit
http://www.reddit.com/r/TOR/comments/1y8r3m/actual_risks_of_javascript_and_flash/
  • Identity-exposing malware on Tor "could be work of FBI"
http://www.welivesecurity.com/2013/08/05/identity-exposing-malware-on-tor-could-be-work-of-fbi/

See also

External links