Using Tor correctly: Anonymous browsing edition

October 21st, 2006

Tor is a popular system for sending Internet traffic anonymously. It is mainly used for three purposes: hiding one's identity, hiding the identity of the site one is visiting, and hiding the data that one is sending and receiving. However, using Tor without some basic precautions is worse than not using Tor at all, leading to privacy violations, data theft, and security concerns. Here, I cover browser security with respect to preventing identity and data leakage when using the Tor network. If you are only using it to defeat web filtering, feel free to read only the section called "Locking yourself down".

At the end is an executive summary. Use it as a guideline, but make sure to read this entire post first -- it contains important instructions on how to change your browsing habits.

Read full entry »

Upgrade Tor to TRUE latest version (in Ubuntu)

October 8th, 2006
Very out of date by now. Just use these instructions.

The Tor packages in the Debian (and Ubuntu) respositories are not up-to-date. This is dangerous, since people do rely on them for strong anonymity, even though the package warns them not to do so (it's still the best out there.) To get the latest stable version, you'll have to add another repository to your sources.list file and set your system to trust it.

Read full entry »

Bypass web filters through encryption

August 31st, 2006

Use the Tor network to hide your communications. Incidentally, this is particularily useful when certain file types have been blocked, such as torrent files. The following instructions are written for Windows XP and Ubuntu Linux users. Tips for other systems are welcome.

Edit: Be extremely careful when surfing over Tor. There are rogue Tor exit nodes that will attempt to steal your information (credit card number, password, etc.), so when using Tor you should enable and heed all of your browser's security warnings. When using Tor, only submit personal information from a secure page to a secure page. Remember that a page is not secure if your browser couldn't completely verify the security certificate. This is a very real threat. In summary, try to only use Tor for reading unless you're sure you know what you're doing.

Read full entry »